Inside the Ukrainian Crypto Startup Waging Cyberwar on Russia
Hacken helps crypto businesses with cybersecurity. Now, with the war at home, it’s also leading a guerilla offensive against the Russian internet.
By day, Dmytro Budorin, CEO of Ukrainian startup Hacken, and his team perform cybersecurity audits of cryptocurrency protocols and exchanges. After-hours, the company turns into a collective of hacktivists ravaging the Russian segment of the Internet.
The Russian invasion, which began Feb. 24, turned Ukraine, a nation of 44 million, into a battleground, made civilians take up arms to protect their neighborhoods – and galvanized a worldwide cyber army of hackers waging digital retaliation on Russia. Hacken’s 70 employees are among them, juggling cybersecurity business, support for fellow Ukrainians on the ground and cyber attacks on Russia.
“On the first day of the war, everybody was very frustrated and we decided it’s time to open [our own] front,” Budoring told CoinDesk during a video call, his face exhausted and gray.
As we spoke in early March, Budorin was outside Ukraine, but his wife and in-laws were still stuck in Mariupol, a seaside city in the south of Ukraine that has been heavily shelled by the Russian armed forces for weeks. For some time, Budorin could not communicate with his relatives, he said.
Later, the family managed to get out of the city, driving west through the war-torn country and struggling to find gas for the car or a place to sleep over the four-day trip, Budorin said. Now, all are safe, he said.
Recruiting a cyber army against Russia
“We had some financial cushion, so we donated around $260,000 from our [company] account to various funds” helping Ukraine during the war, Budorin said. The funds mostly went to the Turn Back Alive fund, which is helping finance the Ukrainian army and managed to raise over 400 BTC over the first month of the war, as well as to the volunteer group headed by the activist Tata Kepler.
“Days off and hobbies are over. When the guys finish their work at the company they get busy helping people in Ukraine with coordination, communication, evacuating people, delivering body armor and helmets,” Budorin said.
Hacken has kept up with meeting its business goals auditing the security of crypto exchanges, decentralized finance (DeFi) protocols and non-fungible token (NFT) marketplaces, Budorin said. Revenue didn’t suffer much, he added, because 90% of Hacken’s clients are not in Ukraine nor in Russia.
According to Alex Petrov, former chief information officer at Bitfury Group, Hacken is well-known in the Ukrainian IT community for its security audits. “Decent tech level, active and growing quickly,” Petrov told CoinDesk.
There was a financial toll, though: Some Russian holders of Hacken’s own HAI token, which is used to pay for its products and services (the company also accepts other crypto and fiat currencies), disagreed with the company's public statements condemning President Vladimir Putin’s invasion of Ukraine and sold their bags, dropping the price. Hacken was unmoved by this, with Budorin saying: “Let them sell.”
Even before the war, Hacken created a tool for companies to run stress tests and check how resilient their servers are against distributed denial of service attacks (DDoS), which is when a network of computers overwhelms a website with fake requests until the website goes down. The product, titled disBalancer, was turned into a cyber weapon to “DDos the entire Russian internet,” Budoring said.
According to him, the app was downloaded over 55,000 times, and there are around 5,000 active computers using it to run coordinated DDoS attacks. Fellow devs from the IT Guild of Ukraine, the local trade association, helped adapt the software for multiple platforms.
“At the moment, disBalancer is developing towards [becoming] a tool for smart attacks [including] learning how to get around CAPTCHA tests, how to find vulnerabilities,” Budorin said.
The disBalancer community now counts over 15,000 people around the world, said Oleg Bevz, marketing director at Hacken, with a heavy representation from the blockchain and crypto industries.
The overarching goal is to create a global cyber army founded by Ukrainians, Budorin said. The community around Hacken is in touch with other hacktivist collectives, such as the IT Army of Ukraine, created in response to a call by Ukraine’s minister for digital transformation, Mykhailo Fedorov. Anonymous, the well-known hacker group that declared a cyber war against the Russian government, isn’t in touch with Hacken at the moment, Budorin said.
‘Buy tickets ASAP’
Even before the war started, Budoring knew something bad was coming.
As the tensions around the Russian-Ukrainian border were mounting, with Russian troops gathering there, Budorin decided to relocate all 70 people working at Hacken to the West. Hacken’s headquarter is in Estonia, but most employees were located in Ukraine.
On Feb. 14, the decision was made.
“We told everyone: ‘Buy tickets ASAP, we need to leave, meet you in Barcelona.’ We realized that the risks were just too high and it’s time to make a decision, otherwise we would fail to protect our staff,” Budorin said.
Like many people in and outside Ukraine, Budorin initially believed the trouble would only be about the Donbass area, the region in eastern Ukraine that broke away during the armed conflict in 2014, encouraged by Russia. As people did not expect an assault on the entire nation, many considered the relocation temporary, refused to go at all or didn’t take their families with them.
