[2019-03-05] WEX used to launder money from SamSam Ransomware, up to $6 million

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: bbc.reporter on March 06, 2019, 09:03:29 PM

@figmentofmyass. I reckon most of the volume traded in Btce, now Wex, are not from ordinary cryptocoin traders. They might be from money launderers who control many fake accounts in the site to trade with each other then withdraw the coins by using clean accounts.

maybe, maybe not. BTC-E was my primary exchange for 4 years ever since i got into trading. every trader i know from back in the day traded there at one point or another. it was one of the oldest and trusted exchanges. even if it was created to launder money, that was only possible because there was so much legitimate trading volume. tbh i always respected them for their wild west ethic. people say they were shady and locked down accounts for no reason but i and many people i know used them with no problems for several years.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

@figmentofmyass. I reckon most of the volume traded in Btce, now Wex, are not from ordinary cryptocoin traders. They might be from money launderers who control many fake accounts in the site to trade with each other then withdraw the coins by using clean accounts.

figmentofmyass

legendary

Activity: 1652

Merit: 1483

Quote from: gentlemand on March 05, 2019, 08:39:45 PM

The one thing about all this that blows my mind is why anyone went back to Wex other than to get out what they could.

you have to admit, their recovery was pretty impressive. some people (especially troll boxers) probably stuck by them just for stickin it to the man. Cheesy

in all seriousness, i've got some friends in the CIS countries and they tell me exchange options for ruble are very slim. the consensus seems to be that EXMO and BTC-E = the same people (at least at one point anyway). that basically leaves local exchanges with very low liquidity and in-person exchangers. crypto traders being the gamblers they are, many stuck it out i guess.

on that note, they had issued debt tokens for the btc-e losses too. in the context of the 2017 bubble and bitfinex's miraculous recovery, they probably fooled some gamblers into betting on their recovery and locking their money in tokens.

btyco

copper member

Activity: 364

Merit: 4

News like this needs to be made more public. Especially in countries where hacking groups operate. Iran, Russia, China, and if anyone can get a message to north korea then let it be this

bbc.reporter

legendary

Activity: 3010

Merit: 1460

Quote from: o_e_l_e_o on March 05, 2019, 10:01:16 AM

Quote from: anu1908 on March 05, 2019, 04:26:12 AM

they've parted ways with Neutrino though, so not sure how will they do this analytics.

Not really. They've made some vacuous, meaningless statement (here: https://blog.coinbase.com/living-up-to-our-values-and-the-neutrino-acquisition-ba98174cdcf6) about "transitioning out" the members of Neutrino who were involved with Hacking Team. They provide no details whatsoever about how many members this involves, when they will be "transitioning", or where they will be "transitioning" to. It is a token gesture at most.

Agreed. The real assets of Neutrino is not the software, it is the development team that created the software. I reckon Coinbase will continue to employ the Hacking Team in full capacity but hidden and dangerous.

gentlemand

legendary

Activity: 2590

Merit: 3015

Welt Am Draht

Quote from: stompix on March 05, 2019, 12:26:36 PM

Maybe not Quadriga but WEX under all its names was always welcoming shady funds and shady money sources.
Probably there are a lot of exchanges out there who are solely made for covering up tracks and to launder money, after all I really can't understand the amount of exchange that have daily volume lower than one month of hosting and minimum wage.

It looks like BTC-e was put together solely to launder money. Civilian business was no doubt welcome too but I doubt it would ever have existed but for criminality. Though it was never proven you heard plenty about selective scamming with them locking accounts and demanding ever increasing tiers of ID.

As time goes by I'm pretty sure we'll discover ever more tangled webs of dodginess from early mainstays. The one thing about all this that blows my mind is why anyone went back to Wex other than to get out what they could.

squatter

legendary

Activity: 1666

Merit: 1196

STOP SNITCHIN'

Quote from: Betwrong on March 05, 2019, 10:15:09 AM

Then I found this article from the link in the report where indeed they are stating the same thing:

Quote from: https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/

The exit point for 95% of all the Bitcoin ransom payments were wallets hosted by BTC-e, a Bitcoin trading platform headquartered in Russia.

I mean 95% is a lot, no wonder BTC-e's owner, Alexander Vinnik, was arrested. Although his subsequent fate is unclear. It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.

This story about WEX doesn't surprise me at all given BTC-e's history. I remember reading the press release when BTC-e was indicted -- ransomware activity was the first mentioned criminal activity. There were no AML checks or account reviews and the withdrawal system was completely automated, so it was a paradise for laundering cryptocurrency. It sounds like WEX operated exactly the same, at least until they shut down withdrawals and quietly scammed their users.

