link3834 link3835 link3836 link3837 link3838 link3839 link3840 link3841 link3842 link3843 link3844 link3845 link3846 link3847 link3848 link3849 link3850 link3851 link3852 link3853 link3854 link3855 link3856 link3857 link3858 link3859 link3860 link3861 link3862 link3863 link3864 link3865 link3866 link3867 link3868 link3869 link3870 link3871 link3872 link3873 link3874 link3875 link3876 link3877 link3878 link3879 link3880 link3881 link3882 link3883 link3884 link3885 link3886 link3887 link3888 link3889 link3890 link3891 link3892 link3893 link3894 link3895 link3896 link3897 link3898 link3899 link3900 link3901 link3902 link3903 link3904 link3905 link3906 link3907 link3908 link3909 link3910 link3911 link3912 link3913 link3914 link3915 link3916 link3917 link3918 link3919 link3920 link3921 link3922 link3923 link3924 link3925 link3926 link3927 link3928 link3929 link3930 link3931 link3932 link3933 link3934 link3935 link3936 link3937 link3938 link3939 link3940 link3941 link3942 link3943 link3944 link3945 link3946 link3947 link3948 link3949 link3950 link3951 link3952 link3953 link3954 link3955 link3956 link3957 link3958 link3959 link3960 link3961 link3962 link3963 link3964 link3965 link3966 link3967 link3968 link3969 link3970 link3971 link3972 link3973 link3974 link3975

Russians and Koreans are the biggest payers to the global ransomware hackers

Russians and Koreans are the biggest payers to the global ransomware hackers

  

                                     There for the taking, but who's watching?
Users with infected computers in Russia and South Korea are so far the two biggest ransom payers to the hackers who mounted a global ransomware attack, called “Wannacry,” yesterday, according to new data from Chainalysis, a provider of software that works with banks, law enforcement agencies, and bitcoin companies to analyze the blockchain for financial crimes.

All bitcoin transactions are permanently recorded on the blockchain, and anyone can view them. Chainalysis crunches these transactions and assigns them to clusters of “entities,” which could be bitcoin exchanges, wallet providers, or bitcoin miners. The firm found that the hackers, who ask for ransom to be sent to three bitcoin addresses, had received a total of nearly $23,000 so far in dollar terms, converted at the point the transaction was made. The two entities that sent the most money to the hackers were bitcoin exchanges serving the Russian and Korean markets. “If you look at the infection rates, a lot of it is in Russia, so [the data] is complementing that,” says Jonathan Levin, a Chainalysis co-founder. “Given that we know the infections are also in Russia, I would say, it’s Russian users.”

Analysis by information security firm Kaspersky Lab showed Russia had the most infections, although South Korea doesn’t appear among the top countries. Here’s the list of where ransoms originated from via Chainalysis:

Counterparty name Counterparty category US dollar value of bitcoins sent
BTC-e.com exchange $4,270.66
Bithumb.com exchange $2,163.48
Bitstamp.net exchange $2,012.15
Kraken.com exchange $1,917.03
Poloniex.com exchange $1,627.24
Unknown uncategorized $1,526.32
Coinbase.com exchange $1,043.04
CoinPayments.net merchant services $849.30
Unknown uncategorized $774.25
CoinOne.co.kr exchange $684.05
LocalBitcoins.com exchange $670.84
Gemini.com exchange $627.97
MaiCoin.com exchange $627.79
Unknown uncategorized $576.62
CoinJar.com exchange $550.05
BitPanda.com exchange $375.71
Bitfinex.com exchange $313.63
Korbit.co.kr exchange $312.10
Bittrex.com exchange $295.78
Unknown uncategorized $294.16
Unknown uncategorized $253.50
Unknown uncategorized $205.33
BitoEX.com exchange $168.11
Xapo.com hosted wallet $165.39
Circle.com exchange $101.01
Bter.com exchange $91.42
Yunbi.com exchange $60.14
Unknown uncategorized $45.28
Paxful.com exchange $44.24
Huobi.com exchange $43.28
Hashnest.com mining pool $20.88
OKCoin.com exchange $15.07
Unknown uncategorized $14.56
Unknown uncategorized $9.60
HaoBTC.com mining pool $7.21
Unknown uncategorized $5.82
AlphaBay Market Tor market $5.41
Unknown uncategorized $2.80
ANXPro (Payout wallet) uncategorized $2.07
Silk Road Marketplace Tor market $1.85
  Total $22,775.16
Source: Chainalysis

There are a few caveats to the data. Levin points out that the payments attributed to “Tor markets,” the term Chainalysis uses to describe darknet markets, are probably “noise” generated by his analysis, and should be ignored. The low payment amount also suggests that it’s unconnected to the ransomware. Each entity could be using thousands of addresses, and it’s Chainalysis’ job to group them accurately. For instance, Levin says that one exchange, Poloniex, uses 376,000 bitcoin addresses, all of which have been clustered by Chainalysis, allowing correct attribution.

Additionally, just because a payment is from an exchange that serves Korean or Russian customers doesn’t necessarily mean the infected users are indeed in Korea or Russia—although it’s a reasonable inference. Lastly, little is known about BTC-E, the exchange at the top of the list, except that its operators are anonymous, it’s one of the longest running exchanges in bitcoin, and it notoriously doesn’t perform the identity checks that regulated exchanges must comply with, and it deals in the ruble-bitcoin market.

Chuck Reynolds
Contributor
Please click either Link to Learn more about Bitcoin.

Alan Zibluk Markethive Founding Member