An anonymous hacker labeled hundreds of Bitcoin addresses as wallets controlled by Russian security agencies.
On April 26, analytics firm Chainalysis published a report that detailed how one Bitcoiner used a feature of the blockchain to sound the alarm on 986 Bitcoin addresses allegedly linked to Russian intelligence.
“We recently discovered what appears to be an example of a more direct, aggressive usage of Bitcoin for counterintelligence, through the unprecedented weaponization of the OP_RETURN field,” said Chainalysis in the report that has since been deleted.
The OP_RETURN field is typically used to mark Bitcoin transactions as invalid, but it also allows users to attach messages to transactions and broadcast them to the entire blockchain.
Using the feature, the anonymous user sent thousands of transactions to addresses, alleging the addresses were used in hacking operations by one of three Russian agencies: the Foreign Military Intelligence Agency (GRU), Foreign Intelligence Service (SVR), and Federal Security Service (FSB).
The messages were originally written in Russian, accusing the wallet owners of paying hackers with BTC. The veracity of these allegations, however, is yet to be confirmed.
The user also burned over $300,000 worth of BTC in these transactions in an effort to prove these claims – something that Chainalysis believes points to the information being potentially more credible.
When the Russian invasion of Ukraine began, the user stopped burning BTC and started sending the Russian-linked funds to Ukrainian aid wallet addresses.
“The possibility that the OP_RETURN sender acquired private keys for Russian-controlled addresses also suggests that the Putin regime’s crypto operations aren’t secure,” wrote Chainalysis.
If these claims are, in fact, true, Chainalysis noted that the sender managed to pull off something “very powerful” in the context of cyber warfare. The Russian government has lost access to this Bitcoin thanks to the OP_RETURN function and it will be difficult for these agencies to use these addresses for similar purposes going forward.