world

U.S. seizes $2.3 mil in Bitcoin paid to Colonial Pipeline hackers

46 Comments
By Sarah N. Lynch, Christopher Bing and Joseph Menn

The Justice Department on Monday said it recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.

Deputy Attorney General Lisa Monaco said investigators had seized 63.7 Bitcoins, now valued at about $2.3 million, paid by Colonial after last month's hack of its systems that led to massive shortages at U.S. East Coast gas stations.

The Justice Department has "found and recaptured the majority" of the ransom paid by Colonial, Monaco said.

An affidavit filed on Monday said the FBI was in possession of a private key to unlock the hackers' Bitcoin wallet. It was unclear how the FBI gained access to this key.

A judge in San Francisco approved the seizure of funds from this "cryptocurrency address," which the filing said was located in the Northern District of California.

Colonial Pipeline had said it paid the hackers nearly $5 million to regain access. Bitcoin's value has dropped in recent weeks, trading at around $36,000 on Monday after hitting $63,000 in April.

"Today, we've turned the tables on DarkSide," said Monaco, referring to a ransomware group widely believed to have been behind the crippling fuel pipeline attack.

The hack caused a shutdown lasting several days, leading to a spike in gas prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.

Deputy FBI Director Paul Abbate, who spoke at the same news conference as Monaco on Monday, described DarkSide as a Russia-based cybercrime group.

Abbate said the FBI was tracking more than 100 ransomware variants. DarkSide itself victimized at least 90 U.S. companies, including manufacturers and healthcare providers, Abbate said.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when President Joe Biden meets with Russian President Vladimir Putin this month.

Tom Robinson, co-founder of crypto tracking firm Elliptic, said that the Bitcoin wallet the funds were taken from had contained 69.6 Bitcoins. The seizure announced Monday was of just 63.7 Bitcoins, which Robinson said likely represented the share that had gone to the DarkSide "affiliate" who had initially hacked into Colonial.

Investigators say DarkSide often used a partnership model with other hacking groups to compromise numerous victims.

DarkSide would normally keep a smaller share for its role in providing the encryption software and negotiating with the victim, Robinson said. On Monday, minutes after the first funds were transferred out, the rest followed. The U.S. government might have seized that second amount as well but not announced it yet, Robinson said.

© Thomson Reuters 2021.

©2021 GPlusMedia Inc.

46 Comments
Login to comment

Weren’t certain posters here pillorying Biden as being weak because those posters assumed he was not having any action taken against these hackers?

0 ( +6 / -6 )

Very fast action from the authorities. I was surprised.

1 ( +4 / -3 )

“The seizure announced Monday was of just 63.7 Bitcoins, which Robinson said likely represented the share that had gone to the DarkSide "affiliate" who had initially hacked into Colonial.”

-3 ( +3 / -6 )

“The seizure announced Monday was of just 63.7 Bitcoins, which Robinson said likely represented the share that had gone to the DarkSide "affiliate" who had initially hacked into Colonial.”

And? Most of us who post here can and do read.

4 ( +6 / -2 )

Those FBI guys pretending to be Russians will be very upset.

Really, seized the Bitcoin? Really. Sorry yes OK I believe it, I also believe in Superman and the sugar plum fairy too.

-3 ( +4 / -7 )

Seeing as “the Russians” don’t keep their wallet in San Fran, there are now narrative problems here.

meanwhile Darkside still have their cut and the heat is off Biden to demand Putin do something. Curious timing, hope they didn’t just take some random guy’s Bitcoin.

-6 ( +5 / -11 )

Blacklabel: It’s rather comedic that you are suddenly worried about the president demand Putin do anything. A few months ago, you were cheering the president fawning over Putin.

6 ( +9 / -3 )

The Justice Department has "found and recaptured the majority" of the ransom paid by Colonial, Monaco said

Either this is a pathetic lie or the blockchain technology is not as secure and anonymous as we all thought.

-5 ( +1 / -6 )

Seeing as “the Russians” don’t keep their wallet in San Fran, there are now narrative problems here.

