Monitoring WannaCry hackers' bitcoin addresses in real time

[W5k]

https://bitinfocharts.com/bitcoin/wallet/WannaCry-wallet
3 addresses (13AM4VW2dhxYgXeQepoHkHSQuy6NgaEb94 12t9YDPgwueZ9NyMgw519p7AA8isjr6SMw 115p7UMMngoj1pMvkpHijcRdfJNXj6LrLn) in one chart
22.89 BTC thus far

[worldmobilecoin]

Some of the media are blaming them on the drop in BTC price as they happened simultaneously. Make sense to me. What do you think?

I doubt it. The bulk of people being affected don't control the btc market. The whole market is in a bubble. Bubbles burst...eventually.

Maybe the market is just looking for a reason or reasons. Like you said people are afraid to jump.

Yea, you are right. There must be a reason to move trading market price. Especially when a speculation appear, people will afraid and left the market.

[PuraPuraBego]

That's hurt for those who got that shit. Anyone have trying with paying with low cost likely possibly to tranasaction will be rejected / refunded?

[zend7]

Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?

Putting the coins through a mixing service most likely.

The well known mixing service like Bitmixer and a few others will not accept mixing money from those addresses but unfortunately the deep web ones will not give a shit from which addresses the money are coming and it will mix their coins and the hackers in cyber crimes will go unpunished as always. Even the FBI admitted yesterday that they are having a hard time tracking the location or different locations of this attack as they believe to be many people from many countries. Good thing is very few bitcoins are collected from an attack of this caliber.

[bitcoinvestor]

This is one very bad crime. They are washing the data and then forcing it to do a transaction with bitcoin.
This can make bitcoin less trustworthy. Just imagine they use bitcoin for crime.

It is a blow to bitcoin or crypto community. Bitcoin or crypto wil earn negative views from all many people. They will tend to mindset that cyber crimes are related to bitcoin or cryptocurrencies. That's a bad news.

[ecnalubma]

In the beginning internet is not a safe place for everyone. Click, download, register etc. at your own risk.

[bitbunnny]

This is one very bad crime. They are washing the data and then forcing it to do a transaction with bitcoin.
This can make bitcoin less trustworthy. Just imagine they use bitcoin for crime.

It is a blow to bitcoin or crypto community. Bitcoin or crypto wil earn negative views from all many people. They will tend to mindset that cyber crimes are related to bitcoin or cryptocurrencies. That's a bad news.

Exactly. Even without attaks like this many people still see Bitcoin as criminal currency and used for criminal activities and things like this only makes situation worse. That is why is necessary to inform people about good sides of Bitcoin and how could be used for good purposes.
And in regard to WannaCry the story isn't over yet.

[tosmartak]

That’s a pretty nice payday for not really doing anything all day. I am pretty sure that the hacker might’ve paid for the ransom software so he might be in the negative right now.
What is kind of surprising to me is that these people have Bitcoin already installed or they have already verified their profiles on Bitcoin Exchanges that allowed them to pay the ransom. That was really fast considering how Bitcoin is pretty new to the scene, somebody should fire the tech guy.

Even if you don't know about it before, there are some occasions that will warrant you to be a fast learner by all means and moreover, it doesn't take up to 30 minutes to get a verified bitcoin wallet. With someone firing the tech guy,  it is possible the organisation didn't consider anything regarding cybersecurity which is a huge department on its own but at least the tech guy should have been backing up one way or the other, so I agree with you, he should be fired.

[Pursuer]

are we sure all of these are legit payments from victims of this malware?
I mean the hackers could have simply sent some bitcoin to those addresses just to hype things up and show others that other virtual victims are paying the ransom so you (the real victim) should pay it too!

you know like what some businesses do, put some money in to show your business is active and have customers

[BitcoinHunt3r]

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

[HAARP]

What is the garbage they've done? What do they exactly do, I mean...

[deisik]

Now how they will spend their hard earned hacking money, considering the addresses are known and probably are blacklisted everywhere?

Putting the coins through a mixing service most likely.

The well known mixing service like Bitmixer and a few others will not accept mixing money from those addresses but unfortunately the deep web ones will not give a shit from which addresses the money are coming and it will mix their coins and the hackers in cyber crimes will go unpunished as always. Even the FBI admitted yesterday that they are having a hard time tracking the location or different locations of this attack as they believe to be many people from many countries. Good thing is very few bitcoins are collected from an attack of this caliber.

