Blackmail sent from my own e-mail address

This is almost certainly a phishing/blackmail scam and not a genuine compromise of Outlook.com by the sender.

Actions to take immediately:

1. Do not pay or reply

• Law enforcement or legitimate companies will never demand Bitcoin or payment via email for “illegal activity” or data exposure.
• Ignore the threat; responding confirms the address is active and can invite more scams.

2. Treat the message as phishing

• The content matches common phishing and extortion patterns: urgent threat, demand for cryptocurrency, and claims of having personal data.
• In Outlook.com or Outlook on the web, leave it in Junk or delete it. Do not click any links or open attachments.
• If there are links, hover over them (don’t click) to see the real destination; phishing links often go to unrelated or suspicious domains.

3. Check whether the sender is really “you” Scammers often spoof the From address so it looks like it came from the same account:

• In Outlook, check the sender indicators:
  • A ? in the sender image means Outlook could not verify the sender using email authentication.
  • If the sender’s real address differs from what appears in the From field, Outlook may show an underlined via tag with the true sending domain.
• A message that appears “from you” but fails authentication or shows as unverified is typically spoofed, not actually sent from the account.

4. Secure the Microsoft account Even though this is likely spoofing, still harden the account:

• Change the Microsoft account password to a strong, unique one not used anywhere else.
• Review sign-in and security info in the account (alternate email, phone) and update if anything looks unfamiliar.
• Enable two-factor authentication (2FA) if not already enabled.

5. Check for real compromise indicators The “null” entries in Sent could be:

• Artifacts of spoofed messages or junk that did not send properly, or
• Signs that rules or forwarding were created if the account was actually accessed.

After securing the account:

• Review the Sent folder and any rules/forwarding settings for items not created personally.
• If there are messages or rules that are not recognized, remove them and consider running a malware scan on devices used to access the account.

6. Protect against future phishing From the guidance:

• Be wary of urgent calls to action or threats demanding immediate payment.
• Watch for mismatched or misspelled domains (for example, micros0ft.com instead of microsoft.com).
• Treat unexpected attachments and links as suspicious; never open them if the message looks questionable.

If there is strong evidence the account itself was taken over (for example, password no longer works, recovery info changed, or continuous suspicious drafts/messages appearing):

• Use the Microsoft account recovery process and follow the steps carefully to regain control.
• Inform contacts from another account that the address may have been used for phishing so they can ignore suspicious messages.

References:

• Protect yourself from phishing
• Phishing and suspicious behavior in Outlook
• How malware can infect your PC
• My personal hotmail account hacked by hacker with authentication app enabled. - Microsoft Q&A
• I think I'm being scammed, but I want to make sure. (Though I may be in the wrong place.) - Microsoft Q&A
• Is this legit email also? - Microsoft Q&A
• Email from M!CROSOFT - Microsoft Q&A