Sometimes scammers just need to say they hacked you to pull in the cash. Since July, cybersecurity researchers, journalists and victims, have seen a spike in extortion letters and emails demanding hefty sums of bitcoin. The twist is that the scammers send the victim one of their own passwords, likely gleaned from an already public breach, and use that as an intimidation tactic. The blackmailers then claim they have hacked into the target’s webcam while they were watching pornography. Pay up, or they’ll release the (made-up) video.

Now, researchers have found this scam has been pretty profitable, especially considering the low-level of work involved on the fraudsters’ part.

“What is worrying is that, scammers were able to siphon off [$500,000], from old passwords dumps, with very little effort,” Suman Kar, CEO of cybersecurity firm Banbreach, told Motherboard in an online chat.

In July, cybersecurity journalist Brian Krebs reported on the new wave of sextortion emails.

“I’m aware that [victim’s password] is your password,” one part of an example email Krebs published reads. “First part recorded the video you were viewing (you’ve got a fine taste haha), and next part recorded your webcam (Yep! It’s you doing nasty things!),” the version Krebs published adds, before demanding the victim sends $1,400 in bitcoin to a specific bitcoin address.

It’s an enticing, if not devilish, proposition. Banbreach looked at around 770 wallets in total, according to a spreadsheet the company shared with Motherboard. The majority of those, around 540, did not receive any funds. But the remaining ~230 had over 1,000 transactions, receiving a total of around 70.8 BTC.

This figure is also likely only a conservative estimate, considering Banbreach’s methodology would not have captured all, or perhaps even the majority, of sextortion emails. Kar said Banbreach collected different bitcoin addresses used in this style of extortion by scraping comments on related media coverage, and picking them out from journalists’ articles. Kar said the company also fielded reports from victims in India, where scammers appear to be targeting at the moment in particular.

“$1000 is a lot of money for the average Indian,” Kar said.