The paradox of bitcoin is that it’s both public and anonymous. Every bitcoin transaction that has ever occurred is recorded on the blockchain, the digital ledger that organizes the currency, which can be viewed by anyone. Determining who owns the bitcoins behind those transactions, however, can be impossible if the owners are careful.
The hackers behind the recent Petya/NotPetya ransomware attack, which shut down critical services in Ukraine before spreading to computers all over the world, used bitcoin to receive payments from their victims. And because all of the victims were told to send their ransom payments to the same bitcoin address, those transactions are particularly easy to view in aggregate in the bitcoin wallet associated with it.
In total, about $10,000 in ransom payments were sent to that account, which was undoubtedly being closely watched by law enforcement agencies worldwide. The point at which bitcoin can go from being anonymous to identifiable is when someone tries to turn it into real currency by withdrawing it through an exchange, so no one expected the money to ever leave that account. But then, on July 4, it did. The money sat in a second account for three days, then began moving again.
This time, the funds appeared to be sent through a bitcoin mixer, also known as a tumbler, which is a complex series of transfers that bitcoin owners can use to obfuscate the paper trail between two or more bitcoin addresses on the blockchain, essentially laundering their money.