[desdiv]

The point of this type of honeypots is to entice the blackhats to just take the crypto and walk away. Making it harder for them to walk away with the money would be counter-productive.

Old situation: blackhats sticks around for weeks or even months, exfiltrate data, blackmail, install crypto miners, etc.

With crypto honeypot: blackhats take the crypto and leaves.

With rigged crypto honeypots that are actually not redeemable:

>on the hacker forums:

>Guy A: "I tried to take the bitcoins from Corp A's honeypot wallet, but they broadcasted a high fee transaction and beat me to it."

>Guy B: "Funny, same thing happened to me last week with Corp B's wallet."

>Guy A: "Guess it's back to the old blackmail method then."

[FatalLogic]

Yes, all correct. But if you offer a CEO the option of a defense that is just as effective, but also steals part of the bait money back? If the potential long-term cost is only hurting the corporation's reputation with a shadowy hacking group, and reducing the effectiveness of the defensive technique for everyone?

Bottom line: I think we can guess which option a CEO would usually choose

Remember that this method works best when it's not obvious that it is a tripwire, and may be best of all when it acts as a bribe to a greedy individual within a group of hackers.

[vmception]

I don't know, it seems like if the corporation sent a high fee transaction they have already been alerted that their defenses need to be raised. so your attack vector has limited efficacy as it might be closed. the hackers need to have the foresight to sit in the server and accumulate other blackmail, but also not lose the chance to take the bitcoin bounty based on another hacker finding it.