‘Robin Hood’ hacker steals rich Russian crypto funds, gives to poor Ukraine

30 April, 05:53 PM
The hacker stole bitcoins from the FSB and the GRU, and then sent them to Ukraine (Photo:Wendelin Jacober/Pexels)

The hacker stole bitcoins from the FSB and the GRU, and then sent them to Ukraine (Photo:Wendelin Jacober/Pexels)

A hacker has gained access to hundreds of cryptocurrency wallets belonging to Russia’s FSB, GRU, and Foreign Intelligence Service, news site CoinDesk reported on April 27, citing Chainalysis, a cryptocurrency monitoring company that works with the U.S. government.

The crypto experts said the hacker had transferred the stolen bitcoins to the addresses of Ukrainian volunteers.

The mystery user seems to have been able to put blockchain and bitcoin technologies to work against the aggressor state. Using their arcane skills, the hacker gained access to hundreds of crypto wallets, which likely belonged to Russian law enforcement agencies.

Video of day

Chainalysis analysts believe that the hacker used a feature of documenting transactions in the bitcoin blockchain to identify 986 wallets controlled by the Main Directorate of the General Staff of the Armed Forces of the Russian Federation (GRU), the Foreign Intelligence Service (SVR), and the Federal Security Service (FSB).

The analysts did not disclose which feature it was.

At the same time, the hacker left messages in Russian to the owners of the wallets, in which he states that these wallets were used to pay for the services of hackers working for Russia.

It is not known to what extent these allegations are true. Western analysts consider it indisputable that Russian intelligence services use hackers to conduct numerous operations.

Chainalysis experts could only partially confirm the hacker's claims.

They note that at least three of the allegedly Russian wallets have already been linked to Russia by third parties. Two of them were allegedly involved in the Solar winds attack, and the third paid for servers used in Russia's disinformation campaign in the 2016 elections.

Chainalysis analysts suggest that the hacker gained control of the wallets, which he claims were controlled by Russian intelligence services, not through hacking, but through "inside work.

"Simply put, this person could have infiltrated the structure of hackers working for Russia, or he could have been an employee of the Russian special services who later became a defector.

The first hacks were carried out a few weeks before Russia invaded Ukraine in February 2022.

The hacker was initially determined to simply destroy the stolen funds in the wallets of the Russian special services. Chainalysis suggests that the mysterious attacker destroyed bitcoins worth about $300,000 using the OP_RETURN feature of the bitcoin blockchain (this function allows you to invalidate previously performed transactions).

However, when Russia's war with Ukraine began, the hacker changed tactics.

Since the first days of the war, the Ukrainian government has used cryptocurrency to raise tens of millions of dollars for military and charitable purposes.

According to Chainalysis, some of the wallets involved in this investigation transferred funds to Ukrainian government wallets after the war began.

Basically, the mysterious hacker stopped burning money and started sending it to help Ukraine, Chainalysis said.

"The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of bitcoin in order to spread their message makes it more likely in our opinion that their information is accurate," Chainalysis analysts concluded.

We’re bringing the voice of Ukraine to the world. Support us with a one-time donation, or become a Patron!

Follow us on Twitter, Facebook and Google News

Ukraine Today
Fresh daily newsletter covering the top headlines and developments in Ukraine
Daily at 9am EST
Show more news