GCHQ and the police have been alerted to a suspected Russian cyber attack on British soil.
The National Cyber Security Centre (NCSC), which is part of GCHQ, and Scotland Yard have been assessing a series of attacks attempting to take down a cryptocurrency exchange based in London.
The “distributed denial of service” attack on Currency.com saw millions of computers around the world coerced to bombard the company’s website with multiple requests, in an attempt to crash its systems.
The cyber attack started in April after Viktor Prokopenya, founder of Currency.com, announced he was pulling his company out of Russia in protest against the invasion of Ukraine.
His firm issued a statement condemning Russian “aggression” and the “terrible war.”
Within hours, the exchange was hit by what is believed to have been the first suspected Russian cyber attack on a UK company, after the country proffered economic and military aid to Ukraine.
Cyber attacks 'are coming from Russia'
Mr Prokopenya, who left Belarus in 2015 and now lives and works in London, said: “My security team says the attacks are coming from Russia and it started just after we became the first cryptocurrency business to pull out of Russia. We have also relocated our staff out of Ukraine, and are continuing to support them.
“The unprovoked war in Ukraine is a tragedy. So many innocent people are dying unnecessarily every day. It is very moving and I have donated more than £1 million to humanitarian charities in Ukraine. The war is tearing the region apart and it must stop now.”
It is understood the NCSC does not believe the attack has been carried out by the Kremlin but instead is likely to be criminals who may or may not be Russian in origin. According to analysis by Currency.com, between 18 and 32 per cent of the attacks originated from Russia and Belarus.
It follows warnings by Liz Truss, the Foreign Secretary, of “significant consequences on ordinary people and businesses in Ukraine and across Europe”, after she revealed there had been a “deliberate and malicious” cyber attack by Russia on Ukraine.
Mr Prokopenya said: “The cyber attack has been going on almost on a daily basis every day for the last three months. It’s like someone repeatedly trying to break down your front door.”
Warning from National Cyber Security Centre
Documents seen by The Telegraph show many of the computers involved in the cyber attack, which saw Currency.com hit up to 2,500 times a second, were based in Russia and Belarus - one of the few countries to support Vladimir Putin’s controversial war.
It is understood that Mr Prokopenya, a fintech entrepreneur originally from Belarus, reported the attack to Action Fraud, the UK's national reporting centre for fraud and cyber crime.
A report was sent to the National Fraud Intelligence Bureau, which analysed the cyber attack and alerted the Metropolitan Police in London, where Currency.com’s servers are based.
It is understood that Scotland Yard decided against pursuing an investigation because of the difficulties in identifying the ultimate perpetrators, who are thought to be based in Russia. However, a report was filed to the NCSC.
An NCSC spokesman said: “We are aware of this incident. We would recommend that all organisations should follow our guidance on preparing for and responding to attacks of this nature.”