Author

Topic: [2019-03-05] WEX used to launder money from SamSam Ransomware, up to $6 million (Read 209 times)

legendary
Activity: 1652
Merit: 1483
@figmentofmyass. I reckon most of the volume traded in Btce, now Wex, are not from ordinary cryptocoin traders. They might be from money launderers who control many fake accounts in the site to trade with each other then withdraw the coins by using clean accounts.

maybe, maybe not. BTC-E was my primary exchange for 4 years ever since i got into trading. every trader i know from back in the day traded there at one point or another. it was one of the oldest and trusted exchanges. even if it was created to launder money, that was only possible because there was so much legitimate trading volume. tbh i always respected them for their wild west ethic. people say they were shady and locked down accounts for no reason but i and many people i know used them with no problems for several years.
legendary
Activity: 3010
Merit: 1460
@figmentofmyass. I reckon most of the volume traded in Btce, now Wex, are not from ordinary cryptocoin traders. They might be from money launderers who control many fake accounts in the site to trade with each other then withdraw the coins by using clean accounts.
legendary
Activity: 1652
Merit: 1483
The one thing about all this that blows my mind is why anyone went back to Wex other than to get out what they could.

you have to admit, their recovery was pretty impressive. some people (especially troll boxers) probably stuck by them just for stickin it to the man. Cheesy

in all seriousness, i've got some friends in the CIS countries and they tell me exchange options for ruble are very slim. the consensus seems to be that EXMO and BTC-E = the same people (at least at one point anyway). that basically leaves local exchanges with very low liquidity and in-person exchangers. crypto traders being the gamblers they are, many stuck it out i guess.

on that note, they had issued debt tokens for the btc-e losses too. in the context of the 2017 bubble and bitfinex's miraculous recovery, they probably fooled some gamblers into betting on their recovery and locking their money in tokens.
copper member
Activity: 364
Merit: 4
News like this needs to be made more public. Especially in countries where hacking groups operate. Iran, Russia, China, and if anyone can get a message to north korea then let it be this
legendary
Activity: 3010
Merit: 1460
they've parted ways with Neutrino though, so not sure how will they do this analytics.
Not really. They've made some vacuous, meaningless statement (here: https://blog.coinbase.com/living-up-to-our-values-and-the-neutrino-acquisition-ba98174cdcf6) about "transitioning out" the members of Neutrino who were involved with Hacking Team. They provide no details whatsoever about how many members this involves, when they will be "transitioning", or where they will be "transitioning" to. It is a token gesture at most.

Agreed. The real assets of Neutrino is not the software, it is the development team that created the software. I reckon Coinbase will continue to employ the Hacking Team in full capacity but hidden and dangerous.
legendary
Activity: 2590
Merit: 3014
Welt Am Draht
Maybe not Quadriga but WEX under all its names was always welcoming shady funds and shady money sources.
Probably there are a lot of exchanges out there who are solely made for covering up tracks and to launder money, after all I really can't understand the amount of exchange that have daily volume lower than one month of hosting and minimum wage.

It looks like BTC-e was put together solely to launder money. Civilian business was no doubt welcome too but I doubt it would ever have existed but for criminality. Though it was never proven you heard plenty about selective scamming with them locking accounts and demanding ever increasing tiers of ID.

As time goes by I'm pretty sure we'll discover ever more tangled webs of dodginess from early mainstays. The one thing about all this that blows my mind is why anyone went back to Wex other than to get out what they could.
legendary
Activity: 1666
Merit: 1196
STOP SNITCHIN'
Then I found this article from the link in the report where indeed they are stating the same thing:

The exit point for 95% of all the Bitcoin ransom payments were wallets hosted by BTC-e, a Bitcoin trading platform headquartered in Russia.

I mean 95% is a lot, no wonder BTC-e's owner, Alexander Vinnik, was arrested. Although his subsequent fate is unclear. It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.

