Crypto Exchange WEX Linked to Iranian Ransomware Operators, Says PwC

Published on by Coindesk | Published on

Mentioned in this article
Cryptocurrency exchange WEX, successor to the shuttered BTC-e exchange, has again been tied to illicit funds gained through ransomware attacks.

According to a recent bulletin from consulting firm PwC, two Iranians said to have created the SamSam ransomware variant have been tied to the exchange and may have used it to launder their millions in illegal earnings.

At the time, the U.S. Treasury Department's Office of Foreign Assets Control also added two other Iran residents, Ali Khorashadizadeh and Mohammad Ghorbaniyan, to its Specially Designated Nationals list for their role in facilitating financial transactions related to the SamSam ransomware on behalf of Savandi and Mansouri.

PwC said it analyzed the addresses provided by the OFAC and found that two exchange websites - Enexchanger and Iranvisacart - are connected to Khorashadizadeh and Ghorbaniyan, and allow payments through WEX. The FBI has previously linked both sites with money laundering, according to the report.

The Enexchanger website, for example, listed trading pairs including in cryptocurrencies, PwC said, adding "One of the cryptocurrency swaps offered is WEX-code to USD, which is a code that allows transferring of funds directly from [WEX] users."

Further, citing evidence from a firm that tracks illicit crypto activity, PwC said that WEX/BTC-e and a crypto exchange based in Slovakia have been used to launder bitcoin by a threat actor tracked as "Blue Athena."

"The use of Iran- and Slovakia-based exchanges suggests that threat actors favour using lesser-known currency exchanges," PwC said.

"WEX is most notably known for its alleged involvement in the laundering of some USD 4 billion, transferring of funds to facilitate operations of the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95% of all ransomware payments made since 2014.".

In October 2018, cryptocurrency exchange Binance also froze.

Accounts that received more than 93,000 ether from two wallets indirectly linked to WEX/BTC-e. PwC image via Shutterstock.

x