In a dramatic example of blockchain-related power misuse, Russian authorities in Buryatia recently uncovered an illegal, truck-based crypto mine siphoning electricity from a rural grid. This incident highlights an escalating trend involving electricity theft and unauthorized mining rigs across the region.
Discovery: KamAZ Truck with 95 Mining Rigs
The truck hosting illegal crypto mining site. Source: Babr Mash
During a routine inspection in the Pribaikalsky District, technicians from Rosseti Siberia’s Buryatenergo unit traced an unusual load on a 10 kV power line. To their surprise, a KamAZ truck parked nearby was found housing 95 crypto mining rigs connected to a mobile transformer substation that illegally tapped off grid power—enough to power an entire village.
The suspects fled in an SUV before law enforcement could act, and it’s unclear if they’ve been apprehended.
Rising Trend: The Sixth Such Case in 2025
This is the sixth documented instance of electricity theft linked to illicit crypto mining in Buryatia this year . Such illicit operations are placing severe pressure on local power infrastructure, leading to voltage drops, overloads, and the risk of blackouts.
Legal Context: Seasonal Mining Bans
Buryatia enforces a mining ban from 15 November to 15 March annually due to energy shortages. Even when permitted outside this period, mining is restricted to licensed operators in specified districts such as Severo-Baikalsky and Muisky. This crackdown aligns with broader measures in regions like Dagestan, Chechnya, and Irkutsk, which paused mining in high-demand months.
Power Theft Meets Cybercrime: Digital Hijacking with “Librarian Ghouls”
While physical bitcoin rigs in truck grab headlines, equally concerning is the surge in cryptojacking attacks. A cyber‑espionage group known as Librarian Ghouls (aka “Rare Werewolf”) has been exploiting Russian devices to mine crypto using stolen computing power.
Infiltration & Malware
Kaspersky’s latest analysis shows the group successfully compromised hundreds of PCs—mainly in industrial firms and engineering schools—since December 2024 . Initial access is achieved through phishing emails disguised as legitimate documents, carrying password‑protected attachments. When opened, these trigger scripts that disable Windows Defender and establish remote connections.
Undetected Nighttime Mining
Infected devices are configured to automatically wake at 1 a.m. and run mining software until shutting down at 5 a.m. Researchers believe this tactic helps evade detection, with stolen credentials and system profiling occurring alongside mining operations .
Hacktivism or Profit Motive?
Kaspersky and other cybersecurity firms suspect Librarian Ghouls may be a hacktivist collective, given their preference for legitimate third‑party utilities over custom malware—a common hallmark of ideologically driven actors . Still, whether their primary goal is political or financial remains unclear.
Also Read:Blockchain Real Estate in Australia: The Rise of Tokenised Property
Impacts: Infrastructure Risk vs Cyber Vulnerabilities
Physical Strain on the Grid
Illegal operations like the Buryatia truck mine create direct harm: overloaded transformers, brownouts, and increased wear on aging distribution networks. As these activities grow, rural communities risk energy insecurity and infrastructure damage.
Cyber Hygiene Challenges
On the cyberside, institutions are finding that even corporate-grade systems and educational networks are vulnerable to cryptojacking. The Librarian Ghouls campaign reveals that any unpatched, poorly protected system can become a silent miner.
Responses & Enforcement Efforts
Ground-level Crackdowns
Buryatenergo and security services are stepping up inspections and enforcement. This recent bust shows proactive infrastructure monitoring is essential—but more must be done to deter future episodes.
Federal Regulation: Mining Bans & Licensing
Russian authorities have enacted seasonal bans and regional licensing to curb illegal mining. In Irkutsk, this now includes a full-year prohibition, even as commercial mining operations like BitRiver continue legally using cheap power .
Cybersecurity Joint Operations
Cyberforces and network providers are intensifying detection efforts. By collaborating across sectors, authorities aim to disrupt cryptojacking networks and improve institutional cyber hygiene.
A Dual Threat: Physical and Digital Resource Hijacking
These incidents underscore a broader challenge: crypto-driven exploitation of public infrastructure, both physical and digital. The Buryatenergo case demonstrates direct theft of energy resources, while the Librarian Ghouls campaign shows the virtual siphoning of computing power.
Both represent theft of public goods—not only undermining systems and trust, but potentially harming community welfare.
Looking Ahead: Deterrence & Policy Recommendations
- Enhanced Grid Monitoring: Utilities should deploy real-time sensors and load anomaly systems to trace unplanned consumption.
- Swift Legal Action: Arrests, equipment seizure, and clear penalties are critical for deterrence.
- Cybersecurity Awareness: Organizations require phishing-resistant training, endpoint protection, and script-blocking controls.
- Cross-sectoral Coordination: Energy providers and cybersecurity agencies must collaborate on identifying and addressing hybrid threats.
- Balanced Regulation: Licensing regimes should enable transparency and compliance for legitimate miners, while minimizing entry points for illegal operators.
Conclusion: Addressing Crypto‑Powered Theft in All Forms
The truck-based crypto mine in Buryatia and the surge in cryptojacking by Librarian Ghouls reveal a troubling evolution: crypto mining is increasingly tied to illegal resource use. Whether draining electricity or hijacking institutional computers, these actions erode public trust and threaten vital systems.
A comprehensive response is needed—physical inspections, cybersecurity vigilance, and coordinated enforcement—to protect infrastructure and maintain community well‑being. As Russia tightens mining rules and digital defenders adapt to emerging threats, vigilance across both power grids and cyberspace remains essential.
