Crypto Forensics Breakthrough: Finnish Authorities Trace Monero in High-Profile Hack

The National Bureau of Investigation in Finland has reportedly made significant progress in tracing Monero (XMR) transactions as part of an ongoing investigation into the criminal trial of Julius Aleksanteri Kivimäki.

Kivimäki stands accused of hacking a private mental health firm’s database and demanding ransom payments in cryptocurrencies.

According to local media reports, prosecutors unveiled new evidence on January 22nd, revealing a crypto trail that led to Kivimäki’s bank account.

The alleged hacker had supposedly demanded 40 Bitcoin, equivalent to approximately 450,000 euros at the time, in exchange for not exposing records belonging to over 33,000 patients from psychotherapy service provider Vastaamo.

When the ransom went unpaid, Kivimäki purportedly targeted individual patients.

Finnish police claim that the hacker received payments in Bitcoin, sent the funds to a non-compliant Know Your Customer (KYC) exchange, converted them into Monero, and then transferred them to a dedicated Monero wallet.

Subsequently, the funds were reportedly sent to Binance, where they were exchanged for Bitcoin once again before being moved to various other wallets.

The local authorities have maintained confidentiality and have not disclosed further details regarding their on-chain analysis.

Interesting day in Finland. #vastaamo pic.twitter.com/FupGQ9fWWE

— Joe Tidy (@joetidy) January 19, 2024

Monero Uses Privacy-Enhancing Tech to Obfuscate Transactions

Monero is well-known for its strong privacy features, with its official webpage claiming it to be “untraceable.”

The cryptocurrency employs privacy-enhancing technologies such as Ring Confidential Transactions (RingCT), ring signatures, and stealth addresses.

RingCT mixes users’ transactions, obscuring the true source of funds, while ring signatures conceal the sender’s identity by presenting them as part of a group of possible senders.

Additionally, Monero’s stealth addresses allow for the generation of unique addresses for each transaction, making it difficult to link multiple transactions to the same recipient.

The ability of Monero and other anonymous cryptocurrencies to completely anonymize users has attracted scrutiny from authorities worldwide.

In 2019, Eric Woerth, the head of France’s National Assembly’s Finance Committee, proposed a ban on anonymous cryptocurrencies, including Monero, citing concerns about bypassing identification procedures.

Even United States authorities have closely examined Monero.

In 2020, the Internal Revenue Service (IRS) offered a bounty of up to $625,000 to anyone who could break the purportedly untraceable privacy coins.

As reported, ransomware attackers are increasingly asking for payments in privacy coins like Monero, while still mostly accepting Bitcoin (BTC) payments but with a premium.

“Most of the groups and strains listed as using XMR are relatively new,” crypto intelligence company CipherTrace said in a report.

In total, CipherTrace data revealed that at least 22 ransomware groups, not all of which are currently active, accept only XMR, while another seven accept both BTC and XMR.

The analysts found over 50 groups and strains that use XMR, but the list of those using BTC is well over 1,000.

For instance, cybercriminal hacking group DarkSide, which is probably best known for attacking Colonial Pipeline, accepts payments in both BTC and XMR but charges 10% – 20% more for payments in BTC.