An unidentified Bitcoin user reportedly hacked into hundreds of wallets allegedly controlled by the Russian security services, stealing coins and sending them to addresses belonging to Ukrainian volunteers who took part in the war.
According to file a report By on-chain data analysis firm, Chainalysis, From February 12, 2022 to March 14, 2022, a mysterious user was reported to have gained access to nearly 1,000 Bitcoin (BTC) addresses that he claimed belonged to Russian security services.
According to Chainalysis, the hacker used a feature on the Bitcoin network called OP_RETURN. It is a function that not only marks on-chain transactions as invalid, but can also be used to hold the body, allowing users to permanently and immutably broadcast and log messages.
The OP_RETURN function marks the transaction as invalid and burns any BTC it contains. Chainalysis reports that an anonymous user took advantage of the OP_RETURN function to destroy BTC worth around $300,000 by invalidating previously executed transactions.
Initially, the hacker only intended to burn coins stolen from the Russian security services. However, after Russia invaded Ukraine, he apparently changed tactics and began funneling money to pro-Ukrainian groups involved in the war.
Three hacked wallets linked to Russia
The user also allegedly sent messages in Russian to the coin holders, accusing them of using the same addresses to pay the hackers.
Security professionals are firmly convinced that Russian intelligence services regularly use hackers to carry out a wide variety of tasks. However, these rumors have not been confirmed.
Chainalysis also noted that at least three of the wallets have already established contacts with Russia. One of them reportedly paid for the servers used in Russia misinformation operation during the 2016 US presidential election. Meanwhile, the other two have been linked to solarwinds attacks.
The data analysis firm claimed that the attacker did not necessarily gain control of the wallets by hacking them. Alternatively, the “attack” may have been an inside job. Accordingly, the person who took possession of the coins may be a former or current employee of the Russian intelligence services.
Furthermore, the prospect of a hacker obtaining private keys to addresses controlled by Russia raises concerns about the integrity of cryptocurrencies in the country.
Chainalysis suggested that the hacker’s action not only prevented Russian intelligence services from accessing those coins, but also made it more difficult to reuse the same addresses in future operations.
Comments are closed.