Renowned crypto investigator ZachXBT has exposed a $75 million Bitcoin (BTC) ransom payment made by Cencora Inc., a major drug distributor. This Bitcoin payment was made in response to a cyberattack in early 2024. Moreover, the crypto sleuth and the community have raised questions about Cencora’s lack of transparency as it’s a publicly traded company.
Cencora Lost $75 Million In Bitcoin
The hackers, identified as the Dark Angels group, demanded the ransom in three installments. Since then, Cencora has remained tight-lipped on the matter, citing its policy against addressing rumors. However blockchain experts and cybersecurity analysts have confirmed details of the transaction.
The payments, totaling 1,091.5 Bitcoin, were made in March 2024, according to ZachXBT’s findings. In a post on X, he criticized Cencora for withholding information about the payments, stating:
ZachXBT went on to reveal the exact amounts and times of the Bitcoin transactions, which occurred in three separate installments. Moreover, it’s important to note that “all three addresses were funded from the same source and the funds flowed to addresses with high illicit fund exposure.” These transactions include:
- 296.5 BTC on March 7, 2024 at 10:04 pm UTC
- 408 BTC on March 8, 2024 at 7:45 pm UTC
- 387 BTC on March 8, 2024 at 9:39 pm UTC
I think it’s a bad look when a large publicly traded company like Cencora does not share the BTC transactions for the $75M payment to Dark Angels ransomeware group so I will just post it for them.
296.5 BTC – Mar 7, 2024 at 10:04 pm UTC… https://t.co/24n3J2ubSh pic.twitter.com/aXEx3kHVxz
— ZachXBT (@zachxbt) September 18, 2024
Advertisement
After this revelation Cencora’s stock plummeted 2.83% to $227.90 at press time in the market trading session on Wednesday, September 18, 2024.
About The Cencora Hack
The Cencora hack was first disclosed in February 2024 when the company admitted to a cybersecurity breach in regulatory filings. The hackers initially demanded a $150 million ransom, according to a Bloomberg report.
However, the final payment amounted to $75 million in Bitcoin, making it the largest known cyber ransom payout in history. For comparison, the previous record was held by CNA Financial Corp., which paid $40 million in 2021 after a similar ransomware attack.
Despite the scale of the attack, Cencora has remained largely silent about the incident, addressing it only indirectly in its July 2024 quarterly report. According to the report, the company spent $31.4 million in “other” expenses during the nine months leading up to June 2024, a significant portion of which was tied to the cyberattack. However, details about how the funds were used remain unclear.
The report also shed light on the broader implications of the ransom payment. Brett Callow, managing director at FTI Consulting, warned that such large payouts only make healthcare and pharmaceutical companies more attractive targets for hackers. “Lottery jackpot-level payouts like this make the health and medical sector a more attractive target than it already is,” he said.
Advertisement
Cybersecurity analysts agree that this massive ransom payment signals a growing trend of ransomware attacks becoming more lucrative. According to Chainalysis data, the total value of ransomware payouts is estimated to have surpassed $1 billion in 2024. Whilst, the median payment for major strains rose to $1.5 million.
Also Read: WazirX Hacker Begins Laundering $11.6M ETH via Tornado Cash