The audit firm PwC has published a report in which it told about the alleged connection between the distributors of the ransomware program SamSam and the WEX cryptocurrency exchange.
According to PwC, Iranian citizens Faramarz Shahi Sawandi and Mohammed Mehdi Shah Mansuri used WEX to launder a significant portion of the assets obtained from a 34-month series of hacks and extortion, which brought them $ 6 million in bitcoins.
“We discovered that this Iranian money laundering company had connections with the WEX exchange (formerly BTC-e). WEX is best known for its intended participation in the Blue Athena scheme and is responsible for withdrawing 95% of all payments received by extortionists from 2014 to 2017, ”the report says.
Last September, the US Department of Justice published detailed information about the SamSam scheme, whose losses in the United States and Canada amounted to more than $ 30 million. Sawandi and Mansuri took out the funds in local fiat currency, mainly through the Iranian cryptocurrency exchanges. About $ 1.9 million in Bitcoins received by SamSam were withdrawn via BTC-e, PwC notes, adding: “WEX says it is not related to BTC-e, but its website design and trading pairs are almost identical. WEX accepted all former BTC-e users after the last one was closed. ”
Using data published by the US Department of Justice, the auditor established a direct link between the SamSam criminal duo and WEX. “According to the Office of Foreign Assets Control (OFAC), Mohammed Gorbanian and Ali Khorashadizade were the operators of Iranian bitcoin exchanges who helped Sawandi and Mansuri exchange their bitcoins, received as a buyout,” PwC writes.
Gorbaniyan is listed as the only contact on enexchanger [.] Com. In addition to various cryptocurrencies and digital payment systems, such as WebMoney and Perfect Money, enexchanger "offered exchanges between WEX and USD codes, thus allowing wex [.] Nz (WEX) users to directly withdraw money".
“Both the perpetrator and those posing a threat to national security are linked to the BTC-e / WEX exchange,” the report said. “They preferred to use the little-known Iranian and Slovak stock exchanges, since more popular sites have programs for monitoring and ensuring legal compliance that can detect illegal activities.”