That would do a bad service for these mixers

After all, they are there specifically to cover your steps. Indeed, it could be claimed that some mixing is legitimate while other is not but who is there to judge? If we are to distinguish between "bad" and "good" bitcoins, why not then revert the blockchain after every victim pays the ransom and successfully decrypts their files? Or just block these bitcoins in their wallets for good by demanding from miners not to confirm the transactions outgoing from the offending wallets? These are tough questions

[unamis76]

Hmm... The ransomware would then need to centrally keep track of which transaction ids have been used.
What is somebody just copies the transaction id once the transaction is broadcast and keys it into the ransomware?

That's what I was suggesting.

hi!
Maybe this address is also used.
===
1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY
===

from:
https://twitter.com/malwrhunterteam/status/851687635554848768

Appears so

https://blockchain.info/address/1QAc9S5EmycqjzzWDc1yiWzr9jJLC8sLiY

12 transactions = 3.25249956 BTC as of 01:50 GMT

That's quite an old tweet, unrelated to this.

Looking at the image in the Twitter link above, perhaps once you send the required amount, it is automatically decrypted. They actually let you decrypt some files at no cost to prove it works. Nice of the crooks to give you a free sample.

They re-use addresses. How would they know who sent what for which computer?

Evidence?
Link?
Reference?
Why hospitals?
Stealing what exactly from them?
Are you in the right thread mate?

http://www.bbc.com/news/uk-39916778

[DoublerHunter]

They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.

[deisik]

They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.

In fact, I hope that people do get infected with your panicky attitude and sentiment (since that's what your post is obviously filled up with) and actually start selling their precious coins in an overwhelming, blind panic, so that me as well as other folks could buy back what we sold at recent highs. Other than that, in a wartime people like you are shot on sight

And survivors are shot again

[stompix]

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

[alyssa85]

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

If they're smart they'll just sit on them for a decade or so, until most of the mixing services don't have their address on a blacklist. At that point, they'll sell.

[Sniper44]

wonder where they will sell their coins, some big exchanger must verify id right? even in my country some fiat exchanger ask user to verify their ID and must selfie to make sure it is real person

They will mix their coins 2-3 times , exchange to ltc or other coin on an exchange that doesn't require id for crypto withdrawals change them back into btc on another and then coin by coin on localbitcoins to fiat .

LB is also a bit of a mixer itself so by the time people will finish tracking those coins and altcoin movements...it will be 250

all the exchanges that i have seen so far (even exchanges like btc-e that are too flexible and anonymous themselves) have a line in their terms of services that says if any law enforcement asks them, they will give your information to them (full cooperation) and in case of such a big scam like this, i am sure a lot of agencies are watching where the coins are going to go and will find them if use an exchange.

[iqlimasyadiqa]

They ransomware seems dominating their victims and they already getting a lot of bitcoins from getting ransom of encrypted files. If this kind of problem will continue then we should be in panic because the risk for the other bitcoin users is the price of bitcoin that can go down and we could lose a lot of money if it ever happen.

This is really a worrying thing. Already a lot of users affected by this virus. I think even if each of the victims paid then this will make the perpetrators of this crime is getting excited. They think that their work has been successful.

[sportis]

Do people really not back up their files regularly?

No they don't. Especially in public services where users call the IT for everything because they don't know or they don't like to do anything related to computers even though is a very stupid thing. So the most part of the day IT do lesser important tasks than it has to do. As an example ' local printer has a stuck piece of paper ' and so on.
 

I would assume that a huge part of the reason the thieves aren't getting as much money as we'd expect is because most people back up their files at least every month or so.  Institutions should back up their files much more regularly than that.

No most people are too lazy to do a regular back say after a month or more. I believe hackers they didn't target whom computer would infected from virus. 

Unless there's very significant new sensitive information that needs decrypting, there's not much reason for people to pay such a big ransom.  If it was $20 instead, I would probably pay it anyway, but there's really no point.

I believe that $300 as a ransom is not a big amount of money for many services or institutions especially if these are located in Europe or USA or some rich countries in Asia. I don't know for the rest countries in the world.