I love exploring spam, especially Bitcoin scam.

A few days ago one scam came which asks you to do a login via SSH, what I
did:

User: neertrektl4
Password :BDWnNB
16.170.239.178

The other via web on orchidcoin dot net with

Id: 97654621
Password: TG22M487.

It claims to has the bitcoin number
bc1q5mdrw6zsnumwk7hsy4vyd2c528tugzdyq3u2sa, although this appears to be
8 digits longer than usual.

In both cases it had to exactly be these credentials (random numbers were
not accepted). Both cases - of course - want you to first donate some
bitcoins before you get your million dollars. Interestingly in case of
the SSH method "your" bitcoin number needs to be (pseudo?) valid. So I
used one from a list of bitcoin scammers I collected, and it went
through.

The web version then wants to send an SMS code to a phone. Again it seems
to be real, because after I entered a random phone number the web page
said it sent a text message to that number, and you now have to enter the
PIN you received. So I stuck here not giving my real number.

Elaborate scam!

While I think I know how this scam works I am especially puzzled of why
using SSH. People knowing and be able to use SSH should have some brains,
thus not falling on this scam.