what a person can do with email addresses of known users of BTC is to try to brute force the password.
then simply use imap to watch those emails until something juicy comes in. for example, realizing the user
has a mtgox account. then reset the password via mtgox, get the email they send, login to mtgox, and profit.
naturally this assumes the user put in an email account that he uses for most everything.. like 99% of us do.
with that said... a good majority of BTC related websites look like hobbyist stuff that i would not trust to use, ever.
especially "lottery/gambling/pyramid/etc" things. those just scream lame to me.
Brute forcing is not possible on the majority of sites today.
If i were to guess, I would bet a lot of those users have email accounts on linux boxes running pop3/imap that
have no brute force protection at all. Just toss out the gmail or whatever addresses you know have brute force
protection and concentrate on the rest. A small percentage will have a weak or short password. It is not about
cracking them all.. but the low hanging fruit that could lead to a possible reward with minimal effort.
Or how about sending a pdf to users that abused a security flaw in abode reader that is craftily made?
Or how about... the list is endless. Proven ways that have worked in the past to own someone.
Some people are really really into infosec/hacking/cracking and practice this stuff every day for years in the wild.
The best know how to find holes, craft their own exploits, have contacts who can provide more tools/sploits, and
otherwise not be considered a script kid.
But this is all speculation on what a person might do with an email list of known BTC users. Just idle talk.
