Author

Topic: FBI says it recovered $2 million in Bitcoin Ransomware payment... How? (Read 390 times)

legendary
Activity: 2674
Merit: 1226
Livecasino, 20% cashback, no fuss payouts.
It's easy I don't know why people can't think of it. Remember when Interpol and FBI and whatevernot raided Silk Road merchants and then took all their Bitcoin?

So of course most likely they raided and got private keys.

Or, they beat the hell out of the idiots and forced them to give up the keys. Easy.
full member
Activity: 1498
Merit: 146
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
If FBI managed to get the private keys of thhe hackers wallet then they no need to dump the reason, atleast they will say that bitcoin is not safe anymore since they managed to breach private keys.

Either the hacker made a mistake by sending the money to centralized exchanges or the government itself just framing in that way due to extra pressure.
hero member
Activity: 3038
Merit: 617


It was said that FBI uses the legal way to get access to the exchange wallet used by the hackers. They did not hack BTC or anything with an innovation. It's impossible to do that to blockchain and they know that. 

The government hated BTC so much so FBI should just shut it down if they can do it or if they can hack Bitcoin wallets they should be doing that to Satoshi's wallet but no they can't do it.


legendary
Activity: 2576
Merit: 1252
Leading Crypto Sports Betting & Casino Platform
FBI will not really share any decent information regarding how they have traced and recovered the amount that have been hacked back to the possession because it is part of the investigation process. But as the OP have the theory on how they have made it, such ways are the possible things to be done to trace and recover those big amount. Good thing that they have managed to recover such and it have already got into their possession.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
But it's equally unlikely the hackers deposited the full amount at once, whether it's a mixer or an exchange.
They may have used the exchange before with similar amounts, but the FBI was unaware of the specific TXID associated with other ransom payments in the past, so they wouldn't have been able to seize the funds in the account until now.


What makes me believe the US government is running a mixer is this quote from a CNBC article:
Quote
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
If that's true, I'd expect the hackers to share what happened. What are the odds of the hacker using the one mixer owned by the Feds?
If you are trying to maximize your privacy with a mixer, and are afraid the government is running a mixer as means to monitor transactions, you would send all of your coin through multiple mixers. You won't gain any additional privacy if you split up your coin as you are moving it through the various mixers if you ever recombine your inputs, and this includes cashing out via the same exchange, even if you are making multiple deposits to the exchange. I would also make a similar point as I did above, as the hackers may have used the mixer in the past for similar amounts, but the FBI did not know at the time that stolen coin was being processed via their mixer.


I wonder if this article is related: The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting.

The FBI was apparently helping develop a "secure" app, Anom that encrypts messages sent to other Anom users, and inserted a weakness in the encryption such that the FBI was able to trivially decrypt the messages remotely.
legendary
Activity: 3318
Merit: 1247
Bitcoin Casino Est. 2013

-Cracked the encryption


I think everyone who believes this should have a good read here about why is impossible for the encryption of Bitcoin to be cracked.It is a really good long read which will reiterate that Bitcoin is safe.Don't believe everything that media tells you.Lately massive anti-Bitcoin talk has been going on with latest being Trump talking bad about it.

https://www.pluralsight.com/guides/the-cryptography-of-bitcoin
hero member
Activity: 2968
Merit: 687
the answer is in the headline

they traced the WALLET. not the address

meaning they didnt brute force the address. they instead dont other things to locate the software of the human ransomer.
then they simply sent funds from that wallet to the FBI seizure address

knowing the specifics of how they traced the WALLET are not important. but the fact that it was via the WALLET of the ransomer is revealing enough
Havent heard out the news until I do read this up and make out some own clarifications on my mind on hearing or reading it out about retrieval of funds which I did say

to myself that its impossible for some recovery via made with bitcoin address directly and I was right that it wasn't directly talking about the address itself but it was on the wallet or software been used.

Honestly, im not already surprised that some people do really end up on having different understanding on first few read ups until its verified.
legendary
Activity: 4410
Merit: 4788
the answer is in the headline

they traced the WALLET. not the address

meaning they didnt brute force the address. they instead dont other things to locate the software of the human ransomer.
then they simply sent funds from that wallet to the FBI seizure address

knowing the specifics of how they traced the WALLET are not important. but the fact that it was via the WALLET of the ransomer is revealing enough
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
But it's equally unlikely the hackers deposited the full amount at once, whether it's a mixer or an exchange.

They didn't recover 100% payment but 85% instead.
Still: why trust any third party with millions of dollars at once?

