Posted on June 12, 2023 at 8:57 AM
Hacker Stole Funds From Russia And Sent Funds To Ukraine To Aid In The War
A mysterious user appears to have exploited blockchain and Bitcoin technologies in action against Russia. The hacker stole funds from the Russian state and channeled them to Ukraine. The activity adds to the list of hacktivist operations that have been launched by several groups seeking to reiterate against Russia over the invasion of Ukraine.
Hackers target special service wallets and transfer funds to Ukraine
The hacker in question has obtained access to hundreds of crypto wallets that are most likely owned by Russian security agencies. CoinDesk, a crypto news publication, has confirmed the ownership of the wallets by citing data from Chainalysis. Chainalysis is a cryptocurrency monitoring firm that works closely with the US government.
The analysts at Chainalysis have said that the hacker behind the exploit used the transaction as a documentation feature on the Bitcoin network. The feature was used to identify 986 wallets that are under the control of the Russian foreign military intelligence agency (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB).
The Chainalysis analysts have not shared more details on the documentation feature that was used by the analysts at Chainalysis. However, the hackers left messages that were in the Russian language. In these messages, the hackers said that the wallets that they had compromised were previously being used to pay for the services of hackers based in Russia.
The accusations around the use of these wallets to pay pro-Russian hackers have yet to be verified. However, Western analysts have previously said that the Russian state sought the services of hackers to target Ukraine and some Western countries.
The analysts at Chainalysis have noted that the extent to which these accusations are true is yet to be determined. These analysts could only partially confirm the allegations by analyzing the activities in these wallets and how they have been used to conduct activities that appear to support Russia’s course in the Ukraine invasion.
The Chainalysis experts have said that at least three of the wallets that allegedly belong to Russia are confirmed to belong to the country. These wallets appeared to be linked to Russia by third parties.
Two of the wallets were also involved in the SolarWinds exploit, while the third wallet was used to make payments for the servers used in the Russian disinformation campaign during the US elections held in 2016.
Hacker was successful in the exploits
The Chainalysis analysts further said that the hacker could have gained control of these wallets through hacking exploits. They have also said that there is a possibility that the hacker might have succeeded as a result of “inside work.”
Additionally, it is also possible that the hacker might have obtained access to the infrastructure of the hackers working for Russia. It is also likely that they used to be an employee of the Russian special services and later became a defector. Thus, he had ample knowledge about how to gain access to these wallets.
The first hacking exploits were conducted a few weeks before Russia invaded Ukraine in February 2022. The hacker also initially planned to destroy the funds that were stolen from these wallets. Instead, they chose to transfer the funds to Ukraine to aid in military and humanitarian efforts.
The Chainalysis experts have also noted that the mysterious hacker invalidated around $300,000 worth of Bitcoin through the OP_RETURN function that runs on the Bitcoin network. The OP_RETURN function is used to nullify the previous transactions that have happened on a network.
However, it appears that after the war between Russia and Ukraine started, the hacker changed his mind about what to do with the funds. Since the start of the war, the Ukrainian government has used cryptocurrencies to raise tens of millions of dollars. The cryptocurrency donations have been used to support Ukraine’s military and charitable needs.
The analysts at Chainalysis further said that “The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of Bitcoin in order to spread their message makes it more likely, in our opinion, that their information is accurate.”
Chainalysis has also said that some of the wallets that were linked to the investigations were used to transfer funds to the wallets owned by the Ukrainian government. These transfers happened after the war started to intensify. As such, the hacker opted not to burn the cryptocurrencies but instead sent them to Ukraine to help in the war.