A 35-year-old man from Ukraine has been arrested for allegedly hijacking thousands of customer accounts from an international hosting company to secretly mine crypto. The Ukrainian Cyber Police announced the arrest on June 4, revealing an elaborate scheme that had been running undetected for years and caused damages estimated at over $4.4 million.
Cryptojacking Operation Dates Back to 2018
According to the Cyber Police of Ukraine, the suspect, who resides in the Poltava region, began targeting international companies as early as 2018. Investigators say he actively searched for weaknesses in online infrastructure, breaking into corporate servers to set up unauthorized virtual machines for crypto mining. This type of cybercrime, commonly known as cryptojacking, involves using someone else’s computing power to mine digital assets without their permission or knowledge.
One of his main targets was a large international hosting company that provides server rental services for websites and digital platforms around the world. Authorities say the man gained access to more than 5,000 customer accounts, allowing him to install and run crypto mining software across numerous servers.
Over $4.4 Million in Losses
By secretly deploying mining software across thousands of virtual machines, the hacker was able to drain the hosting company’s computational resources, electricity, and bandwidth — all without paying a single cent. The Ukrainian National Police estimate the total financial damage at over 185 million hryvnias, which is approximately $4.4 million USD.
This large-scale abuse of resources not only resulted in direct monetary losses but also impacted the company’s operations and may have degraded service for legitimate customers.
To avoid being caught, the suspect reportedly changed his place of residence frequently. He moved between different regions in Ukraine, including Poltava, Odesa, Zaporizhia, and Dnipropetrovsk. Authorities believe this was a deliberate strategy to stay one step ahead of law enforcement while continuing his illegal activities.
Key Evidence Seized During Raid
During a search of the man’s home, officers uncovered a wealth of physical and digital evidence linking him to the cryptojacking operation. Items confiscated included:
- Computer equipment
- Mobile phones
- Bank cards
- Crypto wallets
- Hacking-related software
Investigators also found login credentials for email accounts used in the hacks, mining management tools, and remote access software designed to control machines over the internet. Police say the suspect had been active on hacker forums, suggesting he may have collaborated with or learned from other cybercriminals.
A photo released by the National Police of Ukraine shows some of the equipment recovered during the raid, including multiple phones and laptops, further pointing to the scale and organization of the operation.
Serious Charges and Potential Jail Time
The man now faces charges under Ukrainian law for unauthorized interference with electronic communication networks. This is a serious criminal offense, and if convicted, he could face up to 15 years in prison. Additionally, he could be banned from working in IT or any field involving access to communication systems or networks for up to three years.
Police noted that the pre-trial investigation is still ongoing, and further charges could be brought depending on the findings. Authorities are now working to understand the full extent of the attack and whether any other individuals were involved.
A Growing Trend of Cryptojacking Crimes
Cryptojacking has become an increasingly common tactic among cybercriminals, especially as cryptocurrency mining grows more competitive and resource-intensive. Unlike traditional ransomware attacks, cryptojacking is often silent, designed to remain hidden for as long as possible while draining processing power in the background.
The Ukrainian case follows a similar incident in the United States. In April 2024, U.S. authorities charged a man with wire fraud and money laundering after he allegedly defrauded two cloud computing providers to mine nearly $970,000 worth of crypto. That operation also relied on abusing cloud resources to run mining software at scale.
Industry Impact and Preventative Measures
The latest arrest is a reminder of how vulnerable online infrastructure can be, especially for businesses offering server rental or cloud computing services. Hosting companies are now investing heavily in cybersecurity, including:
- Multi-factor authentication
- Server-side monitoring
- AI-based intrusion detection systems
Experts also warn that cryptojacking may become more sophisticated as AI and automation tools evolve, making it even harder to detect.
Final Thoughts
The arrest of the Ukrainian cryptojacker underscores the urgent need for stronger digital defenses across the tech industry. As authorities continue their investigation, it’s likely more details will emerge about the methods used, the scale of the operation, and the possible involvement of others.
Meanwhile, the hosting company involved is left to deal with the aftermath, both technical and financial, of an attack that went undetected for years. This case is yet another sign that cryptocurrency-related cybercrime is evolving quickly, and businesses must remain vigilant.
