The Russian national Yevgeniy Aleksandrovich Nikulin, recently arrested by the Czech police and later charged by the US authorities for hacking LinkedIn, Dropbox and Formspring, may also be linked to a massive Bitcoin heist. According to security researchers, the hacker is believed to have stolen around $400,000 from BitMarket.eu, a now defunct Bitcoin exchange which was run by two Polish developers called Maciej Trębacz (M4v3R) and Paweł Makulski (Makhul), between 2011 and 2013.
According to Microsoft security researcher Tal Be'ery, who cited Nikulin's indictment documents, the hacker apparently did not make much from the Formsping hack. US authorities claim that Nikulin and his co-conspirators were found attempting to sell hacked and stolen Formspring accounts for a mere $6,000.
However, when searching for one of Nikulin's online handles Chinabig01@gmail.com, it was uncovered that he could possibly also be involved in the 2013 cyberattacks against BitMarket.eu. The exchange was shut down shortly after the hack it suffered and that targeting Bitcoin trading platform Bitcoinica, according to reports.
According to reports, BitMarket.eu has been targeted several times by hackers. Shortly before the exchange was shut down, it was requesting donations from users, in efforts to keep the service alive, according to a Reddit post.
According to a BitcoinTalk forum post, Trębacz discussed the details of the investigation into the February 2013 hack. He said the hacker used an SQL injection to gain access to BitMarket's servers and then transferred 620 bitcoins to his own wallet. Trębacz also revealed that the attacker registered on the site with the username chinabig01and firstname.lastname@example.org username. chinabig01is one of the usernames listed in the US Department of Justice's (DOJ) indictment documents against Nikulin.
Be'ery noted that the Russian hacker's Bitcoin address linked to the hack, to which the hacker had previously transferred 620 bitcoins, had received a total of 1,532 bitcoins between February and March 2013, which would currently be worth around $1m.
Nikulin has been charged with three counts of computer intrusion, two counts of intentional transmission of information, two counts of aggravated identity theft and one count of trafficking in unauthorized access devices and conspiracy each. If found guilty, the hacker could face over 30 years in prison and more than $1m in fines.