Skip links

Secret multimillion-dollar cryptojacker snared by Ukrainian police

The criminal thought to be behind a multimillion-dollar cryptojacking scheme is in custody following a Europol-led investigation.

Supported by the National Police of Ukraine, Europol arrested a 29-year-old, whose identity is being withheld, this week in Mykolaiv, Ukraine.

An unnamed cloud provider worked with Europol et al to bring the crook into custody – an effort that also saw three properties raided as authorities built up their portfolio of evidence against them.

The Register asked Europol for the identity of the cryptojacker, but was told by a spokesperson that it’s being held under judicial secrecy in Ukraine. 

The cloud provider that offered a helping hand to the investigation also apparently doesn’t want to be named at this stage, it’s understood.

Europol said in a press release: “This case illustrates the power of law enforcement joining forces with the private sector.

“A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs. Europol shared this information with the Ukrainian authorities, who subsequently opened an investigation.

“Since then, all three partners have been working closely together to develop operational leads and prepare for the final phase of the investigation.

“Europol’s European Cybercrime Centre (EC3) set up a virtual command post on the action day, supporting the Ukrainian National Police from Europol’s headquarters, with analysis and forensic support on the data gathered during the searches.”

The individual is believed to have mined more than $2 million worth of cryptocurrencies after hijacking organizations’ cloud environments and siphoning their high-powered computational resources, all while the targets pay what will surely be lofty bills.

According to Sysdig’s research, cryptojackers make an estimated $1 for every $53 spent by the victim organization. 

It said in 2022 that TeamTNT made around $8,100 in proceeds from the crime – not a great deal of dough but that won’t surprise regular Reg readers – all while leaving behind $430,000 in bills for victims to foot.

Cryptojacking’s definition doesn’t strictly have to mean the siphoning of cloud resources specifically – the unauthorized use of anything capable of mining crypto falls under the umbrella term – but if criminals want the quickest results then cloud services are the main target.

With millions in their digital wallet, the case of the arrested 29-year-old shows how lucrative a successful cryptojacking campaign can be, and recent research has indicated that credentials for the biggest providers can be autonomously sourced in mere minutes.

Cryptojacking has been a headline-grabbing crime for years now, and there were even major voices in infosec in 2018 pondering whether it might overtake ransomware as the primary threat to organizations.

This obviously never really materialized for a number of reasons including but not limited to the volatile nature of cryptocurrencies, the closure of Coinhive, and the sheer fact that ransomware seems to be this unstoppable business model, although we have some thoughts about that.

When you also consider the average net returns of cryptojackers against ransomware affiliates, then it’s clear to see why the former has become less popular over time. ®

Source