Coindesk Logo

Over $1M in Ryuk Ransomware Bitcoin Was 'Cashed Out' on Binance: Report

Over $1M in Ryuk Ransomware Bitcoin Was 'Cashed Out' on Binance: Report

Over $1M in Ryuk Ransomware Bitcoin Was 'Cashed Out' on Binance: Report

Researchers reportedly traced bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through Binance.

Researchers reportedly traced bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through Binance.

Researchers reportedly traced bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through Binance.

AccessTimeIconAug 24, 2020, 2:23 PM
Updated Aug 19, 2021, 3:51 AM

Presented By Icon

Election 2024 coverage presented by

Stand with crypto

Researchers have traced millions of dollars' worth of bitcoin sent as payments to Ryuk ransomware controllers and found a good portion passed through the Binance exchange platform.

  • In a document seen by Forbes and covered in a report Sunday, the anonymous researchers said they had analyzed a sample of 63 bitcoin transactions linked to the Ryuk malware that were worth around $5,700,000 in total.
  • Of these, "over $1 million [in bitcoin] was sent from the hacking team wallets to the Binance exchange platform to cash out their ransom payments," they said.
  • Ryuk, like other ransomware variants, locks up infected computers using encryption and demands a payment (normally in crypto) to release the files.
  • Ryuk is said to have raked in $61 million in the two years since it was let loose on the world, Forbes said.
  • Looking at 13 other bitcoin addresses linked to Ryuk, the researchers also found some of the total $1,064,865 in bitcoin held there also passed through Binance.
  • The remainder of the bitcoin traced, some $4.7 million worth, was found to be held on non-exchange wallets – a suggestion that the malware's operators favor Binance, according to the report.
  • Binance has been provided the research findings, Forbes said.
  • The exchange said in the report it prioritizes ensuring "the safety of our customers and the integrity of the broader crypto space," though spotting such illicit activity is "not always black and white."
  • Binance also analyzed the Ryuk bitcoin flows and reportedly found that 400 bitcoin went to Huobi, a Singapore-based exchange, and 140 BTC moved through a now-closed Thailand-based exchange.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information have been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. CoinDesk has adopted a set of principles aimed at ensuring the integrity, editorial independence and freedom from bias of its publications. CoinDesk is part of the Bullish group, which owns and invests in digital asset businesses and digital assets. CoinDesk employees, including journalists, may receive Bullish group equity-based compensation. Bullish was incubated by technology investor Block.one.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.