This study identifies the first documented case of state-level cryptocurrency weaponization—where Bitcoin addresses linked to Russian intelligence agencies were reverse-hijacked and deliberately destroyed amid their misuse by the Conti ransomware group. Method: The authors employ a multidimensional forensic methodology, integrating on-chain graph analysis, Bitcoin Script reverse engineering, mixer transaction tracing, cross-verification of multi-source intelligence (including threat intelligence and judicial documents), and address clustering for entity attribution. Contribution/Results: The analysis empirically confirms unauthorized seizure and irreversible destruction of 7 BTC (~$300,000). Critically, it establishes, for the first time, a high-confidence evidentiary chain linking Russian intelligence-associated addresses to cryptocurrency mixers and the Conti operation. Beyond demonstrating that state-held Bitcoin assets are vulnerable to adversarial countermeasures, this work pioneers a rigorous, high-fidelity empirical paradigm for blockchain-enabled geopolitical security research.

This study empirically analyzes the transaction activity of Bitcoin addresses linked to Russian intelligence services, which have liquidated over 7 Bitcoin (BTC), i.e., equivalent to approximately US$300,000 based on the exchange rate at the time. Our investigation begins with an observed anomaly in transaction outputs featuring the Bitcoin Script operation code, tied to input addresses identified by cyber threat intelligence sources and court documents as belonging to Russian intelligence agencies. We explore how an unauthorized entity appears to have gained control of the associated private keys, with messages embedded in the outputs confirming the seizure. Tracing the funds' origins, we connect them to cryptocurrency mixers and establish a link to the Russian ransomware group Conti, implicating intelligence service involvement. This analysis represents one of the first empirical studies of large-scale Bitcoin misuse by nation-state cyber actors.