LeGaulois

copper member

Activity: 2940

Merit: 4101

Top Crypto Casino

Why it doesn't come to a surprise. If we're not hypocrites we all knew that Wex and BTC-e were used for dirty transactions. Since it didn't have any KYC it was the perfect place to use.
In the opposite, there are very few changes that work together on coins acquired from hacks, etc., either by communication or exchange information

peonminer

hero member

Activity: 798

Merit: 531

Crypto is King.

The fact that we are actually catching these criminals is such a relief. No one should be allowed to get away with this. I am glad that the blockchain works the way it does. Thanks for the post this is really interesting to read.

stompix

legendary

Activity: 2912

Merit: 6403

Blackjack.fun

Quote from: Betwrong on March 05, 2019, 10:15:09 AM

It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.

https://bitcoinist.com/bitcoin-fraud-suspect-alexander-vinnik-extradited-to-russia/

Quote from: bbc.reporter on March 04, 2019, 10:05:47 PM

From the QuadrigaCX exit scam to moneylaundring on WEX and all other exchange scams, I reckon some exchanges might be working together to move different cryptocoins around for criminals.

Maybe not Quadriga but WEX under all its names was always welcoming shady funds and shady money sources.
Probably there are a lot of exchanges out there who are solely made for covering up tracks and to launder money, after all I really can't understand the amount of exchange that have daily volume lower than one month of hosting and minimum wage.

Betwrong

legendary

Activity: 3374

Merit: 2198

I stand with Ukraine.

This is what caught my attention:

Quote from: bbc.reporter on March 04, 2019, 10:05:47 PM

~
From the report:

"We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e)… WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014."
~

Then I found this article from the link in the report where indeed they are stating the same thing:

Quote from: https://www.bleepingcomputer.com/news/security/95-percent-of-all-ransomware-payments-were-cashed-out-via-btc-e-platform/

The exit point for 95% of all the Bitcoin ransom payments were wallets hosted by BTC-e, a Bitcoin trading platform headquartered in Russia.

I mean 95% is a lot, no wonder BTC-e's owner, Alexander Vinnik, was arrested. Although his subsequent fate is unclear. It looks like Vinnik was extradited to Russia finally, or is going to be extradited there soon.

o_e_l_e_o

legendary

Activity: 2268

Merit: 18711

Quote from: anu1908 on March 05, 2019, 04:26:12 AM

they've parted ways with Neutrino though, so not sure how will they do this analytics.

Not really. They've made some vacuous, meaningless statement (here: https://blog.coinbase.com/living-up-to-our-values-and-the-neutrino-acquisition-ba98174cdcf6) about "transitioning out" the members of Neutrino who were involved with Hacking Team. They provide no details whatsoever about how many members this involves, when they will be "transitioning", or where they will be "transitioning" to. It is a token gesture at most.

anu1908

sr. member

Activity: 770

Merit: 268

Quote from: bbc.reporter on March 04, 2019, 10:05:47 PM

It will be hard to connect the dots, however maybe future blockchain analytics leader Coinbase can help hehehehe.

they've parted ways with Neutrino though, so not sure how will they do this analytics. anyway $6 M is a big amount, more interesting is that WEX doesn't blacklist any address related to this samsam ransomware, hmm.

bbc.reporter

legendary

Activity: 3010

Merit: 1460

From the QuadrigaCX exit scam to moneylaundring on WEX and all other exchange scams, I reckon some exchanges might be working together to move different cryptocoins around for criminals.

It will be hard to connect the dots, however maybe future blockchain analytics leader Coinbase can help hehehehe.

NewsBTC has reported that the controversial crypto exchange WEX, which was formerly BTC-e, has been used to launder some $6 million worth of Bitcoin acquired by criminals during a series of ransomware attacks last year under the name SamSam. The attacks are believed to have been performed by an Iranian hacker group and two men have been identified by the US Department of Justice.

The men thought to be involved are Haramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, and both apparently have links to WEX. This information comes form a report put out by respected firm, PricewaterhouseCoopers.

From the report:

"We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e)… WEX is most notably known for its alleged involvement in the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014."

It seems other small exchanges were used to launder crypto as well. The total the group stole from the SamSam attack is somewhere around $30 million, but only $6 million went through WEX..

Read in full https://www.chepicap.com/en/news/7889/wex-used-to-launder-money-from-samsam-ransomware-up-to-6-million.html

Read the report https://www.pwc.de/de/strategie-organisation-prozesse-systeme/strategic-intelligence-bulletin-airing-digital-currencys-dirty-laundry.pdf

Topic: [2019-03-05] WEX used to launder money from SamSam Ransomware, up to $6 million (Read 211 times)