I Tracked a Bitcoin Scammer
One day I was waiting for an important email. It hadn’t shown up in my inbox after refreshing it a few times, so I decided to check my spam folder to see if it was hiding there. Instead, I found an email with the subject, “Payment from your account.”
Here’s some of the text:
I have to share bad news with you. Approximately few months ago I have gained access to your devices, which you use for internet browsing. After that, I have started tracking your internet activities…One week later, I have already installed Trojan virus to Operating Systems of all the devices that you use to access your email. In fact, it was not really hard at all (since you were following the links from your inbox emails). All ingenious is simple. 🙂
To sum up, the scammer claimed that they had secretly installed Trojans on all my devices, that they had recorded videos of myself watching porn, and that they would release said videos to all my friends and family if I didn’t send them $1650 dollars worth of Bitcoin to their account.
I knew these were all lies. Trojans don’t work that way, especially on mobile devices. There are apps that can spy on your smartphone, but they usually require someone to get your phone in their hands to install it. Also, I keep my laptop’s webcam covered when I’m not using it. What concerned me was knowing that some people would receive a message like this, not knowing it was a lie, and send the scammer money.
The email came from an obviously fake account. Yes, I checked and the domain did not exist. It was a spoofed address.
First I took a look at the email header. A header is to email what a postmark is to mail: it tells you where it came from. Modern email apps and sites hide them, but you can make them visible if you want.
Digging through all that data, I managed to find an IP address and website link with a Mexican domain. I ran the IP address on a website that tracks physical locations of IP addresses. Sure enough, the IP address came from Sautillo, Mexico. It’s usually not possible to track an IP address to a street address, but you can trace it to a town or ZIP code. That’s not to say that they were actually in that town. They could be using a VPN, but this could be a good place to start.
Then I started searching for information about Bitcoin wallets. I happened to find a website called Bitcoin Abuse Database. You can use it report Bitcoin wallets that are connected to scams. When I first found the entry for this wallet, there were 70 complaints listed. Everyone there had received an email similar to the one I had.
Bitcoin is often called an anonymous currency and payment network, but it really isn’t. It’s better to call it pseudo-anonymous. It isn’t easy to found out who owns a Bitcoin wallet, but you can easily track the transaction history of someone’s wallet through the website Blockchain.com (formerly known as Blockchain.info). When I first looked at the wallet’s history, there were seven transactions. The wallet had received payments but hadn’t sent any payments out. The payment amounts were the equivalent of the amount listed in the email.
There is software that can help track down the owners of Bitcoin wallets, but they generally only sell their products to government agencies like law enforcement and intelligence agencies. But there is one called Maltego that provides a limited version of their software to the general public.
Using it was very interesting. It’s a great way to search lots of places at once and organize all the information in one place. You can even see it all in chart form. The company wrote an article about tracking a Bitcoin wallet that was connected to the owner of the infamous online black market Silk Road. They managed to connect it because of a transaction from another Bitcoin wallet that was connected to his real email address.
As I post this, the owner of this wallet is still receiving money. What will happen when they finally send money instead?
