Crypto Scammers Exploit Hormuz Standoff, Demand Bitcoin from Stranded Ships

Cybercriminals are leveraging the volatile situation in the Strait of Hormuz, where thousands of ships face ongoing standoffs, to execute a sophisticated scam. These threat actors impersonate Iranian officials, demanding transit fees in Bitcoin or Tether from shipping companies seeking passage through the critical waterway. The Strait of Hormuz is a vital maritime choke point, responsible for transporting roughly one-fifth of the world’s oil and liquefied natural gas supply.

The scam emerged as approximately 2,000 ships and 20,000 mariners remain stranded near the Strait of Hormuz. These vessels represent a significant and vulnerable target pool for opportunistic cybercriminals. The perpetrators capitalize on the urgency and confusion surrounding legitimate demands for adherence to specific routes or payments by Iranian authorities.

One incident involves the Liberia-flagged cargo ship Epaminondas. Authorities are currently investigating whether a message granting the Epaminondas safe passage was fraudulent, especially after the vessel reportedly faced fire. Such incidents highlight the tangible risks to life and property when misinformation and fraudulent communications intersect with real-world maritime operations. The attack vector primarily involves social engineering tactics, leveraging impersonation to coerce payments under duress.

### What Defenders Should Do Shipping companies and maritime operators must enhance their security protocols to counter these targeted social engineering attacks. Verify all communications related to transit fees, route changes, or safe passage requests through established, secure channels, avoiding direct reliance on unsolicited messages. Implement rigorous security awareness training for all personnel, particularly those involved in operations and financial transactions, to recognize and report phishing and impersonation attempts.

Organizations should also establish clear internal protocols for handling any payment requests involving cryptocurrencies, given their irreversible nature. Regularly review and update these procedures, ensuring multiple layers of verification before any funds are transferred. Monitoring geopolitical developments in critical shipping lanes helps organizations anticipate potential cyber threats and adapt their defenses proactively.

Looking ahead, continued vigilance is crucial as threat actors will likely adapt their tactics, potentially targeting other conflict zones or leveraging emerging payment methods.