Finnish Authorities Trace Monero Transactions in Vastaamo Hack Investigation

Finland’s National Bureau of Investigation has reportedly traced Monero (XMR) transactions linked to the criminal trial of Julius Aleksanteri Kivimäki, who is accused of hacking a private mental health firm’s database and demanding ransom payments in cryptocurrencies.

Crypto Trail to Kivimäki’s Bank Account

Prosecutors in the case presented new evidence on January 22, revealing a crypto trail that leads to Kivimäki’s bank account. In October 2022, the hacker allegedly demanded 40 Bitcoin (approximately 450,000 euros at the time) not to publish records of over 33,000 patients from psychotherapy service provider Vastaamo.

Payment and Conversion Process

When the ransom was not paid in Bitcoin, Kivimäki allegedly proceeded to target individual patients. The hacker received payments in Bitcoin, sent the funds to a non-KYC compliant exchange, converted them to Monero, and transferred the funds to a dedicated Monero wallet.

Monero's Privacy Features

Monero is known for its robust privacy features, claiming to be "untraceable." These features include Ring Confidential Transactions (RingCT), ring signatures, and stealth addresses. RingCT mixes users' transactions, concealing the source of funds, while ring signatures hide the sender's identity within a group of possible senders. Stealth addresses allow generating one-time addresses for each transaction, making it challenging to link multiple transactions to the same recipient.

Privacy coins like Monero have faced legal scrutiny in various countries due to their potential to anonymize users and bypass identification procedures. In 2019, France's National Assembly’s Finance Committee proposed a ban on anonymous cryptocurrencies, including Monero. In the United States, authorities offered a bounty for anyone who could break privacy coins like Monero in 2020.

Previous research suggests that blockchain analysis can trace back transactions involving privacy coins, even prior to 2017.