Bitcoin "Blocklists"

Published: 2018-12-26. Last Updated: 2018-12-26 22:01:56 UTC
by Didier Stevens (Version: 1)
6 comment(s)

At the Internet Storm Center, we regularly get malware and fraudulent emails including Bitcoin addresses. Like the extortion emails including leaked passwords. And we often search online for these Bitcoin addresses, to see what else we can find.

Recently, with the "bomb extortion" emails, I was looking up Bitcoin addresses and came accross a site called "Bitcoin Abuse Database". It's a repository of Bitcoin addresses that are used for scams and fraud.

For example, here is the report for Bitcoin address 1LeReNiUgHNXvvR8TpgQG1b5nzqoKeUxDY.

It looks like a great resource to lookup Bitcoin addresses, and report on addresses used for scams and fraud, although I don't know who is behind this initiative.

Do you know similar resources? Please post a comment.

 

Didier Stevens
Senior handler
Microsoft MVP
blog.DidierStevens.com DidierStevensLabs.com

Keywords: bitcoin blocklist
6 comment(s)

Comments

Closed source intel from places like Neutrino and Chainalysis are handy...but pricey.
If you receive what appears to be a targeted threat, append the bitcoin address to the end as shown here: https://www.blockchain.com/btc/address/1LeReNiUgHNXvvR8TpgQG1b5nzqoKeUxDY

You'll see that there's already been one transaction, which means the same bitcoin address is being used for everyone receiving the email which means there's no way the criminal knows who has paid and who hasn't paid.

If it hasn't been reported yet per the article you now have another method to see if it's targeted to you specifically.
Not sure if you saw this one or not >> https://www.sans.org/webcasts/109645?utm_medium=Social&utm_source=Twitter&utm_content=Kirby+Plessas+Webcast&utm_campaign=Open-Source+Intelligence+Summit+Training+2019

https://twitter.com/kirbstr/status/1074735409223983104

Enjoy :D
Today, I received the following extortion attempt, complete with bad punctuation, and a BITCOIN identifier.
-------------
Hi... .

I run a website in the deep
web,I
perform all sorts of services - in the main it is destruction to property and
harm.In
the
main,all
but the
murder.Often
main reasons are unrequited love or competition at
bussiness.This
month he contacted me and gave me the order of pour out acid in your
visage.Standard
task -
quickly,painfully,for life.Without
too much
fuss.I
get receive only after finishing the
task.Thus,
now I offer you pay me to be
inactive,I
propose this to nearly all the
victims.If
I do not see money from you, then my man will fulfill the
task.If
you transfer me
money,in
addition to my
inaction,I
will provide you the info that I have about the
client.After
finishing the order, I always lose the
performer,so
I have an
option,to
get $1500 from you for information about the customer and my
inaction,or
to receive $ 5000 from the
customer,but
with a high probability of spending the performer.

I’m getting money in btc,its my Bitcoin address -

15UFZdE9vRjtyKbLteV4B3U9QSTpEuJoxc

The sum I indicated above...

24 hours to transfer, and remember that time is beating... .
__________________________________________________________


Checking:

https://www.blockchain.com/btc/address/15UFZdE9vRjtyKbLteV4B3U9QSTpEuJoxc

gives "zero transactions". So far.
Another good resource to look up Bitcoin addresses used in spam/extorsion is https://bitcoinwhoswho.com/
This Tweet https://twitter.com/videah_/status/1080977519191486464 refers to oxt.me as an additional Bitcoin research source.

Diary Archives