The United States Department of Justice announced on Monday 7th the recovery of $2.3 million worth of BTC connected to the Colonial Pipeline ransomware attack which took place in May of 2021.
The recovered funds represent more than half of the ransom paid by Colonial Pipeline to the group known as DarkSide, which demanded more than $4.4 as a ransom in exchange for restoring the company’s network.
The statement issued by the DOJ says that the accounts holding the stolen funds were found by reviewing BTC’s public ledger, for which the FBI had the private key. However, no details were given on how the private key was obtained.
Deputy Attorney General Lisa O. Monaco said in a statement that “Following the money remains one of the most basic, yet powerful tools” at the disposal of authorities to investigate such cases.
FBI Deputy Director Paul Abbate referred to the seizing by saying:
“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors. We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”
These resources continue to be a mystery but there has been speculation about crypto exchanges being involved in the seizing.
Coinbase Denies Involvement in US Government Operation for BTC
With speculation about involvement by crypto exchanges, Coinbase has been the target of claims about its involvement in the FBI and DOJ’s operation.
Philip Martin, Coinbase’s Chief Security Officer (CSO), took on Twitter to clarify that the company has not been involved in any way in revealing the private keys to the wallet holding the stolen funds.
1/ I've seen a bunch of incorrect claims that Coinbase was involved in the recent DOJ seizure of BTC associated with the Colonial Pipeline ransomware attack. We weren’t. a thread:
— Philip Martin (@SecurityGuyPhil) June 8, 2021
In his Tweets, Martin said that there was no evidence that any of the funds went through a Coinbase account and no warrant had been issued by the US government at any point. He also referred to some specific claims that seem to have been based on technical issues with the explorer being used.
Referring to how the FBI could have obtained the private key, Martin speculated that it could have been some “whiz-bang magic” but it was more likely the result of “good ol’ fashioned police work” in conjunction with a Mutual Legal Assistance Treaty request and political pressure.
The news about the seizing caused the value of BTC to drop as concerns about the abilities of the FBI to gain access to private keys started to spread.
Global Authorities Are Declaring War on Ransomware
Colonial Pipeline was the target of criticism for paying the ransom as many believe that by doing so, bad actors have more incentives to continue to target critical infrastructure around the world.
However, Monaco said that the company’s early actions assisted in achieving the seize:
“Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide”
She also added that the United States government will continue to target “the entire ransomware ecosystem” to make it more costly and less profitable for criminals to demand ransom payments.
The US DoJ has created a Ransomware and Digital Extortion Task Force that will prioritize the disruption, investigation, and prosecution of ransomware activity in the country, according to the press release.
The US government has recently started to keep a closer watch on the use of cryptocurrencies for illegal activities, which has the entirety of the crypto market in the spotlight of regulators around the globe.
The post US Government Recovers BTC from Colonial Pipeline Ransomware Attack appeared first on Blockonomi.