Security Experts:

Connect with us

Hi, what are you looking for?



LinkedIn Hacker Tied to Major Bitcoin Heist

The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert.

The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert.

Yevgeniy Aleksandrovich Nikulin, 29, of Moscow, Russia, was arrested by Czech authorities earlier this month. He could be extradited to the United States, where he has been charged on nine counts related to hacking, conspiracy and identity theft.

Nikulin allegedly hacked into the systems of LinkedIn, Dropbox and Formspring in 2012 after obtaining employee credentials.

In a 2015 interview with a Russian automotive website, Nikulin was described as a successful entrepreneur who owned several luxury cars. However, he doesn’t appear to have made too much money from the aforementioned cyberattacks, at least not from the Formspring breach. Instead, bitcoin heists have been much more profitable.

Microsoft researcher Tal Be’ery pointed out that the indictment made public by U.S. authorities alleges that Nikulin and his co-conspirators attempted to sell the stolen Formspring accounts for just €5,500 (roughly $6,000).

However, a search for “Chinabig01,” one of the online monikers believed to be used by the Russian national, shows that he might have been involved in the 2013 attack targeting the Bitcoin exchange The exchange shut down after losing thousands of bitcoins due to a hack suffered by trading platform Bitcoinica and an attack on its own systems.

After investigating the incident,’s owner revealed that a hacker whose IP address had been traced to Moscow, Russia, used compromised credentials to breach the Bitcoin exchange and transfer 620 bitcoins, currently worth roughly $400,000, to his own wallet.

The attacker had created an account with the username “chinabig01” and the email address “[email protected]”’s owner reported at the time that the email address had been used on various sites since 2009 and it did not appear to be a disposable address.

Be’ery noted that the Bitcoin address to which the hacker transferred ther 620 bitcoins received a total of more than 1,532 bitcoins in February and March 2013, which today would be worth roughly $1 million. It’s unclear where the other 912 bitcoins came from, but it could be from a different exchange.

It’s likely that the individual behind the LinkedIn and Dropbox hacks was also behind the attack on, considering that the online moniker, the attack methods and the geographical location match, Be’ery said. The expert has also pointed out that the hacker has not put too much effort into hiding his tracks.

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join this webinar to learn best practices that organizations can use to improve both their resilience to new threats and their response times to incidents.


Join this live webinar as we explore the potential security threats that can arise when third parties are granted access to a sensitive data or systems.


Expert Insights

Related Content


Zendesk is informing customers about a data breach that started with an SMS phishing campaign targeting the company’s employees.


Satellite TV giant Dish Network confirmed that a recent outage was the result of a cyberattack and admitted that data was stolen.


The release of OpenAI’s ChatGPT in late 2022 has demonstrated the potential of AI for both good and bad.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.

Application Security

PayPal is alerting roughly 35,000 individuals that their accounts have been targeted in a credential stuffing campaign.


No one combatting cybercrime knows everything, but everyone in the battle has some intelligence to contribute to the larger knowledge base.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...