Bitcoin's Popularity Boosts Phishing Scam Success

Phishing scams using bitcoin as cover are the latest indicator of the digital currency's popularity.

AccessTimeIconAug 22, 2014 at 2:06 p.m. UTC
Updated Sep 11, 2021 at 11:04 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global event for everything crypto, blockchain and Web3.Register Now

Bitcoin has fired the public imagination so intensely that even non-bitcoin users are falling for phishing scams that dangle the prospect of cryptocurrency riches in front of them, according to new research from digital security firm Proofpoint.

found that thousands of phishing messages disguised to look like emails from a Blockchain wallet were sent to addresses with no direct link to bitcoin. This is a departure from typical bitcoin phishing attacks that target known and active cryptocurrency users, according to the security firm.

The new attacks yielded a "staggeringly high" response rate of 2.7% from victims, suggesting that members of the general public were sufficiently attracted by a bitcoin lure to click on the malicious links.

Kevin Epstein, vice president for advanced security and governance at Proofpoint, said:

"Imagine a phish touting automobile insurance that was sent to non-car owners – the fact that anyone clicked, much less 2.7%, is startling testament to human weakness and the intrigue around bitcoin."

Companies and organisations hit

The Proofpoint research found that 12,000 messages were sent to more than 400 large companies and organisations across a range of industries, including finance, media and manufacturing, in two "waves" of attacks on 13th and 14th August.

The firm declined to name any of the targeted organisations, citing confidentiality agreements, but said they included one of the world's largest financial institutions, a Japanese automotive manufacturer, two major American universities and three of the biggest international healthcare organisations.

The malicious messages were made to look like an automated email from wallet provider Blockchain, alerting the recipient that there had been an unauthorised attempt to open the wallet.

The recipient is asked to reset their wallet password by clicking a link which brings the victim to a log-in screen that seems identical to the Blockchain wallet page. Any wallet details submitted through this fake log-in page are transmitted to the scammers, who can use them to access the victim's wallet.

 The malicious email mimicking a Blockchain wallet security alert.
The malicious email mimicking a Blockchain wallet security alert.

While the attack would only be profitable if it tricked an actual Blockchain wallet user, Epstein said that the high click-through rates, which have been better than for benchmark rates for marketing communications like email newsletters, suggest that even non-bitcoin users knew enough about cryptocurrency to be lured by the prospect of gaining access to some potentially lucrative bitcoins.

"It's a staggeringly high click-through rate given the relative percentage of recipients who would have been bitcoin holders," Epstein said.

'Topical news' approach

Proofpoint noted that the phishing attack's employed a straightforward 'account warning' template that is simple yet highly effective.

The phishers also played on current fears over hackers from China by framing their initial message as a security alert over an unauthorised log-in attempt originating from Sichuan province in western China. That province's technical university has made headlines as a possible proving ground for state-sponsored elite hackers.

Epstein said this was the "topical news" approach to phishing, which had been recently deployed in other attacks that used this summer's World Cup as cover.

"Topical news is always effective. We have seen and will likely continue to see 'Chinese hackers' as an element," Epstein said.

The research did not uncover the attacker's identity, although Epstein said that the attacks appeared to be purely profit driven, which ruled out organised crime or industrial espionage.

He warned that the method of attack held rich potential to inflict greater damage in future, particularly if they were used to deploy trojan horses, which is software that performs unauthorised actions on your computer, or ransomware, which blocks a victim's access to a computer until a ransom is paid.

Phishing Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.