A team from University College London (UCL) has discovered evidence concerning the purchase of several hacking tools previously stolen from the NSA and sold online by the mysterious group known only as the Shadow Brokers. These are the same types of explots used in the infamous WannaCry ransomware attacks.
Motherboard is reporting that the UCL team found transactions, coming from the major exchange Bitfinex, which match the exact prices asked for the tools and occured in a window coinciding when the offers were made. This, along with certain metadata, has made the team feel there is a "reasonable chance" that these payments are linked to the Shadow Brokers.
The Shadow Brokers began offering the illegal tools online in 2016, and in 2017 began asking customers to specifically use Zcash, a privacy coin, for their transactions. The last known online post from the Shadow Brokers is from September, 2017.
This money trail opens up the possibility of law enforcement working with Bitfinex to get more information about the transactions. It seems unlikely this will lead to the mysterious group directly, but rather may uncover one or more of its customers. That could, hopefully, be a good start.