Outgoing transactions from an address belonging to the ransomware 120 BTC on behalf of the “client of the WEX cryptocurrency exchange” are sent to the wallets of a number of trading platforms with mandatory user verification. About it reported Indefibank CEO Sergei Mendeleev on his Telegram channel.
One of the addresses belongs to the Binance exchange. According to Mendeleev, this could help Russian law enforcement officers identify the attacker.
“But by setting the owner of the address on Binance, you can find out from him who sent him funds and what he received in return. This is a standard investigation procedure, especially since there are not 20 translations, but only five, ”he clarified in a comment to Cryplogger.
Product Development Director Crystal blockchain Kirill Chikhrazde said in a comment for Cryplogger that the specified address sends all transactions to Binance’s hot wallet.
“However, it is possible that some darknet exchanger uses it as a deposit wallet on the exchange. At the beginning of the chain starting from the Costya Ransom address, there are small clusters with suspicious patterns that could potentially turn out to be exchangers, ”he added.
Analyst companies also mention this address as belonging to Binance.
The editors have requested comments from Binance representatives, but have not received a response at the time of writing.
In addition, part of the funds from the ransomware wallet through the chain of transactions ended up on the Kraken and Kucoin exchanges. Mendeleev added that law enforcement agencies should also send inquiries to these trading platforms, although “the chains there are longer and the connections are not so obvious.”
Speaking about who could be behind the series of false mines, the expert clarified that he does not believe in any of the popular versions, according to which both a real WEX client from Kiev and the team of entrepreneur Konstantin Malofeev could be involved in sending messages.
“I don’t admit the thought that Konstantin could somehow be involved in such delirium, but I don’t believe in WEX clients either, their lists are known and he would have been instantly figured out. Much more interesting is why the mining suddenly stopped? What about the criminal case? Is it related to the case of WEX itself in the proceedings of the Ministry of Internal Affairs of the Russian Federation? I don’t even ask where the billion-dollar crypt has gone, ”Mendeleev explained.
Since its inception on miner wallet received 0.11 BTC (just over $ 5300 at the moment). The last receipt is dated June 2021.
Recall that a series of false mines on the territory of the Russian Federation began in November 2019, shortly after the publication of an investigation by the BBC on the possible involvement of businessman Konstantin Malofeev and FSB officers in the theft of funds from users of the WEX cryptocurrency exchange (successor to BTC-e) totaling $ 450 million. “Demanded to pay him 120 BTC stolen from the exchange
To suppress the activities of the “miner” Roskomnadzor, at the request of the FSB, blocked the mail services StartMail and ProtonMail, which he used in the mailing list. Later, ProtonMail conducted its own investigation and deleted the mailboxes associated with the attacker.
After that, the “miner” switched to various services of disposable mailing addresses.
In November, the Investigation Department of the Ministry of Internal Affairs of the Russian Federation refused to freeze WEX clients in the amount of 10,016 ETH, which were withdrawn from the platform wallet in September by unknown persons.