Ukrainian hacker arrested for creating 1 million virtual machines to mine cryptocurrency

A 29-year-old Ukrainian hacker was arrested last weekend for compromising a large number of accounts to create virtual machines and mine $2 million worth of cryptocurrency.

According to the European Union’s law enforcement agency Europol on January 13, the Ukrainian suspect, whose identity has not been released, was arrested on January 9 and was the mastermind behind the attack that used the computing resources of other people’s servers to mine cryptocurrency on a large scale.

Bleeping Computer reports that a cloud service provider reported an intrusion to Europol in January 2023, stating that it was investigating compromised cloud accounts on the platform and requesting assistance. Shortly thereafter, Europol and Ukrainian law enforcement collaborated with the provider to track down and identify the perpetrator. On January 9, the suspect was arrested along with computers, bank cards, SIM cards, electronic devices, and other tools used to carry out the attack.

Items seized during the suspect’s arrest
Source: cyberpolice.gov.ua

According to a separate report from the Ukrainian Cyber Police, the suspect had been operating since 2021. At that time, he used an automated tool to steal the passwords of 1,500 accounts belonging to a subsidiary of “one of the world’s largest e-commerce organizations.” Europol and Ukraine did not disclose the name of the company or the e-commerce group behind it.

After gaining control of a vast number of accounts, the hacker used administrative privileges to create over one million virtual machines. The hacker used a TON cryptocurrency wallet to transfer the proceeds, with transactions worth approximately two million USD. Under Ukrainian criminal law, the hacker faces charges of unlawful interference in information systems, electronic communications, and electronic communications networks.

Cloud platforms are a target for many cryptocurrency mining groups, especially Moreno cryptocurrency. A 2022 report by security company Sysdig also mentioned that a cloud platform suffered an average loss of 53 USD for each Moreno coin that cybercriminals mined on compromised devices.