Cryptojacker arrested in Ukraine over EUR 1.8 million mining scheme


The National Police of Ukraine (Національна поліція України), with the support of Europol, has arrested an individual believed to be the mastermind behind a sophisticated cryptojacking scheme.

The 29-year-old individual was apprehended in Mykolaiv, Ukraine, on 9 January. Three properties were searched to gather evidence against the main suspect. The arrest comes after months of intensive collaboration between Ukrainian authorities, Europol and a cloud provider, who worked tirelessly to identify and locate the individual behind the widespread cryptojacking operation.

The suspect is believed to have mined over USD 2 million (EUR 1.8 million) in cryptocurrencies.

Free money for attackers, huge cloud bills for account users

Cryptojacking in a cloud environment is a malicious activity; malicious actors gain unauthorised access to cloud computing infrastructure and use its computational power to mine cryptocurrencies.

By stealing cloud resources to mine cryptocurrencies, the criminals can avoid paying the necessary servers and power, the cost of which typically outweighs the profits.

The compromised account holders are left with huge cloud bills. 

When law enforcement works with private industry

This case illustrates the power of law enforcement joining forces with the private sector.

A cloud provider approached Europol back in January 2023 with information regarding compromised cloud user accounts of theirs. Europol shared this information with the Ukrainian authorities, who subsequently opened an investigation.

Since then, all three partners have been working closely together to develop operational leads and prepare for the final phase of the investigation.

Europol’s European Cybercrime Centre (EC3) set up a virtual command post on the action day, supporting the Ukrainian National Police from Europol’s headquarters, with analysis and forensic support on the data gathered during the searches. 

How to protect yourself

To defend oneself against cloud cryptojacking, Europol encourages cloud users and providers to implement robust security practices, as indicated below.

  • Strong access controls: use strong authentication methods and access controls to prevent unauthorised access to cloud resources.
  • Regular monitoring: continuously monitor cloud environments for suspicious activities, unauthorised access, and unexpected resource utilisation.
  • Security updates: keep all cloud resources, including virtual machines and containers, updated with the latest security patches to mitigate vulnerabilities.
  • Use security services: consider using cloud security services and tools provided by cloud service providers to enhance security.