PwC report links crypto exchange WEX to Iranian ransomware

Getting your Trinity Audio player ready...

Crypto exchange WEX has been linked to funds received in connection with Iranian ransomware, in the latest example of illicit activity being linked to the exchange.

WEX, successor to the infamous BTC-e exchange, which was seized by U.S. law enforcement in 2017 following the arrest of senior officers, was linked to the funds by auditing giants PwC in a bulletin published this week. The report was based on information released by the U.S. Department of Justice.

The bulletin said two Iranians, Faramarz Shahi Savandi and Mohammad Mehdi Shah Mansouri, had created a type of ransomware dubbed SamSam, which may have been tied to the exchange.

In particular, the report alleges that WEX could have been used to launder millions of unlawfully obtained earnings, raising further questions about corporate governance.

It claimed, “The use of Iran- and Slovakia-based exchanges suggests that threat actors favour using lesser-known currency exchanges. This is likely because the more popular exchanges have monitoring or compliance programmes to detect illicit activities.”

WEX has been consistently linked to unlawful activity since the exchange was founded, following the arrest of the former BTC-e CEO Alexander Vinnik on allegations of laundering $4 billion. Vinnik subsequently became involved in an ongoing extradition battle between France and the US and his home country of Russia, where he is wanted on considerably less serious charges.

The PwC bulletin referenced the role of WEX in the facilitation of ransomware payments.

According to the bulletin, “WEX is most notably known for its alleged involvement in the laundering of some USD 4 billion, transferring of funds to facilitate operations of the threat actor tracked by PwC as Blue Athena, and being responsible for cashing out 95% of all ransomware payments made since 2014.”

Back in October, Binance opted to put a stop on accounts that had received significant sums from two wallets linked to the exchange, with a number of others raising concerns about the role of WEX in supporting ransomware and other illegitimate transactions.

Crypto ransomware has been a growing problem in recent months, with a sharp rise in the number and sophistication of attacks demanding payment, often in Bitcoin Core (BTC). With WEX now firmly back in the frame, the bulletin adds further evidence to allegations around the management of the exchange.