In Hormuz, a crypto scam can target the moment a ship chooses its route
Fake crypto clearance turns Hormuz into a cyber-physical shipping risk📷 AI-generated / Tech&Space
- ★MARISKS warned that scammers were posing as Iranian authorities and demanding BTC or USDT transit fees for Hormuz.
- ★The Epaminondas was fired on without a VHF warning on April 22, suffered bridge damage and was later boarded by Iranian forces, according to Technomar.
- ★The IMO said on April 24 that about 20,000 seafarers on 1,600 vessels were in the Gulf and that there was no safe transit through the strait.
A FAKE CLEARANCE IN A REAL STRAIT
The Hormuz crypto scam is not a story about bitcoin's price. It is a story about what happens when a forged digital authorization enters a militarized traffic corridor. A Reuters report carried by eKathimerini says Greek maritime risk firm MARISKS warned shipowners about messages in which unknown actors posed as Iranian authorities and demanded bitcoin or tether for "clearance." MARISKS identified the messages as fraudulent, while Reuters also said it could not independently verify which companies had received them.
That caveat matters. The original Ars Technica report refers to an alleged 2.2 BTC payment, but the safer editorial line is not to treat every later attack as proven to have started with that transaction. The firmer point is that a fraudulent channel existed at exactly the moment crews and operators were searching for any reliable signal that transit was possible.
That is why the Epaminondas matters. Not because blockchain itself caused the incident, but because a false clearance could have shaped a real route decision. eKathimerini, citing UKMTO, reported that on April 22 the ship was fired on by an IRGC gunboat without a VHF warning, causing heavy bridge damage while the crew remained safe. The same report said authorities were examining whether the message that supposedly cleared the vessel to transit may have been fraudulent.
A day later, the case became sharper. Technomar confirmed that Iranian forces had boarded the Epaminondas, that the bridge had been damaged, and that 21 Ukrainian and Filipino officers and crew were on board. This is the cyber-physical risk zone in plain view. The message, wallet address and claimed authority sit in the digital layer; the consequences land on the bridge, in the insurance file and in the operator's crisis room.
Hormuz raises the price of a bad decision. The IEA factsheet describes the strait as just 29 nautical miles wide at its narrowest point, with separate two-mile navigable channels for inbound and outbound traffic. In 2025, around 20 million barrels per day of crude oil and oil products moved through it. A scammer does not have to break a navigation system to create damage; inserting a false instruction into a traffic chokepoint where every hour is expensive can be enough.
The expensive part is not the wallet address; it is the moment a forged clearance changes a bridge team's route decision.
Manual Codex image generation📷 AI-generated / Tech&Space
CRYPTO IS ONLY THE INTERFACE
Crypto is the payment mechanism in this story, but it is not the core vulnerability. The core vulnerability is authority verification. If a message claims to come from Iranian security services and asks for BTC or USDT before transit, an operator cannot think only like a finance desk checking a transfer. It has to think like an operational security team checking source, channel, route, transit window, legal status and incident contacts.
That makes the decision chain more useful than the phrase "crypto piracy." First comes a message that imitates official tone. Then comes the promise that the vessel will pass without interference after payment. Then comes a bridge or shore-side decision to accept the risk. Finally comes contact with a state force, coast guard or IRGC boat that may have no connection to the fraudster. In that chain, the blockchain payment may be the most visible trace, but the dangerous point is misplaced trust in clearance.
The wider security picture leaves little room for improvisation. On April 24, the IMO said it had verified 29 attacks on vessels in the Persian Gulf and around Hormuz since the start of the conflict, with at least 10 seafarer deaths, and that about 20,000 seafarers on roughly 1,600 vessels remained in the Gulf. The IMO's practical message was stark: there is currently no safe transit anywhere in the strait.
The industry response will not be one grand app that "solves" Hormuz. It will be more boring and more useful: whitelisted contacts, two-party verification of every clearance, strict separation between commercial payments and security instructions, mandatory reporting of suspicious wallet addresses and a pre-agreed stop-transit rule when a message cannot be confirmed through recognized maritime channels. BIMCO's warning points in the same direction: operators need a stable ceasefire and clear assurances of safe passage, not another opaque intermediary.
For shipping agencies, crews and insurers, the lesson is simple. Digital discipline is no longer a side IT procedure; it is part of route risk. If a fraudulent email can influence whether a vessel enters a strait, source verification is as operational as radar, AIS and VHF. Blockchain is not a magical trail of truth here. In Hormuz, it is just another channel through which someone is trying to sell false safety.
