Ukrainian authorities arrest hacker for illegal crypto mining scheme

Ukrainian authorities have arrested a 35-year-old man on June 4 for breaching 5,000 accounts at an international hosting company and using them to mine cryptocurrency. The police also revealed that the breach cost the hosting company over $4.5 million in damages.

After gaining access to the accounts, the suspect allegedly deployed unauthorized virtual machines and crypto miners using the company’s servers, which is commonly referred to as cryptojacking. The individual is facing charges of unauthorized interference in the operation of electronic information communication networks.

Hacker targets servers of international companies

Cyberpolice of Zaporizhia have arrested a 35-year-old man accused of hacking into more than 5,000 user accounts at a well-known global hosting company. https://t.co/Syszw1R5NO

According to investigators, he used the stolen access to quietly mine cryptocurrency on the company’s… pic.twitter.com/jcQWcMDd1u

— Dark Web Informer – Cyber Threat Intelligence (@DarkWebInformer) June 4, 2025

Cyber police officers from Ukraine’s National Police said on Wednesday that a 35-year-old man from the Poltava region had allegedly been probing for weaknesses in the online security of various international companies. According to the authorities, the individual has gained access to the servers of those firms since at least 2018.

The threat actor allegedly changed locations to avoid being tracked down. The Ukrainian authorities revealed that he lived in the regions of Poltava, Zaporizhzia, and Dnipropetrovsk during the past years.

“In particular, the defendant illegally gained access to over 5,000 customer accounts of an international hosting company that provides server rental services for the operation of various websites and online platforms.”

–Ukraine’s National Police.

The police found that the perpetrator began unauthorized deployment of virtual machines using the company’s server resources after gaining access to the accounts. Authorities also revealed that the suspect utilized the accounts to mine digital assets on the hosting provider’s servers, resulting in damages estimated to be approximately $4.5M. 

The police also seized computer equipment, mobile phones, bank cards, and other forms of physical evidence during the raid at the individual’s residence. A preliminary examination of the confiscated materials validated that the suspect maintained multiple accounts on hacker forums.

The authorities revealed that the seized evidence links the hacker to stolen email credentials and cryptocurrency wallets that held the illegally mined digital assets. The materials also included software scripts used for launching and managing mining activity as well as tools for conducting data theft and remote access.

The individual now faces charges under Part 5 of Article 361 of the Criminal Code of Ukraine, which could bring a maximum penalty of 15 years imprisonment plus three years of probation to engage in certain activities deemed risky. The culprit could also face a ban on holding certain positions, such as those in IT and communications, or engaging in certain activities where the convicted person could access communication systems or networks for up to three years. Ukrainian police said a pre-trial investigation is still underway, and new evidence may add more charges to the suspect.

Europol teams up with Ukrainian police to arrest cryptojacking suspect

In January last year, the Ukrainian authorities and Europol also made a joint arrest of an individual in Mykolaiv, Ukraine, suspected of involvement in a complex cryptojacking scheme. The police revealed that the 29-year-old allegedly hacked accounts to create 1 million virtual servers, allowing him to mine over $2 million worth of digital assets illegally.

The police stated that the suspect hacked 1,500 accounts belonging to an unnamed company’s clients, using a technique known as brute force – self-developed software for automatic password selection. The suspect then used the compromised accounts to gain access to the cloud computing provider, secretly infecting the company’s server with malicious software.

The European Union Agency for Law Enforcement Cooperation revealed that an unnamed cloud provider helped with the investigation, ultimately leading to the individual’s identity and location. The individual approached Europol in January 2023 with crucial information about compromised cloud user accounts.

According to the government agency, authorities searched three properties to gather evidence against the suspect, and the arrest took place after months of investigations. Europol said it set up a command post that supported the Ukrainian National Police from Europol’s headquarters.

Europol warned cloud users to implement robust security practices to protect themselves against cloud cryptojacking. The government agency also recommends regular security updates and patches, as well as the use of cloud security services and tools provided by cloud service providers to enhance security.

Cryptopolitan Academy: Coming Soon - A New Way to Earn Passive Income with DeFi in 2025. Learn More