According to CNN, US authorities have successfully recovered a Bitcoin ransom paid by the company Colonial Pipeline. This company’s operations were halted in May after a cyberattack allegedly carried out by a Russia-backed hacker group called DarkSide.
According to the report, Colonial Pipeline controls approximately 45 percent of the fuel for the East Coast of the United States. Its CEO, Joseph Blount, was forced to pay the ransom demanded by the hacker on the main computer in the control room. It is estimated that $4.4 million was paid in 63.7 Bitcoin.
The operation was carried out by a special ransomware task force formed by the federal government of the United States. This type of attack has become commonplace. There is an increasing level of concern in the public and the authorities.
During a press conference, Deputy Attorney General Lisa Monaco stated the following about the operation:
We will continue to use all of our tools and resources to increase the costs and consequences of ransomware and other cyber-enabled attacks by going after an entire ecosystem that fuels ransomware and digital currency.
According to Deputy National Security Advisor Anne Neuberger, Bitcoin and cryptocurrencies “enable” this type of crime. Other high-ranking US government officials, such as Treasury Secretary Janet Yellen, have taken a similar stance. According to CNN, Neuberger also stated:
That is how people make money from it. With the rise of anonymity and the advancement of cryptocurrencies, there has also been an increase in the number of mixer services that essentially launder funds.
Another Department of Justice (DOJ) representative claimed that the funds were seized from a Bitcoin wallet.
It’s Never Been More Accurate to Say “Not Your Keys, Not Your Bitcoin”
Members of the crypto community and specialized media, on the other hand, appear unconvinced. Jordan Schachtel, an independent journalist, questioned the entire operation. He claims that the term “Russian hacking” has been used “illegitimately” on numerous occasions in the past. As a result, he implies that the Federal Authorities may withhold critical information.
In addition, the independent journalist pointed out some inconsistencies in the investigation. The authorities, for example, claimed to have the hacker’s Bitcoin wallet password. He stated:
Why do you need a court order if you have their wallet’s password? The opposite is also true. You do not need the password if the bitcoin was transferred to a custodial wallet (keys).
Schachtel is perplexed as to how the authorities obtained the private key in the first place. According to the official report, the ransom was transferred to a “specific address, for which the FBI has the private key.” The available information appears to rule out the possibility of the Feds obtaining BTC wallet private keys; instead, the hackers may have used a centralized exchange as the ransom’s custodian.
So it appears that I was correct. The private keys were not obtained by the FBI. Instead, they filed a lawsuit against an exchange or a custodial wallet with servers in Northern California (Coinbase, anyone?). These “hackers” were utterly inept.
Anderson Kill Law Partner Preston Byrne summarized the entire operation. Both the journalist and Byrne came to the conclusion that the United States did nothing innovative.
This is how it happened:
1) The DarkSide wallet was on an exchange or a cloud server somewhere, and the FBI raided the service with a warrant and a gag order.
2) The FBI (possibly) has an insider who told them where to look.