Bulletin
Investor Alert

Crypto Archives | Email alerts

June 12, 2021, 11:57 a.m. EDT

How did federal agents recover bitcoin and access a crypto wallet tied to the Colonial Pipeline cyberattack?

new
Watchlist Relevance
LEARN MORE

Want to see how this story relates to your watchlist?

Just add items to create a watchlist now:

  • X
    Bitcoin USD (BTCUSD)
  • X
    RBOB Gasoline Continuous Contract (RB00)
  • X
    Ethereum USD (ETHUSD)

or Cancel Already have a watchlist? Log In

By Mark DeCambre

U.S. federal authorities are fairly tight-lipped on the method of recovering some $2.3 million in bitcoin paid to cyber-hackers of Colonial Pipeline Cos., last month. It is a rare, but not unprecedented, win for agents who are part of a newly formed Ransomware and Digital Extortion Task Force.

But the big question for crypto market participants may be how the government tactically tracked down the bitcoin /zigman2/quotes/31322028/realtime BTCUSD +5.31% allegedly obtained by the Eastern European hacking group known as DarkSide and how the federal agents obtained access to a password-protected wallet.

The U.S. Justice Department on Monday said a news conference that it seized about 64 bitcoin paid by Colonial to hackers, valued at roughly $2.3 million, from a virtual wallet.

Here’s what we know through court documents and conversations with those familiar with tactics that may have been employed by the Justice Department and the Federal Bureau of Investigation:

An unidentified special agent with the FBI’s cybercrimes squad, in an affidavit with the California’s Northerrn District, requesting a warrant to seize the digital assets, says that the agency used public blockchain explorers to track payments made to the hackers.

Blockchain explorers have been described succinctly as the Google of cryptocurrencies and blockchain and they allow users to find details related to transactions on specific wallet addresses and blockchains including amounts transacted, sources and destination of funds, and status of the transactions.

In this case, the FBI was able to track the addresses where roughly 75 bitcoins were sent to hackers around May 8, court documents show.

The documents indicate that Colonial Pipeline had reached out to the FBI in early May to advise the agency that it had been instructed to send a ransom payment of approximately 75 bitcoin, calculated at the time to be worth $4.3 million to a specific address that was partly redacted in court filings.

A blog post by Dr. Tom Robinson of blockchain analytics firm Elliptic identified the bitcoin address tied to the Colonial hack as address  bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq — probably the same one mentioned in the seizure  affidavit .

Ransomware attacks are those that compel the victim to pay a sum to a specific location to resolve a breach of a company’s computer systems, and increasingly hackers are demanding crypto in exchange for ending their attack.

The filings show that the FBI agent used blockchain explorers to track the movement of the crypto to nearly two dozen addresses.

A private key for a virtual wallet linked to one of the addresses , where the cryto-currency sat for some time, was obtained by the FBI, but the agency didn’t disclose how it obtained the key, which serves as a password for the wallet. A crypto wallet can be used to store bitcoin, user addresses and other private key information.

Advocates of blockchain technology have long touted the traceability of the distributed public ledger as one counterpoint to those who say crypto is largely used for illicit activities.

“This action by US authorities demonstrates the value of blockchain analytics to track down proceeds of crime in cryptocurrency, and ensure that ransomware does not pay for the criminals behind it,” Robinson wrote.

That said, cracking a crypto wallet is usually the remit of hackers and not the FBI.

National Public Radio speculated on 3 possible ways federal agents obtained DarkSide’s private key:

  1. Carelessness by the perpetrator

/zigman2/quotes/31322028/realtime
US : CoinDesk
40,018.16
+2,018 +5.31%
Volume: 0.00
July 28, 2021 1:24a
loading...
1 2
This Story has 0 Comments
Be the first to comment
More News In
Markets

Story Conversation

Commenting FAQs »

Partner Center

Link to MarketWatch's Slice.