Russian Bitcoin Wallets Allegedly Exposed by Apparent Hacker
A mysterious bitcoiner used the OP_RETURN field to call out wallets controlled by FSB and GRU.
Apr 27, 2023 at 4:23 p.m. UTC:format(webp)/cloudfront-us-east-1.images.arcpublishing.com/coindesk/ADXQIWLPQJA4DATCPAGGY4VRII.jpg)
/arc-photo-coindesk/arc2-prod/public/LXF2COBSKBCNHNRE3WTK2BZ7GE.png)
A mysterious bitcoiner appears to have weaponized the Bitcoin blockchain against the Russian state by exposing hundreds of wallets allegedly held by security agencies, according to crypto tracing firm Chainalysis.
The unknown individual used a feature in how the Bitcoin blockchain documents transactions to identify 986 wallets controlled by the Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB), Chainalysis, which works closely with the U.S. government, said in a post shared with CoinDesk. Written in Russian, the vigilante’s messages accuse the wallets of being involved in hacking activity.
It’s not clear whether the individual’s allegations are true; the three agencies did not respond to CoinDesk's request for comment. What’s more clear is the individual took control of at least some of the addresses they allege to be held by Russia, perhaps through hacking, or even (if the allegations are to be believed) an inside job.
Leveled in the weeks preceding Russia’s unprovoked February 2022 invasion of Ukraine, the allegations amount to an unexpected crypto twist in a conflict that’s already had plenty. Ukraine’s own government has used crypto to raise tens of millions of dollars for its war effort. Some of the allegedly Russia-held wallets tied up in Chainalysis’ research even sent money to Ukraine.
Bolstering the mystery bitcoiner’s allegations, Chainalysis says at least three of the allegedly Russian wallet addresses have been linked to Russia by third parties before. Two of them were said to be involved in the Solarwinds attack and a third paid for servers used in Russia’s 2016 election disinformation campaign.
Chainalysis also said the bitcoiner’s spending habits suggest they were serious about their claims. The individual effectively destroyed over $300,000 worth of bitcoin while describing their allegations to the blockchain – far more than necessary to make use of the Bitcoin blockchain’s OP_RETURN field.
“The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of bitcoin in order to spread their message makes it more likely in our opinion that their information is accurate,” Chainalysis said in a press release.
After Russia invaded Ukraine the sender stopped making the inscriptions. They later resumed their activity by instead sending Russia-linked bitcoin to Ukrainian aid addresses.
If the allegations are to be believed, the addresses and any bitcoin they contain are more or less off the table, from a security standpoint. Chainalysis said
The possibility that the OP_RETURN sender acquired private keys for Russian-controlled addresses also suggests that the Putin regime’s crypto operations aren’t secure.
:format(webp)/s3.amazonaws.com/arc-authors/coindesk/fa5ce9a3-9c4d-4ed4-bb04-c7af51bf1a0d.jpg)
Danny is CoinDesk's Managing Editor for Data & Tokens. He owns BTC, ETH and SOL.