Bombshell BBC crypto-extortion report inspires

bomb threats in Russia

December 2, 2019 
By: Timothy Lloyd 
 

QUICK TAKE 
● Crypto terrorists sent a series of email bomb threats to 13 Russian 
metropolitan courts, demanding oligarch Konstantin Malofeev 
“repay the debt of 120 bitcoins stolen from WEX” 
● This new wave of terroristic threats emerges amid BBC journalist 
Andrey Zakharov’s investigation into the FSB’s and Malofeev’s 
alleged theft of around $450 million World Exchange Services 
(WEX) crypto assets from BTC-e admin Alexei Bilyuchenko 
● U.S. law enforcement’s dismantling of alleged crypto-laundromat 
BTC-e has triggered infighting among various factions in Russia, 
disrupting the country’s plan to exert international dominance in 
the blockchain space 

Timothy Lloyd​ is a contributing writer for The Block. His work has also 
been featured in Thomson Reuters Regulatory Intelligence, the 
Organized Crime and Corruption Reporting Project, InSight Crime and 
the Wall Street Journal. He is based out of Austin, and he once played 
the Wu-Tang Clan's RZA to a draw in Chess. 

 
In the wake of a ​bombshell BBC report​ alleging the strong-arm 
extortion of a rogue crypto-exchange administrator by Russia’s Federal 
Security Services (FSB) and sanctioned oligarch Konstantin Malofeev for 
some $450 million, budding Russian crypto-terrorists are now 
threatening to ​drop actual bombs​ if Malofeev doesn’t pay them a 
bitcoin ransom. 
  
Bomb threat email sent to St. Petersburg City Court, Source: Andrey Zakharov. 

On Nov. 28, while most Americans were enjoying their turkey day, email 
bomb threats prompted the closure and evacuation of ​13 metropolitan 
courts​ in St. Petersburg and Moscow, according to Russian media 
reports. Fortunately for residents of these cities, Thursday’s threats 
turned out to be false alarms. 

Still, Russian media outlet Fontanka reported that the bomb scare sent 
over ​1,300 court employees and others​ out onto the street. 
Furthermore, the chaos has persisted, with a ​new round of bomb 
threats​ again targeting courts in Moscow and St. Petersburg on Friday, 
according to Russian media reports. According to Russian media, the 
bomb threats continued​ into Monday. 

The unknown perpetrators have used accounts registered to encrypted 

Dutch and Swiss-based email providers StartMail and ProtonMail to 
disseminate their ransom demands. They are requesting 120 bitcoins, 
roughly $900,000 at the time of this writing, to defuse their supposed 
explosives.   

One such email sent from “malofeevbtc@startmail.com” to the St. 

Petersburg City Court and obtained by BBC journalist Andrey Zakharov, 
the author of the FSB extortion exposé that inspired this Dark 
Knight-Joker wave of terror, stated the following: 

“Your building is planted with bomb. All entrances and exits under 
surveillance, if the police appear, everything will blow up. Bomb threats 
will continue until Konstantin Malofeev repays the debt of 120 bitcoins 
stolen from WEX. 120 bitcoins should be sent here: 
19B5Bt11oUqYnwSXfBgRpwwDGg5Ajirbjп. 
https://www.bbc.com/russian/features-50420738 

Send 0.1 – 1 bitcoins to the address: 

19B5Bt11oUqYnwSXfBgRpwwDGg5Ajirbjп”. 

The Block contacted crypto-intelligence firm Chainalysis to help analyze 

the bitcoin wallet address specified in the ransom demand. A 
spokesperson for the company said, “the address hasn't received any 
funds, so we can't provide an analysis yet.” 

This variant of crypto-enabled terroristic menacing is not new. 

Chainalysis also directed The Block to a 2018 report of a similar bomb 
scare, where a threat actor made crypto-ransom demands to 
businesses and ​institutions across the U.S. and Canada​. 

In addition to legal institutions, the editorial office of Tsargrad TV, a 

subsidiary of Malofeev’s vast, conservative Russian media empire also 
received similar threats from the unknown hoaxster or hoaxsters on 
Nov. 27​. But in this case, perpetrators used a ProtonMail account.  

The Block obtained a screenshot of this threat from Malofeev’s 

publicist, posted below.  
  
Crypto bomb threat sent to Tsargrad TV’s press office, source: Nadezhda Novoselova. 

According to RBC’s paraphrasing of the email, the perpetrators wrote 

that they would send bomb threats to schools, hospitals, government 
agencies, shopping centers, train stations and the metro. RBC also 
reported that the email said, “first a message about the ‘reason for the 
bomb threats’ would be sent via SMS to reporters and bloggers.” And 
just like the message sent to the St. Petersburg City court, threat actors 
demanded a “test transfer” of 0.1-to-1 bitcoin first, followed by the 
remaining ransom balance. 

Malofeev’s press officer, Nadezhda Novoselova, told The Block that 

these threats were promptly reported to Russia’s FSB.   

 
Russian Security Analysis 

The threat of crypto-enabled terrorism, seemingly inspired by 

Zakharov’s WEX investigation, marks growing public anger, intrigue and 
civil unrest in Russia related to the FSB’s and Malofeev’s alleged theft 
of World Exchange Services crypto assets from Alexei Bilyuchenko, the 
reputed shadow admin of BTC-e and its successor exchange.  

Malofeev’s press office ​strongly denied​ this charge to The Block in a 

previous report, saying “neither Konstantin Malofeev, nor his structures 
had or have anything to do with WEX exchange, its management and 
assets.” Meanwhile, the FSB did not respond to The Block’s request for 
comment. 

