Binance could be failing to prevent hackers from collecting ransomware funds. By saying that it has a “variety of customers”, the exchange disassociates itself from that issue.
According to an anonymous investigation, cryptocurrency exchange Binance could be failing to prevent hackers from converting into cash the Bitcoin that they obtain through extortion. The criminals reportedly exchanged USD 1 million worth of Bitcoin after hijacking information through ransomware attacks using Ryuk malware.
In the report, the investigators highlighted that the funds belonged to various BTC addresses linked to multiple attacks. In the last three years, the criminals have made the transfers to a wallet on Binance that is still active.
The work of these anonymous investigators seems to be based on a previous FBI investigation. The sample for the analysis consisted of 63 transactions that amounted to around USD 5.7 million. The hackers sent more than USD 1 million of that money to Binance for the collection of the ransoms, while they keep the rest at other addresses outside of Binance.
According to the FBI, hackers have stolen more than USD 61 million using Ryuk malware since its creation in 2018. Last February, the federal police said that criminals had received payments of around USD 144 million worth of Bitcoin in six years for this type of attack.
In this regard, Binance responded that “when it comes to tracking illicit activity on the chain, the attribution is not always black and white.” The exchange disassociated itself from what happened, adding that “the recipient may be unaware of the fraudulent origin of the transaction since Binance has a wide variety of customers operating on its platform.”
The anonymous investigators also sent the disclosed report to Binance as proof of what had happened. Their purpose could be to make Binance aware that they need to improve the detection of funds of doubtful origin, which occurs despite the platform complying with know-your-customer (KYC) regulations.
Since the beginning of the quarantine due to the coronavirus pandemic, there has been an increase in ransomware attacks. The aforementioned report highlighted that 51% of the 5,000 companies analyzed had been victims of malware until last May.
Hackers can use ransomware to remotely lock computer systems and encrypt information. Once they manage to encrypt the data, they can only decrypt them with the software that is in their hands.
This crime is related to the trend of data leakage. Hackers use this strategy to disclose some of the information that they have hijacked. They do this to lobby for the payment of the ransom, usually in the form of cryptocurrencies like Bitcoin or Monero.
This type of situation should make cryptocurrency exchanges aware that they need to seek ways to detect funds that come from fraudulent actions. Likewise, developers should take advantage of these events to create security systems that guarantee the protection of data, for both individuals and companies.
By Alexander Salazar
