Kidnapped Exchange Analyst Pavel Lerner Freed After Paying Bitcoin Ransom

Pavel Lerner has been freed from captivity following his kidnapping this week. The EXMO analyst is physically unharmed and no longer being held hostage, according to a company press release.

Free at Last

On December 26, Pavel Lerner, 40, was wrapping up work at his office in Kiev, Ukraine, where he works as the lead analyst of UK-based cryptocurrency exchange EXMO. Upon leaving work, Lerner was jumped by a group of men wearing balaclavas (ski masks, for our American readers). The assailants reportedly bound Lerner and threw him into the backseat of a Mercedes-Benz Vito and drove away.

After days of reporting, speculation, and unsuccessful search attempts, Lerner is confirmed safe. He was released from the hostage situation after paying a US$1,000,000 ransom in Bitcoin.  

EXMO released the following public statement in response to Lerner’s recovery:

On December 26, Pavel was captured by a group of unknown masked people, and all the connection with him ceased for several days. On December 29, we managed to get a hold of Pavel. At the moment, he is safe, and there was no physical harm inflicted on him. Nevertheless, Pavel is currently in a state of major stress, therefore, he will not provide any official comments in the coming days. The case is currently under investigation of the state security authorities.

Moreover, the company expressed gratitude to the media and community at large for their attention and care:

EXMO team is deeply grateful to the cryptocurrency community and the media for their active support. We promise to timely provide any updates on the situation.

Motives and Extenuating Circumstances

Officials and media outlets have speculated that the kidnappers were looking to leverage Lerner’s position at EXMO for either a payout or access to the exchange’s reserve fund.

News reports have offered myriad job titles for Lerner over the past few days. Some have labeled him a chief executive officer or an operations director, while Lerner’s Facebook page lists him as a managing director. According to EXMO, the “nature of Pavel’s job at EXMO doesn’t assume access either to storage or any personal data of users. All users funds are absolutely safe.”

Shortly after the kidnapping, EXMO fell prey to a distributed denial-of-service attack that left the exchange incapacitated.  Services were temporarily suspended as EXMO responded to the attack. It’s assumed – but not confirmed – that the DDoS attack and kidnapping were linked.

2017: A Dangerous Year for Exchanges

Lerner’s kidnapping is the first of its kind for a cryptocurrency exchange, and his ransom is the first recorded instance of high-crime extortion aimed at a major exchange.

Cryptocurrency exchanges in general, however, have been a hot target for cyber crime over the course of 2017.  

Multiple Korean exchanges, including Bithumb, South Korea’s largest domestic exchange, have been hacked more than once throughout the year. One such exchange, Youbit, was forced to close its doors after filing for bankruptcy following its latest attack.

EtherDelta, a popular exchange for Ethereum and ERC20 trading pairs, was subject to a phishing attack a couple of weeks ago. A hacker tapped into EtherDelta’s domain name server, replacing it with a fake website in order to trick users into revealing their private keys.

Hopefully, Lerner’s kidnapping will be the only physical assault we see on exchange employees.

All of us here at The Merkle wish Pavel Lerner a peaceful and steady recovery, and our thoughts go out to him and his loved ones.