Russian Bitcoin Wallets Unmasked by Anonymous Hacker – Here’s What Happened

Bitcoin wallet addresses controlled by Russian security services have been revealed by an unknown person or group, according to blockchain intelligence firm Chainalysis.

In a now-deleted tweet originally posted on Thursday, Chainalysis said that close to 1,000 Bitcoin addresses claimed to belong to Russia’s Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB) have been exposed by “an anonymous person or group.”

The ownership of the wallets was reportedly compromised by taking advantage of an on-chain feature that documents transactions.

Chainalysis added in a report published on its website, which was also later deleted, that at least three of the wallet addresses have previously been linked to Russian entities involved in hacking incidents.

Among the incidents was the so-called SolarWinds attack in 2020, and a Russian disinformation campaign during the US election in 2016.

Chainalysis, which regularly does jobs for the US government and various law enforcement agencies, has not given any explanation for why it first published and later deleted its tweet and report about the Russian state-controlled Bitcoin wallets.

$300k spent to post on-chain messages

Perhaps the most notable part of the Chainalysis report is the claim that the hacker or hackers responsible for revealing the wallets spent more than $300,000 worth of Bitcoin just to publish certain messages on-chain.

$300,000 in BTC is way more than necessary in order to post messages using the Bitcoin blockchain’s OP_RETURN function.

“The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of bitcoin in order to spread their message makes it more likely in our opinion that their information is accurate,” Chainalysis said in a press release which was later deleted.

The firm also noted in its report that the on-chain inscriptions made by the hacker stopped when Russia invaded Ukraine in February of 2022, after which the wallets instead starting sending funds to wallets accepting donations to Ukraine.

The donations made by the Russian government-controlled wallets would imply that hackers have gained access to the private keys of these wallets, and that more funds could potentially be drained from them in the future.

 

Leave a Reply