{"id":10205,"date":"2024-01-29T11:42:15","date_gmt":"2024-01-29T09:42:15","guid":{"rendered":"https:\/\/forklog.com\/en\/finnish-authorities-track-monero-using-hacker\/"},"modified":"2024-01-29T11:42:15","modified_gmt":"2024-01-29T09:42:15","slug":"finnish-authorities-track-monero-using-hacker","status":"publish","type":"post","link":"https:\/\/u1f987.com\/en\/finnish-authorities-track-monero-using-hacker\/","title":{"rendered":"Finnish Authorities Track Monero-Using Hacker"},"content":{"rendered":"

Finland’s National Bureau of Investigation (KRP) has traced transactions involving the anonymous cryptocurrency Monero (XMR) linked to hacker Julius Kivim\u00e4ki, according to local media<\/a>.\u00a0<\/p>\n

On January 22, the prosecution presented new evidence indicating illegal transfers leading to Kivim\u00e4ki’s bank account.\u00a0<\/p>\n

Investigators allege that in 2020, the suspect demanded 40 BTC to avoid publishing personal data of over 33,000 patients from the Vastaamo psychotherapy center. The hacker operated under the pseudonym ransom_man.\u00a0<\/p>\n

\"Finnish
The hacker’s demand letter. Source: KrebsOnSecurity<\/a>.<\/figcaption><\/figure>\n
\n

\u201cWe are not asking for much, about \u20ac450,000, which is less than \u20ac10 per patient and only a small part of the company’s \u20ac20 million annual revenue,\u201d stated ransom_man.<\/p>\n<\/blockquote>\n

On October 23, 2020, the hacker uploaded a large file containing all the stolen Vastaamo records to the darknet. However, investigators found that the data also included a complete copy of ransom_man’s personal folder\u2014a critical mistake that linked the evidence to Kivim\u00e4ki.<\/p>\n

Eventually, the leaked files were removed, accompanied by the note \u201coops.\u201d However, other users, and consequently law enforcement, managed to download them. Unknown individuals created a separate website with the entire patient database of the clinic.\u00a0<\/p>\n

Some victims paid the ransom, but once the leaked data was found online, the blackmail lost its power.\u00a0<\/p>\n

KRP discovered that the hacker sent assets to an exchange that did not comply with KYC<\/span> requirements. He then exchanged bitcoins for Monero and transferred them to a personal wallet.\u00a0<\/p>\n

After several manipulations, XMR was sent to a Binance account, where it was exchanged back into the primary cryptocurrency. The coins were then moved to various wallets.\u00a0<\/p>\n

Authorities have not disclosed the methodology used to analyze the transactions. Ultimately, the investigation traced Kivim\u00e4ki through his X account. In October 2022, the hacker was charged with criminal offenses.\u00a0<\/p>\n

\n

Uskon ett\u00e4 KRP toi t\u00e4m\u00e4n nyt julkisuuteen vaikuttaakseen juuri hovioikeudessa k\u00e4sitellyn vanhan teinivuosien juttuni p\u00e4\u00e4t\u00f6ksentekoon, molemmissa jutuissa on samat henkil\u00f6t tutkimassa.https:\/\/t.co\/mlqGfJoda9<\/a><\/p>\n

\u2014 Aleksanteri Kivimaki (@AlexKivimaeki) October 28, 2022<\/a><\/p><\/blockquote>\n