A recent PwC report shows that hackers were able to launder stolen funds via the WEX crypto exchange, a site that previously found itself mired in similar accusations.
The Big Four audit firm’s report links the SamSam Bitcoin (BTC) ransomware attacks that were perpetrated by alleged Iranian nationals to WEX after analyzing data related to the attacks that lasted well over two years.
PwC based its report on information previously provided by the U.S. Department of Justice (DoJ). Authorities had indicted two Iranians for being the masterminds behind the extortion scheme.
According to the DOJ, Mohammad Mehdi Shah Mansouri and Faramarz Shahi Savandi were the creators of the SamSam ransomware that demanded victims pay in Bitcoin (BTC).
The security breaches reportedly caused extensive damage to multiple companies within the U.S. and did not spare hospitals, universities, and government agencies.
The attacks lasted for nearly 34 months, a timeframe that saw the hackers extort more than $6 million paid in BTC, with overall losses suffered by companies and institutions amounting to over $30 million.
Another two Iranian citizens were also implicated in the ransomware attacks and were subsequently sanctioned by the Office of Foreign Assets Control (OFAC).
According to the U.S. Department of the Treasury’s OFAC, Mohammad Ghorbaniyan and Ali Khorashadizadeh operated Iran-based digital asset exchanges and offered help to Savandi and Mansouri in exchanging the extorted bitcoins.
And now, PwC reports that the two individuals (Khorashadizadeh and Ghorbaniyan) have links to the WEX crypto exchange. The auditing firm said that it arrived at this conclusion after an analysis of emails and wallet addresses the U.S. government provided regarding the SamSam scheme.
WEX, a bitcoin exchange previously known as BTC-e before undergoing a rebrand in September 2017, finds itself again at the center of a ransomware scheme. At the time of the rebranding, the crypto exchange had hoped it would distance itself from the controversy of an earlier investigation into its money laundering links.
Problems for the exchange exploded in July 2017 when the U.S. government seized BTC-e’s domain, a move that shuttered the platform leading to the changes.
However, the PwC report now states that the crypto exchange helped the hackers exchange nearly $1.9 million in BTC funds from the SamSam attacks.
According to the report, BTC-e’s involvement in money laundering is a well-known fact, with the platform helping attackers launder approximately $4 billion. It was also “responsible for cashing out 95 percent of all ransomware payments made from 2014 to 2017,” the PwC report added.
PwC also cites a different investigation that places BTC-e at the center of yet another scandalous allegation.
As per information from a Russian intelligence unit, the Directorate of the General Staff (GRU), the exchange has links with “Fancy Bear,” a cyber-espionage group that purportedly attacked the Democratic National Committee in 2016.
A former operator of the now-defunct platform Alexander Vinnik was arrested in July 2017 in Greece and has been held since for his role in fraud and money laundering. The alleged launderer recently began a hunger strike, claiming that he deserves a fair trial.
The move has drawn the attention of officials from the Russian human rights movement who want Vinnik extradited to Russia due to his health.
Disclaimer: This is not investment advice. Cryptocurrencies are highly volatile assets and are very risky investments. Do your research and consult an investment professional before investing. Never invest more than you can afford to lose. Never borrow money to invest in cryptocurrencies.