Instagram Hacker Forces Victim to Make Hostage-Style Video

The video was part of a fairly elaborate scam to trick people into sending the hacker Bitcoin.
Instagram scam video
Image: Motherboard
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

A hacker is taking over Instagram accounts before forcing their owners to make hostage-style videos promoting the hacker's money-making scams to try and get their money back. But instead of giving victims their cash back, the hacker then uses those videos to convince further victims that their scams are legitimate investments, according to a victim who shared the video and other material with Motherboard.


“I invested $500 and got $10,000 back. It is real and legit,” Yeri Henfield, a victim of the scam said in a video he said he was told to make by the hackers.

Henfield told Motherboard “These people are the definition of sin. It makes me so sick thinking who else they scammed. My [Instagram] page is also a shrine to my girlfriend who passed away almost 6 years ago. The page is now a disgrace.”

The scam started when Henfield spoke to an old roommate on Instagram, he said. From there, Henfield then started speaking to an account called “jaineverything,” which was advertising the tantalizing deal of investing $500 in bitcoins and getting much more money in return. Henfield sent Motherboard screenshots of what he said was him sending hundreds of dollars of BTC to jaineverything’s address.

But Henfield started to notice something was wrong. He realized that someone else was in control of his old roommate’s account.

“By the time I figured out by asking him where we were roommates at it was a dead giveaway it was a scam,” Henfield said.

Henfield had already sent the money, so he asked for it back. The person said they would return the funds if Henfield made a video saying that the Bitcoin scam was legitimate. He filmed multiple videos until the person was satisfied, Hanfield said. The person then said they would send a confirmation text to make sure the money was being sent to the right person. Henfield provided them with the code he received over text.


“Unbeknownst to me it was my Instagram request to gain access and change password,” Henfield said. Now, the scammer had control of his Instagram account as well.

Do you know about any other scams on Instagram or other social media networks? We'd love to hear from you. Using a non-work phone or computer, you can contact Joseph Cox securely on Signal on +44 20 8133 5190, Wickr on josephcox, or email

The scammer posted the video from Henfield’s account as a Story and messaged it to his friends, Henfield said. The hacker had rapidly gone from not only extracting money from Henfield, but trying to use his own Instagram account and connections to scam others.

The video “was only on there for about 24 hours. I don’t know why they took it down, maybe it wasn’t so convincing. People who knew me could tell I was in discomfort,” Henfield said. Friends reached out to check he was okay, and when those friends also confronted the hacker through Henfield’s hijacked account, the hacker blocked them, Henfield said.

It appears that the jaineverything account was also a hijacked account. Henfield showed Motherboard screenshots of and forwarded copies of emails between him and the email address linked to the jaineverything Instagram account.

“You see that was my account then I got hacked they did the same thing to me,” the person wrote. They did not respond to a request for comment from Motherboard.


A screenshot of one of the posts on Henfield's account. Image: Motherboard.

A Facebook company spokesperson said in a statement that “We know that losing access to your account can be a distressing experience. We have sophisticated measures in place to stop bad actors in their tracks before they gain access to accounts, as well as measures to help people recover their accounts. We know we can do more here, and we're working hard in both of these areas to stop bad actors before they cause harm, and to keep our community safe.”

Facebook said it looked into the accounts and disabled the jaineverything account. They said that Henfield should try logging back into this account as he would be presented with instructions on how to recover it. When asked what exactly looking into the accounts entailed, such as reviewing the IP addresses used to log into the accounts, Facebook said it uses a variety of signals, including the user reports themselves and spammy behavior.

At the time of writing, Henfield said he still does not have access to his hacked account. The most recent post is one related to the scam, posted by the hacker seemingly in the hopes of attracting others to send them money.

“God Bless you for helping me trade Bitcoin successfully,” it reads.

Subscribe to our cybersecurity podcast CYBER, here. Subscribe to our new Twitch channel.