Global Law Enforcement Operation Disrupts 911 S5 Botnet

An international law enforcement operation, led by the U.S. Justice Department, has dismantled the 911 S5 botnet, which was used for cyber attacks, fraud, child exploitation, harassment, bomb threats, and export violations. This operation resulted in the arrest of YunHe Wang, a 35-year-old national of the People’s Republic of China and citizen-by-investment of St. Kitts and Nevis.

Arrest and Charges

Wang was apprehended on May 24 on charges related to his deployment of malware and operation of the residential proxy service “911 S5.” From 2014 to July 2022, Wang and his associates allegedly compromised millions of residential Windows computers worldwide, monetizing this botnet by selling access to these infected IP addresses.

Details of the Operation

Wang spread malware through VPN programs and pay-per-install services, managing approximately 150 dedicated servers worldwide. These servers facilitated the 911 S5 service, enabling cybercriminals to access proxied IP addresses from infected devices.

Chainalysis Contribution

In July 2022, 911 S5 voluntarily ceased operations but retained substantial funds on-chain. Chainalysis tools were instrumental in the investigation, helping agents identify many wallets holding those funds and mapping out 911 S5’s on-chain infrastructure. By tracing transactions from customer payment addresses to deposit addresses at centralized services, DCIS agents uncovered a network of wallets, including cold storage wallets holding 4,322.25 BTC, worth roughly $169 million at the time.

Using advanced techniques, agents expanded the initial set of addresses to reveal personal wallets, exchange deposit addresses, and more. This innovative blockchain analysis highlighted how effectively digital assets can be tracked compared to fiat currencies. Despite efforts to conceal transactions through mixers and other means, the transparency of blockchain allowed investigators to trace funds back to Wang and his associates.

Binance’s Role

Binance recently shared their involvement in the case on LinkedIn, stating, “Binance is proud to have assisted with this significant case. Our Financial Crime Compliance team provided crucial data to the authorities & helped freeze the suspect’s account. Safeguarding the crypto ecosystem is a priority for us. We are glad that our collaborations with the public sector have helped to make the space safer for our users.”

Binance CEO Richard Teng also expressed pride in the team’s efforts: “Proud of the Binance team for working to make the crypto space safer for our valued users.”

Innovative Blockchain Analysis

Agents used data-driven tactics to identify new 911 S5 addresses by analyzing transaction patterns matching 911 S5’s service pricing. This approach revealed additional wallets and underlined the value of advanced blockchain analysis in uncovering complex cybercrime networks.

YunHe Wang faces charges of conspiracy to commit computer fraud, wire fraud, and money laundering, with a potential maximum sentence of 65 years in prison. This operation highlights the effectiveness of blockchain analysis in tracking illicit assets and the commitment of international law enforcement to combat cybercrime.

This article has been updated ” Binance announcement and their role in the operation” on 30 May, 17:54 UAE time.