Reading time: ~ 2 m
Outgoing transactions from an address belonging to the ransomware 120 BTC on behalf of the “client of the WEX cryptocurrency exchange” are sent to the wallets of a number of trading platforms with mandatory user verification. This was announced by the CEO of Indefibank Sergey Mendeleev in his Telegram channel.
One of the addresses belongs to the Binance exchange. According to Mendeleev, this could help Russian law enforcement officers identify the attacker.
“Approve, [что вся цепочка адресов до момента попадания на Binance принадлежит Costya Ransom]of course not. But by setting the owner of the address on Binance, you can find out from him who sent him funds and what he received in return. This is a standard investigation procedure, especially since there are not 20 translations, but only five, ”he clarified in a comment to ForkLog.
Data: Crystal Blockchain.
The editors have requested comments from Binance representatives, but have not received a response at the time of writing.
In addition, some of the funds from the ransomware wallet ended up on the Kraken, Kucoin and Gate.io exchanges through a chain of transactions. Mendeleev added that law enforcement agencies should also send inquiries to these trading platforms, although “the chains there are longer and the connections are not so obvious.”
Speaking about who could be behind the series of false mines, the expert clarified that he does not believe in any of the popular versions, according to which both a real WEX client from Kiev and the team of entrepreneur Konstantin Malofeev could be involved in sending messages.
“I don’t admit the thought that Konstantin could somehow be involved in such delirium, but I don’t believe in WEX clients either, their lists are known and he would have been instantly figured out. Much more interesting is why the mining suddenly stopped? What about the criminal case? Is it related to the case of WEX itself in the proceedings of the Ministry of Internal Affairs of the Russian Federation? I don’t even ask where the billion-dollar crypt has gone, ”Mendeleev explained.
At the moment, there is 0.11 BTC (just over $ 5300) on the miner’s wallet. The last receipt is dated June 2021.
Recall that a series of false mines on the territory of the Russian Federation began in November 2019, shortly after the publication of an investigation by the BBC on the possible involvement of businessman Konstantin Malofeev and FSB officers in the theft of funds from users of the WEX cryptocurrency exchange (successor to BTC-e) totaling $ 450 million. “Demanded to pay him 120 BTC stolen from the exchange
To suppress the activities of the “miner” Roskomnadzor, at the request of the FSB, blocked the mail services StartMail and ProtonMail, which he used in the mailing list. Later, ProtonMail conducted its own investigation and deleted the mailboxes associated with the attacker.
After that, the “miner” switched to various services of disposable mailing addresses.
In November, the Investigation Department of the Ministry of Internal Affairs of the Russian Federation refused to freeze WEX clients in the amount of 10,016 ETH, which were withdrawn from the platform wallet in September by unknown persons.
#Part #bitcoins #wallet #calling #WEX #client #minera #Binance
