Finland's National Bureau of Investigation is reportedly leveraging Monero's privacy features in the criminal investigation of Julius Aleksanteri Kivimäki. Kivimäki is facing charges related to hacking into the database of a private mental health company and demanding a ransom payment in cryptocurrency. The latest evidence, presented on January 22, reveals a cryptocurrency trail leading to Kivimäki's bank account, with hackers allegedly demanding 40 Bitcoins in October 2022 to prevent the public release of records for over 33,000 patients of Vastaamo, a psychotherapy services provider.
Finnish police state that after the ransom was not paid, Kivimäki targeted individual patients. The cryptocurrency trail indicates that the hackers received Bitcoin payments, sent the funds to a non-KYC compliant exchange, exchanged them for Monero, and transferred the funds to a dedicated Monero Coin wallet. Subsequently, the funds were reportedly sent to Binance, converted back into Bitcoin, and transferred to different wallets. The on-chain analysis details are being kept confidential by local authorities.
Monero, known for its strong privacy features, offers untraceability through technologies such as Ring Confidential Transactions (RingCT), Ring Signatures, and Stealth Addresses. RingCT mixes a user's transactions to hide the actual source of funds, while Ring Signatures obscure the sender's identity by presenting the sender as part of a set of possible senders. Stealth Addresses enable the generation of one-time addresses for each transaction, making it challenging to link multiple transactions to the same recipient.
Monero's privacy capabilities have drawn regulatory scrutiny globally. In March 2019, Eric Woerth, Chairman of the Finance Committee of the French National Assembly, proposed banning anonymous cryptocurrencies, including Monero, due to their potential to completely anonymize users and bypass authentication procedures. Additionally, U.S. authorities have closely investigated Monero, with the IRS offering a bounty of up to $625,000 in 2020 for anyone who could crack the supposedly untraceable privacy coin. Previous research has shown that blockchain analysis can trace privacy coin transactions, including activity before 2017.