And you know this how? Current Russian law does not permit their banks to transact any business in crypto currencies. A law before their parliament proposes to ban the possession and use of cryptocurrencies in Russia. It is currently technically legal to mine it but the miners must sell their bitcoin abroad for cash and not take possession of it. This new law would make even that illegal. Firms would be prohibited from taking payment in crypto currencies. Big fines and prison time.

7 ( +8 / -1 )

The seizure announced Monday was of just 63.7 Bitcoins, which Robinson said likely represented the share that had gone to the DarkSide "affiliate" who had initially hacked into Colonial.”

The value of those 63.7 Bitcoins at the time of the hack was about $4 million, in other words the great majority of the total ransom payment.

5 ( +5 / -0 )

Colonial Pipeline paid 75 Bitcoin. 63.7 Bitcoin were recovered. Go ahead and do the arithmetic Blacklabel. That is 85% of the ransom. Bitcoin has lost enormous value since that ransom was paid.

6 ( +6 / -0 )

The main value of Bitcoin is that its blockchain algorithm is considered very secure.

An affidavit filed on Monday said the FBI was in possession of a private key to unlock the hackers' Bitcoin wallet. It was unclear how the FBI gained access to this key.

If the FBI can do this, and the do not say how, it means there is an unknown and exploitable hole in the algorithm and it destroys the credibility of Bitcoin.

Not a good day for crypto.

5 ( +6 / -1 )

If the FBI can do this, and the do not say how, it means there is an unknown and exploitable hole in the algorithm 

It's called computing power. Just about any encryption can be broken with enough iterations. The more computing power one has the faster this can be accomplished.

2 ( +4 / -2 )

@Blacklabel

Seeing as “the Russians” don’t keep their wallet in San Fran, there are now narrative problems here.

meanwhile Darkside still have their cut and the heat is off Biden to demand Putin do something. Curious timing, hope they didn’t just take some random guy’s Bitcoin.

LOL! The Chinese and the Russians hacked the US when trump was in office, and he did nothing, but try to get his boss Putin invited to the G7 in Florida.

3 ( +6 / -3 )

Nothing wrong with meme stocks, they are legitimate US companies that actively trade on the US stock market. Sorry you dont have any money to invest, thats the only reason you could possibly be mad about it.

-5 ( +2 / -7 )

You’re a day trader. You don’t invest in companies because they are fundamentally sound, You invest (gamble actually) based on nothing more than volatility.

I actually create goods and services that benefit society.

2 ( +5 / -3 )

From what I read the FBI were able to hack into the hackers network, noy hack bitcoin itself.

7 ( +7 / -0 )

If this is actually true what happened, this should be the death of cryptocurrency.

Precisely.

-3 ( +1 / -4 )

I thought Bitcoin was supposed to be immune to this type of law enforcement. Another reason to avoid it like the plague.

0 ( +1 / -1 )

The only reasons to use bit coin are because you’re a cyber ransomed, a drug dealer, a money launderer, or a day trading “meme stock expert”

Its a means to funnel illicit gains and nothing more.

1 ( +4 / -3 )

Bitcoin isn't anonymous. It just takes some detailed accounting which computers can handle.

As to how they got the private key ... well, don't have your private key on any connected computer. Keep it on 3+ external devices. Never on Windows. Never on an i-Device. Never on Android and probably never on OSX. Only use a temporary, "Live Boot" OS, like most Linux distros provide and only use those when it is time to do a transaction.

2 ( +2 / -0 )

It is extremely unlikely that anyone can "crack" a private key in the next 200 yrs. The math just doesn't support that. But hacking into a poorly secured system - that isn't nearly as difficult as 99.99% of the people believe.

I have serious doubts in believing the wallet with the private key was actually in California, unless they happen to have it on a VPS. These people shouldn't be that stupid.

1 ( +2 / -1 )

GdTokyo Today  10:09 am JST

The only reasons to use bit coin are because you’re a cyber ransomed, a drug dealer, a money launderer, or a day trading “meme stock expert” 

Its a means to funnel illicit gains and nothing more.

