Cryptojacker sets up 1 million virtual servers mining millions in crypto illegally

Authorities in Ukraine have busted a 29-year-old individual on the grounds of compromising cloud accounts to illegally mine cryptocurrencies. 

The arrest conducted on January 9 in Mykolaiv was a collaboration between Europol and an unidentified cloud service provider who apprehended the individual in what was described as a ‘sophisticated cryptojacking scheme,’ Europol said in a press statement on January 12. 

According to Europol, the suspect is believed to have mined over $2 million (€1.8 million) in cryptocurrencies through the compromised accounts. 

On the other hand, Ukrainian cyber police, who also participated in the operation, noted that the individual employed automated tools to forcefully breach the passwords of 1,500 accounts belonging to a subsidiary of an e-commerce entity that was not named.

The suspect is accused of leveraging the compromised accounts to obtain administrative privileges. Subsequently, the individual created over one million virtual computers, exploiting them in a large-scale crypto mining operation. The perpetrator allegedly utilized TON cryptocurrency wallets to facilitate the movement of the illegal proceeds.

Tip-off from cloud service provider 

During the operation, three properties were searched with Europol, confirming a tip-off from the cloud provider triggered the investigation.

“A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs,” Europol said. 

The operation also saw Europol’s European Cybercrime Centre (EC3) establish a virtual command post on auction day. This post supported the Ukrainian National Police, offering analysis and forensic support on the data gathered during the searches.

As per the Ukrainian authorities, the apprehended suspect has been engaging in the illicit activity since 2021, and they are set to face prosecution.

“Investigators of the Main Investigation Department of the National Police opened criminal proceedings under Part 5 of Art. 361 (Unauthorized interference with the work of information (automated), electronic communication, information and communication systems, electronic communication networks) of the Criminal Code of Ukraine,” the statement added. 

It is worth noting that cryptojacking in a cloud environment involves malicious actors gaining unauthorized access to cloud computing infrastructure and utilizing its computational power to mine cryptocurrencies. 

Through this process, the cryptojackers can avoid the costs associated with servers and power, maximizing their profits. Notably, the compromised account holders are left with substantial cloud bills.