The #cyberattack against #Cencora , where the hackers received $75 million in extortion payments, was notable for being executed through #Bitcoin ($BTC ) transactions across three installments in March 2024. The payment breakdown is as follows:
1. March 7, 2024 (296.5 #BTC )
- Transaction hash: `e3e203db2752edeb5bb716a77ed30f977bee70b06cefecd69d1c38921ad5d1b2`
- Time: 10:04 pm UTC
2. March 8, 2024 (408 BTC)
- Transaction hash: `db4a0742aa2fe67c20f02642bb776fb4140cf32beca43b7552435f5eddb58d92`
- Time: 7:45 pm UTC
3. March 8, 2024 (387 BTC)
- Transaction hash: `bf408baa4d6598a42a6852012fe412514ff7bb70ca8a94deb9865c9b46f19ddf`
- Time: 9:39 pm UTC
All three transactions were funded from the same source, and the funds flowed into addresses with known exposure to illicit activity, indicating the payments were likely part of a ransomware settlement. To trace these payments on-chain, one would need to analyze blockchain data for the given transaction hashes and look for any connections to wallets flagged for illegal activities.
It appears the attackers had sophisticated methods for moving funds across the blockchain, possibly utilizing coin-mixing services or #darknet wallets to obscure the transaction trail. Reknown crypto investigator @ZachXBT shared the details after a Bloomberg article about the hack as posted.