cryptobriefing.com
U.S. officials have reported the successful recovery of more than half of the ransom paid out in Bitcoin to the Colonial Pipeline attackers. The FBI believes the hackers are linked to Russia-based ransomware group DarkSide.
Colonial Pipeline Ransom Recovered
The U.S. has seized the Colonial Pipeline hackers’ Bitcoin.
The Dept of Justice (DoJ) announced that more than half of the $4.4 million ransom paid out to Colonial Pipeline to ransomware attackers had been recovered Monday.
The Colonial Pipeline incident paralyzed the southern U.S. states and caused huge disruption due to gas shortages. Biden called a state of emergency following the events. The FBI concluded that a group linked to DarkSide, a Russian group of hackers known for ransomware attacks, was responsible.
Since then, the DoJ has announced that it would give the same priority level to ransomware as it does to terrorism in the future. The newly created Ransomware and Digital Extortion Task Force will coordinate the response to all ransomware and cyberattacks in the country from Washington.
The news that the FBI had recovered Bitcoin sent fear in the markets, with some believing that the service could hack the Bitcoin network. In fact, the FBI agents managed to use a block explorer to track the transactions and figure out the public address where the ransomed Bitcoin was stored. The FBI then used a warrant to claim the 63.7 BTC in that address to the exchange or custodian storing the Bitcoin.
The on-chain Bitcoin address linked to the Colonial Pipeline ransom wasn’t hacked. Once the FBI figured out the public key by analyzing on-chain data, it linked that public key to a certain custodian. The custodian for the address was asked to share the private key. As the popular crypto saying goes: “not your keys, not your Bitcoin.”
Disclaimer: The author held ETH and several other cryptocurrencies at the time of writing.