Crypto Extortion at Sea: How Scammers Are Targeting Stranded Ships in the Strait of Hormuz
el****@gmail.com2026-04-23
Scammers impersonating Iranian authorities are targeting stranded Hormuz ships with crypto extortion, exploiting geopolitical fear and anonymity to collect untraceable Bitcoin and USDT payments.
The Strait of Hormuz ranks among the most fraught with political tension of earth's commercially navigable waterways, but this area faces even more of a challenge now than before. Criminals have begun targeting vessels using cryptocurrency to extort payment from those unable to easily reach allies.
According to a recent report, criminals are reaching out to ships in transit or stranded in the strait and extorting them to pay in cryptocurrency; they are doing so by threatening to cause harm if payment is not made. The mechanics are nothing new; a criminal identifies a vulnerable vessel, establishes contact, issues threats, and ultimately, requests a form of payment that is difficult to trace and impossible to reverse due to the anonymity created by the vastness of the ocean where the crime occurs.
What Is Actually Happening Out There
Iran and Oman share the Strait of Hormuz, which is a mouth in a sense, carrying roughly 20 percent of the world's oil supply; ships actually slow down in this area and form long lines to move through narrow channels. These ships may be stuck here for several hours at a time, and often the nearest coast guards or military escorts may not be on their side due to the highly volatile geopolitical environment.
In this volatile environment, if someone contacts a vessel making use of authority's name or makes a threatening call, it is hard to dismiss. Ships have been subjected to harassment, drone attacks, seizure, and other geopolitical hazards while sailing through the strait for some time now. With that kind of history, any threat that is made will most definitely be taken more seriously by the vessel than it would be in a location where there is no such history.
Essentially, this report describes how criminals have been taking advantage of the fear created by those threats. Criminals contact ships and demand payments in a cryptocurrency, either by making demands for either a bitcoin or a stablecoin; both of these forms of payment enable the criminals to avoid using banks and transferring their payment immediately from one location to another — without the ability to reverse the transaction once it was completed.
Why Crypto Makes This Harder to Chase
While maritime extortion has existed for many years, pirate activity in the Gulf of Aden has a long and documented history, where ransom payments for both cargo and crew are commonplace occurrences (in fact), it's the venue through which payment is made that has changed. I.e., in today's world, wire transfer payments can be frozen and bank accounts flagged; whereas, cryptocurrency works differently.
A cryptocurrency wallet receiving payment near the Strait of Hormuz can subsequently transfer those funds through a mixer (crypto laundering) or "bridge" them to another chain, but they can also be converted through a peer-to-peer exchange in a country where there is no Anti-Money Laundering (AML) enforcement (meaning), by the time someone begins researching that transaction it is too late to trace (the destination) because those funds have been disguised.
That's how the technology works for adversarial purposes, as well as for remittance; and many of those same properties apply to those using crypto to avoid detection. The IRGC's documented on-chain activity, spanning oil sales, weapons procurement, and proxy financing, has overwhelmingly relied on stablecoins as the medium of exchange. For ship operators, the challenges continue to multiply with compromised maritime communications systems, including satellite phones, VHF radios, and email via VSAT. Sophisticated actors may spoof an identity or intercept communications in numerous undetected ways to take advantage of a crew's perceived vulnerabilities.
This Fits a Larger Pattern
Researchers have mapped the evolution of traditional extortion schemes to new forms of cryptocurrency over the last few years. Ransomware groups were the first users of this method in the onshore market in 2016, followed by port facilities, with logistics companies paying quietly at that time. Targeting maritime entities on the seas is simply an extension of what has been done in other areas; shipping vessels operate in an isolated manner, companies working with them experience extreme pressure to keep product moving from point of origin to point of sale, and the jurisdictional issues created by sea lanes and many operators all make maritime targets attractive to gangs implementing extortion activities.
The Strait of Hormuz, one of the world's most important straits, adds to the complexity of maritime extortion activities because of the disputes surrounding control of the waters in the strait. Iranian-supported vessels have documented incidents of boarding and seizing vessels operating in the Strait of Hormuz. If crew members receive a threat and are operating in this region with no clear entity to whom to report the threat, it would not be surprising to some if they were to assume the threat had some level of Iranian government support even if there was no evidence to support an assumption. Likewise, scammers likely take this uncertainty into account when determining if they are successful.
What Operators Are Being Told
Maritime security companies usually advise not to pay ransom, not to deal with the criminals at all except to gather information about them, and to notify the nearest rescue co-ordination centre and your flag state. This is one thing to do from the comfort of a conference room but another from the bridge of a vessel in a contested strait — where the psychological pressure on the master is immense and where the extortionists are acutely aware of that fact.
On the tracking side, many exchanges are starting to work with maritime security companies to identify the cryptocurrency wallet addresses of known extortionists. The volume of funds received by IRGC-associated addresses reached over $2 billion in 2024 and spiked to more than $3 billion in 2025 Chainalysis, per Chainalysis on-chain data. While this is continuing to be developed, it is not well covered at this time, but there are pockets of improvement.
Where This Goes Next
There isn't much reason for anyone really to be shocked at the fact that criminals have figured out a way to use cryptocurrency as a tool for extortion while out at sea by way of the situation that occurred in Hormuz. The thing that makes this situation different relative to the other many attacks on boats/merchant shipping is the very nature of an attack on merchant shipping going through the strait of Hormuz being a national/international critical infrastructural/public goods type of situation — when oil stops being transported, energy price reacts within days.
Fraudsters know ship owners/operators are incentivized to resolve problems quietly — when this occurs, the crypto asset nature of the payment removes the potential paper trail associated with those payments, eliminating the possibility of those payments being traced back to fraudsters. In April of 2026, there were over $606 million in hacking losses; to me, this indicates the attractiveness of the above noted situation where fraudsters are going to increase their risk to act in the above noted manner until serious enforcement occurs — therefore to continue to grow, the crypto asset space must become much more efficient than it is today.
