Talking about this with friends. FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it. How do you think they got it back?
Our theories are:
-Traced it to an exchange, Forced it to be turned over
It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.
The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.
I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
Seems plausible. They would still need a seizure warrant, I assume, right? I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.
If you are going to cash out $2 million+ worth of crypto, you
need to eventually move it to an exchange. If it was an exchange that the DOJ has authority over, I would think they would have made it public they had returned the stolen coin.
What makes me believe the US government is running a mixer is this quote from a
CNBC article:
I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.
Probably not. The address the coin was seized from is bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq according to paragraph 33 of the
affidavit in support of the warrant. It is clear there is a link from the ransom payment to the seized address. The private key in question actually has ~69 BTC, but some of it cannot be traced to the ransom payment.
The warrant also says the FBI has access to the private key of the above address. I would find it hard to believe an exchange would hand over one of their private keys, I think they would move the coin to a fresh address, not created on their production servers. This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?