Russian Truck-Based Crypto Mine Busted for Power Theft in Buryatia

Authorities in Russia’s Republic of Buryatia have uncovered an illegal cryptocurrency mining operation hidden inside a KamAZ truck siphoning electricity meant for a nearby village.

Discovered during a routine power line inspection in the Pribaikalsky District, the unauthorized setup was drawing electricity from a 10-kilovolt line, enough to supply a small village, according to Russian state-owned news agency TASS.

Inside the truck, inspectors found 95 mining rigs and a mobile transformer station. Two individuals believed to be connected to the operation fled the scene in an SUV before police arrived.

This marks the sixth case of electricity theft linked to crypto mining in Buryatia since the start of the year, Rosseti Siberia’s Buryatenergo unit said. Authorities have warned that illegal connections are disrupting local grids, causing voltage drops, overloads, and potential blackouts.

Related: Crypto exec ran a ‘covert pipeline for dirty money,’ DOJ says

Russia bans crypto mining in some regions

Mining is prohibited across most of Buryatia from Nov. 15 to March 15 due to regional energy shortages. Outside of that window, only registered companies in designated districts such as Severo-Baikalsky and Muisky are allowed to mine.

The crackdown comes amid broader federal restrictions. In Dec. 2024, Russia announced a ban on mining during peak energy months in several regions, including Dagestan, Chechnya, and parts of eastern Ukraine currently under Russian control.

A full ban has already been enforced in the southern Irkutsk region since April.

Major Russian mining industry firms like BitRiver rely on cheap electricity in Irkutsk. According to local sources, the Irkutsk region hosts the first and largest data center by BitRiver, which was launched in 2019 in Bratsk.

Related: Russia’s largest bank Sber offers up Bitcoin-linked bonds

Hacker group targets Russians to mine crypto

Kaspersky has linked the hacker group known as “Librarian Ghouls” or “Rare Werewolf” to a cryptojacking campaign that compromised hundreds of Russian devices. The group used phishing emails posing as legitimate documents to spread malware and gain control of systems for unauthorized crypto mining.

Once infected, the malware disables Windows Defender and schedules the compromised devices to operate between 1 am and 5 am, a tactic designed to avoid detection.

During this window, hackers establish remote access, steal login credentials, and assess system specs to configure their miners efficiently.

Magazine: China threatened by US stablecoins, G7 urged to tackle Lazarus Group: Asia Express