What makes me believe the US government is running a mixer is this quote from a CNBC article:
Quote
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
If that's true, I'd expect the hackers to share what happened. What are the odds of the hacker using the one mixer owned by the Feds?
sr. member
Activity: 1988
Merit: 453
If dkbit98's post can be trusted, then it seems like the FBI played a very intelligent game. Either they tricked the hackers to send the coins to a wallet controlled by them (by convincing them that they are some sort of money launderers and they could help the hackers in converting the coins to fiat in an anonymous manner), or they contacted the Gemini admins and seized the coins with their help. Either way, the hackers seems to be a bunch of noobs who were in a hurry to cash out. And in the end they lost all those coins and most probably within a few days they will get arrested as well.
legendary
Activity: 2898
Merit: 1823

-Cracked the encryption


It is laughable that someone would even suggest that. I’m very confident nothing was involved with a Bitcoin wallet being hacked/cracked by the FBI. BUT, nocoiners won’t care and will spread the FBI HACK FUD just the same.

legendary
Activity: 2212
Merit: 7064
Look at the facts and the bigger picture, then investigate what is happening with Bitcoin following @ErgoBTC tweets and transactions on OXT explorer.
Gemini exchange was used and not Coinbase like it was claimed before, but this looks very much like a inside job or they hired some hackers for this job, and at least there are lot of unexplained things around this topic.
Several days ago they claimed how FBI seized some server that was hired by hackers, and only question I have now is what new hack are we going to see in next few weeks... resulting in less privacy and more regulations for regular people.


https://twitter.com/ErgoBTC/status/1402070662756421632

Its negligent just to act if nothing has happened.
I never said nothing is happened, something is obviously happening in front of our eyes but not what majority of people thinks.
full member
Activity: 406
Merit: 114
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

FBI, NSA, CIA, DHS actually is working on something technical like Quantum computing, but going down that direction would be wishful thinking on my part.

FBI did not obtain the private keys.  Instead, they took legal action against an exchange or some kind of custodial wallet that has server in Northern California (Hint: Coinbase).  Those idiot "hackers" were grossly incompetent!



It is quite possible that half of the "hacking team" were incompetent.  I've been reading that the ransomware creators will partner with anyone with access to a business like this one, and split the ransom.  Since it was about half the ransom recovered, it would not surprise me if this was the half of some dope within the company trying to make a quick couple million.
hero member
Activity: 2268
Merit: 588
You own the pen
That's one of the good news and a great accomplishment for the FBI, one of the problems in the crypto industry is this kind of ransomware. They have some strategies that are hard to spot and they will scam people throughout the world with their malicious software. They don't need to publish how they did it because those guys are fast on how they divert their strategy from the others. Looks like their work is not yet done and they are planning something on publishing this only news.
legendary
Activity: 2912
Merit: 6403
Blackjack.fun
All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.
Even if its just a narrative they spin in order to make others doubt the security model of Bitcoin. If somebody manages to investigate the story properly it weakens the narrative of governments and mainstream media dramatically!

Tinfoil mod activated!The evil narrative of the evil gubbermint and the evil mainstream media!
What narrative? They didn't tell one thing, they said they will not reveal anything, where is the narrative when you're not saying a word? The only narrative is here where some users without even knowing a single detail other than the address in question are coming with different scenarios and are rising conspiracy theories after theories.

But of course, the government is full of idiots, the hackers are idiots, the only the knowledge is all owned by some random users who most dismiss this not because they have a real motive about but for the simple fact that they can't understand! But sure, government and the FBI are idiots who don't know a thing about bitcoin, that's why they can get their hands on thousands after thousands of coins, that's how they can bring down dark market websites, that's how they find vulnerabilities in tor, because they are idiots.

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

It might be the case, as they did run some miners after they have seized the servers in the past and maybe even now they are running a few they've built themselves but the whole thing doesn't look like somebody trying to mix coins, I doubt anyone would try to mix large sums at once and through a single service, when you deal with illegal stuff you don't trust anyone. The whole thing is a bit puzzling, especially the private key stuff, and at first glance, the private server with a hot wallet seems to be the most plausible explanation but why would they choose that way of doing things, no idea.
jr. member
Activity: 46
Merit: 13
edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?

All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
This must be some very stupid russian hackers or very stupid federal agents, and both of them don't know how to use tor, vpn and non-custodial wallets.
Someone may wonder why would they do something like this, how about more regulations, reducing privacy and total control of everything we are doing online and offline.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.

