Crypto Scams Target Stranded Ships in Strait of Hormuz

Scammers Are Now Targeting Stranded Ships With Crypto Demands

Imagine you're running a shipping company. Your vessel is stuck in one of the world's most dangerous waterways. Then your phone rings. It's the Iranian authorities—or so they claim—demanding cryptocurrency for safe passage. Except it's not.

According to CoinTelegraph, this exact scenario is happening right now in the Strait of Hormuz, where scammers are impersonating government officials and squeezing shipping companies for digital currency payments. This isn't just another fraud story. It's a collision between global maritime disruption and the rise of cryptocurrency as a criminal tool, and it matters because the vulnerabilities being exploited here affect your supply chain, your prices, and your wallet.

So why does this matter to everyday people?

The Strait of Hormuz vulnerability goes deeper than you'd think. About 21% of the world's petroleum passes through this chokepoint between Iran and Oman. When ships get stuck there—whether due to geopolitical tension, mechanical failure, or legitimate port delays—they become sitting ducks. They're isolated. They're desperate. And they're willing to pay.

That's where the scammers come in.

What makes this attack vector particularly nasty is how it exploits legitimate fear. Shipping companies already know the Strait of Hormuz is risky. They're already on edge. A convincing phone call claiming to be from Iranian customs or port authority doesn't require much social engineering. The psychological pressure does most of the work.

The real question is: how long will these attacks persist? According to security research on cyber attack duration, individual fraud campaigns typically last weeks to months before detection forces scammers to rebrand and restart. But here's the thing—this isn't a traditional cyber attack with a defined endpoint.

Unlike a ransomware intrusion where you can identify stages of cyber attack and measure how long cyber attacks last, this is ongoing social engineering. There's no malware to remove. No security patch that fixes it. These are vulnerability types that exist because of human psychology and geopolitical reality, not because someone forgot to update their firewall.

And the signs of cyber attack here are subtle. A company might not even realize it's been targeted until someone notices similar cryptocurrency addresses receiving payments from multiple shipping firms. By then, months could've passed.

The Straits Times hasn't covered this extensively yet, but the maritime industry is starting to take notice. Frankly, the fact that this is still happening suggests security protocols aboard these vessels aren't equipped to verify official communications under pressure. There's a gap between attack vector and vulnerability—the scammers found the weakness and exploited it.

Here's what shipping companies actually need to do: establish pre-arranged verification codes with port authorities before entering high-risk zones. Don't verify officials through the phone number they provide. Call your normal government contact line independently. Use multiple crew members to confirm unusual demands. And report everything to the International Maritime Organization, which is tracking these incidents.

Because right now, these scammers are getting paid. And as long as they keep getting paid, they'll keep calling.