It may be a while since you’ve heard the handle “Guccifer 2.0,” the hacker who took responsibility for the infamous DNC hack of 2016. Reports from the intelligence community at the time, as well as common sense, pegged Guccifer 2.0 not as the Romanian activist he claimed to be, but a Russian operative. Evidence has been scarce, but one slip-up may have given the game away.

An anonymous source close to the U.S. government investigation of the hacker told the Daily Beast that on one single occasion, Guccifer 2.0 failed to log into the usual VPN that disguised their traffic. As a result, they left one honest IP trace at an unnamed social media site.

That IP address, “identified Guccifer 2.0 as a particular GRU officer working out of the agency’s headquarters on Grizodubovoy Street in Moscow,” the Daily Beast reported. (The GRU is one of the Russia’s security and intelligence organs.)

Previous work by security researchers had suggested this, but it’s the first I’ve heard of evidence this direct. Assuming it’s genuine, it’s a sobering reminder of how fragile anonymity is on the internet — one click and the whole thing comes crashing down.

It’s a bit of a foregone conclusion now, since in the time since the hack the notion of Russian interference with the election has gone from unnerving possibility to banal fact. And while a single impression like that may sound a bit flimsy, investigators would of course be putting it together with all kinds of other activity and patterns to be clear this wasn’t just a random intern checking his feeds at an open terminal.