This story about WEX doesn't surprise me at all given BTC-e's history. I remember reading the press release when BTC-e was indicted -- ransomware activity was the first mentioned criminal activity. There were no AML checks or account reviews and the withdrawal system was completely automated, so it was a paradise for laundering cryptocurrency. It sounds like WEX operated exactly the same, at least until they shut down withdrawals and quietly scammed their users.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Why it doesn't come to a surprise. If we're not hypocrites we all knew that Wex and BTC-e were used for dirty transactions. Since it didn't have any KYC it was the perfect place to use.
In the opposite, there are very few changes that work together on coins acquired from hacks, etc., either by communication or exchange information
hero member
Activity: 798
Merit: 531
Crypto is King.
The fact that we are actually catching these criminals is such a relief. No one should be allowed to get away with this. I am glad that the blockchain works the way it does. Thanks for the post this is really interesting to read.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.

https://bitcoinist.com/bitcoin-fraud-suspect-alexander-vinnik-extradited-to-russia/

From the QuadrigaCX exit scam to moneylaundring on WEX and all other exchange scams, I reckon some exchanges might be working together to move different cryptocoins around for criminals.


Maybe not Quadriga but WEX under all its names was always welcoming shady funds and shady money sources.
Probably there are a lot of exchanges out there who are solely made for covering up tracks and to launder money, after all I really can't understand the amount of exchange that have daily volume lower than one month of hosting and minimum wage.





legendary
Activity: 3374
Merit: 2198
I stand with Ukraine.
This is what caught my attention:

~
From the report:

"We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e)… WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014."
~

Then I found this article from the link in the report where indeed they are stating the same thing:

The exit point for 95% of all the Bitcoin ransom payments were wallets hosted by BTC-e, a Bitcoin trading platform headquartered in Russia.

I mean 95% is a lot, no wonder BTC-e's owner, Alexander Vinnik, was arrested. Although his subsequent fate is unclear. It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.
legendary
Activity: 2268
Merit: 18711
they've parted ways with Neutrino though, so not sure how will they do this analytics.
Not really. They've made some vacuous, meaningless statement (here: https://blog.coinbase.com/living-up-to-our-values-and-the-neutrino-acquisition-ba98174cdcf6) about "transitioning out" the members of Neutrino who were involved with Hacking Team. They provide no details whatsoever about how many members this involves, when they will be "transitioning", or where they will be "transitioning" to. It is a token gesture at most.
sr. member
Activity: 770
Merit: 268
It will be hard to connect the dots, however maybe future blockchain analytics leader Coinbase can help hehehehe.

they've parted ways with Neutrino though, so not sure how will they do this analytics. anyway $6 M is a big amount, more interesting is that WEX doesn't blacklist any address related to this samsam ransomware, hmm.
legendary
Activity: 3010
Merit: 1460
From the QuadrigaCX exit scam to moneylaundring on WEX and all other exchange scams, I reckon some exchanges might be working together to move different cryptocoins around for criminals.

It will be hard to connect the dots, however maybe future blockchain analytics leader Coinbase can help hehehehe.



NewsBTC has reported that the controversial crypto exchange WEX, which was formerly BTC-e, has been used to launder some $6 million worth of Bitcoin acquired by criminals during a series of ransomware attacks last year under the name SamSam. The attacks are believed to have been performed by an Iranian hacker group and two men have been identified by the US Department of Justice.

The men thought to be involved are Haramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, and both apparently have links to WEX. This information comes form a report put out by respected firm, PricewaterhouseCoopers.

From the report:

"We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e)… WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014."

It seems other small exchanges were used to launder crypto as well. The total the group stole from the SamSam attack is somewhere around $30 million, but only $6 million went through WEX.
.

Read in full https://www.chepicap.com/en/news/7889/wex-used-to-launder-money-from-samsam-ransomware-up-to-6-million.html

Read the report https://www.pwc.de/de/strategie-organisation-prozesse-systeme/strategic-intelligence-bulletin-airing-digital-currencys-dirty-laundry.pdf
Jump to: