According to CoinDesk’s April 22 report, Marisks, a maritime risk services firm in Greece, issued a warning saying scammers are impersonating Iranian authorities and sending messages to multiple shipping companies to demand Bitcoin or USDT as “tolls” to pass through the Strait of Hormuz. Marisks confirmed that the relevant messages are not coming from official Iranian channels, and, according to Reuters, said it believes at least one ship was deceived and still came under shelling when it attempted to pass over the weekend.
Marisks Warns: Original Scam Message vs. Verification Statement
According to the scam message posted publicly by Marisks, the message’s original text states: “After submitting the documents and having our eligibility assessed by Iran’s security departments, we will determine the fee that must be paid in cryptocurrency (BTC or USDT). At that time, your vessel may pass through the strait freely during the agreed time.”
In its statement, Marisks said, “These specific messages are a scam,” and confirmed the content is not from any official Iranian channel. According to Reuters, Marisks believes that after at least one ship paid following deception, it was still shelled when it tried to pass through the Strait of Hormuz.
Strait of Hormuz Background: Blockade Situation and Iran’s Official Crypto Fee Proposal
According to public reports, since the war between the United States and Israel against Iran began on February 28, 2026, Iran has essentially blocked shipping through the Strait of Hormuz, and currently about 20,000 tankers and cargo ships are stuck in the bay. About a week ago, U.S. President Trump ordered a naval blockade of the Strait of Hormuz and has already seized an Iranian vessel that attempted to evade the blockade.
On April 9, 2026, Hamid Hosseini (a spokesperson for the Federation of Petroleum, Natural Gas, and Petrochemical Products Exporters), said that Iran had previously proposed charging vessels transiting through the strait a crypto toll, with the fee possibly calculated in Bitcoin. As of the time of CoinDesk’s report, Iran had not yet responded to the Marisks scam warning.
Frequently Asked Questions
Who issued the warning about the crypto toll scam for the Strait of Hormuz?
According to CoinDesk’s April 22, 2026 report, the warning was issued by Marisks, a maritime risk services firm in Greece. Marisks confirmed the scam messages are not from official Iranian channels and indicated it believes that at least one ship was deceived and shelled when it attempted to pass through the strait.
What cryptocurrencies did the scam message request, and what did it claim the funds were for?
According to the scam message published by Marisks, the scammers requested Bitcoin (BTC) or USDT, claiming that paying would ensure safe passage through the Strait of Hormuz.
Did Iran officially propose charging transiting vessels crypto fees?
According to public reports, on April 9, 2026, Hamid Hosseini, a spokesperson for the Federation of Petroleum, Natural Gas, and Petrochemical Products Exporters, said Iran had proposed charging crypto tolls, with the fee possibly calculated in Bitcoin; however, the scam messages warned about by Marisks have already been confirmed as not coming from official Iranian channels.
Disclaimer: The information on this page may come from third parties and does not represent the views or opinions of Gate. The content displayed on this page is for reference only and does not constitute any financial, investment, or legal advice. Gate does not guarantee the accuracy or completeness of the information and shall not be liable for any losses arising from the use of this information. Virtual asset investments carry high risks and are subject to significant price volatility. You may lose all of your invested principal. Please fully understand the relevant risks and make prudent decisions based on your own financial situation and risk tolerance. For details, please refer to
Disclaimer.
Related Articles
Venus Protocol 攻擊者轉移 2301 枚 ETH,流入 Tornado Cash 清洗
According to the on-chain analyst Ai Auntie’s monitoring on April 22, the Venus Protocol attacker transferred 2,301 ETH (about $5.32 million) to address 0xa21…23A7f 11 hours ago, then moved the funds in batches into the crypto mixer Tornado Cash for laundering; as of the time of monitoring, the attacker still held about $17.45 million worth of ETH on-chain.
MarketWhisper1h ago
CometBFT zero-day vulnerability exposed, $8.0 billion Cosmos network nodes face a risk of permanent lockup
Security researcher Doyeon Park disclosed on April 21 that there is a high-severity zero-day vulnerability rated CVSS 7.1 in the Cosmos consensus layer CometBFT. It could allow a malicious peer node to attack nodes during the block synchronization (BlockSync) stage and cause them to deadlock, impacting a network that safeguards more than $8 billion in assets.
MarketWhisper1h ago
North Korean Lazarus Group Releases New Mach-O Man macOS Malware Targeting Crypto
Summary: Lazarus Group released a native macOS malware toolkit named Mach-O Man, aimed at crypto platforms and high-value executives; SlowMist warns users to exercise caution against attacks.
Abstract: The article reports that the Lazarus Group has unveiled Mach-O Man, a macOS-native malware toolkit aimed at cryptocurrency platforms and high-value executives. SlowMist warns users to exercise caution to mitigate potential attacks.
GateNews1h ago
RHEA Finance Security Incident Update: About a $400k shortfall remains, with a commitment to fully compensate it
RHEA Finance has released a follow-up update regarding the security incident on April 16, confirming that there has been tangible progress in recovering assets. As of this update, it is estimated that there is still an approximately $400k funding gap, mainly due to the combination of NEAR, USDT, and USDC in the lending market liquidity pool. RHEA Finance has committed to fully cover any remaining shortfall to ensure that all affected users receive full compensation.
MarketWhisper2h ago
Researcher Discloses Critical CVSS 7.1 Zero-Day Vulnerability in Cosmos Consensus Layer CometBFT
Security researcher Doyeon Park disclosed a CVSS 7.1 zero-day in Cosmos' CometBFT causing potential node freezes during sync; vendor resistance, downgrades, and disclosure led to April 21 reveal; validators should avoid restarts before patch.
Abstract: Security researcher Doyeon Park disclosed a critical CVSS 7.1 zero-day vulnerability in Cosmos' CometBFT consensus layer that could cause nodes to freeze during block synchronization, potentially affecting networks securing over $8 billion in assets. The vulnerability cannot directly steal funds. Park pursued coordinated disclosure beginning Feb 22, but faced vendor resistance to public disclosure and issues with HackerOne. The vendor downgraded a related vulnerability (CVE-2025-24371) to informational on Mar 6, prompting Park to release a network-level proof-of-concept before public disclosure on Apr 21. The advisory recommends Cosmos validators avoid restarting nodes until patches are released; nodes already in consensus may continue but restart and resync could expose them to attacks by malicious peers, risking deadlock.
GateNews2h ago
Venus Attacker Transfers 2,301 ETH to Mixer, Tornado Cash Used for Laundering
On-chain analysis tracks a Venus protocol attacker moving 2,301 ETH (~$5.32M) to a suspected wallet, then batching through Tornado Cash; about $17.45M remains on-chain.
Abstract: This note summarizes on-chain activity related to a Venus protocol attacker, including the transfer of 2,301 ETH (~$5.32M) to a wallet and batch-mixing via Tornado Cash, with approximately $17.45M still held on-chain.
GateNews2h ago
