The Russian national accused by U.S. authorities of hacking LinkedIn, Dropbox and Formspring made at least 1,500 bitcoins in 2013, including 620 stolen from a now-defunct exchange, according to a security expert.
Yevgeniy Aleksandrovich Nikulin, 29, of Moscow, Russia, was arrested by Czech authorities earlier this month. He could be extradited to the United States, where he has been charged on nine counts related to hacking, conspiracy and identity theft.
Nikulin allegedly hacked into the systems of LinkedIn, Dropbox and Formspring in 2012 after obtaining employee credentials.
In a 2015 interview with a Russian automotive website, Nikulin was described as a successful entrepreneur who owned several luxury cars. However, he doesn’t appear to have made too much money from the aforementioned cyberattacks, at least not from the Formspring breach. Instead, bitcoin heists have been much more profitable.
Microsoft researcher Tal Be’ery pointed out that the indictment made public by U.S. authorities alleges that Nikulin and his co-conspirators attempted to sell the stolen Formspring accounts for just €5,500 (roughly $6,000).
However, a search for “Chinabig01,” one of the online monikers believed to be used by the Russian national, shows that he might have been involved in the 2013 attack targeting the Bitcoin exchange BitMarket.eu. The exchange shut down after losing thousands of bitcoins due to a hack suffered by trading platform Bitcoinica and an attack on its own systems.
After investigating the incident, BitMarket.eu’s owner revealed that a hacker whose IP address had been traced to Moscow, Russia, used compromised credentials to breach the Bitcoin exchange and transfer 620 bitcoins, currently worth roughly $400,000, to his own wallet.
The attacker had created an account with the username “chinabig01” and the email address“firstname.lastname@example.org.” BitMarket.eu’s owner reported at the time that the email address had been used on various sites since 2009 and it did not appear to be a disposable address.
Be’ery noted that the Bitcoin address to which the hacker transferred ther 620 bitcoins received a total of more than 1,532 bitcoins in February and March 2013, which today would be worth roughly $1 million. It’s unclear where the other 912 bitcoins came from, but it could be from a different exchange.
It’s likely that the individual behind the LinkedIn and Dropbox hacks was also behind the attack on BitMarket.eu, considering that the online moniker, the attack methods and the geographical location match, Be’ery said. The expert has also pointed out that the hacker has not put too much effort into hiding his tracks.