I did a look up. That IP originates from Lithuania; the ISP is UAB Cherry Servers with Azure configured as the name server and Cherry Servers are providers of Cloud Hosting Services so the hacker(s) definitely used a VPS to conduct this attack. I do not think this attack could be one guy but a well organized group. Why I think so is because from Cherry Servers pricing page, their services are quite expensive and I am not sure someone other than a well connected group could afford it.
I also tried pinging but no response but
nmap -sV -Pn 46.166.160.158
reports open ports 3389: ms-wbt-server and 7070: ssl/realserver which confirms that the attacker is running a Windows OS and uses RDP for his trade.
I tried connecting to the IP over my Windows RDP software and there's a response showing that the system is still online but without login creds, i can't do much. Maybe someone with advanced pentesting skills could take it up from here let's put an end to all these criminality.
I also strongly believe the hackers were a organized group. From starting the likely infected BCD wallet to the point where they literally knew everything over my system and infrastructure was just minutes. And they need to find the password safe files and a matching program to read it - which is now only available under Android. Finally they did not waste time with problems. They left BTG in the Exodus wallet because Exodus does not accept all address formats. And they did not claim the BSV from the stolen BCH which I did meanwhile. So they came very quick, executed their damaging work and left a desaster for me