Cryptocurrency exchange WEX tied to ransomware scheme, PwC claims

Hacks • March 6, 2019, 4:51AM EST
UPDATED: March 6, 2019, 8:53AM EST
Partner offers
The Block may may earn a commission if you use our partner offers, at no extra cost to you.

Cryptocurrency exchange WEX has been linked to illegal operations, CoinDesk writes. Funds gained through SamSam ransomware attacks are connected to the exchange. WEX is the successor of the BTC-e exchange which might have been used to launder as much as $4 billion in bitcoin.

According to PwC, two Iranians who have been accused of having created the SamSam ransomware variant may have used WEX to launder money gained through ransomware attacks. Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri have been charged with extortion—they are believed to have deployed the SamSam ransomware to extort funds from U.S. Government agencies and businesses.

Two more people—Ali Khorashadizadeh and Mohammad Ghorbaniyan—have been since tied to the ransomware scheme. They are believed to be responsible for enabling financial transactions. Their addresses have been used for transactions on Enexchanger and Iranvisacart, exchanges that allow payments through WEX.

According to PwC, “The use of Iran- and Slovakia-based exchanges suggests that threat actors favour using lesser-known [cryptocurrency] exchanges. This is likely because the more popular exchanges have [advanced] monitoring or compliance programs to detect illicit activities.”

WHO WE ARE

The Block is a news provider that strives to be the first and final word on digital assets news, research, and data.

+ Follow us on Google News
Connect with the block on

More by Carol Gaszcz