The hackers that infected the systems of travel giant CWT and got the firm to pay a $4.5 million ransom in bitcoin to them have managed to launder $1.5 million of the BTC using crypto exchange Binance.
As CryptoGlobe reported, the travel management firm CWT saw hackers allegedly lock 30,000 of its computers and demand a ransom of $10 million that was negotiated down to $4.5 million. After the funds were paid out, the hackers gave the firm a decryption key and some security tips.
Cryptocurrency wallet ZenGo conducted on-chain analysis to find out where the funds went after CWT paid the hackers. It found that CWT paid out 1 BTC as a test first, before sending over the other 413 BTC that both parties agreed they would pay.
After the funds arrived on the address the hackers controlled, 102 BTC were moved to one address, and 310 BTC to another. ZenGo found that these addresses likely represent two parties behind the ransomware, as one address uses a “legacy” address format, while the second one uses a modern one. Moreover, they cashed out the funds in a different way, at very different times.
While the second address split its 310 BTC into equal parts of 155 BTC after receiving them and so far mostly cashed out using Binance, the first one barely cashed out using cryptoasset exchanges, ZenGo writes.
In total, one of the parties managed to use the leading cryptocurrency exchange, which enforces know-your-customer checks, to launder $1.5 million. This was done by splitting the funds across several addresses on exchanges, as sending a $1.5 million transaction to the exchange would have triggered Binance’s security systems.
Instead, the hacker avoided scrutiny via smaller payments. Every tie an address sent a small amount of funds to Binance, it also sent change to another address under the attackers’ control. The process was repeated to launder 155 BTC.
ZenGo notes that the hacker initially sent 1.5 BTC to ensure the funds would be accepted on Binance, and that he would be able to launder them. They then gradually increased the amounts being sent per transaction up to 12 BTC.
The remaining 155 BTC were sent to other exchanges like Huobi, ZenGo writes, but did not show such a clear pattern.