Unless the attacker had very poor OpSec, it would be hard to track them down, even assuming the relevant police force had the skills/manpower to do so.
Then you get the delight of likely jurisdictional issues, if it turns out the attacker is not a resident of the same country as the victim that reported it.
Only out of curiosity I did a quick WHOIS search, it is an Ukraine domain registered by a Polish company with its legal head offices in Belize (at an address where there is seemingly a courier/transport company).
And the same address is linked to a Malta based company that appears on the "Panama Papers".
Whilst I'm not an intelligence analyst, this seems like a pretty basic/untargeted attack for a nation state.
It could be one, but it could just as easily be one of the many criminal gangs who used credential spraying to get access to accounts and then figure out what they can do with them afterwards.
If the cost of the attack is as near to zero as makes no odds, any income is profit, whether it comes from being able to compromise bitcoin related accounts elsewhere, getting a miner to run on 00s of servers and/or 000s of clients, or getting other details to use in a "send me bitcoint and I will/won't X" blackmail. And if there is no income from the attack, the cost of trying is near zero.
Then you get the delight of likely jurisdictional issues, if it turns out the attacker is not a resident of the same country as the victim that reported it.