Over $1M in Ryuk Ransomware Bitcoin Was 'Cashed Out' on Binance: Report

Researchers reportedly traced bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through Binance.

AccessTimeIconAug 24, 2020 at 2:23 p.m. UTC
Updated Sep 14, 2021 at 9:47 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Researchers have traced millions of dollars' worth of bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through the Binance exchange platform.

  • In a document seen by Forbes and covered in a report Sunday, the anonymous researchers said they had analyzed a sample of 63 bitcoin transactions linked to the Ryuk malware that were worth around $5,700,000 in total.
  • Of these, "over $1 million [in bitcoin] was sent from the hacking team wallets to the Binance exchange platform to cash out their ransom payments," they said.
  • Ryuk, like other ransomware variants, locks up infected computers using encryption and demands a payment (normally in crypto) to release the files.
  • Ryuk is said to have raked in $61 million in the two years since it was let loose on the world, Forbes said.
  • Looking at 13 other bitcoin addresses linked to Ryuk, the researchers also found some of the total $1,064,865 in bitcoin held there also passed through Binance.
  • The remainder of the bitcoin traced, some $4.7 million worth, was found to be held on non-exchange wallets – a suggestion that the malware's operators favor Binance, according to the report.
  • Binance has been provided the research findings, Forbes said.
  • The exchange said in the report it prioritizes ensuring "the safety of our customers and the integrity of the broader crypto space," though spotting such illicit activity is "not always black and white."
  • Binance also analyzed the Ryuk bitcoin flows and reportedly found that 400 bitcoin went to Huobi, a Singapore-based exchange, and 140 BTC moved through a now-closed Thailand-based exchange.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.