They'll probably be tumbled (i.e Bitcoin laundering), meaning that we'll get no info from the transactions at all.

I haven't looked into tumbling recently, whats the volume look like these days? So far the attack has yielded less than 5 btc, I'd guess that amount can be laundered safely. Whats the current limit?

You don't have to worry about tumbling anymore.

You can use XMR.to, Shapeshift.io, or Changelly.com over TOR to move funds directly into another another blockchain currency. So have fun following things around Bitcoin blockchain like some high tech sleuth, but thats a wild goose chase.

I buy all my cryptocurrencies through those kind of services nowadays, because there's no risk or temptation to keep coins on custodial exchanges, instead of in a private wallet. As well as no worries about withdrawal limits (although shapeshift has fairly low per transaction limits, just make an additional transaction)

For unlinking the transaction, the only currency you want to cross-chain into is Monero. With its Ring Signatures and Stealth Addresses it is a private blockchain by default (in comparison with some other cryptocurrencies that have a secondary optional privacy feature like Zcash/Shadowcash/Dash).

I'm actually surprised that the ransomware isn't taking Monero directly yet as some exchanges have direct Monero/USD markets already.

Thanks for the info, I finally took the time to read the Monero whitepaper, cool stuff!

> I'm actually surprised that the ransomware isn't taking Monero directly yet as some exchanges have direct Monero/USD markets already.

Buying Bitcoin is much easier

Marginally.

And the malware controllers can just as easily add instruction to users to shapeshift bitcoin to their Monero address

I can't speak for a current safe limit, but it isn't very hard to transfer funds between various cryptocurrencies. Tumbling is not secure with a large amount of coins. All you have to do is monitor all transactions and figure out what went in and what came back out. If you start splitting things off in small amounts on various blockchains things become much harder to track.

This is assuming the attackers know what they are doing. I would be against that.

A cursory check doesn't bring up any Helix (the largest tumbler out there) stats. I'm not certain they even make that info public. Also I wouldn't know how to measure the level of privacy in this context.

Does that means the wannacrypt attack has paid only 60,000$ ?

So far, it looks like tx are still rolling in. They haven't cashed it out yet, so they really have ~35 BTC, nothing in USD yet.

where did you get these addresses from? I only get the 115p address on a retweeted photo from an NHS computer

They were posted in the Kaspersky analysis

https://securelist.com/blog/incidents/78351/wannacry-ransomw...