That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI.
C'mon man... be serious and ask yourself how would they know everything in advance if they were not involved in this scheme.
This hackers sure likes to hack things Oil and Meat industry, probably Coal will be next on their list and I wonder why...  Roll Eyes


Although I can understand your point, it still would be beneficial to the community to understand how this whole story evolved. Its negligent just to act if nothing has happened. Even if its just a narrative they spin in order to make others doubt the security model of Bitcoin. If somebody manages to investigate the story properly it weakens the narrative of governments and mainstream media dramatically!
legendary
Activity: 2212
Merit: 7064
edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?

All this cyber attack story is fake coordinated shit and I don't trust anything I hear from government sources and mainstream media anymore.
This must be some very stupid russian hackers or very stupid federal agents, and both of them don't know how to use tor, vpn and non-custodial wallets.
Someone may wonder why would they do something like this, how about more regulations, reducing privacy and total control of everything we are doing online and offline.
Don't trust this and any other future ''Cyber Attacks'' you hear on news, and investigate for yourself.

That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI.
C'mon man... be serious and ask yourself how would they know everything in advance if they were not involved in this scheme.
This hackers sure likes to hack things Oil and Meat industry, probably Coal will be next on their list and I wonder why...  Roll Eyes
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh
Really, really small.

Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further?
That's probably what happened. The hackers needed to launder their bitcoins and they somehow got scammed by the FBI. I believe there are lots of things in the background we're unaware of, but I guess the mixing would be the most logical. They didn't recover them all, so the hackers may tried the mixer firstly just to see if it's properly working.

I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
Try mixing 60 BTC with CoinJoin.  Tongue
newbie
Activity: 5
Merit: 5
The FBI may have had a CI, or may have had an agent undercover himself in one of these communities

Yep, this sounds much more reasonable than any other theories...

I'd say blowing a virtual identity for this particular incident seems totally worth it. They managed to send a strong message.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
...and as such, I believe discredits the theory the FBI was able to hack the hacking group.

I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further? 

..I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
Mixing 60 BTC+ via CJ is not trivial with today's prices.

I had thought about the possibility that the FBI scammed the hackers via some promise that was unrelated to being a mixer. I am not familiar with the communities the hackers may be a part of. The FBI may have had a CI, or may have had an agent undercover himself in one of these communities, but I would think seizing the coin would blow the cover of either the CI or undercover agent.
newbie
Activity: 5
Merit: 5
...and as such, I believe discredits the theory the FBI was able to hack the hacking group.

I see, that makes sense. So if we rule out the possibilities that an exchange just handed FBI their key; and that the FBI hacked the hackers; and (of course) that FBI cracked bitcoin with quantum computers... what are the odds?  Huh Could it be possible that the FBI somehow scammed the hacker with their mixer, and only then applied for a warrant to move the coins further?  

..I'm also surprised that the hackers didn't even bother to try something like CoinJoin first.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?

Sorry I didn't get it - What did you mean by creating private keys on a new server (who?) & how is it related to the possibility that FBI might have hacked the hackers? Thanks
Well coin was sent to bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq on May 27. Why was the coin sent to this address that day? Under what circumstances?

If the above address was created by the hacking group, it would have been done so on a server the FBI was able to compromise and access the private key. When coin was sent to the above address, every address spend-linked to the address was zero'ed out, so it is theoretically possible the FBI was able to compromise the server the private keys were being stored in when the hacking group was receiving ransom payments. Being that the group had previously announced they are shutting down, it is not unreasonable to believe they were in the process of cashing out all of the payments they had received in their various hacking endeavors.

If bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq was created on a new server the FBI compromised, the hacking group would have created a new private key on a new server. There would be no reason for the hacking group to do this, and as such, I believe discredits the theory the FBI was able to hack the hacking group.
member
Activity: 1162
Merit: 58
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
asking how? lol as If FBI will reveal what strategy they use to make this happen. This is a sacred action mate and that is what they are mastering now . and i think This will continue developing not only from Ransom detecting but also the hacking and scamming in which rampant in this community.
newbie
Activity: 5
Merit: 5
This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?

Sorry I didn't get it - What did you mean by creating private keys on a new server (who?) & how is it related to the possibility that FBI might have hacked the hackers? Thanks
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

I would have believed this joke.. but then I noticed "Tesla". Do you really want us to believe that Tesla, which can't even produce quality EVs is going to somehow produce a quantum computer which can crack the Bitcoin private key?  Grin First let them take care of their overpriced pieces of junk, rather than poking their nose at things that are beyond their comprehension. Obviously Elon Musk will put up a tweet claiming that he will work with the "Dogecoin developers" to make it possible and the market will sing praises for him.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.

Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.
If you are going to cash out $2 million+ worth of crypto, you need to eventually move it to an exchange. If it was an exchange that the DOJ has authority over, I would think they would have made it public they had returned the stolen coin.

