Pages:
Author

Topic: FBI says it recovered $2 million in Bitcoin Ransomware payment... How? (Read 395 times)

legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
It's easy I don't know why people can't think of it. Remember when Interpol and FBI and whatevernot raided Silk Road merchants and then took all their Bitcoin?

So of course most likely they raided and got private keys.

Or, they beat the hell out of the idiots and forced them to give up the keys. Easy.
full member
Activity: 1498
Merit: 146
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
If FBI managed to get the private keys of thhe hackers wallet then they no need to dump the reason, atleast they will say that bitcoin is not safe anymore since they managed to breach private keys.

Either the hacker made a mistake by sending the money to centralized exchanges or the government itself just framing in that way due to extra pressure.
hero member
Activity: 3038
Merit: 617


It was said that FBI uses the legal way to get access to the exchange wallet used by the hackers. They did not hack BTC or anything with an innovation. It's impossible to do that to blockchain and they know that. 

The government hated BTC so much so FBI should just shut it down if they can do it or if they can hack Bitcoin wallets they should be doing that to Satoshi's wallet but no they can't do it.


legendary
Activity: 2576
Merit: 1252
Leading Crypto Sports Betting & Casino Platform
FBI will not really share any decent information regarding how they have traced and recovered the amount that have been hacked back to the possession because it is part of the investigation process. But as the OP have the theory on how they have made it, such ways are the possible things to be done to trace and recover those big amount. Good thing that they have managed to recover such and it have already got into their possession.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
But it's equally unlikely the hackers deposited the full amount at once, whether it's a mixer or an exchange.
They may have used the exchange before with similar amounts, but the FBI was unaware of the specific TXID associated with other ransom payments in the past, so they wouldn't have been able to seize the funds in the account until now.


What makes me believe the US government is running a mixer is this quote from a CNBC article:
Quote
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
If that's true, I'd expect the hackers to share what happened. What are the odds of the hacker using the one mixer owned by the Feds?
If you are trying to maximize your privacy with a mixer, and are afraid the government is running a mixer as means to monitor transactions, you would send all of your coin through multiple mixers. You won't gain any additional privacy if you split up your coin as you are moving it through the various mixers if you ever recombine your inputs, and this includes cashing out via the same exchange, even if you are making multiple deposits to the exchange. I would also make a similar point as I did above, as the hackers may have used the mixer in the past for similar amounts, but the FBI did not know at the time that stolen coin was being processed via their mixer.


I wonder if this article is related: The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting.

The FBI was apparently helping develop a "secure" app, Anom that encrypts messages sent to other Anom users, and inserted a weakness in the encryption such that the FBI was able to trivially decrypt the messages remotely.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013

-Cracked the encryption


I think everyone who believes this should have a good read here about why is impossible for the encryption of Bitcoin to be cracked.It is a really good long read which will reiterate that Bitcoin is safe.Don't believe everything that media tells you.Lately massive anti-Bitcoin talk has been going on with latest being Trump talking bad about it.

https://www.pluralsight.com/guides/the-cryptography-of-bitcoin
hero member
Activity: 2968
Merit: 687
the answer is in the headline

they traced the WALLET. not the address

meaning they didnt brute force the address. they instead dont other things to locate the software of the human ransomer.
then they simply sent funds from that wallet to the FBI seizure address

knowing the specifics of how they traced the WALLET are not important. but the fact that it was via the WALLET of the ransomer is revealing enough
Havent heard out the news until I do read this up and make out some own clarifications on my mind on hearing or reading it out about retrieval of funds which I did say

to myself that its impossible for some recovery via made with bitcoin address directly and I was right that it wasn't directly talking about the address itself but it was on the wallet or software been used.

Honestly, im not already surprised that some people do really end up on having different understanding on first few read ups until its verified.
legendary
Activity: 4424
Merit: 4794
the answer is in the headline

they traced the WALLET. not the address

meaning they didnt brute force the address. they instead dont other things to locate the software of the human ransomer.
then they simply sent funds from that wallet to the FBI seizure address

knowing the specifics of how they traced the WALLET are not important. but the fact that it was via the WALLET of the ransomer is revealing enough
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
But it's equally unlikely the hackers deposited the full amount at once, whether it's a mixer or an exchange.

They didn't recover 100% payment but 85% instead.
Still: why trust any third party with millions of dollars at once?

What makes me believe the US government is running a mixer is this quote from a CNBC article:
Quote
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
If that's true, I'd expect the hackers to share what happened. What are the odds of the hacker using the one mixer owned by the Feds?
sr. member
Activity: 1988
Merit: 453
If dkbit98's post can be trusted, then it seems like the FBI played a very intelligent game. Either they tricked the hackers to send the coins to a wallet controlled by them (by convincing them that they are some sort of money launderers and they could help the hackers in converting the coins to fiat in an anonymous manner), or they contacted the Gemini admins and seized the coins with their help. Either way, the hackers seems to be a bunch of noobs who were in a hurry to cash out. And in the end they lost all those coins and most probably within a few days they will get arrested as well.
legendary
Activity: 2898
Merit: 1823

-Cracked the encryption


It is laughable that someone would even suggest that. I’m very confident nothing was involved with a Bitcoin wallet being hacked/cracked by the FBI. BUT, nocoiners won’t care and will spread the FBI HACK FUD just the same.

legendary
Activity: 2212
Merit: 7064
Look at the facts and the bigger picture, then investigate what is happening with Bitcoin following @ErgoBTC tweets and transactions on OXT explorer.
Gemini exchange was used and not Coinbase like it was claimed before, but this looks very much like a inside job or they hired some hackers for this job, and at least there are lot of unexplained things around this topic.
Several days ago they claimed how FBI seized some server that was hired by hackers, and only question I have now is what new hack are we going to see in next few weeks... resulting in less privacy and more regulations for regular people.


https://twitter.com/ErgoBTC/status/1402070662756421632

Its negligent just to act if nothing has happened.
I never said nothing is happened, something is obviously happening in front of our eyes but not what majority of people thinks.
full member
Activity: 406
Merit: 114
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

FBI, NSA, CIA, DHS actually is working on something technical like Quantum computing, but going down that direction would be wishful thinking on my part.