Hacken is trying hard to relocate all of its staff to Western Ukraine, but some people are stuck in the cities engulfed by the war. “They don’t always have an internet connection. Sometimes, during a call, people say: ‘Sorry, we’re having an airstrike here, need to go downstairs to the basement, call you back in an hour,” Budorin said.
The damage done to Russia
A picture of a crowd running from a riot police officer under the Russian flag, and a lone silhouette under the Ukrainian flag stopping a tank, divided by a line with the phrase “Why?” was one colorful example of a wave of defacing attacks on Russia’s government websites.
The picture, which appeared on March 8 on the websites of Russia’s Federal Penitentiary Service, Mininstry of Energy and other government bodies, encapsulated Ukrainians’ frustration toward Russians: We’re dealing with bombs and tanks, and you’re afraid to go on the streets and protest?
Over the early weeks of the war, multiple websites of government agencies, as well as government-funded and loyal media, suffered DDoS attacks, hacks and defacing. The attacks were carried out by a global community of hackers, from the Anonymous collective to single hacktivists striking Russian websites from their homes in Ukraine. It’s not clear which group was responsible for defacing the government websites on March 8.
Mid-March, the Russian government acknowledged the scale of attacks. The Ministry of Digital Development and Communications said they were twice as powerful as any previous ones, the Washington Post reported.
Much of the credit (or blame, depending on one’s perspective) goes to hacktivists like those at Hacken, the IT Army of Ukraine, Belarusian Cyber Partisan group and global hackers’ collectives like Anonymous and Squad 303.
The total number of hacktivists attacking Russia on the cyber frontlines is unclear, but the community appears to be quite large. For example, the Telegram channel of the IT Army of Ukraine now has over 300,000 subscribers and counting. Every day, the channel publishes a new list of targets for a fresh cyberattack.
The calls are often accompanied with pugnacious intros, such as “How about block Russians from traveling? Find some popular tourism shops below” or “P2P crypto exchange connected to Sber, VTB and other Russian banks. Make them cry!”
Since the channel was launched on Feb. 28, the list of targets has included the official websites of the Kremlin, Federal Security Service (FSB, successor to the Soviet KGB), communication servers of the FSB and Rosgvardia (recently formed riot police forces), federal agencies and city councils, Russian Railways, major Russian banks, the Moscow Stock Exchange, the payment system Mir (created to replace SWIFT in Russia), oil and gas companies and many others.
Even seemingly insignificant targets have made the list, such as platforms for freelance gigs. “Russian freelancer marketplaces are not obvious targets, however we believe they should feel the war is real too. Every Russian who supports putin, war, killing Ukrainians should experience economical damage,” a member of the channel said.
The IT Army of Ukraine did not respond to CoinDesk's request for comment.
Ukraine vs. Russian propaganda
DDoS attacks and website defacing are just part of the global cyber assault on Russia. From the very first days of the Russian invasion in Ukraine, some Russians started receiving unusual calls to their mobile phones. A recorded message was telling them that Russian soldiers were dying in Ukraine and Russians must stop the war, go out to the streets to protest and not let their sons go to the battlefield.
It’s hard to gauge how many Russians received similar calls, texts or emails about the war. It’s even harder to evaluate if this guerilla information war was successful at changing public sentiment in Russia, where, according to some accounts, the majority of the population might be supporting the invasion.
However, the hacker group Squad 303 claimed to have facilitated more than 20 million SMS and WhatsApp messages to Russian phone numbers about the war, via a dedicated website titled 1920.in, after the Soviet-Polish war of 1919-1921.
“The joint action of all the states of the free world, as a response to Russia’s aggression, will lead to the collapse of the entire country. However, nearly 150 million Russians do not know the truth about the causes or course of the war in Ukraine. It is fed with the lies of the Kremlin propaganda,” the website says, adding that everyone can “convey a direct message to the inhabitants of this enslaved country.”
According to Bevz, Hacken’s marketing director, entrepreneurs in Ukraine, including the commercial call centers, switched from their normal businesses to waging information attacks on Russians.
“I know some companies coordinated to launch text messages and some call centers that previously were cold-calling people to sell something immediately switched from, say, selling water coolers, to selling the truth to Russians,” Bevz said, adding there might be as many as a thousand such companies.
“Someone was a product manager, someone was a [chief technology officer], and when the war started the company stopped the operations, so they organized all available developers so that they could DDoS” Russian websites, Bevz said.
As for Hacken, the company keeps working on the weaponized version of disBalancer to make it as easy to use as possible, Bevz said: “Our big goal is that a housewife in Texas can open her laptop and launch an attack on Russia in two clicks.”
More from CoinDesk on Ukraine and Russia
The peaceful world tokens that appeared to be sent by Ukraine's crypto addresses could have been spoofed, blockchain analysts said.
Powell is testifying before the House Financial Services Committee on the state of the economy.
The sought-after NFT could be worth $200,000 according to some estimates.
The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.
Learn more about Consensus 2024, CoinDesk’s longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.