This article is more than 1 year old

A Swedish man has been jailed for six and a half years after sending a letter bomb to Bitcoin exchange Cryptopay. Why would anyone do such a horrendous thing? Police believe it was because he couldn’t remember his password.

43-year-old Jermu Michael Salonen of Gullspång, Sweden was a customer of London-based Cryptopay – a site which enabled cryptocurrency fans to buy and sell Bitcoins. By August 2017, however, Salonen had a problem – he wanted Cryptopay to change the password for his account.

Cryptopay, however, refused – explaining that sending Salonen a new password would be a breach of its privacy policy.

Hell hath no fury like a man locked out of his cryptocurrency exchange account, and Salonen sent an explosive device in a padded envelope through the post in November 2017, addressed to Cryptopay.

Or rather, Salonen sent the explosive device to an office block in London, which he believed was Cryptopay’s address. In truth it was the address of accountancy firm Accountancy Cloud, whose services Cryptopay had previously used.

The potentially lethal homemade bomb sat untouched and unopened for five months.

As a press release by London’s Metropolitan Police explains, it took until 8 March 2018 before someone at the office block thought to open the envelope.

Fortunately the innocent man became suspicious of the envelope’s contents before opening it fully, and the police were called.

“It was due to sheer luck that the recipient ripped opened the package in the middle rather than using the envelope flap which would have activated the device,” explained Commander Clarke Jarrett of the Met Police Counter Terrorism Command.

DNA testing pointed authorities in Swedish authorities to Salonen, who was arrested on 12 May 2018 in relation to this incident, and a number of other malicious letters sent to high profile individuals in Sweden and London.

Several of the letters contained a strange white powder. One letter, addressed to the Swedish Prime Minister Stefan Leven, contained a note with the words “you will die soon.”

A court in Stockholm found Salonen guilty last week of attempted murder, and sending a number of malicious letters, for which he was sentenced to six and a half years’ imprisonment.

A Cryptopay spokesperson fexpressed the company’s thanks to the British and Swedish police, and said it would be reviewing its physical security measures:

“The address itself belongs to our former accountants and we are relieved that no one from the Accountancy Cloud team was hurt in this incident. None of our employees have ever worked at that address. The vast majority of our employees work remotely across Europe, but we are implementing additional security measures to prevent any potential harm to our employees anyway. We are thankful for both British and Swedish police, who were able to investigate the case with outstanding professionalism.”

If you forget your password, go through the site’s method of account recovery. If that doesn’t work for you, learn your lesson: in future, store your passwords securely in a password manager so you don’t have to rely on your puny human brain to remember them.

Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.