A man has spoken of his terror after hackers demanded he hand over Bitcoin worth thousands of pounds, threatening to release what they claimed were photos of him accessing explicit sites on the dark web. John, who did not use his last name, was told not to contact the police or tell anyone else about the threat.
The Ransom Demand
The message purportedly came from a group of hackers known as ShinyHunters, who made headlines in April 2026 for breaching Amtrak, a major train company in America. They demanded $2,000 worth of Bitcoin after claiming to have installed an 'exploit' on John's phone. They said they had compromising photos of John, which they would release to all of his contacts if he did not pay up.
Victim's Message
John messaged BBC's Morning Live programme to speak to scam expert Nick Stapleton about his dilemma. His full message read: 'I received a ransom demand from someone called ShinyHunters. They said they had got hold of data and said they had installed an exploit on my phone, giving them access to all my contacts. They are demanding $2,000 in Bitcoin or they will release supposed photos they have of me accessing explicit sites on the dark web. I haven't done this but I've been warned against talking to the police or anyone else. It's very scary.'
Understanding the Scam
According to Cisco, an exploit is 'a program, or piece of code, designed to find and take advantage of a security flaw or vulnerability in an application or computer system, typically for malicious purposes such as installing malware. An exploit is not malware itself, but rather it is a method used by cybercriminals to deliver malware.' Barcalys reports that 2025 saw almost half of UK adults (45 per cent) being targeted by a scam, rising to nearly two-thirds of Gen Z (64 per cent). This is partly due to the rise in investment scams, although SMS and text scams have also returned in large numbers.
Expert Advice
In response, Nick Stapleton said: 'What a terrifying email to receive. Thankfully, it's complete nonsense. It's not true at all, that's the most important thing to say. We've been in contact with John and told him that, to set his mind at ease. It sounds like a really personal attack, but the reality of an email like this is that they are just scammers sending out thousands of these generic emails, hoping that someone will panic and pay up.'
Nick added: 'The scammers who are getting in touch with John here do not have the ability to hack people in this way. It is a really complicated operation. Ultimately, if you have that kind of skill, you are not going to waste your time on private individuals. They could be using it for something much more profitable. In John's case, the group claiming to be ShinyHunters is a real hacking group, but the scammers are just using their name to add validity.'
What to Do If You Are Targeted
When asked what you should do if you are the target of such a scam, Nick continued: 'The absolute first thing you should do is not pay. By paying, you are encouraging and funding them to try it repeatedly. Responding at all can make you a target for future scams because they'll likely sell your data.'
He recommended the website HaveIBeenPwned, which allows you to check if your email or phone number has been involved in a data breach. 'You put your email address or phone number into this website and it will tell you how many times your data has been leaked. That doesn't mean you are necessarily at risk right now, but it is good to be on top of it. Emails like that are complete nonsense. People with that level of skill are not wasting their time on private individuals.'
