The world of digital currency can sometimes turn out to be a frightful site. Hackers that infected the systems of travel giant CWT and got the firm to pay a $4.5 million ransom in bitcoin to them have managed to launder $1.5 million of the BTC using crypto exchange Binance.
The travel management firm CWT saw hackers allegedly lock 30,000 of its computers and demand a ransom of $10 million that was negotiated down to $4.5 million. After the funds were paid out, the hackers gave the firm a decryption key and some security tips.
ZenGo found that these addresses likely represent two parties behind the ransomware, as one address uses a “legacy” address format, while the second one uses a modern one. Moreover, they cashed out the funds in a different way, at very different times.
While the second address split its 310 BTC into equal parts of 155 BTC after receiving them and so far mostly cashed out using Binance, the first one barely cashed out using cryptoasset exchanges, ZenGo writes.
In total, one of the parties managed to use the leading cryptocurrency exchange, which enforces know-your-customer checks, to launder $1.5 million. This was done by splitting the funds across several addresses on exchanges, as sending a $1.5 million transaction to the exchange would have triggered Binance’s security systems.
Instead, the hacker avoided scrutiny via smaller payments. Every tie an address sent a small amount of funds to Binance, it also sent change to another address under the attackers’ control. The process was repeated to launder 155 BTC.
ZenGo notes that the hacker initially sent 1.5 BTC to ensure the funds would be accepted on Binance, and that he would be able to launder them. They then gradually increased the amounts being sent per transaction up to 12 BTC.