Fiat currency, of course, is never used in ransoms, by drug dealers, money launderers, or in day trading

0 ( +3 / -3 )

Actually I’m not. That’s just your assumption.

You’re a day trader.

-6 ( +1 / -7 )

So which one is Elon Musk? and the legitimate companies that hold Bitcoin and accept Bitcoin as payment?

The only reasons to use bit coin are because you’re a cyber ransomed, a drug dealer, a money launderer, or a day trading “meme stock expert”

-3 ( +2 / -5 )

Very fast action from the authorities. I was surprised.

FBI was tracking them for over a year and it happened on their watch.

From what I read the FBI were able to hack into the hackers network, noy hack bitcoin itself.

This is factual. The hackers provide a service for a commission. FBI caught the people who hired them, not the hackers.

-3 ( +0 / -3 )

Big blow to ransomware gangs.

Victims might not be so willing to pay now after this incident.

According to NBC even though Colonial paid and was given the decryptor, it was so slow colonial ended up restoring it's system from backups in the end.

5 ( +5 / -0 )

If you need a job, the computer security industry is a good place to be.

3 ( +3 / -0 )

Weren’t certain posters here pillorying Biden as being weak because those posters assumed he was not having any action taken against these hackers?

The same ones that believed (or intentionally push the false narrative) that somehow Biden's administration paid the Colonial Pipeline ransom all by their lonesome.

Good to see our federal cyber security team back in function after a certain previous POTUS tried to neuter their ability to function in hopes they could "win" another term by hook or by crook.

5 ( +5 / -0 )

If the US gov has really done this, Bitcoin and other crypto currencies have no future. Good old fashioned used bundles of notes stuffed in a mattress are safer.

-1 ( +2 / -3 )

Finally some good news about this kind of crimes, it may not be the case but it is tempting to relate this to the change of US government.

2 ( +3 / -1 )

Based on years and years of observing claims and then later finding the truth, I would not trust anything that comes out of Washington. Also these same people don't mention they are trying to destroy Russia's economy with sanctions. Just look at Nord Stream II, New and expanded NATO bases and Ukraine.

-1 ( +3 / -4 )

Biden set the precedent by allowing to pay off infrastructure blackmailers, so now we will more of it. Actions have consequences.

-2 ( +2 / -4 )

Blacklabel

Seeing as “the Russians” don’t keep their wallet in San Fran, there are now narrative problems here.

LOL yeah, but the corporate media will paper that over, like they always do with inconventien facts.

Its got to be those evil "Russians"!

-2 ( +1 / -3 )

Biden set the precedent by allowing to pay off infrastructure blackmailers

Ah yes, that famous CEO of Colonial Pipeline Company... Joe Biden!?

1 ( +3 / -2 )

Seeing as “the Russians” don’t keep their wallet in San Fran, there are now narrative problems here.

As I said earlier, Russian banks, companies and private citizens are not permitted under Russian law to buy, sell, trade, or own cyber currencies. If Russian crooks are dealing in Bitcoin or similar, they cannot do so in Russia. Their wallets have to be kept elsewhere. This is not hard to understand.

1 ( +2 / -1 )

Biden set the precedent by allowing to pay off infrastructure blackmailers

Show us where in Federal law any agency of government at any level has the authority to tell a private party not to pay a ransom? A President could tell Colonial Pipeline not to pay the ransome. The FBI routinely does. But no level of government has the power to stop a victim from paying ransom. That is reality. Btw, this was hardly the first ransomware hack. These have been happening for many years.

1 ( +2 / -1 )

Also these same people don't mention they are trying to destroy Russia's economy with sanctions

Is that supposed to be a bad thing?

