Just recently there was a small ransomware outburst called “Peyta” that attacked various computers around the world. The creators of Peyta didn’t make as much money as the Wannacry extortionists had made a few weeks earlier, as Petya only raked in around $8,000 worth of BTC. However, the money the hackers accumulated has moved and following those bitcoins has proven to be extremely difficult.
Petya Ransomware Funds Travel Through the Tumbling Process
The latest Petya ransomware wasn’t as crazy as the mainstream media portrayed it to be, and the creators only made off with $8,000 in extortion funds. One of the reasons the attackers didn’t make much money was due to their email being shut down. What’s interesting about the Petya ransomware is the hackers chose to use one particular address to collect funds as opposed to multiple addresses commonly used in these types of protocols. After a couple of days, the hackers started moving the money to different addresses. Individuals following the funds believe the money was sent through a tumbler or a platform that mixes bitcoins in order to obfuscate the sending process.
‘A Vast Majority of Transfers had More Than Ten Total Transactions’
According to the publication Quartz those bitcoins will be extremely hard for law enforcement to locate. The news outlet says they followed the money as far as they could, but the bitcoins were sent through a series of transfers and one of them was a legitimate bitcoin exchange. After the first few hops, the publication details funds were sent to a “high volume address” which they assumed was the trading platform.
After this point Quartz explains, they could only speculate on which transactions belonged to Petya.
“We collected each spent output from that address, then each spent output from those addresses, and so on,” explains Quartz columnist Keith Collins. “In order to limit the number of rabbit holes the crawler followed, we only included transfers that occurred within eight hours of the first outgoing transaction from the first wallet. We considered high-volume wallets to be wallets that had three or more total transactions, as returned from the Blockchain.info API, but the vast majority of those had more than ten total transactions.”
Taking Action Against Digital Currency Mixers
There are multiple ways for groups and individuals to mix their bitcoins to confuse blockchain surveillance. These include tumblers like Joinmarket and the many other mixing platforms found on the deep web. Further, some users opt to utilize altcoins like Zcash and Monero, because they believe these cryptocurrencies offer better anonymity. In the future, many people think better forms of cryptocurrency anonymization will be coming like Schnorr signaturesand other types of Zero Knowledge platforms. However, law enforcement and government officials have been saying for quite some time that bitcoin mixers and anonymizers should be illegal. For instance, the Basel Institute on Governance, Europol, Interpol, and U.S. officials have been discussing proposals to “take action against digital currency mixers/tumblers.”
Can Law Enforcement Really Follow 2373 Hops?
Quartz details that the Petya funds were estimated to be sent to over 2373 addresses over the course of the mixing process. “If we knew what bitcoin address or addresses the Petya money ended up in, we’d likely find hundreds of thousands of transactions between that address and the starting address,” explains the news outlet. “That’s more than we could ever chart.”
The news comes at a time when blockchain surveillance companies have become a hot topic, and just recently Chainalysis claimed to know the destination of the missing 650,000 Mt Gox bitcoins. With hackers mixing their coins through a series of transfers blockchain forensic companies may be fabricating how well they can follow these transactions.
What do you think about mixing transactions? Do you think law enforcement can really follow all the outputs when funds are sent through a bitcoin tumbler? Let us know in the comments below.
By Jamie Redman