Chainalysis and Feds Unveil $169M in Bitcoin Linked to 911 S5 Botnet, Leading to Key Arrest

Chainalysis and Feds Unveil $169M in Bitcoin Linked to 911 S5 Botnet, Leading to Key Arrest

Blockchain forensics firm Chainalysis has uncovered $169 million in Bitcoin connected to the notorious 911 S5 botnet, facilitating the arrest of Yunhe Wang, a Chinese national alleged to be a key figure behind the botnet.

In a recent blog post, the New York-based Chainalysis revealed that the 911 S5 botnet, known for its illicit operations, amassed substantial revenue through crypto subscriptions sold to cybercriminals. These criminals engaged in a range of nefarious activities, including password spraying attacks, financial fraud, identity theft, and child exploitation.

β€œ911 S5 was a service that provided residential proxy services, often to bad actors who frequently paid for these services in cryptocurrencies such as Bitcoin,” Chainalysis stated.

Despite the botnet voluntarily shutting down in July 2022, it retained significant on-chain funds. Chainalysis, collaborating with the Defense Criminal Investigative Service, identified deposit addresses at centralized exchanges and mapped out other parts of the botnet’s financial ecosystem.

The investigation revealed that at least one cold storage wallet associated with 911 S5 contains 4,322.25 BTC, approximately valued at $169 million. This wallet also showed links to various crypto mixers and the Russian bulletproof hosting provider Black Host, which has been previously associated with ransomware strains like Dharma and Phobos.

Further analysis traced funds from this wallet to addresses controlled by Yunhe Wang, some of which were flagged by the Office of Foreign Assets Control (OFAC). Chainalysis reported that U.S. authorities managed to identify 49 addresses linked to the malicious network.

Using blockchain transaction data, investigators uncovered additional addresses on the TRON blockchain, exposing a broader network of 911 S5 wallets. While the full extent of the 911 S5 network on TRON remains unclear, the identified assets have not yet been seized, with U.S. law enforcement agencies continuing to monitor their movements.

This significant discovery by Chainalysis and the collaborative efforts with federal agencies highlight the ongoing battle against cybercriminal networks exploiting cryptocurrency for illicit activities.

Powered by Crypto Expert BD

Follow us on Twitter:

Join our Telegram channel:


No comments yet. Why don’t you start the discussion?

Leave a Reply

Your email address will not be published. Required fields are marked *