Hacker arrested for breaching 5,000 hosting accounts to mine crypto

The Ukrainian police arrested a 35-year-old hacker who breached 5,000 accounts at an international hosting company and used them to mine cryptocurrency, resulting in $4.5 million in damages.

“The suspect illegally gained access to over 5,000 accounts belonging to clients of an international hosting company that provides server rental services for the operation of various websites and online platforms,” reads the police’s announcement.

“After gaining access to these accounts, the perpetrator began unauthorized deployment of virtual machines (software that emulates a computer’s operation) using the company’s server resources.”

As the threat actor utilized the accounts to mine cryptocurrency on the hosting provider’s servers, the resulting damages were estimated to be $4,500,000.

The police’s investigation established that the hacker had been active since 2018, using open-source intelligence to find and breach vulnerable infrastructure of international organizations.

He periodically changed locations to avoid being tracked down, so he lived in the regions of Poltava, Odesa, Zaporizhzhia, and Dnipropetrovsk during the past years.

During the police raid at his residence, computer equipment, mobile phones, bank cards, and other forms of physical evidence were seized.

A preliminary examination of the seized materials validated that the hacker maintained multiple accounts on hacker forums.

The seized evidence links the hacker to stolen email credentials, cryptocurrency wallets that held the illegally mined coins, software scripts used for launching and managing the mining activity, and tools for conducting data theft and remote access.

The hacker now faces charges under Part 5 of Article 361 of the Criminal Code of Ukraine, which could bring a maximum penalty of 15 years of imprisonment plus three years of prohibitions to engage in certain activities deemed risky.

The police noted that the investigation is still underway, and new evidence may add more charges.

It is unclear if the clients of the hosting firm that had their accounts hacked will be required to pay the bills inflated from the unauthorized mining activity.

To prevent this from happening to you, always use strong, unique passwords and multi-factor authentication to protect accounts with access to cloud resources.

Also, regularly check account activity to identify any early compromises and revoke access from unknown devices or applications immediately.