The paradox of bitcoin is that it’s both public and anonymous. Every bitcoin transaction that has ever occurred is recorded on the blockchain, the digital ledger that organizes the currency, which can be viewed by anyone. Determining who owns the bitcoins behind those transactions, however, can be impossible if the owners are careful.
The hackers behind the recent Petya/NotPetya ransomware attack, which shut down critical services in Ukraine before spreading to computers all over the world, used bitcoin to receive payments from their victims. And because all of the victims were told to send their ransom payments to the same bitcoin address, those transactions are particularly easy to view in aggregate in the bitcoin wallet associated with it.
In total, about $10,000 in ransom payments were sent to that account, which was undoubtedly being closely watched by law enforcement agencies worldwide. The point at which bitcoin can go from being anonymous to identifiable is when someone tries to turn it into real currency by withdrawing it through an exchange, so no one expected the money to ever leave that account. But then, on July 4, it did. The money sat in a second account for three days, then began moving again.
This time, the funds appeared to be sent through a bitcoin mixer, also known as a tumbler, which is a complex series of transfers that bitcoin owners can use to obfuscate the paper trail between two or more bitcoin addresses on the blockchain, essentially laundering their money.
As the diagram shows, the hackers’ funds were sent to a high-volume address within just a few transactions, and we can only speculate about whether the transactions past that point include the Petya/NotPetya ransom money. In fact, that first high-volume address the money hits is itself an exchange, through which perfectly legitimate money frequently passes.
There are several techniques that bitcoin owners can use to mix or tumble their money to ensure anonymity. One is called coin-joining, and works by combining transactions on a large scale to convolute their transaction trails. Imagine Matt wants to send $20 in bitcoin to address X, and Kira wants to send $40 in bitcoin to address Y. Coin-joining works by combining both of those payments, potentially with thousands of other payments, into a series of thousands of transactions that eventually pay out Matt’s $20 to X and Kira’s $40 to Y.
If we knew what bitcoin address or addresses the Petya/NotPetya money ended up in, we’d likely find hundreds of thousands of transactions between that address and the starting address. That’s more than we could ever chart, but if we could, many paths would flow out from the center as they do in the diagram above, and eventually some of them would consolidate into one point, or however many addresses the money was sent to.
Of course, many experts have speculated that the Petya/NotPetya attack was a state-sponsored event and that the hackers behind it don’t actually care about the money. The Ukrainian government has accused Russia of masterminding the attack, and an article in Wired described Russia as using its neighbor as a “test lab for cyber war.” Moscow has denied any involvement.
Notes on methodology: The diagram above is based on outgoing transactions, starting with the wallet that held the Petya/NotPetya funds from July 4 to July 7. We collected each spent output from that address, then each spent output from those addresses, and so on. In order to limit the number of rabbit holes the crawler followed, we only included transfers that occurred within eight hours of the first outgoing transaction from the first wallet. We considered high-volume wallets, shown in pink, to be wallets that had three or more total transactions, as returned from the Blockchain.info API, but the vast majority of those had more than 10 total transactions.