Blackmailers Have Already Made Money From the Ashley Madison Hack

September 6, 2015 Updated: September 6, 2015

After hackers released the email database stolen from the adultery website Ashley Madison last month, some members of its 30 million plus user-base received emails threatening to reveal their activities to families and friends unless they paid a lump sum of money to anonymous Bitcoin accounts.

Although the email database is publicly available, it must be downloaded via a 10 GB file on Bittorrent—unpacking the compressed files isn’t a simple task for people who aren’t tech-savvy, making the full list of emails largely inaccessible to the general public, at least for now.

It seems that the blackmailers have made some money extorting Ashley Madison’s user base, albeit not a tremendous amount.

A security researcher at Cloudmark, an online security firm, found an unusual number of Bitcoin transactions in the days following the data dump with the exact value of 1.05 BTC, the amount asked for in a widely distributed email threatening its receiver for hush money.

“You need to send exactly 1.05 BTC to the following BTC address,” the email reads. The 1.05 BTC is worth about $253.08 USD. “If the Bitcoin is not paid within 3 days of 23 August 2015 then my system will automatically message all your friends and family.”

On the digital currency’s blockchain, it’s public ledger, Cloudmark found “67 suspicious transactions totalling 70.35 BTC or approximately $15,814” from accounts with no previous activities in the four days following the data dump.

“To put this in perspective, in the three months prior to 8/22/2015 when we first started seeing the extortion emails, we saw transactions matching the above pattern at a rate of approximately 5.3 per 100,000 transactions, versus 8.9 during the extortion period,” the researcher wrote, estimating that 40 percent of the 67 transactions were blackmail payments, which adds up to $6,400.

The researcher wrote that future blackmail attempts will likely randomize the extortion amount to thwart investigators from tracking down suspicious Bitcoin addresses as he did just by looking up transactions on the blockchain.