The hacker stole bitcoins from the FSB and the GRU, and then sent them to Ukraine
The mysterious user seems to have been able to put blockchain and Bitcoin technologies to work against the Russian terrorist state.
The hacker gained access to hundreds of crypto wallets that likely belong to Russian security agencies, cryptocurrency industry news site CoinDesk clarified, citing Chainalysis, a cryptocurrency monitoring company that works closely with the U.S. government.
Chainalysis analysts believe that the hacker used the transaction documentation feature of the Bitcoin blockchain to identify 986 wallets controlled by Russia’s foreign military intelligence agency (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB).
The analysts did not say what feature they were referring to.
At the same time, the hacker left messages in Russian to the owners of the wallets, in which he stated that these wallets were used to pay for the services of hackers working for Russia.
Read also: Unexpected failure of Russian hackers and Ukraine’s ascendant IT expertise
It is not known to what extent these accusations are true. Western analysts consider it indisputable that Russian intelligence services use hackers for numerous operations.Chainalysis experts could only partially confirm the hacker's claims.
They indicate that at least three of the alleged Russian wallets were already linked to Russia by third parties. Two of them were supposedly involved in the SolarWinds attack, and the third paid for servers used in Russia's disinformation campaign in the 2016 U.S. elections.
Chainalysis analysts assume that the hacker gained control of the wallets, which he claims were controlled by Russian special services, possibly through hacking, but maybe even thanks to "inside work."
To put it simply, this person could have infiltrated the structure of hackersworking for Russia, or he could have been an employee of the Russian special services who later became a defector.
The first hacks were carried out a few weeks before Russia's invasion of Ukraine in February 2022.
The hacker initially intended simply to destroy the funds stolen from the Russian intelligence agency wallets. According to Chainalysis, the mysterious attacker invalidated around $300,000 worth of bitcoins using the OP_RETURN function in the Bitcoin blockchain, a function that nullifies previous transactions.
However, after Russia's war with Ukraine began, the hacker changed his mind.
Since the first days of the war, the Ukrainian government has been using cryptocurrency to raise tens of millions of dollars for military and charitable needs.
According to Chainalysis, some of the wallets involved in this investigationtransferred funds to the Ukrainian government's wallets after the full-scalewar broke out.
Simply put, the mysterious hacker stopped burning money and started sending it to help Ukraine.
"The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of bitcoin in order to spread their message makes it more likely in our opinion that their information is accurate," Chainalysis analysts conclude.