U.S. Recovers Millions Paid In Bitcoin For Pipeline Ransomware
U.S. authorities have successfully recovered a ransom paid in Bitcoin by the company Colonial Pipeline, per a CNN report. In May, a cyberattack allegedly perpetrated by a Russia-backed hacker group called DarkSide halted the operations of this company.
According to the report, Colonial Pipeline controls around 45% of the fuel for the U.S. East Coast. Its CEO Joseph Blount was forced to pay the ransom enforced by the hacker on a control room’s main computer. Estimated in around $4.4 million paid in 63.7 Bitcoin.
The operation was carried out by a special ransomware task force created by the U.S. Federal Government. This type of attack has become regular. There is a growing concern in the public and the authorities.
Deputy Attorney General Lisa Monaco said the following on the operation during a press conference:
By going after an entire ecosystem that fuels ransomware and digital currency, we will continue to use all of our tools and all of our resources to increase the costs and the consequences of ransomware attacks and other cyber-enabled attacks.
Deputy National Security Advisor Anne Neuberger claimed that Bitcoin and cryptocurrencies “enable” this type of crime. A similar position has been taken by other U.S. high-ranking government officials, such as Secretary of Treasury, Janet Yellen. Neuberger added, according to CNN:
That’s the way folks get the money out of it. On the rise of anonymity and enhancing cryptocurrencies, the rise of mixer services that essentially launder funds.
Another representative from the Department of Justice (DOJ) claimed that the funds were seized from a Bitcoin wallet.
Not Your Keys, Not Your Bitcoin Has Never Been More Truthful
However, members of the crypto community and specialize media seem unconvinced. Independent journalist Jordan Schachtel questioned the entire operation. He claims that “Russian hacking” has been used “illegitimately” many times in the past. Therefore, he hints at the possibility of the Federal Authorities withholding key information.
The independent journalist also pointed out some inconsistencies in the investigation. For example, the authorities claimed to have the hacker’s Bitcoin wallet password. He said:
Why do you need a court order if you have the password to their wallet? The reverse is also true. If the bitcoin was transferred to a custodial wallet, you dont need the password (keys).
Schachtel wonders how the authorities got the private key in the first place. The official report only states that the ransom was transferred to a “specific address, for which the FBI has the private key”. Available information appears to rule out the possibility of the Feds obtaining a BTC wallet private keys, the hackers might have utilized a centralized exchange as custodian of the ransom.
So it looks like I was right. The FBI did not obtain the private keys. Instead, they took legal action against an exchange or some kind of custodial wallet that has servers in N California (Coinbase, lol?). These “hackers” were grossly incompetent.
Preston Byrne, Partner at Anderson Kill Law, summarized the whole operation. Both the journalist and Byrne concluded that the U.S. didn’t do anything innovative.
How this happened:
1) DarkSide wallet was on an exchange or on a cloud server somewhere, FBI hit the service w. warrant & gag order
2) (possibly) FBI has a guy on the inside who told them where to look
How it didn’t happen:
1) ECDSA is broken https://t.co/OZxwancGhV
— Preston Byrne (@prestonjbyrne) June 7, 2021
At the time of writing, BTC trades at $34,127. In the daily chart, the first cryptocurrency by market cap has been trending downwards after sideways movement in the past weeks.