WannaCry hackers overestimated anonymity of bitcoin

8/25/2017 Julia Sullivan, ECE ILLINOIS

Scientific American spoke to Assistant Professor and cryptocurrency expert Andrew Miller about how authorities might exploit vulnerabilities to catch the ransomware attackers.

Written by Julia Sullivan, ECE ILLINOIS

An article in Scientific American has dubbed the WannaCry ransomeware attack this past May as "The Imperfect Crime." The attack encrypted files on out-of-date Windows computers and demanded ransom in the form of bitcoin cryptocurrency to avoid permanent deletion of data. However, instead of generating a unique bitcoin address for each victim, the hackers directed people to send funds to one of only three addresses. Since all bitcoin transactions are public, authorities only had to look at the transaction paths connected to those three addresses, as opposed to having to hunt down countless individual addresses.

ECE ILLINOIS and CS @ ILLINOIS Assistant Professor Andrew Edmund Miller was one of the experts cited in the article. A leading expert in cryptocurrencies and bitcoin, he discussed the flaws in monero, a bitcoin alternative used by the hackers to obfuscate their trail. He added that regardless of the cryptocurrency and its security measures, the network connections and timing of transactions are additional points of vulnerability. 

“If [the perpetrators] make even a single mistake, there may be enough information to track them,” Miller said in the article.

For more, read the full article, "The Imperfect Crime: How the WannaCry Hackers Could Get Nabbed," in Scientific American.


Share this story

This story was published August 25, 2017.