Cryptocurrency exchange WEX/BTC-e tied to Bitcoin ransomware hackers, report

Big four accountancy group PricewaterhouseCoopers (PwC) has issued a special bulletin connecting the Iranian nationals behind notorious SamSam ransomware and the incredibly infamous cryptocurrency exchange WEX (formerly BTC-e).

The report alleges SamSam creators Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri used the WEX exchange service to launder sizable chunks of the $6 million in Bitcoin BTC generated throughout their 34-month-long international hacking and extortion spree.

“We identified this Iranian money laundering operation as having links with currency exchange WEX (previously known as BTC-e),” declared PwC. “WEX is most notably known for its alleged involvement in the the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95 percent of all ransomware payments made since 2014.”

Last September, the US Department of Justice published full details of the SamSam ransomware campaign, which was found to have caused more than $30 million worth of damages across the US and Canada.

Coinbase 3

More than 200 victims were hit, including hospitals, public institutions, and municipalities.

What was the SamSam ransomware?

The six-count indictment against Savandi and Mansouri alleges that they, while acting from inside Iran, created SamSam in December 2015 with the primary goal of forcibly encrypting data on the computers of their victims.

The pair accessed the computers of victims through various security vulnerabilities found in target machines, which would allow them to install and execute SamSam directly.

Savandi and Mansouri would then extort victims by demanding a Bitcoin ransom for unlocking the data and returning access. Once the payments were collected, the attackers would exchange the Bitcoin into their local currency, primarily through cryptocurrency exchanges based in Iran.

The duo were noted to have further released “refined versions” of SamSam in June and October of 2017.

Their campaign was described as “an Iran-based international computer hacking and extortion scheme that engaged in 21st-century digital blackmail.”

What is WEX/BTC-e?

WEX (formally known as BTC-e) is an online currency exchange desk that came about in 2017. It was opened shortly after US and Greek authorities closed BTC-e by arresting its Russian-borne administrator and suspected co-founder.

BTC-e is understood to have been a hotspot for cryptocurrency-related money laundering. It was actually Russia’s oldest cryptocurrency exchange, and more than $4 billion is believed to have been laundered through it from 2014 to 2017, including Bitcoins related to the Mt. Gox saga.

Impressively, 95-percent of all ransomware payments made between 2014 and 2017 is believed to have been laundered through BTC-e. Approximately $1.9 million in Bitcoin ransoms generated by SamSam is understood to have been “cashed out” through BTC-e.

Cryptocurrency exchange WEX/BTC-e tied to Bitcoin ransomware hackers, report 1
Not only do they look the same, but WEX inherited the BTC-e domain

“WEX claims to be unrelated to BTC-e but its website design and trading pairs are almost identical, and it migrated over all the exchange‘s former users after BTC-e was shut down,” wrote PwC.

The WEX connection

Leveraging information published by the US Department of the Treasury’s Office of Foreign Assets Control (OFAC), PwC was able to link the SamSam duo to the WEX cryptocurrency exchange.

In particular, the report lists individuals previously named by OFAC as primary Bitcoin launderers for the SamSam hackers. PwC ties Mohammad Ghorbaniyan and Ali Khorashadizadeh to services associated with WEX, as well as a secondary exchange in Slovakia.

In fact, Mohammad Ghorbaniyan is named as the sole contact for a website known as enexchanger[.]com. The listed trading pairs on “enexchanger” include multiple cryptocurrencies and other digital assets, including incredibly sketchy “currencies” like WebMoney and Perfect Money.

“One of the cryptocurrency swaps offered is WEX-code to USD, which is a code that allows transferring of funds directly from wex[.]nz (WEX) users,” PwC’s report declared. “Both criminal and nation state threat actors are associated with the currency exchange BTC-e/WEX.”

PwC also noted that the use of Iran and Slovakia-based exchanges indicates threat actors favor using “lesser-known” currency exchanges to launder dirty cryptocurrency, as more popular exchanges tend to have compliance programs to detect illicit activities.

