On December 13, 2018, thousands[1] of businesses, individuals, schools, news agencies, and other places throughout the United States, Canada, and Australia received emailed bomb threats, warning that a "mercenary" of the sender of the email had placed a bomb in the receiver's workplace and demanding that a ransom of $20,000 be sent to a Bitcoin address to prevent the bomb from being detonated. Six schools in Australia's capital city Canberra were evacuated after threats.[2] The explosive stated to be used in the bomb, along with the Bitcoin address, varied between emails. Police departments in New York City, Oklahoma City, Massachusetts, and Calgary, among other areas of the United States and Canada, stated that the threats were likely not credible and that no explosive devices had been found in any of the threatened areas.[3]
On December 14, Jaeson Schultz of Cisco Talos wrote that the bitcoin addresses associated with the bomb threats received only two transactions, both of which were under $1. He also wrote that the same group was behind an earlier sextortion scheme which was more profitable, and that they started making new threats of throwing acid onto individual recipients.[4]
In January 2019, anti-spam researcher Ronald Guilmette found that a GoDaddy security weakness was exploited to help the spam campaign.[5] [6]