Authorities in Russia’s Republic of Buryatia have uncovered an illegal cryptocurrency mining operation hidden inside a KamAZ truck siphoning electricity meant for a nearby village.
Discovered during a routine power line inspection in the Pribaikalsky District, the unauthorized setup was drawing electricity from a 10-kilovolt line, enough to supply a small village, according to the Russian state-owned news agency TASS.
Inspectors found 95 mining rigs and a mobile transformer station inside the truck. Two individuals believed to be connected to the operation fled the scene in an SUV before police arrived.
This marks the sixth case of electricity theft linked to crypto mining in Buryatia since the start of the year, Rosseti Siberia’s Buryatenergo unit said. Authorities have warned that illegal connections disrupt local grids, causing voltage drops, overloads and potential blackouts.
Related: Crypto exec ran a ‘covert pipeline for dirty money,’ DOJ says
Russia bans crypto mining in some regions
Mining is prohibited across most of Buryatia from Nov. 15 to March 15 due to regional energy shortages. Only registered companies in designated districts such as Severo-Baikalsky and Muisky are allowed to mine outside that window.
The crackdown comes amid broader federal restrictions. In December 2024, Russia announced a ban on mining during peak energy months in several regions, including Dagestan, Chechnya and parts of eastern Ukraine currently under Russian control.
Since April, A full ban has been enforced in the southern Irkutsk region.
Major Russian mining industry firms like BitRiver rely on cheap electricity in Irkutsk. According to local sources, the Irkutsk region hosts the first and largest data center by BitRiver, which was launched in 2019 in Bratsk.
Related: Russia’s largest bank Sber offers up Bitcoin-linked bonds
Hacker group targets Russians to mine crypto
Kaspersky has linked the hacker group known as “Librarian Ghouls” or “Rare Werewolf” to a cryptojacking campaign that compromised hundreds of Russian devices. The group used phishing emails posing as legitimate documents to spread malware and gain control of systems for unauthorized crypto mining.
Once infected, the malware disables Windows Defender and schedules the compromised devices to operate between 1:00 am and 5:00 am, a tactic designed to avoid detection.
During this window, hackers establish remote access, steal login credentials and assess system specs to configure their miners efficiently.
Magazine: China threatened by US stablecoins, G7 urged to tackle Lazarus Group: Asia Express