Cryptocurrency exchange WEX tied to ransomware scheme, PwC claims

Hacks • March 6, 2019, 4:51AM EST
UPDATED: March 6, 2019, 8:53AM EST
The Block

Cryptocurrency exchange WEX has been linked to illegal operations, CoinDesk writes. Funds gained through SamSam ransomware attacks are connected to the exchange. WEX is the successor of the BTC-e exchange which might have been used to launder as much as $4 billion in bitcoin.

According to PwC, two Iranians who have been accused of having created the SamSam ransomware variant may have used WEX to launder money gained through ransomware attacks. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri have been charged with extortion—they are believed to have deployed the SamSam ransomware to extort funds from U.S. Government agencies and businesses.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Two more people—Ali Khorashadizadeh and Mohammad Ghorbaniyan—have been since tied to the ransomware scheme. They are believed to be responsible for enabling financial transactions. Their addresses have been used for transactions on Enexchanger and Iranvisacart, exchanges that allow payments through WEX.

According to PwC, “The use of Iran- and Slovakia-based exchanges suggests that threat actors favour using lesser-known [cryptocurrency] exchanges. This is likely because the more popular exchanges have [advanced] monitoring or compliance programs to detect illicit activities.”

More by Carol Gaszcz