The alleged mastermind behind the Vastaamo data breach, Julius Aleksanteri Kivimäki, has been reportedly identified through the tracing of what was believed to be untraceable Monero transactions. In 2018, Vastaamo, one of Finland’s largest psychotherapy clinics, fell victim to a breach where thousands of patient records were stolen, leading to a demand for a Bitcoin ransom. The hacker, failing to extort the clinic, resorted to individual patients, requesting approximately $240 in Bitcoin for the deletion of their records.
Finnish investigators from the Bureau of Investigation (KRP) collaborated with Binance to follow the payment trail, discovering that Kivimäki exchanged the funds for Monero and subsequently converted them back to Bitcoin. Monero, known for its privacy-oriented features, was considered untraceable; however, the successful identification of Kivimäki challenges this notion. The investigative process involved heuristic analysis, making educated guesses based on patterns and probabilities to infer the likely path of the funds.
The trial concerning the Vastaamo data breach and blackmail has District Prosecutor Pasi Vainio revealing the breakthrough in tracing the Monero transactions. Kivimäki, accused of multiple charges, including aggravated data breach and extortion, faces a demanded seven-year imprisonment sentence. Despite Kivimäki vehemently denying the allegations and disputing the report, the case raises questions about the capability of investigators to trace transactions in privacy-focused cryptocurrencies.
