“Your Site Has Been Hacked” – Scam Warning

We just received a complaint from a business owner who received an email claiming “Your Site Has Been Hacked.”

This is almost certainly a lot of posturing. We’ve seen these kind of messages before and they never have any teeth. They’re just preying on fear, uncertainty, and doubt to get you to shell out money.

The way this scam works, as you shall see, is that the scammers say that they have your website’s database and if you do not pay them 0.15 Bitcoins, they will take these steps:

  1. They will sell your database, which may contain information about your clients, products, and basically anything uploaded by you or your visitors to the website.
  2. They will send an email to any email address they can find on your database, letting them know that their information has been leaked, thereby harming your business’ reputation.
  3. Finally, they will use blackhat techniques to remove your website from Google.

Don’t pay them.

Read on to find out what you should do instead.

Here’s a copy of the email they have been sending to business owners:

Your Site Has Been CompromisedYour Site Has Been Hacked


We have hacked your website and extracted y0ur databases.

H0w did this happen?

0ur team has f0und a vulnerability within your site that we were able t0 expl0it. After finding the vulnerability we were able to get y0ur database credentials and extract y0ur entire database and m0ve the informati0n to an 0ffsh0re server.

What d0es this mean?

We will systematically g0 thr0ugh a series 0f steps of totally damaging y0ur reputation. First y0ur database will be leaked 0r sold t0 the highest bidder which they will use with whatever their intentions are. Next if there are e-mails f0und they will be e-mailed that their informati0n has been sold or leaked and your site was at fault thusly damaging y0ur reputati0n and having angry cust0mers/associates with whatever angry customers/associates d0. Lastly any links that y0u have indexed in the search engines will be de-indexed based off 0f blackhat techniques that we used in the past to de-index our targets.

H0w do i stop this?

We are willing to refrain from destroying y0ur site’s reputation for a small fee. The current fee is $3000 in bitcoins (0.15 BTC).

Please send the bitcoin t0 the following Bitcoin address (C0py and paste as it is case sensitive):


0nce y0u have paid we will automatically get inf0rmed that it was y0ur payment. Please n0te that y0u have to make payment within 3 days after opening this e-mail 0r the database leak, e-mails dispatched, and de-index of your site WiLL start!

How d0 i get Bitcoins?

Y0u can easily buy bitcoins via several websites 0r even 0ffline fr0m a Bitcoin-ATM.

What if i don’t pay?

if you decide n0t t0 pay, we will start the attack at the indicated date and uph0ld it until you d0, there’s no counter measure t0 this, you will only end up wasting more m0ney trying t0 find a s0luti0n. We will c0mpletely destroy your reputati0n am0ngst go0gle and y0ur customers.

This is n0t a h0ax, do not reply to this email, don’t try t0 reason 0r neg0tiate, we will n0t read any replies. once y0u have paid we will st0p what we were d0ing and y0u will never hear from us again!

Please n0te that Bitcoin is an0nymous and n0 one will find 0ut that you have complied. Finally d0n’t reply as this email is unm0nitored.

The email was sent by Hacker <hacker@atlaskara.com>.

The domain at atlaskara.com is the official website of an Iranian company called Atlas Kara Industrial Group.

It was registered on May 19, 2012 via the registrar OnlineNIC, Inc and is hosted with ClouDNS.net.

What to do if you received this email?

We have instructed the complainer to submit a complaint with the domain registrar (abuse@onlinenic.com) and the DNS provider (abuse@cloudns.net), as well as with ic3.gov, which is the FBI’s Internet Complaint Center.

If you receive a similar “Your Site Has Been Hacked” email, you should do the same and please also report to us by leaving a comment below.

Whatever you do, do not send money to attached Bitcoin address: 38xonZTHvSbuSmABhiTwu251SY6iiVqSNz.

Interestingly, it seems that the email message they are sending was not written recently.

How do we know that?

Well, they ask for $3000 in bitcoins (0.15 BTC), however currently the value of Bitcoin is much lower and 0.15 BTC are only worth over $2,500.

If they really hacked your site, you would think they would go ahead and send you a personalized email message with a correct fee amount.

Secondly, we were able to find previous formats of the same email, for example, the same email was sent to another website, fuzzhello.com. Most parts of the email are the same.

However, instead of using the letter “i,” they used “í.”

Then they write: “We are willíng to refrain from destroyíng your síte’s reputation for a small fee. The current fee is $3000 in bítcoins (BTC).”

So here they did not specify the BTC amount; just the USD amount.

Also, they gave them 5 days instead of 3:

Once you have paíd we wíll automatically get informed that ít was your payment. Please note that you have to make payment within 5 days after receivíng this e-maíl or the database leak, e-maíls dispatched, and de-index of your site WiLL start!

We were also able to find other reports of this type of email scam. For example, check out this Reddit thread.

Here however they use a different Bitcoin address: 3QTr68okgYSc395wNJXNsrX41sj3VHh2ME.

According to another online warning, in the past they only demanded $1,500.

Other Bitcoin addresses they have used include:

  • bc1qqgflmlrmrym4mgrpfh04v8tg89xr3uq3qtl3gn
  • bc1q6v9lae8dg95jdkxtgv36pe4d9f8ldr7wml9amu
  • 37Xp7aLo1GNV7tyZsL7z58PQaL5xqJS1ev
  • 32CdPd2LbWtdR2672fnoG4SCsD8gJy7UZp
  • 3CdssEHVLoTf13jYoquCQHTXKG6et7Dkdy
  • 35v5vd6gcioAosgYd7rSLzwQfrqwN3r9Ef
  • 31inPQri3oZbp7ZRBp6hTkYQ39wuAqSyDz
  • 3GGQxApV9d6U6CVPeXPSCMYraJdCnmz5u1
  • 36nmXWJ2JBTUib5UeGeds5yDT5WYm6n6Cs
  • 1Bs6CYDuHy1UGLr5ccz2UxRNcPGpeAa7tz
  • bc1qw8uwvpx3jnz8jlyj5j6zff9z5ztlsggvyq5pfj
  • 3JY1suMCzv5DgrXTKsynfdic5jTpAEV4Sc

Luckily, according to Blockchain Explorer, none of these addresses received any payments.

Unfortunately, some of the addresses they used did receive some payments, for example:

1JToMSCtc4nW3fNDUL4xV9QYqmyKJEYMdj – received 0.20935382 BTC in 5 payments.

This amount is currently worth around $16,684.

In some of the cases, the scammers leave comments on the website rather than sending the message via email.

Your Site Has Been Hacked Scam Bottom Line

We believe that the people behind this scam are based in Iran which is going to make it extremly difficult to recover any money you send to them.

This is a SCAM, and most likely they do not have your database information, and even if they do, if you pay them, they will probably try to extort even more funds from you.

This email can be safely ignored or deleted.

Again, if you receive a similar “Your Site Has Been Hacked” email, please also report to us by leaving a comment below.

1 Comment

  1. Anonymous

    I have no site, no business no clients

Leave a Reply

Your email address will not be published. Required fields are marked *