DOJ Seizes 63.7 BTC Paid by Colonial Pipeline As A Ransomware Payment to Darkside

The Justice Department has reported recovering about $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, which the agency itself and the mainstream media are describing as the most disruptive US cyberattack on record. “Right now, prosecution is a pipedream,” said Vice President John Hultquist of Mandiant cybersecurity while praising the move. “Disrupt. Disrupt. Disrupt.” https://twitter.com/matthew_d_green/status/1401979215503888385 Deputy Attorney General Lisa Monaco said on Monday that investigators had seized 63.7 BTC paid by Colonial after last month’s hack of its systems that caused a shutdown leading to a spike in gas prices, panic buying, and massive shortages in the U.S. East Coast gas stations. The DOJ has “found and recaptured the majority” of the ransom paid by Colonial, Monaco said. Colonial Pipeline had paid the hackers nearly $5 million to regain access. A judge in San Francisco approved the seizure of funds from the cryptocurrency address, which is reported to be located in the Northern District of California. The FBI attributed the hack to a gang called DarkSide. Deputy FBI Director Paul Abbate described DarkSide as a Russia-based cybercrime group during the news conference. According to Abbate, the FBI was tracking more than 100 ransomware variants, and the gang alone has victimized at least 90 U.S. companies. Commerce Secretary Gina Raimondo said over the weekend that the Biden administration was looking at all options to defend against ransomware attacks. An affidavit filed said the FBI was in possession of a private key to unlock a Bitcoin wallet that received most of the funds. What’s not mentioned here is just how the FBI gained access to the private key. https://twitter.com/JordanSchachtel/status/1401988543493332994 The bitcoin wallet from which the funds were taken had contained 69.6 bitcoins, said Tom Robinson, co-founder of crypto tracking firm Elliptic. According to Robinson, DarkSide would keep a smaller share for its role in providing the encryption software and negotiating with the victim. The FBI affidavit filed said that the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools. Small amounts were shaved off the initial 75 bitcoin payment along the way, while the remaining amount reached the wallet on May 27 and stayed there until this week. https://twitter.com/DefenseBaron/status/1401984548628467721 Meanwhile, the crypto community is trying to comprehend just how exactly the agency was able to get its hands on the key. https://twitter.com/adam3us/status/1402179970277982210 According to Alex Thorn, Head of Research at Galaxy Digital, “there’s no evidence of a bitcoin or bitcoin wallet security vulnerability.” “We looked on-chain & found a pattern that seems to show the funds ultimately flowed to a trading desk or exchange willing to comply with a US warrant,” he added. [deco-beg-single-coin-widget coin="BTC"]