Bitcoin sextortion emails reached millions worldwide
Bitcoin sextortion scams expanded rapidly in 2020, according to cybersecurity firm Sophos. In one week of analysis alone, the company said millions of people received these threatening emails. Senior threat analyst Paul Ducklin added that the true scale may have been tens or even hundreds of millions, with some individuals receiving two to five different versions of the scam. The spam campaigns were distributed through global botnets made up of compromised computers, with major sending sources located in countries including Vietnam, Brazil, Argentina, South Korea, India, Italy, Mexico, Poland, Colombia, and Peru.
By language, Sophos said 81% of the messages it examined were in English, followed by 10% in Italian, 4% in German, 3.5% in French, and about 1.2% in Chinese. The figures suggest a highly international operation with a heavy focus on English-speaking recipients.
How the scam creates the illusion of surveillance
Sextortion is a form of online blackmail in which scammers claim they have hacked a victim’s computer or phone, activated the webcam, and recorded compromising footage while the person was viewing adult content. The emails often threaten to send the alleged video to friends, family, co-workers, or social media contacts unless payment is made quickly. Common claims include access to Facebook contacts, phone lists, browsing history, and webcam recordings.
To make the threat feel more credible, some emails include a victim’s full or partial password. However, Ducklin said these passwords are often taken from older data breaches, not from a recent compromise of the victim’s device. In other words, the password may once have been real, but it does not prove the scammer currently has access. Similar extortion tactics also appear on platforms such as Facebook Messenger, Whatsapp, Telegram, Skype, Kakaotalk, Line, and Wechat, especially in schemes where fraudsters first obtain personal images or videos and then attempt blackmail.
Demands typically range from $700 to $4,000 in bitcoin
Most sextortion emails end with a demand for urgent payment in bitcoin, warning that explicit material will be released unless the victim sends funds to a specified wallet. Ducklin said the requested amount usually falls between $700 and $4,000.
Sophos traced millions of sextortion emails sent between September 2019 and February 2020 and reviewed what happened to funds deposited into attackers’ bitcoin wallets. Researcher Tamás Kocsír said that while most recipients ignored the messages or refused to pay, enough victims complied to generate about 50.9 BTC, worth nearly $500,000 at the time. The firm also noted that some operators use advanced obfuscation methods to bypass spam filters, such as invisible strings, blocks of white garbage text, and Cyrillic characters inserted to confuse automated scanning systems.
What recipients should do next
Security researchers stressed that these emails are usually a bluff. Ducklin said the criminals generally do not have malware on the victim’s computer, do not possess compromising videos, and have not recently stolen contact lists in the way they claim.
Authorities advise recipients not to pay, to stop communicating with the sender immediately, and to preserve evidence. The U.K. National Crime Agency recommends reporting the scam to police, notifying the internet service provider, and saving screenshots and relevant details. Californian District Attorney Jeff Reisig similarly emphasized that sextortion is illegal and that victims should keep the original emails and contact local law enforcement. For users, practical precautions include changing passwords regularly, enabling two-factor authentication, and covering or disabling webcams when not in use.

