The WannaCry ransomware attackers are crying, and how to cash out Bitcoin has become a big problem

The hackers behind the infamous WannaCry ransomware attack look set to make a killing this week, with the hackers receiving $80,000 worth of Bitcoin so far, but the next step may be more difficult: figuring out how to cash out the money without exposing their true identities.

The well-publicized cyberattack, which began in Asia and has targeted hundreds of thousands of computers in more than 150 countries, encrypts data and files on computers once they are infected with the WannaCry virus, prompting users to pay $300 in Bitcoin to unlock the data.

Shockingly, some people sent funds to three Bitcoin wallet addresses specified by the hackers, even though there is no clear evidence that victims who paid the ransom received the unlocking key.

As cybercrime teams around the world keep a close eye on these Bitcoin addresses, the question will now be: Can hackers launder the coins and spend them, or are they tainted, so they are traceable, and therefore worthless to thieves?

Keep an eye on these Bitcoins

Bitcoin was once touted as an anonymous payment tool, but compared to truly anonymous cryptocurrencies, Bitcoin can only be described as pseudo-anonymous.

Bitcoin addresses, payments, and transactions are all transparent and traceable on the blockchain. By analyzing transaction patterns, it is possible to trace the flow of funds and the actual parties behind the public keys.

WannaCry has become the most influential Bitcoin ransomware attack in history, and the criminals behind it have received a lot of attention. So if the hackers really want to spend the money they extorted, they need to find a smart way to delete all links to the original Bitcoin address.

However, for now, hackers cannot use these bitcoins.

Hide their tracks

For the hackers behind this ransomware attack, how can they launder these bitcoins?

Cornell University professor Emin Gün Sirer said that laundering Bitcoin is different from laundering fiat currency, but it can be done with the right tools. According to him, the technology for laundering "tainted" Bitcoins already exists, they just need to master a little technical know-how.

One of the simplest methods is “chain hopping,” which involves converting bitcoin into other digital currencies (usually on overseas exchanges).

“When these coins cross jurisdictions and are converted into other currencies, it becomes very difficult to track them,” Sirer told reporters.

Another solution is called "coin mixing", which mixes the hacker's Bitcoin with other people's coins multiple times.

This kind of mixing service mixes bitcoins from different sources and then redistributes them. It is conceivable that hackers can repeatedly mix these bitcoins until the trackers are powerless.

However, Ethan Heilman, a researcher at Boston University and a contributor to the TumbleBit project, pointed out that Bitcoin mixing is risky, especially when dealing with large amounts of money. As he pointed out, one of the problems hackers may encounter is that they need to find enough Bitcoin to fully mix with their stolen money.

“Even if they mixed the coins, if the WannaCry hackers made a mistake and aggregated them all together, they would still likely be exposed to blockchain analysis techniques,” he said.

Rookie mistake?

It is worth noting that the hackers used only three Bitcoin addresses to collect the ransom money, which shows that they did not have much knowledge of Bitcoin privacy. If they assigned a Bitcoin address to each infected computer, the funds would be more difficult to track.

Neil Walsh, the United Nations' global cybercrime chief, noted in a LinkedIn post that the shortcomings revealed in the ransomware attack could very well mean the hackers will reveal their true identities.

He wrote:

“We estimate that the attackers are relatively immature and may not be prepared for the impact of the malware. It is likely that they do not yet understand how to safely launder the Bitcoin funds.”

However, as Sirer points out, the hacking industry is a layered ecosystem, and these attackers are likely looking for a coin launderer right now. Or, they may simply wait before trying to withdraw the funds.

He concluded:

“Authorities are ready now, and time will dilute their focus. Hackers may be patient for a long time.”