FBI did not obtain the private keys.  Instead, they took legal action against an exchange or some kind of custodial wallet that has server in Northern California (Hint: Coinbase).  Those idiot "hackers" were grossly incompetent!



It is quite possible that half of the "hacking team" were incompetent.  I've been reading that the ransomware creators will partner with anyone with access to a business like this one, and split the ransom.  Since it was about half the ransom recovered, it would not surprise me if this was the half of some dope within the company trying to make a quick couple million.
hero member
Activity: 2268
Merit: 588
You own the pen
That's one of the good news and a great accomplishment for the FBI, one of the problems in the crypto industry is this kind of ransomware. They have some strategies that are hard to spot and they will scam people throughout the world with their malicious software. They don't need to publish how they did it because those guys are fast on how they divert their strategy from the others. Looks like their work is not yet done and they are planning something on publishing this only news.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.
Even if its just a narrative they spin in order to make others doubt the security model of Bitcoin. If somebody manages to investigate the story properly it weakens the narrative of governments and mainstream media dramatically!

Tinfoil mod activated!The evil narrative of the evil gubbermint and the evil mainstream media!
What narrative? They didn't tell one thing, they said they will not reveal anything, where is the narrative when you're not saying a word? The only narrative is here where some users without even knowing a single detail other than the address in question are coming with different scenarios and are rising conspiracy theories after theories.

But of course, the government is full of idiots, the hackers are idiots, the only the knowledge is all owned by some random users who most dismiss this not because they have a real motive about but for the simple fact that they can't understand! But sure, government and the FBI are idiots who don't know a thing about bitcoin, that's why they can get their hands on thousands after thousands of coins, that's how they can bring down dark market websites, that's how they find vulnerabilities in tor, because they are idiots.

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

It might be the case, as they did run some miners after they have seized the servers in the past and maybe even now they are running a few they've built themselves but the whole thing doesn't look like somebody trying to mix coins, I doubt anyone would try to mix large sums at once and through a single service, when you deal with illegal stuff you don't trust anyone. The whole thing is a bit puzzling, especially the private key stuff, and at first glance, the private server with a hot wallet seems to be the most plausible explanation but why would they choose that way of doing things, no idea.
jr. member
Activity: 46
Merit: 13
edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?

All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
This must be some very stupid russian hackers or very stupid federal agents, and both of them don't know how to use tor, vpn and non-custodial wallets.
Someone may wonder why would they do something like this, how about more regulations, reducing privacy and total control of everything we are doing online and offline.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.

That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI.
C'mon man... be serious and ask yourself how would they know everything in advance if they were not involved in this scheme.
This hackers sure likes to hack things Oil and Meat industry, probably Coal will be next on their list and I wonder why...  Roll Eyes


Although I can understand your point, it still would be beneficial to the community to understand how this whole story evolved. Its negligent just to act if nothing has happened. Even if its just a narrative they spin in order to make others doubt the security model of Bitcoin. If somebody manages to investigate the story properly it weakens the narrative of governments and mainstream media dramatically!
legendary
Activity: 2212
Merit: 7064
edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?

All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
This must be some very stupid russian hackers or very stupid federal agents, and both of them don't know how to use tor, vpn and non-custodial wallets.
Someone may wonder why would they do something like this, how about more regulations, reducing privacy and total control of everything we are doing online and offline.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.

That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI.
C'mon man... be serious and ask yourself how would they know everything in advance if they were not involved in this scheme.
This hackers sure likes to hack things Oil and Meat industry, probably Coal will be next on their list and I wonder why...  Roll Eyes
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh
Really, really small.

Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further?
That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI. I believe there are lots of things in the background we're unaware of, but I guess the mixing would be the most logical. They didn't recover them all, so the hackers may tried the mixer firstly just to see if it's properly working.

I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
Try mixing 60 BTC with CoinJoin.  Tongue
newbie
Activity: 5
Merit: 5
The FBI may have had a CI, or may have had an agent undercover himself in one of these communities

Yep, this sounds much more reasonable than any other theories...

I'd say blowing a virtual identity for this particular incident seems totally worth it. They managed to send a strong message.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
...and as such, I believe discredits the theory the FBI was able to hack the hacking group.

I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further? 

..I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
Mixing 60 BTC+ via CJ is not trivial with today's prices.

I had thought about the possibility that the FBI scammed the hackers via some promise that was unrelated to being a mixer. I am not familiar with the communities the hackers may be a part of. The FBI may have had a CI, or may have had an agent undercover himself in one of these communities, but I would think seizing the coin would blow the cover of either the CI or undercover agent.
Pages:
Jump to: