Text messages and the Bitcoin Code: follow the money trail

Type malwarebytes
Reporter Christopher Boyd
Modified 2017-11-21T16:00:00


I was a bit surprised to receive lots of messages similar to the one below this past week:

free coins?

I mean, we've all done it—managed a bulk text spam campaign offering free Bitcoins in your spare time, while completely forgetting said business exists. Maybe I did it in my sleep? It's all gone a bit Fight Club. And as we all know, the first Rule of Fight Club is "Don't run a free Bitcoin bulk text spam campaign in your spare time, while completely forgetting said business exists."

Or maybe not.

Either way, I decided to find out what was going on. Had someone taken a cheeky jab at a security researcher by placing my contact details into the pipeline somewhere, did I actually set up a bulk spam campaign with free Bitcoins at the end of it, or was there a more mundane explanation that didn't require people to yell at me via capslock?

oh dear

There's only so much "dashing expectations on the shore" a guy can take. Or, to put it another way…





No wonder everyone was so grumpy.

First up, the text. The only examples I had sent to me were written in Dutch:

text message

> ### "You have 1 Bitcoin in your account. Confirm here: [URL] Current market value: €6064."

Bitcoin value is through the roof at the moment, so it's no wonder someone might want to jump on the opportunity. I'd love to see how many people clicked from the text to the URL with the promise of riches already in the bank.

The short link in the text is a text(dot)id URL. The site is registered to an address in Jakarta, Indonesia, but it's the email address that's of interest (well, to me, anyway):

email address

Unfortunately, lots of people thought this was me, instead of any of the other numerous Chris Boyds floating around the Internet, hence the confused and occasionally angry, "Where are my coins? Also drones deployed" messages. As it turns out, that email address—mrmessaging—is tied to a bulk mail service, and the Chris Boyd in question appears to own the default address listed for the registered URL. He's an actual person and everything, and easily found with about 10 seconds of Googling. But he's not me.

So that's that short mystery put to bed. Also please stop asking me for Bitcoins.

well hello there

No, really. I insist.

Choice insults aside, the URL redirects to another site located at


What do we have here? Something called The Bitcoin Code, which bears zero relation to paintings, Tom Hanks, or ancient prophecy.

The Bitcon Code

Time to fire up Google Translate:

> ### Join The Bitcoin Code > > ### The Bitcoin Code is exclusively intended for people who have responded to the outrageous returns Bitcoin offers and who have earned a fortune with it. > > ### The Bitcoin Code Members enjoy month-in-month outs of the most beautiful stays around the world, while they earn their money on their laptop every day with just a few minutes 'work.'

Actually, this sounds way better than Tom Hanks.

smiling bitcoin man

> ### Hi, I am a former software developer at a large company that I do not want to mention. > > ### I designed the Bitcoin Trading software that generated more than € 18,484,931.77, just in the last 6 months. > > ### This software makes more millionaires faster than the first investors in Uber, Facebook or AirB&B. > > ### If you want to earn a million with Bitcoin, watch the video above and learn how it works.

The short version is, you sign up via email then add in a mobile number and some other pieces of information. After that, you deposit "250 Euro" to get things moving and then it's automated stock exchange programs and Bitcoin all the way down.

how it works

We can't vouch for how effective said software may be, but we can definitely confirm it's nothing to do with my good self, and generally speaking I'd be wary of signing up to random text messages with 250 euros of my hard earned money—and you should be, too.

As the disclaimer at the bottom of the splash page says:

> ### Significant Risk Reporting: Trading in binary options can lead to major gains, but also entails the risk that part or all of the capital will be lost and this has to be recognized by budding investors. We advise you to read the terms and conditions and the indemnity before making any investment. Customers must inform themselves about the tax rules in the country of establishment. US residents should not be approached to trade commodity options, even when it comes to 'predictive' contracts, except when it concerns contracts registered with a CFTC-registered stock exchange or in case of a legal exception.

I'm no Wall Street banker, but that sounds a bit dodgy. My coins—metal, digital, and chocolate—will be staying in my pocket for the time being (apart from the chocolate ones, which are at significant risk of melting, and also the digital ones which only exist in your computer. Not mine. I don't own any, sorry). Should you receive one of these texts claiming you're somehow in possession of a Bitcoin, do the block / report / delete dance as fast as your fingers will allow.

The post Text messages and the Bitcoin Code: follow the money trail appeared first on Malwarebytes Labs.