Bitcoin "Blocklists"

Published: 2018-12-26
Last Updated: 2018-12-26 22:01:56 UTC
by Didier Stevens (Version: 1)
6 comment(s)

At the Internet Storm Center, we regularly get malware and fraudulent emails including Bitcoin addresses. Like the extortion emails including leaked passwords. And we often search online for these Bitcoin addresses, to see what else we can find.

Recently, with the "bomb extortion" emails, I was looking up Bitcoin addresses and came accross a site called "Bitcoin Abuse Database". It's a repository of Bitcoin addresses that are used for scams and fraud.

For example, here is the report for Bitcoin address 1LeReNiUgHNXvvR8TpgQG1b5nzqoKeUxDY.

It looks like a great resource to lookup Bitcoin addresses, and report on addresses used for scams and fraud, although I don't know who is behind this initiative.

Do you know similar resources? Please post a comment.


Didier Stevens
Senior handler
Microsoft MVP

Keywords: bitcoin blocklist
6 comment(s)


Closed source intel from places like Neutrino and Chainalysis are handy...but pricey.
If you receive what appears to be a targeted threat, append the bitcoin address to the end as shown here:

You'll see that there's already been one transaction, which means the same bitcoin address is being used for everyone receiving the email which means there's no way the criminal knows who has paid and who hasn't paid.

If it hasn't been reported yet per the article you now have another method to see if it's targeted to you specifically.
Not sure if you saw this one or not >>

Enjoy :D
Today, I received the following extortion attempt, complete with bad punctuation, and a BITCOIN identifier.
Hi... .

I run a website in the deep
perform all sorts of services - in the main it is destruction to property and
but the
main reasons are unrequited love or competition at
month he contacted me and gave me the order of pour out acid in your
task -
quickly,painfully,for life.Without
too much
get receive only after finishing the
now I offer you pay me to be
propose this to nearly all the
I do not see money from you, then my man will fulfill the
you transfer me
addition to my
will provide you the info that I have about the
finishing the order, I always lose the
I have an
get $1500 from you for information about the customer and my
to receive $ 5000 from the
with a high probability of spending the performer.

I’m getting money in btc,its my Bitcoin address -


The sum I indicated above...

24 hours to transfer, and remember that time is beating... .


gives "zero transactions". So far.
Another good resource to look up Bitcoin addresses used in spam/extorsion is
This Tweet refers to as an additional Bitcoin research source.

Diary Archives