Bitcoin
Feds and Chainalysis reveal $169 million worth of Bitcoin controlled by the 911 S5 botnet
Blockchain forensics firm Chainalysis discovered $169 million worth of Bitcoin connected to the 911 S5 botnet, facilitating the arrest of Chinese citizen Yunhe Wang.
Crypto Analysis Company Chainanalysis tracked $169 million in Bitcoin linked to the notorious 911 S5 botnet, a revelation that played a crucial role in the recent arrest of Yunhe Wang, a Chinese national allegedly involved in controlling the botnet.
On a blog postthe New York-based company said the botnet’s illicit operations allowed it to generate substantial revenues through encryption signatures sold to cybercriminals involved in activities such as password spraying attacks, financial fraud, identity theft and child exploitation.
“911 S5 was a service that provided residential proxy services, often to bad actors who often paid for these services in cryptocurrencies like Bitcoin.”
Chainanalysis
Despite voluntary closure in July 2022, 911 S5 has retained significant funds in the network. Working alongside agents from the Defense Criminal Investigative Service, Chainalysis discovered deposit addresses on centralized exchanges and other parts of the botnet’s financial ecosystem.
The 911 S5 Cryptographic Address Network | Source: Chainalysis
According to the company, at least one cold storage wallet associated with the 911 S5 contains 4,322.25 BTC, worth approximately $169 million. Chainalysis says the wallet also has connections to several crypto mixers and a Russian Bulletproof hosting provider Black Host previously associated with ransomware strains like Dharma and Phobos.
Further analysis revealed that funds from this wallet were transferred to addresses controlled by Wang, some of which were flagged by the Office of Foreign Assets Control. According to Chainalysis, US authorities were able to identify 49 addresses linked to the malicious network.
Leveraging blockchain transaction data, investigators also discovered previously unknown addresses on the TRON blockchain, exposing a wider network of 911 S5 wallets. While the scale of the 911 S5 network on TRON remains unclear, it is clear that the identified assets have not yet been seized, with US law enforcement agencies monitoring their movements.