Russia-Linked Hackers Bagged $400 Million in Crypto From Ransomware Attacks, Reports Chainalysis

Russia is reported to be linked to majority of the crypto hacks and cybercrimes, especially when you consider that 74 percent of ransomware revenue in 2021, which is worth over $400 million (roughly Rs. 3,005 crore) in cryptocurrency, went to accounts affiliated with the country in some way, according to a new report from cryptocurrency tracking and analytics firm, Chainalysis. The study, part of Chainalysis’ 2022 Crypto Crime Report focused on several dozen companies with a presence in Moscow City, the Russian capital’s business district.

In any given quarter, “illicit and risky” blockchain addresses account for between 29 percent and 48 percent of all funds received by those cryptocurrency businesses, the report says. That traffic, including legitimate crypto transactions, can sometimes be more than $1 billion (roughly Rs. 7,510 crore) in a quarter, Chainalysis says.

“A huge amount of cryptocurrency-based money laundering, not just of ransomware funds but of funds associated with other forms of cybercrime as well, goes through services with substantial operations in Russia,” Chainalysis says in a blog post.

Citing cybersecurity investigator Brian Kreb, the report highlights that Russia has a long history as a haven for hackers due to that country’s focus on coding training, computer sciences, and information technology education among students starting in middle and high school. Combined with low economic legitimate job prospects for such skilled workers, many turn to cybercrime and crypto attacks to make a living. Chainalysis states that against such a contextual backdrop, it’s not surprising that Russia leads the way in global ransomware.

Not only Russia leads in terms of ransomware perpetrators, based on the Chainalysis blockchain forensics and Web traffic data, after any type of ransomware attack occurs, most of the extorted funds are also laundered through services primarily catering to Russian users. The report cites a large concentration of those hackers operating out of the Federation Tower in Moscow City.

The Federation Tower is a complex in the heart of Moscow City and is known to be among the most recognisable and prestigious buildings in Russia. The complex houses several prominent businesses headquartered there and a thriving cybercrime collective as reported by Bloomberg.

“Nothing is more emblematic of the growth of Russia’s crypto crime ecosystem, and of cybercriminals’ ability to operate with apparent impunity, than the presence of so many cryptocurrency businesses linked to money laundering in one of the capital city’s most notable landmarks,” as stated in the Chainalysis report.

That said, Chainalysis did not analyse the potential effects of Russian law enforcement’s January sting against the REvil ransomware gang, noting that analysts have said the arrests “may not indicate a true commitment to fighting ransomware”. Despite the criminal activity, Russia is also one of the leading countries in cryptocurrency adoption, placing 18th overall on the Global Crypto Adoption Index.


Cryptocurrency is an unregulated digital currency, not a legal tender and subject to market risks. The information provided in the article is not intended to be and does not constitute financial advice, trading advice or any other advice or recommendation of any sort offered or endorsed by NDTV. NDTV shall not be responsible for any loss arising from any investment based on any perceived recommendation, forecast or any other information contained in the article.