Bitcoin wallets used to hold WannaCry ransom payments emptied and laundered
Swiss crypto-currency exchange called Shapeshift helping WannaCry hackers with their getaway
The Bitcoin wallets used to take payments from victims of May's WannaCry ransomware have been cashed out to the tune of $140,000 (£105,000).
Until now, the 52.19666422 BTC that had been paid by WannaCry victims into three separate bitcoin wallets had remained untouched, but it seems the hackers behind the attack have finally started to make good their getaway.
According to a Twitter bot that's tracking the WannaCry ransom wallets, the hackers cashed out $70,000 in three successive withdrawals on Thursday, and five minutes later proceeded to withdraw another $70,000.
10 minutes later, the hackers made a final withdrawal of a little over $26,000, emptying all three bitcoin accounts tied to the WannaCry ransomware.
It's probably no coincidence that the hackers waited until after the bitcoin split to cash out, as it saw them make an extra 20 per cent or so on top of the $140,000 worth of bitcoin they had extorted, Quartz reports.
Elliptic, a company that identifies illicit activity on the bitcoin blockchain, confirmed the withdrawals and told CNBC that it believes the bitcoins being withdrawn are being converted into a separate cryptocurrency.
"We're following the movement of funds being sent out of the WannaCry wallets," Tom Robinson, Elliptic's co-founder said.
"We believe some of these funds are being converted into Monero, a privacy-focused cryptocurrency. We continue to work with law enforcement to support their efforts in tracing ownership of these funds."
Unlike Bitcoin, Monero is a totally private currency that doesn't publish transaction amounts. The trail will therefore likely stop there.
Before conversion to Monero, a Swiss cryptocurrency exchange called ShapeShift is being used to obfuscate the bitcoins, according to Forbes. This is being done because, the moment the bitcoins are converted to cash, the identity of the people or organisation(s) behind the attacks could be uncovered.
The identity of the hackers behind the attack remains unclear, but the UK's National Cyber Security Centre (NCSC) has pointed the finger of blame directly in the direction of North Korea and said the Lazurus Grup is behind the that whacked as many as 20 per cent of NHS trusts.
NCSC conducted its own investigation in the aftermath of the attacks, which including examining code taken from infected computers and comparing it with samples from previous attacks.
The analysis strongly pointed to Lazarus Group, the report claims, which has previously been linked to the North Korean government.