DOJ Seizes 63.7 BTC Paid by Colonial Pipeline As A Ransomware Payment to Darkside

The Justice Department has reported recovering about $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, which the agency itself and the mainstream media are describing as the most disruptive US cyberattack on record.

“Right now, prosecution is a pipedream,” said Vice President John Hultquist of Mandiant cybersecurity while praising the move. “Disrupt. Disrupt. Disrupt.”

Deputy Attorney General Lisa Monaco said on Monday that investigators had seized 63.7 BTC paid by Colonial after last month’s hack of its systems that caused a shutdown leading to a spike in gas prices, panic buying, and massive shortages in the U.S. East Coast gas stations.

The DOJ has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had paid the hackers nearly $5 million to regain access.

A judge in San Francisco approved the seizure of funds from the cryptocurrency address, which is reported to be located in the Northern District of California.

The FBI attributed the hack to a gang called DarkSide. Deputy FBI Director Paul Abbate described DarkSide as a Russia-based cybercrime group during the news conference.

According to Abbate, the FBI was tracking more than 100 ransomware variants, and the gang alone has victimized at least 90 U.S. companies. Commerce Secretary Gina Raimondo said over the weekend that the Biden administration was looking at all options to defend against ransomware attacks.

An affidavit filed said the FBI was in possession of a private key to unlock a Bitcoin wallet that received most of the funds. What’s not mentioned here is just how the FBI gained access to the private key.

The bitcoin wallet from which the funds were taken had contained 69.6 bitcoins, said Tom Robinson, co-founder of crypto tracking firm Elliptic. According to Robinson, DarkSide would keep a smaller share for its role in providing the encryption software and negotiating with the victim.

The FBI affidavit filed said that the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools.

Small amounts were shaved off the initial 75 bitcoin payment along the way, while the remaining amount reached the wallet on May 27 and stayed there until this week.

Meanwhile, the crypto community is trying to comprehend just how exactly the agency was able to get its hands on the key.

According to Alex Thorn, Head of Research at Galaxy Digital, “there’s no evidence of a bitcoin or bitcoin wallet security vulnerability.” “We looked on-chain & found a pattern that seems to show the funds ultimately flowed to a trading desk or exchange willing to comply with a US warrant,” he added.

Get Daily Headlines

Enter Best Email to Get Trending Crypto News & Bitcoin Market Updates

What to Know More?

Join Our Telegram Group to Receive Live Updates on The Latest Blockchain & Crypto News From Your Favorite Projects

Join Our Telegram

Stay Up to Date!

Join us on Twitter to Get The Latest Trading Signals, Blockchain News, and Daily Communication with Crypto Users!

Join Our Twitter

Add comment

E-mail is already registered on the site. Please use the Login form or enter another.

You entered an incorrect username or password

Sorry, you must be logged in to post a comment.
Bitcoin Exchange Guide