It’s been around 12 weeks since the WannaCry crisis caused panic around the world, but the last few days have seen two (unrelated) instances linked to the ransomware. It was reported early today that Marcus Hutchins, the man who stopped WannaCry, had been taken into custody Tuesday for allegedly creating the Kronos banking Trojan. The day after his arrest, those behind the global malware finally withdrew the ransoms from their bitcoin wallets.

Victims of WannaCry were forced to pay between $300 and $600 in the hope of receiving keys to unlock their encrypted files. Thanks to the increasing value of bitcoin, the malware brought the hackers around $140,000, which until now has sat untouched and spread across three bitcoin wallets.

With law-enforcement agencies around the world keeping a close eye on the wallets, many suspected the criminals wouldn’t ever risk removing the bitcoins. But early yesterday, the 50 BTC were divided into multiple smaller amounts and sent to various other addresses.

The value of the bitcoins received an approximate 20 percent increase on August 1 thanks to the fork that created two cryptocurrencies: bitcoin and bitcoin cash. Everyone who held bitcoins before the split gets the same amount in the new currency. Assuming they cashed out both sets, the hackers would have received $140,000 for the bitcoins and an extra $25,000 for the bitcoin cash.

Whether those that emptied the wallets were able to liquidate the bitcoins is unclear. They would have had to use a “bitcoin mixer” service to try and obscure the cryptocurrency’s origins, making sure it can’t be linked to WannaCry and traced back to them. Following the arrest of BTC-e Bitcoin exchange operator Alexander Vinnik, this might be easier said than done.