- The Finnish National Bank successfully traced Monero transactions related to the Vastaamo medical network hack.
- Julius Aleksanteri Kivimäki is accused of targeting a psychotherapy service provider and gaining unauthorized access to the company’s client records.
- The hacker demanded a ransom of 40 BTC and later blackmailed individuals from the user base.
In a breakthrough development, the Finnish National Bureau of Investigation (NBI) was able to track Monero transactions associated with the breach of the Vastaamo medical network, as reported by local media.
During the incident in October 2022, an unidentified hacker targeted a psychotherapy service provider and managed to compromise the accounts of 33,000 clients. The attacker demanded a ransom of 40 BTC, equivalent to $1.7 million, from the company. When the ransom was not paid, the hacker resorted to blackmailing individuals within the user base.
Following extensive investigations, law enforcement officials identified a suspect named Julius Aleksanteri Kivimaki, residing in Estonia. The NBI claims to have gathered substantial evidence against Kivimaki, whom they believe is responsible for orchestrating the Vastaamo hack.
As part of the ransom payments, the hacker received bitcoins from the victims and subsequently laundered them through a KYC-less exchange, converting them into Monero. This particular cryptocurrency is favored by scammers due to its privacy-focused nature, as noted by analysts at Chainalysis.
In a remarkable breakthrough, NBI investigators managed to trace the Monero transactions and connect them to Kivimaki’s bank account. Despite the advanced privacy features of the Monero cryptocurrency, such as Ring Confidential Transactions (RingCT), which make tracking transactions and identifying users challenging, the NBI successfully bypassed these protections.
It is worth noting that a recent analysis by Chainalysis highlighted the shift of sellers of child abuse materials towards Monero and cryptomixers.