News
Feds and Chainalysis Reveal $169 Million in Bitcoin Controlled by 911 S5 Botnet
Blockchain forensics firm Chainalysis has discovered $169 million in Bitcoin linked to the 911 S5 botnet, facilitating the arrest of Chinese citizen Yunhe Wang.
Crypto analytics company Catenaanalysis he tracked down $169 million Bitcoin linked to the infamous 911 S5 botnet, a revelation that played a crucial role in the recent arrest of Yunhe Wang, a Chinese national allegedly involved in controlling the botnet.
In a blog postThe New York-based company said the botnet’s illicit operations allowed it to generate substantial revenue through crypto subscriptions sold to cybercriminals engaged in activities such as password spraying attacks, financial fraud, identity theft and child exploitation.
“911 S5 was a service that provided residential proxy services, often to bad actors who often paid for these services in cryptocurrencies such as Bitcoin.”
Catenaanalysis
Despite the voluntary shutdown in July 2022, 911 S5 has maintained significant funds on-chain. Working alongside agents from the Defense Criminal Investigative Service, Chainalysis discovered deposit addresses at centralized exchanges and other parts of the botnet’s financial ecosystem.
The 911 S5 Crypto Address Network | Source: Chain Analysis
According to the company, at least one cold storage wallet associated with the 911 S5 contains 4,322.25 BTC, worth approximately $169 million. Chainalysis says the wallet also has connections to various crypto mixers and to Russian the bulletproof hosting provider Black Host previously associated with ransomware strains such as Dharma and Phobos.
Further analysis revealed that funds from this wallet were transferred to addresses controlled by Wang, some of which were flagged by the Office of Foreign Assets Control. According to Chainalysis, US authorities managed to identify 49 addresses connected to the malicious network.
Leveraging blockchain transaction data, investigators also discovered previously unknown addresses on the TRON blockchain, exposing a larger network of 911 S5 wallets. While the scope of the 911 S5 network on TRON remains unclear, it is evident that the identified assets have yet to be seized, with US law enforcement monitoring their movements.