Sextortion-Style Romance Scams via Bitcoin
How organised sextortion operations demand Bitcoin as their payment of choice and why the cryptocurrency's irreversibility makes it ideal for large-scale extortion campaigns.
Part of: Sextortion-Style Romance Scams
Last reviewed: 1 June 2026
Sextortion-style romance scams combine manufactured intimate imagery with coercive demands for payment. Bitcoin has emerged as the dominant payment method in these operations because it is borderless, settles without a financial intermediary, and is effectively irreversible. Victims receive extortion emails or messages containing a wallet address and a QR code, with the demand that Bitcoin worth a specific amount be sent within a tight window.
The format is highly scalable: automated scripts can blast millions of threat emails, each containing a unique Bitcoin address to track individual responses. The entire operation can be run from any country without needing a local bank account or money-transfer agent.
How this scam works on Bitcoin
In the romance variant, the scammer builds a weeks-long relationship before obtaining or fabricating compromising content. The extortion demand then arrives via message with a Bitcoin wallet address and a specified amount — often a round figure in USD equivalent — with a 24-to-72-hour deadline before the material is 'released'.
In the mass-email variant there is no prior relationship: victims receive a message claiming the sender has installed spyware on their device and recorded them via webcam. The email includes a Bitcoin address. The 'evidence' claimed is often fabricated, but the psychological impact is severe.
A second phase of escalation often follows the first demand, with a doubled amount and a tighter deadline. Scammers monitor the blockchain address in real time and may send a follow-up message acknowledging receipt of partial payment while demanding the remainder.
Common red flags
- A message threatening to share intimate material unless Bitcoin is sent to a specific wallet address
- An email claiming spyware was installed on your device, containing a password you recognise from a breached account
- The Bitcoin amount specified converts neatly to a round-number USD or local-currency equivalent
- A QR code included in the message to simplify sending Bitcoin
- Demands specifically citing a deadline of 24, 48, or 72 hours
- The sender claims to have your full contact list and threatens mass distribution
How to protect yourself
- Do not send any Bitcoin — compliance confirms you will pay and typically triggers further demands
- Search whether the included password appears in publicly known breach databases; if so, the spyware claim is likely fabricated
- Report the Bitcoin wallet address to the NCMEC CyberTipline and FBI IC3 immediately
- Change any compromised passwords found in breach databases as a precaution
- Contact a trusted mental-health or support service if the psychological impact is significant — sextortion causes severe distress
How to report it
- Submit the Bitcoin address and full message text to the FBI IC3 at ic3.gov
- Report to the NCMEC CyberTipline (cybertipline.org) if the threatened content may involve a minor
- Forward the email headers and Bitcoin address to your national cybercrime unit
Frequently asked questions
Is the spyware claim in a sextortion email usually real?
In the vast majority of mass-email sextortion campaigns, no spyware has been installed. Scammers obtain old passwords from publicly available breach dumps to make the email look credible. If the email contains a password you currently use, change it immediately — but that alone confirms a data breach, not spyware. Genuine remote-access compromise would require far more targeted effort than a mass campaign.