Russian Bitcoin Wallets Allegedly Exposed by Apparent Hacker
A mysterious bitcoiner used the OP_RETURN field to call out wallets controlled by FSB and GRU.
A mysterious bitcoiner appears to have weaponized the Bitcoin blockchain against the Russian state by exposing hundreds of wallets allegedly held by security agencies, according to crypto tracing firm Chainalysis.
The unknown individual used a feature in how the Bitcoin blockchain documents transactions to identify 986 wallets controlled by the Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB), Chainalysis, which works closely with the U.S. government, said in a post shared with CoinDesk. Written in Russian, the vigilante’s messages accuse the wallets of being involved in hacking activity.
It’s not clear whether the individual’s allegations are true; the three agencies did not respond to CoinDesk's request for comment. What’s more clear is the individual took control of at least some of the addresses they allege to be held by Russia, perhaps through hacking, or even (if the allegations are to be believed) an inside job.
Leveled in the weeks preceding Russia’s unprovoked February 2022 invasion of Ukraine, the allegations amount to an unexpected crypto twist in a conflict that’s already had plenty. Ukraine’s own government has used crypto to raise tens of millions of dollars for its war effort. Some of the allegedly Russia-held wallets tied up in Chainalysis’ research even sent money to Ukraine.
Bolstering the mystery bitcoiner’s allegations, Chainalysis says at least three of the allegedly Russian wallet addresses have been linked to Russia by third parties before. Two of them were said to be involved in the Solarwinds attack and a third paid for servers used in Russia’s 2016 election disinformation campaign.
Chainalysis also said the bitcoiner’s spending habits suggest they were serious about their claims. The individual effectively destroyed over $300,000 worth of bitcoin while describing their allegations to the blockchain – far more than necessary to make use of the Bitcoin blockchain’s OP_RETURN field.
“The fact that the OP_RETURN sender was both willing and able to burn hundreds of thousands of dollars’ worth of bitcoin in order to spread their message makes it more likely in our opinion that their information is accurate,” Chainalysis said in a press release.
After Russia invaded Ukraine the sender stopped making the inscriptions. They later resumed their activity by instead sending Russia-linked bitcoin to Ukrainian aid addresses.
If the allegations are to be believed, the addresses and any bitcoin they contain are more or less off the table, from a security standpoint. Chainalysis said
The possibility that the OP_RETURN sender acquired private keys for Russian-controlled addresses also suggests that the Putin regime’s crypto operations aren’t secure.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.