The hacker transmitted the stolen bitcoins to the addresses of Ukrainian volunteers, according to the crypto experts.
The unknown user appears to have successfully employed blockchain and bitcoin technologies against the aggressor state. The hacker gained access to hundreds of crypto wallets, which presumably belonged to Russian law enforcement agencies, using their arcane skills.
Analysts at Chainalysis believe that the hacker identified 986 wallets controlled by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB) using a feature of the bitcoin blockchain that documents transactions.
The analysts did not disclose the nature of the feature.
In addition, the hacker left Russian-language messages to the proprietors of the wallets stating that these wallets were used to pay for the services of Russian hackers.
To what extent these allegations are genuine is unknown. Analysts from the West deem it incontrovertible that the Russian intelligence services employ hackers for numerous operations.
Experts in chainalysis could only partially validate the hacker’s claims.
At least three of the purportedly Russian wallets have already been attributed to Russia by third parties, they note. Two were allegedly implicated in the Solar winds attack, and the third paid for servers used in Russia’s 2016 disinformation campaign.
Analysts from Chainalysis believe the hacker gained control of the wallets, which he claims were controlled by Russian intelligence services, not through hacking, but through “inside labor.
Simply stated, this individual could have infiltrated the structure of Russian hackers, or he could have been a former employee of the Russian special services who defected.
A few weeks prior to Russia’s invasion of Ukraine in February 2022, the initial cyberattacks were conducted.
Initially, the hacker intended to eliminate the stolen funds in the wallets of Russian special services. Chainalysis suggests that the unknown attacker destroyed approximately $300,000 worth of bitcoins using the OP_RETURN feature of the bitcoin blockchain (which enables the invalidation of previously performed transactions).
When Russia’s conflict with Ukraine began, however, the hacker altered his strategy.
The Ukrainian government has used cryptocurrency to raise tens of millions of dollars for military and charitable purposes since the beginning of the conflict.
According to Chainalysis, some of the wallets implicated in this investigation transferred funds to government wallets in Ukraine after the start of the conflict.
Essentially, the hacker ceased burning money and began sending it to Ukraine, according to Chainalysis.
“The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars worth of bitcoin to spread their message increases the likelihood that their information is accurate,” concluded Chainalysis analysts.