An unknown hacker defrauded Russian security services of bitcoins. Now Kiev has them

14. 06. 2023 | Kristýna Bezděková

The digital wallets hacked belonged to the Military Intelligence Service (GRU), the External Intelligence Service (SVR) and the Federal Security Service (FSB). He could have either infiltrated their hacking team or been part of it.

According to The New Voice of Ukraine, a hacker gained access to the Russian security services’ bitcoin. Analysts at Chainalysis, a cryptocurrency monitoring company that works closely with the US government, believe the hacker used the transaction documentation feature of the blockchain to launch the attacks. As a result, he was able to locate nearly 1,000 digital wallets believed to belong to the Military Intelligence Service (GRU), the External Intelligence Service (SVR) and the Federal Security Service (FSB).

Chainalysis analysts believe the hacker may have infiltrated the Russian hacking team or previously been part of it. He thus gained control of cryptocurrencies from the inside, so to speak.

“Put simply, this person may have infiltrated a hacking network working for Russia, or may even have been a member of Russian intelligence,” Chainalysis said in its report. He first attacked Russian cryptocurrencies a few weeks before the invasion of Ukraine began in 2022. He only destroyed the initially recovered bitcoins. The Moscow Times reports that the amount involved was thought to be around $300,000. He used the OP_RETURN function to delete selected transactions.

In the first attack, the hacker left a message in the digital space. It said that these wallets were used by Russian special services to fund cyber attacks. But it is unclear how true the claims are. Western experts say it is very likely that he is right and Russia is using hackers in a big way to weaken its adversaries. But Chainalysis has only managed to partially confirm the attacker’s claims.

“We can’t say 100% if it’s true. However, the fact that the addresses of at least three of these digital wallets were previously linked to Russia lends credence to the hacker’s statement,” Chainalysis notes. Two of these were directly related to the 2020 attack on US IT company Solarwinds, which is considered one of the largest cyberattacks in US history.
“The hacker was both willing and able to burn hundreds of thousands of dollars worth of bitcoins to spread his message. In our opinion, such determination also increases the likelihood that his information is accurate,” Chainalysis analysts said.

But since the start of the war in Ukraine, the hacker has changed his strategy. Since the first days of the invasion, the Ukrainian government has been using cryptocurrencies to buy military equipment, for example. Chainalysis reports that “Robin Hood” stopped merely destroying Russian digital wallets after the invasion, but instead transfers bitcoins to the Ukrainian government.


Source, photo:, pixabay

Author of this article

Kristýna Bezděková

Kristýna is a student of marketing and communication in an undergraduate program. She writes and translates content into the Czech language


Support us to keep up the good work and to provide you even better content. Your donations will be used to help students get access to quality content for free and pay our contributors’ salaries, who work hard to create this website content! Thank you for all your support!

Write a comment