Feds, Chainalysis Reveal $169m In Bitcoin Controlled By 911 S5 Botnet

Blockchain forensics firm Chainalysis has discovered $169 million in Bitcoin connected to the 911 S5 botnet, facilitating the arrest of Chinese national Yunhe Wang.

Crypto analysis firm Chainalysis has traced $169 million in Bitcoin linked to the notorious 911 S5 botnet, a revelation that played a crucial role in the recent arrest of Yunhe Wang, a Chinese national allegedly involved in controlling the botnet.

In a blog post, the New York-headquartered firm said the botnet’s illicit operations enabled it to generate substantial revenue through crypto subscriptions sold to cybercriminals engaging in activities like password spraying attacks, financial fraud, identity theft, and child exploitation.

“911 S5 was a service that provided residential proxy services, often to bad actors who frequently paid for these services in cryptocurrencies such as Bitcoin.”

Chainalysis

Despite voluntarily shutting down in July 2022, 911 S5 retained significant on-chain funds. Working alongside agents from the Defense Criminal Investigative Service, Chainalysis uncovered deposit addresses at centralized exchanges and other parts of the botnet’s financial ecosystem.

According to the firm, at least one cold storage wallet associated with 911 S5 contains 4,322.25 BTC, worth approximately $169 million. Chainalysis says the wallet also has connections to various crypto mixers and a Russian bulletproof hosting provider Black Host previously associated with ransomware strains like Dharma and Phobos.

Further analysis revealed that funds from this wallet were transferred to addresses controlled by Wang, some of which were flagged by the Office of Foreign Assets Control. As per Chainalysis, U.S. authorities managed to identify 49 addresses linked to the malicious network.

Leveraging blockchain transaction data, investigators also discovered previously unknown addresses on the TRON blockchain, exposing a wider network of 911 S5 wallets. While the scale of the 911 S5 network on TRON remains unclear, it’s apparent that the identified assets have yet to be seized, with U.S. law enforcement agencies monitoring their movements.