2 ( +3 / -1 )

We can discuss the security of Bitcoin or we can discuss the security of the United States as we see quite graphically what WILL happen to our most essential, Corporate compromised systems ALL AT ONCE because it COSTS MONEY TO IMPLEMENT ADEQUATE SECURITY and that money is better sent to the profit column than to ensure that, should America find itself in the sadly likely case of being involved in a major war, we can expect that, suddenly, NOTHING will work. Our U.S. generals and planners seem only capable of thinking in bombs bursting in air and rockets red glare and not a completely paralyzed, communication compromised mob of confused, disorganized people trying to organize a defense. The benefit of this attack should be obvious. But Corporate will spend much PR money obfuscating their own responsibilities here that would be better spent on IT. But this IS America and 'privatization' has left us strategically and tactically naked if this event is any example of possibilities. This was a GOOD thing, folks. And we need another BIG one because you have to hit an American in the head at least twice to get us to pay attention...maybe this is what the END of Empire looks like as endogenous corruption rots the very roots of a nation...

0 ( +0 / -0 )

Biden set the precedent by allowing to pay off infrastructure blackmailers, so now we will more of it. Actions have consequences.

Biden authorized the payment? Weird that that fact isn’t showing up on any media at all. In fact, the opposite has been evidenced:

*“Colonial is a private company and we’ll defer information regarding their decision on paying a ransom to them,” she said. Neuberger said *ransom payment is a “private sector decision” and “the administration has not offered further advice at this time.”

https://www.google.com/amp/s/www.marketwatch.com/amp/story/white-house-says-it-didnt-offer-advice-to-colonial-pipeline-over-paying-ransom-to-hackers-11620668060

Zaphod: The way critical discourse amongst rational adults works is that you now need to offer some sort of evidence to rebut mine, not just make more unsupported assertions. Hint: You’ll need to provide a cute or cites that demonstrate Biden authorized this payment. We’ll all be waiting.

1 ( +1 / -0 )

As I said earlier, Russian banks, companies and private citizens are not permitted under Russian law to buy, sell, trade, or own cyber currencies. If Russian crooks are dealing in Bitcoin or similar, they cannot do so in Russia. Their wallets have to be kept elsewhere.

Wallets are not 'kept' anywhere. They are simply the public key of an encryption algorith. I can have wallet stored on a piece of paper, or in my head.

You're talking about hosted wallets. This is where a service stores both your wallet and the key, so that they can manage transactions in your wallet on your behalf. In this case, the wallet is stored on the server, and your comment is applicable.

But for anyone using their own wallet without a hosted service, they most definitely can have that wallet wherever they want.

1 ( +2 / -1 )

An affidavit filed on Monday said the FBI was in possession of a private key to unlock the hackers' Bitcoin wallet. It was unclear how the FBI gained access to this key.

I really wonder about this. It sounds like the FBI may have been doing some hacking on their own. Or, they have computers strong enough to crack encryption algorithms, which is worrying.

1 ( +2 / -1 )

If the US gov has really done this, Bitcoin and other crypto currencies have no future. Good old fashioned used bundles of notes stuffed in a mattress are safer.

How would this prevent the FBI from doing the exact same thing and just taking the cash?

0 ( +2 / -2 )

The only reasons to use bit coin are because you’re a cyber ransomed, a drug dealer, a money launderer, or a day trading “meme stock expert”

Or a person who doesn't want the banks to take a cut of their money.

1 ( +2 / -1 )

Bitcoin isn't anonymous.

It is both anonymous and not anonymous. It's not anonymous in that it's possible to see exactly which wallet has owned every bitcoin that has ever been mined. It's possible to see exactly which coins any wallet has ever owned. And it's possible to see both parties in every transaction.

But it's anonymous in that the system requires no personal information to be associated with a wallet. People do make a public association this information when they use wallets hosted by bitcoin exchanges, but the owner of the wallet is not referred to whatsoever by the wallet. It's impossible to take a wallet ID and extract information on the owner, as there is none contained. Someone can have a wallet without having ever connected to the internet.

1 ( +1 / -0 )

Republican logic: Trump wasn't even responsible for his own actions.

Also Republican logic: Biden is responsible for everyone's actions.

1 ( +2 / -1 )

Login to leave a comment

Facebook users

Use your Facebook account to login or register with JapanToday. By doing so, you will also receive an email inviting you to receive our news alerts.

Facebook Connect

Login with your JapanToday account

User registration

Articles, Offers & Useful Resources

A mix of what's trending on our other sites