Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Cybercrime

LinkedIn Hacker Tied to Major Bitcoin Heist

The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert.

The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert.

Yevgeniy Aleksandrovich Nikulin, 29, of Moscow, Russia, was arrested by Czech authorities earlier this month. He could be extradited to the United States, where he has been charged on nine counts related to hacking, conspiracy and identity theft.

Nikulin allegedly hacked into the systems of LinkedIn, Dropbox and Formspring in 2012 after obtaining employee credentials.

In a 2015 interview with a Russian automotive website, Nikulin was described as a successful entrepreneur who owned several luxury cars. However, he doesn’t appear to have made too much money from the aforementioned cyberattacks, at least not from the Formspring breach. Instead, bitcoin heists have been much more profitable.

Microsoft researcher Tal Be’ery pointed out that the indictment made public by U.S. authorities alleges that Nikulin and his co-conspirators attempted to sell the stolen Formspring accounts for just €5,500 (roughly $6,000).

However, a search for “Chinabig01,” one of the online monikers believed to be used by the Russian national, shows that he might have been involved in the 2013 attack targeting the Bitcoin exchange BitMarket.eu. The exchange shut down after losing thousands of bitcoins due to a hack suffered by trading platform Bitcoinica and an attack on its own systems.

Advertisement. Scroll to continue reading.

After investigating the incident, BitMarket.eu’s owner revealed that a hacker whose IP address had been traced to Moscow, Russia, used compromised credentials to breach the Bitcoin exchange and transfer 620 bitcoins, currently worth roughly $400,000, to his own wallet.

The attacker had created an account with the username “chinabig01” and the email address “[email protected].” BitMarket.eu’s owner reported at the time that the email address had been used on various sites since 2009 and it did not appear to be a disposable address.

Be’ery noted that the Bitcoin address to which the hacker transferred ther 620 bitcoins received a total of more than 1,532 bitcoins in February and March 2013, which today would be worth roughly $1 million. It’s unclear where the other 912 bitcoins came from, but it could be from a different exchange.

It’s likely that the individual behind the LinkedIn and Dropbox hacks was also behind the attack on BitMarket.eu, considering that the online moniker, the attack methods and the geographical location match, Be’ery said. The expert has also pointed out that the hacker has not put too much effort into hiding his tracks.

Written By

Eduard Kovacs (@EduardKovacs) is senior managing editor at SecurityWeek. He worked as a high school IT teacher before starting a career in journalism in 2011. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing for the latest cybersecurity threats, trends, and expert insights.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this live webinar as we break down why email-layer defenses alone can't keep pace with the modern phishing ecosystem, how agentic AI is changing the capacity equation for security teams, and more.

Register

This year's summit will help organizations learn how to utilize tools, controls, and design models needed to properly secure cloud environments. Interact with leading solution providers and other end users facing similar challenges in securing a variety of cloud deployments.

Register

People on the Move

James Phillips has been promoted to the role of Vice President, Cybersecurity Risk Management at AT&T.

Rafal Los has joined Binary Defense as Chief Strategy Officer.

Tracey Mustacchio has joined Everfox as Chief Marketing Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.