Monitoring WannaCry hackers' bitcoin addresses in real time

[Pattberry]

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

It is quite obvious that not everyone is going to comply with the extortion demands if the affected computers does not have anything important or they have a back up and most of the big companies does have a back up and so that they will format the hard disk and then use the back up,IT department will be having a hard time to solve the issues ASAP.

[1713306727]

1713306727

[bartolo]

This must be an awesome post for a change! That’s fascinating! I just checked one of the addresses and there is around 26 grand in that one address so they must have quite a lot by now. I wonder though what mixer would ever accept that much money and it would sure take a long time for the money to be laundered. Of course you also would have to do it with multiple launderers so I don’t know what their plan is.

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

For example buying $50 Monero for BTC in one round and selling them later for bitcoins. Repeat every week and discharge on exchange slowly. 100% guarantee of anonymity, but it works only if you have bitcoin business.

Well, you seem to be missing something here

Or maybe it is just me. So how are you going to buy Monero if your bitcoins are tainted? By tainted I mean the bitcoins that come from the wallet which the victims of this ransomware have been sending their monies to. There is no guarantee that your bitcoins won't be confiscated when you try to buy something with them. Indeed, you can sell them off the market to someone unsuspecting, but by doing this you will just expose them to the same risk of having their coins taken (though the hackers wouldn't give a fuck about that, obviously)

Even if they were fast enough to avoid confiscation they would be leaving a trail. The IP with which they would register and connect in the exchange, the operations made and bitcoin address to which they would make the withdrawal later.

[freedomno1]

Even if they were fast enough to avoid confiscation they would be leaving a trail. The IP with which they would register and connect in the exchange, the operations made and bitcoin address to which they would make the withdrawal later.

That presumes the hacker's decide to send them when the heat is still on, if someone sends the coins years down the line when no one is watching besides the few government agents who keep track of registries then they could execute a quick transfer before people wake up to it.
Kind of like criminals who deal in Fine Art or I guess in Modern Terms ISIS artifact resellers for Palmyra objects.
(But I agree by all accounts the amount these recieved was small but I am guessing they will be Holding it till it reaches a million or so and the ransom value appreciates over time.)

[1Referee]

They've got about 50 known Bitcoin, or about $112,500.  Considering just how many computers they infected and the fact that the price went up loads since the start, I'd call that a huge failure from them.

If you look at the total number of infected machines versus the paid ransom, then it's not really in line, but in reality it's a great bit of funds that has been collected in such a short period of time. Especially when you consider that it might be just one person counting his profits. Where do you get to earn that much without doing any real effort?

[BurtW]

What was the final known total of bitcoin's that they managed to get paid? They didn't get that many compared to what they were demanding the last time I looked.

All these companies & organisations just ignored the demands?

Current links to their addresses:

https://blockchain.info/address/12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw
https://blockchain.info/address/115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn
https://blockchain.info/address/13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94

They've got about 50 known Bitcoin, or about $112,500.  Considering just how many computers they infected and the fact that the price went up loads since the start, I'd call that a huge failure from them.

It is easier to use this link:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

It give you the total from all three addresses.

[deisik]

Obviously, they don't need to launder all that amount at once

Moreover, even if some mixer could process that many bitcoins (which is not that many really, to tell the truth), it simply doesn't make sense to dump all these coins all at once unless the hackers are 100% certain that they won't be soon parted with their "hard-earned" and "well-deserved" bitcoins. If they are not so sure (which might well be the case), it would make sense to divide the spoil into small portions and launder them separately and cautiously. Other than that, they might not be interested in cashing out altogether

For example buying $50 Monero for BTC in one round and selling them later for bitcoins. Repeat every week and discharge on exchange slowly. 100% guarantee of anonymity, but it works only if you have bitcoin business.

Well, you seem to be missing something here

Or maybe it is just me. So how are you going to buy Monero if your bitcoins are tainted? By tainted I mean the bitcoins that come from the wallet which the victims of this ransomware have been sending their monies to. There is no guarantee that your bitcoins won't be confiscated when you try to buy something with them. Indeed, you can sell them off the market to someone unsuspecting, but by doing this you will just expose them to the same risk of having their coins taken (though the hackers wouldn't give a fuck about that, obviously)

Even if they were fast enough to avoid confiscation they would be leaving a trail. The IP with which they would register and connect in the exchange, the operations made and bitcoin address to which they would make the withdrawal later

I'm not sure of that

I don't really know the gory details of how truely anonymous coins work (and how exchanges work with them either), but as far as I understand it, once you withdraw to Monero wallet all traces are effectively lost since when you transact with coins built on the Cryptonite algorithm, you can't trace the wallets in the same way like you do with Bitcoin transactions and wallets. In other words, the Cryptonite network itself works as a coin mixer of sorts. Regarding IP's, you just use a VPN and get done with that

[BurtW]

They now have over 50 Bitcoins:

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet

[jmigdlc99]

Just reviewed these wannacry ransom addresses. It seems they have started cashing out, almost half the amount from each address.

Are there any updates? Is there anything being done to further track this?

[oegarod]

Just reviewed these wannacry ransom addresses. It seems they have started cashing out, almost half the amount from each address.

Are there any updates? Is there anything being done to further track this?

Wannacry made a big negative impact on the bitcoin just because of the negative way bitcoin is being used. Bitcoin address of the concern ransomware tracking on real time is not that possible cent percent.

[stompix]

Just reviewed these wannacry ransom addresses. It seems they have started cashing out, almost half the amount from each address.

Are there any updates? Is there anything being done to further track this?

No, it fits perfectly what I have said in both threads about wannacry

At first people will be enthusiastically tracking coins like Conan the Detective but after a while they will get bored, the subject will lose interest, the coins will already be sold by he time somebody bumps this post and it will be another forgotten story till the next ransomware.

And even if you track them, who is going to do what?

 

[Nasgar Hard]

We just build 3D visitation of transaction from wannacry wallet

https://blockchainnew.herokuapp.com/wannacry3d

Adding more data and interactivity now so please feel free to add any feedback.
Would really appreciate that.
Thx

[stompix]

We just build 3D visitation of transaction from wannacry wallet

https://blockchainnew.herokuapp.com/wannacry3d

Adding more data and interactivity now so please feel free to add any feedback.
Would really appreciate that.
Thx

Awesome work but I get the feeling of a disease spreading inside of me when looking at it:). Joking of course.
What's the meaning of different colors?
It gets darker with every coin movement?

[Nasgar Hard]

For now colors just how far wallets are from the starting one.
You arrows shows transitions flow.
More labels are coming to this tool.
It's a pilot of tool to see blockchain better.

Yeah - it definitely looks like some virus on the beginning

[Nasgar Hard]

Here is better version of it https://blueshift.io/wannacry-blockchain.html
Press Arrow to see next layer of transactions

[JamesAHurtado]

all controls and resource. This is a community bitcoin action that can be affected by this in the future I guess.
you put it into it. I got payment for the program promises and I just prom to it. If you think that I have taken a program please do not hesitate to PM and I am sure that they are running a program or other other. Can not say who sent the ransom to the address, even if the user ransom, their system is still not decay.
As far as I know, one can overcome it.