Indeed, cryptocurrency researchers found that exchanges in countries with little-to-no rules in place to curtail digital money laundering received 36 times more Bitcoin from criminally-linked groups than those that had reasonable regulations in place.

The report also urges the public to never make payments to ransomers unless they have made a threat to life.

“Paying a ransom is considered a poor practice because it encourages a threat actor to continue using ransomware and does not always guarantee that a decryption key will be provided. Furthermore, the paying of a ransom now has profound legal implications because this action could also violate US sanctions,” it concluded.

Published March 4, 2019 — 17:20 UTC

Cryptocurrency exchange WEX/BTC-e tied to Bitcoin ransomware hackers, report 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 48,097.00
ethereum
Ethereum (ETH) $ 3,620.46
cardano
Cardano (ADA) $ 2.46
tether
Tether (USDT) $ 1.01
binance-coin
Binance Coin (BNB) $ 426.93
xrp
XRP (XRP) $ 1.11
solana
Solana (SOL) $ 156.11
polkadot
Polkadot (DOT) $ 35.14
dogecoin
Dogecoin (DOGE) $ 0.241736
usd-coin
USD Coin (USDC) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 48,097.00
ethereumEthereum (ETH)
$ 3,620.46
tetherTether (USDT)
$ 1.01
bitcoin-cashBitcoin Cash (BCH)
$ 638.19
litecoinLitecoin (LTC)
$ 190.25
bitcoinBitcoin (BTC)
40.678,28
ethereumEthereum (ETH)
3.062,02
tetherTether (USDT)
0,854213
bitcoin-cashBitcoin Cash (BCH)
539,75
litecoinLitecoin (LTC)
160,90
bitcoinBitcoin (BTC)
34,667.12
ethereumEthereum (ETH)
2,609.54
tetherTether (USDT)
0.727983
bitcoin-cashBitcoin Cash (BCH)
459.99
litecoinLitecoin (LTC)
137.13

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

Crypto Scams
Crypto Scams Still Persistent In 2021, SEC Warns About Red Flags To Watch
September 9, 2021
Poly Network
Here’s How Hackers Stole Over $600 million in the Poly Network Attack
August 12, 2021
The World’s Most Infamous Crypto Hacks and Scams
July 31, 2021
Cryptocurrency Exchanges
Cryptocurrency Exchanges and the Plague of Scams and Bans
June 29, 2021
What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021

Blockchain/Cryptocurrency Questions and Answers

Beginner’s Guide to Investing in Cryptocurrency
August 9, 2021
Short-Sell Cryptocurrency
How to Short-Sell Cryptocurrency: A Brief Overview
July 17, 2021
Klaytn
What Is Klaytn (KLAY) And How Does It Work?
July 16, 2021
Cryptocurrencies
Our Crypto Roundup Interview Asks- Do Cryptocurrencies Have a Future?
July 15, 2021
Solana
What Is Solana (SOL) And How Does It Work?
June 26, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin48,122 0.61 % 0.76 % 4.42 %
Ethereum3,621.0 0.24 % 2.63 % 3.55 %
Cardano2.460 0.01 % 4.43 % 0.88 %
Tether0.9986 0.03 % 0.08 % 0.23 %
Binance Coin426.97 0.46 % 2.15 % 3.13 %
XRP1.100 0.04 % 1.13 % 0.24 %
Solana156.06 0.46 % 4.42 % 17.58 %
Polkadot30.87 2.19 % 17.29 % 10.73 %
Dogecoin0.2418 0.34 % 1.78 % 5.76 %
USD Coin1.000 0.20 % 0.21 % 0.03 %

bitcoin
Bitcoin (BTC) $ 48,097.00
ethereum
Ethereum (ETH) $ 3,620.46
cardano
Cardano (ADA) $ 2.46
tether
Tether (USDT) $ 1.01
binance-coin
Binance Coin (BNB) $ 426.93
xrp
XRP (XRP) $ 1.11
solana
Solana (SOL) $ 156.11
polkadot
Polkadot (DOT) $ 35.14
dogecoin
Dogecoin (DOGE) $ 0.241736
usd-coin
USD Coin (USDC) $ 1.00