Hacker who breached 5,000 accounts to mine crypto arrested — 7-year cryptojacking scheme incurs $4.5 million in damages

When you buy through links on our articles, Future and its syndication partners may earn a commission.

Ukrainian authorities have arrested a hacker who compromised over 5,000 accounts at a major global hosting company and used them to mine cryptocurrency. According to the Cyber Police of Ukraine, the suspected criminal installed virtual machines on the compromised servers to run the mining software, incurring the company losses of about 185 million hryvnia or nearly US$4.5 million at the current exchange rate.

The police say that the 35-year-old offender has been using open-source intelligence since 2018 to find and exploit weaknesses in the network infrastructure of several companies. The person was a native of and operated in Poltava, although they also operated between Odesa, Zaporizhzhia, and Dnipropetrovsk.

During the arrest, Ukrainian law enforcement officials seized computers, mobile phones, bank cards, and other evidence tying him to the hacks. They also discovered compromised email login details, crypto wallets containing the coins mined from the hacked accounts, automation software for managing the numerous virtual machines, and remote access and data theft tools. Aside from that, it was discovered that the alleged culprit maintained multiple accounts on hacker forums, although it’s still unclear if he worked alone or had other associates.

Since the investigation is still ongoing, the police say that additional charges may be levied against the hacker depending on its findings. According to Ukrainian law, the hacker faces up to 15 years in prison in the current case if found guilty. It’s also unclear whether the state will seize the illegally accrued cryptocurrency or if the victims will need to pay (or get refunds from) the bills generated by the illegal activity.

This isn’t the first crypto-related hack to be unveiled this year, with crypto giant Coinbase losing $400 million and ByBit becoming a victim of the largest crypto hack in history, costing the company $1.5 billion. Another unique hack was when two brothers altered Ethereum transactions before they were validated, routing $25 million into their account instead of the intended recipients. This is a bit different than those attacks, though — instead of stealing coins directly from compromised wallets, the hacker instead stole computing power from unsuspecting companies.

As cryptomining remains a lucrative gig, many users will try to gain an advantage by hacking and other underhanded means. This latest incident shows that even if you do not personally hold any crypto, you can still be victimized through other means.

Follow Tom’s Hardware on Google News to get our up-to-date news, analysis, and reviews in your feeds. Make sure to click the Follow button.