Hackers behind Wannacry just stole $66,000 in Bitcoin. Now what?

Converting that bitcoin into cash with the whole world watching their every move will be tough

The hackers behind the massive WannaCry cyberattack have succeeded in extracting some ransom payments from people locked out of their computers. But they don’t yet have dollars to show for it.

The cyberthieves took payment for their so-called ransomware in bitcoin, the digital currency that has become a popular tool for moving money across borders quietly—about $66,000 worth.

Now comes the hard part: converting that bitcoin into cash with the whole world watching their every move.

While bitcoin generally offers anonymity to its users, it isn’t absolute. Once a hacker tries to exchange the virtual lucre for government-backed currency, it can be easier for government authorities to track it, depending on how it is done.

If the hackers want to convert their bitcoin, they will likely enter into a high-stakes, digitized battle with various governments. And that highlights some of the limitations of bitcoin and other cryptocurrencies.

Here’s the basic setup: The WannaCry thieves have infected computers around the world with malware that locks the computer from being used. Victims are instructed to send $300 worth of bitcoin to online accounts in exchange for a key to unlock their computer.

As of Tuesday morning, 252 separate transactions had gone into those accounts, totaling about $66,000.

But regulators and law enforcement officials likely wouldn’t have enough information to catch the thieves based on the transactions alone.

The first thing anybody needs to receive bitcoin is an online account, euphemistically called a wallet. Some of the more regulated wallets require customers to enter personal information; others allow users to create their own, untraceable wallet.

The next thing they need for the transactions is a digital address, a randomly generated, unique set of letters and numbers, kind of like an email address. A user can generate a separate address for every single transaction. The WannaCry attackers generated three separate addresses and used those three only, according to bitcoin research firm Coinanlysis.

Once the bitcoins are deposited, the thieves have to figure out a way to turn the bitcoins into cash or something else of value. The risk: once they do anything that touches the “real world,” the hackers are potentially exposing themselves to being caught.

Bitcoin was designed as a peer-to-peer network that obviates the need for a bank or other third party to a transaction. The way the bitcoin network ensures legitimate transactions is by making certain facts about them visible for everybody to see. The record of these transactions is called the blockchain, and anybody, even people who don’t use bitcoin, can view it.

While that structure ensures anonymity, it also provides a certain degree of transparency. Every move the hackers make regarding their bitcoin will be seen by the public.

The cyberthieves could still try and move the bitcoin through an exchange that isn’t regulated. In this case, the public and law enforcement agencies would see that a trade involving this particular bitcoin happened, but the trail may then go cold. With such a high-profile attack, though, the hackers would risk that an exchange may decide to cooperate with authorities.

Another possibility: cybercriminals can try to further hide their tracks by exchanging their bitcoin for one or more of the roughly 700 other digital currencies that now exist. If done enough times, across enough jurisdictions, it could make it much tougher for law enforcement.

It is also possible for the thieves to further obfuscate their moves through what are called “tumbler” services. Tumblers take numerous transactions, split them up into smaller ones, mix the transactions together, then spit the money back out.

It would also be possible for the thieves to find somebody willing to physically exchange cash for the bitcoin. In this case, the thieves could find somebody on a local message board looking to buy bitcoins.

They would make a digital transfer directly between wallets, and then meet physically and exchange cash. Even this would require some documentation on the blockchain, though, so law enforcement would also likely try to chase down information about the recipient of the tainted bitcoin.

Perhaps the only surefire way for the hackers to not tip their hand: never move the bitcoins at all.