The takedown of the 911 S5 botnet is a victory for the cryptocurrency and blockchain ecosystems, as the space has become a new territory for cybercriminals to perpetuate their illicit acts.
Chainalysis, a blockchain analysis firm, has helped uncover an illicit Bitcoin fund connected to the 911 S5 botnet, which has led to the arrest of Chinese national Yunhe Wang, the alleged mastermind behind the malicious network.
The Dark Web of Residential Proxies: 911 S5’s Malicious Network
911 S5 offered residential proxy services, which allowed users to hide their actual online location by using the IP addresses of different locations. These services are often used by bad actors involved in illegal activities, and they pay for them using digital currencies like Bitcoin. Thus, with 911 S5, malicious actors are able to carry out fraudulent acts by releasing fake VPN apps to the victims, which then hijack their IP addresses via backdoors in the code. Through these deceptive means, fraudsters have been able to carry out a range of illicit activities, such as password attacks, financial fraud, identity theft, as well as child exploitation.
Although 911 S5 voluntarily stopped operating in July 2022, it was still holding a huge amount of on-chain funds. Chainalysis stepped in to assist the law enforcement agencies involved in the investigation. Using blockchain, investigators uncovered the full scope of the malicious network operators. Chainalysis praises the power of blockchain in combating cybercrime in its post. The firm stated:
“This investigation represents not just an important blow in the fight against online cyber crime and fraud, but also showcases a valuable new method of blockchain analysis that we hope to see more investigators employ.”
Tracing the Blockchain Trail: Chainalysis Exposes Millions in Illicit Bitcoin Holdings
In the report released by the blockchain firm, the Defense Criminal Investigative Service (DCIS) leveraged the Chainanlysis solution to discover a set of addresses linked to the 911 S5 botnet. This was done by tracking payments made to the service and the funds sent to other wallets, including those on centralized exchanges.
Chainalysis revealed that cold storage wallets associated with the 911 S5 team held 4,322.25 BTC, worth about $169 million. These wallets are connected to various crypto mixers and a Russian-based bulletproof hosting provider previously tied to ransomware strains like Dharma and Phobos. Furthermore, a sum of $136.4 million BTC, which has now been marked, was discovered to still be under the control of the botnet administrator, Yunhe Wang.
Blockchain Analysis: A Powerful Tool in the Fight against Cybercrime
The investigation did not stop there. The investigative team identified a new set of 911 S5 addresses with no relationship with the first set. By thoroughly checking the specific point price charged by the 911 S5 service team for different tiers of proxy services, the agents uncovered a highly active TRON address link to previously identified 911 S5 exchange deposit addresses.
The takedown of the 911 S5 botnet is a victory for the cryptocurrency and blockchain ecosystems, as space has become a new territory for cybercriminals to perpetuate their illicit acts.
next