Binance, the exchange for bitcoin (BTC) and other cryptocurrencies with the highest volume in the market, collaborated in the capture of several people belonging to a network of cybercriminals called FANCYCAT.
The group is accused of generate damages of more than USD 500 million through ransomware attacks (an operation that is based on stealing information and then asking for a ransom for it) known as Cl0p and Petya.
Binance in a statement, explained that after an investigation, they concluded that cybercriminals They use third-party accounts within the exchange, after making several jumps in transactions and nested services, before reaching the exchange.
In that sense, they said that the laundering of illegal profits was carried out “through nested services and parasite exchange accounts that live within VASP macros (virtual asset service providers), included in exchanges such as Binance.”
According to Binance, it all started when they detected suspicious activity. After being located, they went to the analysis companies TRM Labs and Crystal (BitFury), to analyze the activity in the chain and better understand the modus operandi of the criminal group.
“In our analysis, we found that this specific group was not only associated with the laundering of Cl0p ransonware attack funds, but also with Petya and other illegally sourced funds. This led to the identification and eventual arrest of FANCYCAT, ”the company stated on its blog.
In Petya’s case, it is a malicious software that has been operating for several years. In 2017, companies such as Beiersdorf AG and Reckitt Benckiser fell victim to this ransonware, generating losses of over $ 41 million and $ 117 million, respectively.
Arrested in Ukraine and South Korea
The exchange indicated that it acted in coordination with investigation bodies from Ukraine, South Korea, the United States, Spain and Switzerland.
In fact, Ukraine was the country where six people from FANCYCAT were arrested, following a police operation. There the security forces acted in collaboration with South Korean agents.
South Korean security agents also participated in the police operation in Ukraine. Source: cyberpolice.gov.ua.
Members of the cybercriminal network had 21 homes raided and as a result of the investigation their houses, computer equipment and cars were confiscated, according to a police report.
Binance and the US against money laundering
The exchange has been the target of attacks by cybercriminals on other occasions. In that sense, last May, CriptoNoticias reported that Binance was collaborating with United States authorities on anti-money laundering investigations and alleged tax crimes.
Likewise, at the beginning of this year, a report by the firms Advanced Intelligence and Hyas, reported by this medium, indicated that Binance is one of the exchanges chosen to launder funds in bitcoin from Ryuk ransomware.
In this case, the criminals operating Ryuk they send most of their bitcoins to exchanges through an intermediary in order to remove them. That is, the addresses whose movements they monitored did not send direct shipments to Binance.