What began as a relatively unknown and esoteric probe into fraudulent 

activity on the WEX crypto exchange has now devolved into a 
full-blown, national debacle that threatens to paralyze judicial 
institutions in Russia’s largest and most strategically significant cities. 
In short, Russia’s foray into the brave new world of crypto-economics is 
starting to cause major headaches for the Kremlin. 

Indeed, this week’s events are a far cry from the ​bold prediction FSB 
officials allegedly made​ before attendees of a 2017 International 
Standards Organization meeting in Tokyo, where they reportedly 
declared “the internet belongs to the Americans — blockchain will 
belong to us.” 

As previously noted by The Block, Russian security services insiders 

have framed the Bilyuchenko extortion scandal as the byproduct of 
infighting between competing law enforcement and intelligence 
agencies.  
  
Major Russian security services, source: Kimberly Zenz, Blackhat 2019. 

Specifically, a source who requested anonymity told The Block earlier 

this month that the criminal probe into the theft of WEX assets by FSB 
agents is being spearheaded by Russia’s Ministry of Internal Affairs, or 
MVD. The MVD has not responded to The Block’s request for comment 
on these claims. 

According to convicted Russian cybercriminal and frequent media 

commentator Pavel Vrublevsky, the root cause of Russian security 
service infighting can be traced back to the December 2016 arrest and 
eventual conviction of former FSB Colonel Sergei Mikhailov for treason. 
  
Convicted Russian traitors left to right: FSB Major Dmitri Dokuchaev, FSB Colonel 
Sergei Mikhailov and Kaspersky Lab Researcher Ruslan Stoyanov, source: Kimberly 
Zenz, Black Hat 2019. 

Mikhailov, Russia’s former top cyber-cop as the deputy director of the 

FSB’s Center for Information Security (CIS), was the primary liaison for 
Western law enforcement partners in the cybersphere. Unfortunately 
for the CIS honcho, the Kremlin’s attitude towards Western 
cybersecurity collaborations turned hostile following the 2016 U.S. 
election hacking scandal. 

Vrublevsky, who was a star witness for the prosecution in Mikhailov’s 

secretive 2018 trial, told The Block that the ex-CIS chief’s bust 
disrupted existing power structures, agreements, and hierarchies within 
the Russian intelligence community.  

“I would possibly compare this with dogs set free from their leashes. 
Many former players previously related to Mikhailov went wild. Instead 
of getting under control, they started doing lots really crazy things,” 
said Vrublevsky. 

Vrublebsky points to the arrest of ​FSB Colonel Kirill Cherkalin​ for major 
bribery offenses and the firing of 27 officers who worked with him last 
April as an example of the agency’s descent into lawlessness. Thus, in 
today’s post-Mikhailov political climate, the successor agency to the 
feared KGB of Soviet times, may not be as powerful or influential as it 
once was. 

This insight is useful for understanding Malofeev’s position in the 

broader Kremlin power structure. While Malofeev “isn’t a tier-one 
oligarch,” according to Russian threat intelligence expert Kimberly Zenz, 
he’s a “tier-two or tier-three (minigarch). But if you're looking into 
regional operations you should remember his name.”  

Krysha   

In Russia, where power is deeply concentrated in the clutches of an 

oligarchic elite, it is generally assumed by experts that “there is no 
freelancing.” People willing to challenge the FSB and an oligarch of 
Malofeev’s stature, therefore, are presumably operating under the 
“​krysha​,” or roof, of another power broker. Journalists are no exception 
to this rule. 

Thus, Zakharov’s willingness and apparent fearlessness in declaring 

open war on Malofeev, a man linked to the ​financing of violent 
pro-Russian militants​ in the Crimean and Donbass regions of Ukraine, 
and a relatively powerful faction of the FSB in the press, begs the 
question, who or what is the BBC Russian journalist’s krysha?  

The Block asked Zakharov about who he thinks is trying to sabotage 

Malofeev and if his reporting was in any way sanctioned or protected by 
powerful benefactors. “I do not want to answer these questions,” 
replied the journalist.   

Advantage America 

While FSB officials were apparently certain about their future dominion 
of blockchain technology, U.S. law enforcement, more so than rival 
domestic security agencies, has put a dent in those grandiose plans. 

Specifically, Russia is now feeling the full ripple effect of the Internal 
Revenue Service Criminal Investigations Divisions' and the Federal 
Bureau of Investigation’s takedown of alleged crypto-laundromat BTC-e. 
By dismantling BTC-e, which has been alleged in Russian media to have 
operated under the krysha of Russian double-agent, prior to his arrest, 
and forcing its haphazard reassembly as WEX in Singapore, U.S. law 
enforcement ultimately created the instability that is wreaking havoc on 
Russian law and order today. 

The Block’s anonymous Russian cybersecurity insider has repeated this 

allegation of Mikhailov’s involvement with BTC-e, but there is no way of 
officially confirming this given that both American and Russian security 
services are unwilling to discuss these matters with the press. 
Furthermore, at the Black Hat hacker conference last August, Zenz also 
said that she had not been able to confirm rumors of Mikhailov’s 
involvement. 

One thing that is certain, is that the disruption of BTC-e’s operations by 
American law enforcement has spawned a free-for-all in Russia, with 
competing factions scavenging for the ​“treasures”​ of Alexander Vinnik, 
the doomed exchange’s alleged and incarcerated operator. Today, this 
fractious treasure hunt for half-a-billion in virtual dollars is bringing the 
Russian legal system to a grinding halt.   

Perhaps, that is something U.S. crypto sleuths gave thanks for on turkey 
day.