WannaCry ransom exchanged via ShapeShift.io

In times of total networking, bank robberies give way to a more effective way of obtaining money: Ransomware. WannaCry is one such ransomware that for months exploited security vulnerabilities on computers around the world to encrypt drives against the will of their users. The players behind WannaCry apparently wanted to secure their loot.

We reported on the devastating incidents with the WannaCry ransomware. Countless computers worldwide were infected, the attackers first demanded a ransom in Bitcoin, later also in the (almost) anonymous digital currency Monero. The ransom was supposed to be the key to decrypt the affected drive. Security experts advised patience, as some of these encryptions could be solved by other means.

Even computers of the British Ministry of Health were affected, and the general public might not even be aware of the extent. 300,000 computers in over 150 countries were victims of this attack.

The frequency of these Bitcoin trader attacks is increasing

The address with the booty on the Bitcoin trader blockchain is known. On Wednesday, a Twitter review reported that payment had begun from the hacker’s address. The hackers tried to exchange their captured Bitcoins for Monero via the Swiss exchange service ShapeShift.io. The first payout amounted to around 7.34 Bitcoin, which is currently slightly more than 20,000 US dollars. Monero’s market capital is currently US$650 million, with an XMR token currently priced at US$43.

The digital currency is becoming more and more popular, not least because darkweb marketplaces like AlphaBay were ultimately undermined by the open nature of the public blockchain, like Bitcoin.

Crypto trader reaction

But the supposed escape in Monero seemed easier for the crypto trader than expected. The team behind the crypto trader review reported on Wednesday that the transaction would violate the terms of use of ShapeShift.io.

“As of today, we are blacklisting all addresses associated with the WannaCry hack that are known to our ShapeShift team, in accordance with our policy, if the service conditions are not met. We will monitor the situation closely and block any other addresses associated with it.”

According to its own information, ShapeShift is now working with law enforcement in this case.