What makes me believe the US government is running a mixer is this quote from a CNBC article:
I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.
Probably not. The address the coin was seized from is bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq according to paragraph 33 of the affidavit in support of the warrant. It is clear there is a link from the ransom payment to the seized address. The private key in question actually has ~69 BTC, but some of it cannot be traced to the ransom payment.

The warrant also says the FBI has access to the private key of the above address. I would find it hard to believe an exchange would hand over one of their private keys, I think they would move the coin to a fresh address, not created on their production servers. This would leave the possibility that FBI was able to somehow hack the hackers, but IMO this would not make sense, because why would they be creating private keys on a new server?
legendary
Activity: 3346
Merit: 1352
Leading Crypto Sports Betting & Casino Platform
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/

The first option seems to be the most possible one out of the three. It is virtually impossible to crack the encryption. If they are indeed capable of cracking the encryption, then the value of Bitcoin will become close to zero. And the second option is also very unlikely. Because I don't expect the hackers to be some noobs, who would use compromised emails or simple passwords. It looks to me that the hackers were in a hurry to cash out, and they sent a part of their stash to an exchange where it was seized and handed over to the FBI.
member
Activity: 141
Merit: 62
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.

FBI, NSA, CIA, DHS actually is working on something technical like Quantum computing, but going down that direction would be wishful thinking on my part.

FBI did not obtain the private keys.  Instead, they took legal action against an exchange or some kind of custodial wallet that has server in Northern California (Hint: Coinbase).  Those idiot "hackers" were grossly incompetent!

newbie
Activity: 5
Merit: 5
Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.

I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.


The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
...
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.

DOJ Statement: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

The thing is, they explicitly stated they had the private key "in possession" in the affidavit. That was before they received the warrant I believe. The warrant only granted them right to move the fund - but it seems the FBI did not obtain the key via legal seizure.

If that address was indeed a custodial one, then the timeline would be:

1. an exchange gave FBI the key without the presence of a warrant telling it to do so (edit: or there were separate legal actions we haven't heard of yet).
2. the FBI then lodged an affidavit in the morning of 7 Jun 2021 (https://www.justice.gov/opa/press-release/file/1402056/download), which basically said "I have the key please let me move the coins"
3. the FBI received warrant on the same day, 9:10 am (https://www.justice.gov/opa/press-release/file/1402051/download)
4. then they made the transfer at 10:40am (https://www.blockchain.com/btc/tx/943f2d576ed8d9f388ba75eb82fe35cce29479b84121827ac368a5a94f44cf7a)

This seems off... unless we take away (1) and assume FBI somehow got the key on their own. I mean, if they managed to get the key from an exchange, why didn't they have a warrant ready at the time?

edit 2 - or, they intentionally lied in the affidavit about having the private key, and used the warrant to force a certain exchange to make the transfer. I'm not even sure if there's a point in doing this - maybe they wanted us to believe they cracked the encryption?
legendary
Activity: 2026
Merit: 1034
Fill Your Barrel with Bitcoins!
They used a Quantum Computer powered by Tesla to reverse engineer the Private Key of course.
legendary
Activity: 2716
Merit: 2093
Join the world-leading crypto sportsbook NOW!
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.

Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.

I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.


The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
...
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.

DOJ Statement: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
member
Activity: 166
Merit: 16
I read some info from twitter.
They didn't recover 100% payment but 85% instead.

I guess
1.The hacker didn't move all the funds to certain exchange.
or
2.FBI didn't control 100% addresses of the mixer service which hacker used.
copper member
Activity: 1666
Merit: 1901
Amazon Prime Member #7
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over

It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.

The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.

I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
sr. member
Activity: 845
Merit: 267
they seized the account following the money trail of 75 btc
full member
Activity: 406
Merit: 114
Interesting, reading that thread, the FBI claimed in their court filings they had the private keys to one of the accounts used by the hackers.  Seems very unlikely, unless again, it was moved to an exchange and the exchange gave them the keys.
newbie
Activity: 8
Merit: 20
This 'independent journalist' on Twitter says the Feds filed a warrant and may have seized it from a custodial wallet or exchange:

https://twitter.com/JordanSchachtel/status/1401996717394960389?s=20
full member
Activity: 406
Merit: 114
Talking about this with friends.  FBI doesn’t give any details, of course, but says they traced it to a Wallet and seized it.  How do you think they got it back?

Our theories are:

-Traced it to an exchange, Forced it to be turned over
-Hacked the hackers
-Cracked the encryption


https://www.usatoday.com/story/news/politics/2021/06/07/cryptocurrency-ransom-paid-colonial-pipeline-hack-mostly-recovered/7589909002/
Jump to: