Pages:
Author

Topic: FBI says it recovered $2 million in Bitcoin Ransomware payment... How? - page 2. (Read 395 times)

newbie
Activity: 5
Merit: 5
...and as such, I believe discredits the theory the FBI was able to hack the hacking group.

I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further?  

..I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?

Sorry I didn't get it - What did you mean by creating private keys on a new server (who?) & how is it related to the possibility that FBI might have hacked the hackers? Thanks
Well coin was sent to bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq on May 27. Why was the coin sent to this address that day? Under what circumstances?

If the above address was created by the hacking group, it would have been done so on a server the FBI was able to compromise and access the private key. When coin was sent to the above address, every address spend-linked to the address was zero'ed out, so it is theoretically possible the FBI was able to compromise the server the private keys were being stored in when the hacking group was receiving ransom payments. Being that the group had previously announced they are shutting down, it is not unreasonable to believe they were in the process of cashing out all of the payments they had received in their various hacking endeavors.

If bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq was created on a new server the FBI compromised, the hacking group would have created a new private key on a new server. There would be no reason for the hacking group to do this, and as such, I believe discredits the theory the FBI was able to hack the hacking group.
member
Activity: 1162
Merit: 58
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
asking how? lol as If FBI will reveal what strategy they use to make this happen. This is a sacred action mate and that is what they are mastering now . and i think This will continue developing not only from Ransom detecting but also the hacking and scamming in which rampant in this community.
newbie
Activity: 5
Merit: 5
This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?

Sorry I didn't get it - What did you mean by creating private keys on a new server (who?) & how is it related to the possibility that FBI might have hacked the hackers? Thanks
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

I would have believed this joke.. but then I noticed "Tesla". Do you really want us to believe that Tesla, which can't even produce quality EVs is going to somehow produce a quantum computer which can crack the Bitcoin private key?  Grin First let them take care of their overpriced pieces of junk, rather than poking their nose at things that are beyond their comprehension. Obviously Elon Musk will put up a tweet claiming that he will work with the "Dogecoin developers" to make it possible and the market will sing praises for him.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.

Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.
If you are going to cash out $2 million+ worth of crypto, you need to eventually move it to an exchange. If it was an exchange that the DOJ has authority over, I would think they would have made it public they had returned the stolen coin.

What makes me believe the US government is running a mixer is this quote from a CNBC article:
I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.
Probably not. The address the coin was seized from is bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq according to paragraph 33 of the affidavit in support of the warrant. It is clear there is a link from the ransom payment to the seized address. The private key in question actually has ~69 BTC, but some of it cannot be traced to the ransom payment.

The warrant also says the FBI has access to the private key of the above address. I would find it hard to believe an exchange would hand over one of their private keys, I think they would move the coin to a fresh address, not created on their production servers. This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/

The first option seems to be the most possible one out of the three. It is virtually impossible to crack the encryption. If they are indeed capable of cracking the encryption, then the value of Bitcoin will become close to zero. And the second option is also very unlikely. Because I don't expect the hackers to be some noobs, who would use compromised emails or simple passwords. It looks to me that the hackers were in a hurry to cash out, and they sent a part of their stash to an exchange where it was seized and handed over to the FBI.
member
Activity: 141
Merit: 62
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

FBI, NSA, CIA, DHS actually is working on something technical like Quantum computing, but going down that direction would be wishful thinking on my part.

FBI did not obtain the private keys.  Instead, they took legal action against an exchange or some kind of custodial wallet that has server in Northern California (Hint: Coinbase).  Those idiot "hackers" were grossly incompetent!

newbie
Activity: 5
Merit: 5
Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.

I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.


The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
...
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.

DOJ Statement: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

The thing is, they explicitly stated they had the private key "in possession" in the affidavit. That was before they received the warrant I believe. The warrant only granted them right to move the fund - but it seems the FBI did not obtain the key via legal seizure.

If that address was indeed a custodial one, then the timeline would be:

1. an exchange gave FBI the key without the presence of a warrant telling it to do so (edit: or there were separate legal actions we haven't heard of yet).
2. the FBI then lodged an affidavit in the morning of 7 Jun 2021 (https://www.justice.gov/opa/press-release/file/1402056/download), which basically said "I have the key please let me move the coins"
3. the FBI received warrant on the same day, 9:10 am (https://www.justice.gov/opa/press-release/file/1402051/download)
4. then they made the transfer at 10:40am (https://www.blockchain.com/btc/tx/943f2d576ed8d9f388ba75eb82fe35cce29479b84121827ac368a5a94f44cf7a)

This seems off... unless we take away (1) and assume FBI somehow got the key on their own. I mean, if they managed to get the key from an exchange, why didn't they have a warrant ready at the time?

edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?
legendary
Activity: 2062
Merit: 1035
Fill Your Barrel with Bitcoins!
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.

Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.

I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.


The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
...
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.

DOJ Statement: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
member
Activity: 166
Merit: 16
I read some info from twitter.
They didn't recover 100% payment but 85% instead.

I guess
1.The hacker didn't move all the funds to certain exchange.
or
2.FBI didn't control 100% addresses of the mixer service which hacker used.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
sr. member
Activity: 845
Merit: 267
they seized the account following the money trail of 75 btc
full member
Activity: 406
Merit: 114
Interesting, reading that thread, the FBI claimed in their court filings they had the private keys to one of the accounts used by the hackers.  Seems very unlikely, unless again, it was moved to an exchange and the exchange gave them the keys.
newbie
Activity: 8
Merit: 20
This 'independent journalist' on Twitter says the Feds filed a warrant and may have seized it from a custodial wallet or exchange:

https://twitter.com/JordanSchachtel/status/1401996717394960389?s=20
full member
Activity: 406
Merit: 114
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
Pages:
Jump to: