Late on Wednesday, the hackers responsible for the WannaCry attack withdrew the equivalent of $143,000 from three Bitcoin wallets associated with the ransomware scheme. The accounts now have a balance of zero and the cryptocurrency is being tracked to identify the cyber criminals.
The news was reported by Quartz’ Keith Collins, who set up a Twitter bot dubbed @actual_ransom to keep a record of the wallet accounts’ movements. Each of the three accounts linked to the ransomware took two withdrawals to empty save for one, which took one more for a total of seven transactions.
Some analysts say the move is a great opportunity to catch the hackers, while others have anticipated that it will be more challenging than expected. The Bitcoin scene has changed swiftly and there are new considerations to take into account, as well as new procedures that will make the money harder to track.
? 9.67641378 BTC ($26,508.37 USD) has just been withdrawn from a bitcoin wallet tied to #wcry ransomware. https://t.co/CJLiu6cyvr
— actual ransom (@actual_ransom) August 3, 2017
WannaCry hackers emptied wallets for maximum profit
The cyber criminals behind the scheme that left companies and services around the world at the mercy of a $300 payment to recover their business made sure to wait it out until the moment was right so profits were as high as they could be.
Hackers knew about a long-coming move that was to disrupt the Bitcoin world: the creation of Bitcoin Cash and the subsequent forking of the entire ecosystem. The alternative currency and platform added roughly 20% of value to the bounty collected from firms and organizations around the globe.
The idea behind Bitcoin Cash is to provide a solution to an everlasting paradigm of Bitcoin as we know it. In very simple terms, the infrastructure that allows the creation of Bitcoins and transactions is inherently limited, so a new system was built on top of the existent one causing the two currencies to coexist.
Cyber security firms might be onto the ransom money
Recent events in the cyber security world as well as in the cryptocurrency scene have led some specialists to believe that one of two scenarios is plausible after the proceeds from WannaCry have been collected by hackers: either they become easier to track or they disappear, likely to never be found again.
Firms and independent agents have set out to track the Bitcoins from the hackers’ wallets, although some experts argue this is not entirely possible. The consensus seems to be that they will try to launder the earnings using a mixer.
A mixer is basically a private trading pool in which users are willing to exchange their Bitcoins for others for different purposes. However, two of the biggest mixer sites have been recently shut down, and the takedown of dark net markets has also cast a shadow on the reliability of currency exchange services.
With this in mind, analysts suggest the most likely course of action will be for the hackers to turn Bitcoins into other forms of cryptocurrency, with Monero being the most private and perceivably secure of them all.
This would render all tracking efforts virtually useless since there is no known method to do so according to experts familiar with this sort of procedures. From that point on, hackers might be able to keep the money they made from the WannaCry attack without further known consequences.