Earn up to 12% APY on Bitcoin, Ethereum, USD, EUR, GBP, Stablecoins & more.

Start Earning Interest
Your gateway to Bitcoin and beyond

Fake PayPal Cryptocurrency Email Mystery Deepens

Fake PayPal Cryptocurrency Email Mystery Deepens

Photo by Darwin Vegher on Unsplash

With Bitcoin currently in the throes of its third-worst crash in history after April 2013โ€™s 83% crash from $259 to $43 and the 2013/2014 crash from $1,163 to just $152, many cryptocurrency community members are seeking clarification for the sudden drop in crypto values across the board.

A key driver in the hysteria surrounding the current market drop is an email, purportedly sent by payment juggernaut PayPal, advising account holders to โ€œcease any activity that results in the trading or transfer of cryptocurrency.โ€

The email advises PayPal account holders that trading or transferring cryptocurrency in any way related to the PayPal platform is strictly prohibited, stating that if users continue to engage in crypto-related activities, their accounts will be terminated.

Analysis Reveals Email is Fake

PayPal is a major player in the online payments ecosystem and is almost universally reviled across the crypto community as a centralized platform, but the idea that it may actively issue statements opposing cryptocurrency platforms has caused a significant amount of concern.

The Paypal cryptocurrency warning emails, sent to account holders on the 16th of March, were received by millions of users โ€” but has since been confirmed as fake. Analysis of the email itself reveals that โ€œmkts2944.comโ€ is the originating domain.

While this may exonerate PayPal as the culprit behind the email, presenting it as a simple phishing attempt, the implications of the email are far more complex and potentially worrying.

HaveIBeenPwned.com is a popular site for checking if you have an account that has been compromised in a data breach

PayPal has released no conclusive information regarding the apparent hack, and has, concerningly, not provided any clarification regarding how the culprit behind the email accessed the database used to send the email.

While itโ€™s possible for anybody to access a wide range of hacked BTC-related database โ€” see โ€œhaveIbeenpwnd.comโ€ โ€” and cross-reference it with another database, the sheer volume of users affected by this hack has led many community members to theorize that the list originated from PayPal itself.

Fake PayPal Email Sent (or Spoofed) From IBM Domain

Further analysis of the email, however, reveals another story entirely. Firstly, the email did not make any phishing attempt to separate readers from their PayPal information or crypto security information โ€” the purpose of the email, it seems, was simply to make it appear as though PayPal will close the accounts of users participating in the crypto market.

Performing a whois request on the mkts2944.com domain reveals that it is registered to international tech giant IBM, an extremely interesting development.

Many crypto community members have been quick to question why a domain associated with IBM is disseminating โ€œFUDโ€, although the domain has been associated with other PayPal scams in the past. Some Redditors are assuming that the email is a paid marketing campaign run through IBMโ€™s Watson Marketing Campaign Automation service, implying that a party with deep pockets is heavily invested in spreading FUD in the cryptosphere… However, it seems highly unlikely that IBM (or its AI software) would be actively trolling the cryptocurrency community.

Spoofing, however, could be the tool used to deceive the email recipients. It’s feasible to forge the sender’s address in order to trick email software. Essentially, this can trick a user into thinking that the email may have originated in one place, but in reality, it came from another.

No Formal Statement, Market Manipulation Possible

PayPal has not yet released a formal statement regarding the email.

As PayPal has recently filed a number of patents on cryptocurrency transaction systems, itโ€™s highly unlikely that the platform is intent upon blocking users from using cryptocurrencies โ€” or is even able to determine if users are participating in cryptocurrency trading in any case.

The circumstances of the email, however, are highly suspicious.

The current market state, combined with a surge in short positions on Bitcoin futures as evidenced in BTCCOT reports and the fact that the email made no phishing attempt lends credence to the hypothesis that the email could potentially be another manifestation of high-level market manipulation.

Get an edge on the cryptoasset market

Access more crypto insights and context in every article as a paid member of CryptoSlate Edge.

On-chain analysis
Price snapshots
More context
Join now for $19/month Explore all benefits
Posted In: Analysis

Like what you see? Subscribe for updates.