Bitcoin Extortion Group DD4BC Prompts Warning from Swiss Government

Distributed denial-of-service attacks against organizations in New Zealand appear to be connected to the extortionist group DD4BC.

AccessTimeIconMay 8, 2015 at 8:30 p.m. UTC
Updated Sep 14, 2021 at 2:01 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Extortionist group DD4BC appears to be connected to a new wave of distributed denial of service (DDoS) attacks against organizations in Switzerland, New Zealand and Australia.

With the new attacks, the group is seeking 25 BTC from affected parties in exchange for relinquishing the flood of inbound data is issues that renders recipient websites inaccessible.

Most recently, DD4BC was named in an 8th May warning published by the Swiss Governmental Computer Emergency Response Team (GovCERT), a division of MELANI, a national agency focused on cybersecurity issues.

The warning read:

"In the past days MELANI / has received several requests regarding a distributed denial of service (DDoS) extortion campaign related to 'DD4BC'."

According to the New Zealand government, the extortion attempts appear to begin with a short DDoS attack to demonstrate the potential impact after the ransom demand has been issued.

DD4BC has been tied to past attacks on digital currency businesses and websites, including extortion attempts against a number of well-known mining pool operators.

Swiss incidents

GovCERT said that it had received reports from "several high profile targets", stating that a number of organizations had been affected as a result of the wave of DDoS attacks.

According to the agency, recent DD4BC activity has been rising, with the new attacks starting at the beginning of May.

The advisory explained:

"While these attacks have targeted foreign organisations in the past months, we have seen an increase of activity of DD4BC in Europe recently. Since earlier this week, the DD4BC Team expanded their operation to Switzerland."

The agency advised those impacted by the attacks not to pay the ransoms, and instead file a police report and contact their Internet service providers for additional mitigation support.

New Zealand connection

News of the New Zealand attacks surfaced earlier this week, when the New Zealand National Cyber Security Centre (NCSC) released a warning about DDoS attacks on local organizations.

The notice said that an investigation is underway, though the agency did not specify the operating name of those behind the attacks. National security advisor for the New Zealand government Daria Brankin declined to comment when reached.

Cybersecurity nonprofit New Zealand Internet Task Force chairman Barry Brailey, however, confirmed the connection between the group and the recent DDoS attacks in that country.

The group issued a notice about the DDoS threats on 7th May.

"Yes [the series of attacks] appears to be linked to the group/moniker 'DD4BC'," Brailey told CoinDesk.

History of attacks

A string of incidents involving DD4BC last year culminated with the creation of a 100 BTC bounty after the group targeted bitcoin exchange and wallet service Bitalo.

This amount swelled to 110 BTC following a contribution by AntPool operator Bitmain during the mining pool attacks.

Other companies impacted by the group in the past year include BitQuick, BitBay, Expresscoin and CoinTelegraph.

Image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.

Read more about