With Bitcoin currently in the throes of its third-worst crash in history after April 2013’s 83% crash from $259 to $43 and the 2013/2014 crash from $1,163 to just $152, many cryptocurrency community members are seeking clarification for the sudden drop in crypto values across the board.

A key driver in the hysteria surrounding the current market drop is an email, purportedly sent by payment juggernaut PayPal, advising account holders to “cease any activity that results in the trading or transfer of cryptocurrency.”

The email advises PayPal account holders that trading or transferring cryptocurrency in any way related to the PayPal platform is strictly prohibited, stating that if users continue to engage in crypto-related activities, their accounts will be terminated.

Analysis Reveals Email is Fake

PayPal is a major player in the online payments ecosystem and is almost universally reviled across the crypto community as a centralized platform, but the idea that it may actively issue statements opposing cryptocurrency platforms has caused a significant amount of concern.

The Paypal cryptocurrency warning emails, sent to account holders on the 16th of March, were received by millions of users — but has since been confirmed as fake. Analysis of the email itself reveals that “mkts2944.com” is the originating domain.

While this may exonerate PayPal as the culprit behind the email, presenting it as a simple phishing attempt, the implications of the email are far more complex and potentially worrying.

PayPal has released no conclusive information regarding the apparent hack, and has, concerningly, not provided any clarification regarding how the culprit behind the email accessed the database used to send the email.

While it’s possible for anybody to access a wide range of hacked BTC-related database — see “haveIbeenpwnd.com” — and cross-reference it with another database, the sheer volume of users affected by this hack has led many community members to theorize that the list originated from PayPal itself.

Fake PayPal Email Sent (or Spoofed) From IBM Domain

Further analysis of the email, however, reveals another story entirely. Firstly, the email did not make any phishing attempt to separate readers from their PayPal information or crypto security information — the purpose of the email, it seems, was simply to make it appear as though PayPal will close the accounts of users participating in the crypto market.

Performing a whois request on the mkts2944.com domain reveals that it is registered to international tech giant IBM, an extremely interesting development.

Many crypto community members have been quick to question why a domain associated with IBM is disseminating “FUD”, although the domain has been associated with other PayPal scams in the past. Some Redditors are assuming that the email is a paid marketing campaign run through IBM’s Watson Marketing Campaign Automation service, implying that a party with deep pockets is heavily invested in spreading FUD in the cryptosphere… However, it seems highly unlikely that IBM (or its AI software) would be actively trolling the cryptocurrency community.

Spoofing, however, could be the tool used to deceive the email recipients. It’s feasible to forge the sender’s address in order to trick email software. Essentially, this can trick a user into thinking that the email may have originated in one place, but in reality, it came from another.

No Formal Statement, Market Manipulation Possible

PayPal has not yet released a formal statement regarding the email.

As PayPal has recently filed a number of patents on cryptocurrency transaction systems, it’s highly unlikely that the platform is intent upon blocking users from using cryptocurrencies — or is even able to determine if users are participating in cryptocurrency trading in any case.

The circumstances of the email, however, are highly suspicious.

The current market state, combined with a surge in short positions on Bitcoin futures as evidenced in BTCCOT reports and the fact that the email made no phishing attempt lends credence to the hypothesis that the email could potentially be another manifestation of high-level market manipulation.