WannaCry On the Move? Bitcoin Crime Evolves in a Multi-Blockchain World
Bitcoins received by the WannaCry ransomware attacks are on the move. Will switching to another blockchain allow the hackers to get away?
First there was the theft – then the coins stood still.
For the past 10 weeks, three bitcoin address containing more than $140,000-worth of the cryptocurrency have been given more scrutiny than possibly any others on the blockchain. Now held by the hacker or hackers behind the WannaCry ransomware attack, the funds were sent by victims from more than 150 countries in an attempt to unlock their computers from the malicious encryption software.
But last week, something stirred – and increments of $20,000-worth of bitcoin began moving into seven new addresses. Slowly, the three addresses that had held the attention of the world began to empty. The question was, where were the coins headed?
That the subject would gain such attention perhaps isn’t surprising. At the time of the incident in May, WannaCry attracted global headlines, and bitcoin got a share of the blame.
As bitcoin's value grew over the course of the year, and as it attracted a new class of investors, the incident emerged as a black mark – the latest reminder of how the technology can be used to nefarious ends.
"There's an implication that [blockchains] are well-suited for criminal activity," said Andrew Poelstra, a mathematician at Blockstream. "Because blockchains make it cheaper to move money around the world quickly and privately, there's this meme out there that it's making it easier for criminals to do criminal things."
As such, for many industry observers, the incident remains a case study with consequences.
Should the criminals be able to cash out the funds, it could be deemed as the latest evidence cryptocurrency can be exploited, despite years of regulations and rule-making.
And if the criminals don’t or can't? That might signal that a maturing set of startups, and the nature of the technology itself, are more able to guard against the type of activity so frowned upon by the powers that be.
A new blockchain in the mix
In context, the fact that the coins are moving at all is something of a shock.
As early as May, it was widely felt the hackers would be unlikely to move the bitcoins for a long time, if at all, as it would be difficult to cash out on major exchanges that monitor stolen funds to meet regulatory standards.
Again, there's also the open nature of bitcoin's blockchain. Those interested in watching the coins move were gifted an easy task, as the WannaCry hackers used only three addresses to collect the ransoms.
But, in an evolving blockchain sector that seems to continue to find new ways to surprise, it could be other blockchains that end up closing the dramatic story.
Of the total funds, $36,000 in bitcoin has now moved through Switzerland-based cryptocurrency startup Shapeshift and into the open-source, privacy-oriented cryptocurrency, monero.
And the switch to the monero blockchain could make things complicated, since it uses several different means to obscure the identity of its users.
Created in 2014, monero is best known for its innovative use of "ring signatures," which are utilized to mix user public keys and account keys, creating a "ring" of possible signers so outside observers can’t link a signature to a specific user.
The cryptocurrency protocol also uses "stealth addresses," which allow the recipient to publish a single address, but the coins are sent to a separate, unique addresses.
Unlikely to get away
As a result, many are now wondering if monero changes the game.
Here the answer is less clear. Monero's mechanisms only involve mixing addresses with a small number of other participants, which could generate privacy gaps.
And other mechanisms for evading detection, such as coin mixing, and even other privacy-oriented cryptocurrencies like Zcash, all suffer from this lack of scale, according to Poelstra.
Zcash, for example, allows people to use "shielded addresses," which make the output of a transaction look indistinguishable from every other output.
But according to Poelstra, because of the computational power needed to use shielded addresses, many people aren't using them. So, again the pool is too small for perfect anonymity.
Whether the hackers are eventually captured is a product of how much information they leak, and how much money and time law enforcement is willing to spend using that leaked information to track them, he concluded.
Ultimately, current options for the hackers seem limited.
Given that no blockchain technologies provide complete digital privacy, ultimately, the attackers may be taking big risks in their attempt to finally get away with their loot.
Disclosure: CoinDesk is a subsidiary of Digital Currency Group, which has ownership stakes in Blockstream, Shapeshift and ZECC (Zcash).
Hacker image via Shutterstock
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.