Unknown hackers behind the CWT Ransomware have laundered $1.5M (around 155 BTC) from the over 400 BTC paid as ransom through popular and largest cryptocurrency exchange, Binance, a detailed report by ZenGo has claimed.
The attackers hit CWT a few days back with the popular Ragnar Locker ransomware. They encrypted the data on CWT computers and threatened to expose them to the world.
The hackers, upon getting hold of CWT’s financial records and vital information, were offered $1.5 Million to stop leaking the data after the attackers encrypted the data on CWT computers.
CWT, which made $1B in revenue in 2019, was left with no choice than to pay the hackers. Surprisingly, the huge fund was laundered through Binance, Huobi, Coinbase, and some others.
The travel firm agreed to pay the hackers 400 BTC, but the whole of the fund paid into the hackers’ address went through Coinbase instead of the usual mixer employed by the unscrupulous elements.
At first, the attackers’ initial BTC address was 13nmJ3SsNB5pSyQrmX3e6zveY9kHGw8Vs3, but when ZenGo trailed the fund, it discovered it was split into fewer size, ranging from 1 – 10 BTC.
CWT bought 414 BTC to pay the attackers and first moved 1 Bitcoin to the initial account before moving others, gradually into a new address.
The moment the hackers confirmed the first payment, CWT moved the remaining 413 BTC, to the attacker. The first address did not use exchanges to cash out, however, the second did.
The report says one of the addresses used divided 310 BTC into equal halves and moved 155BTC through Binance exchange despite the KYC used on the platform.
Experts say the hackers won’t have used the exchanges, however, it would require a huge fund and time to mix the 414 BTC using a mixer, hence the decision to use Binance and some other exchanges.
CWT did the transaction on June 28th, what followed was that the hackers did over 20 transactions within 30 minutes just to launder the funds.
The remaining 155 BTC was moved to other exchanges, Huobi especially, and some other crypto exchanges like Poloniex.
Hackers Use Exchanges
Hackers are fond of using crypto exchanges to launder money. Several reports have linked them to some prominent exchanges, however, the likes of Binance have pledged to corporate with law enforcement in case any fund is being traced to the exchange.