Topic: Official says US seized cryptocurrency ransom paid to Colonial Pipeline hackers (Read 304 times)

For me the whole thing is kind of extremely funny considering how the government tried to play cards with the hackers themselves and am sure they least expected it. But I do think we also have to understand that the government have made it so easy to track down such things and to get to the end of it, this was just an example how they could be monitoring you right now. Well am not shocked since when they say that they could be earning from Bitcoins and other cryptocurrencies they started taxing them and to make sure people were easy to track they added all the cards and identification alike and connected them to the bank accounts making it far too easy for the FBI to sit back, enjoy the popcorn while we make our small trades and earn a bit. In my bank and my wallet where I trade sometimes when I have some money saved the tax gets pre- deducted and I get the statement in the end of the month. Funny.

Officials say US confiscated cryptocurrencies ransom paid to Colonial Pipeline hackers, maybe all this is uncertain, the FBI may not get the money, but there is also news that officials can get virtual keys that open the contents of wallets, US law enforcement officials also said it had hit back at the Russia-based criminal ring that brought fuel pipelines to a halt in various parts of the US last month.

This is possible but using a VPN before writing a new transaction into a blockchain is a standard step, which every script-kiddie is doing as well. So, I don't think that this explanation is the right one.

I know a special FPGA-based device which is called Copacobana (Cost-Optimized Parallel Code Breaker: https://www.copacobana.org) it was developed in Germany back in 2007 and was able to brute force 65 billion keys per second. This pace gives the attacker a right key after 6-13 days (58bit DES encryption). Source (Wikipedia, sadly written in German): https://de.wikipedia.org/wiki/Copacobana

Here in Bitcoin-Land, a private key has a length of 256 bits, which is significantly longer and increases the number of possibilities exponentially... But, Copacobana was the first code-breaker of its kind built with FPGA-Hardware back in 2007, today they have Rivyera which main strength is its massive scalability to other Rivyera-Engines: https://www.sciengines.com/.

So, In my opinion the private-key was brute-forced by the FBI/NSA or other organization which can afford a datacenter filled with Rivyera-Engines+electricity costs.

Tor was created by the US military to anonymize and protect their own communications with intelligence agents around the world.  Whether that means they can spy on you easily, I don't know.  Perhaps if your traffic is flowing through a government-run node, but otherwise I don't know.

Bitcoin wasn't compromised in this action, as noted the physical server where the bitcoin private keys were stored was seized, allowing the government to have control over the bitcoin there, but absent a mistake like this from the hackers, the bitcoin wouldn't have been recoverable.

Most times, the simplest explanation is usually the correct one. Theres 1 of 2 easy answers.

1) Exchange wallet FBI seized

or slightly more complicated

2) CP paid the ransom. FBI runs their own Bitcoin nodes that allows them to track wallets to IP addresses and hackers didn't use Tor. FBI see's it's a US based IP address. FBI gets warrant to seize the server. Coins located in wallet on server.

Edit: It seems like they (FBI) hired Chainalysis to track the payment.

The question remains: Why would the "hackers" store their coins in an unsecure hosted server? Well, I think this could be explained by the fact that DarkSide ran a RaaS site. DarkSide relies on other hackers to infect systems and when the 3rd parties infect a system and are paid a ransom, DarkSide then redistributes that payment to the 3rd parties (and of course takes a cut). That could explain why wallet security was not a priority, they probably aren't concerned with such a small amount of BTC sitting on a cloud server (of course 1-5 BTC is small amount to a organization ranking in millions in ransom) and weren't prepared for such a large influx of funds. We know CP and the FBI coordinated from the very start, so it's likely the FBI was ready to move swiftly if they had tracked the funds to a server they could seize.

The FBI didn't pay a ransom, it was the company that paid it.
Second, you are free to not believe it but the coins are there, the address has been seized and the FBI holds those coins now, so, you will have to come with a scenario explaining where are those coins coming from, how did they manage to fabricate the links to previously tainted coins and why are the hacking groups silent on this aspect?


Are you sure it doesn't smell fishy just because you refuse to acknowledge facts that you don't like?


You will neer be able to find a way to solve things in a way that everyone is happy
It's good the coins were recovered but this will point out a lot of other problems, where was that sever located? How did the FBI get jurisdiction over it? Where they able to get information by making VPN companies or ISPs hand over the private data of their customers? Those kinds of actions are always going to be like a double edge sword, and there will be always the question on how much info are those agencies gathering and how much they have already gathered about you even before doing anything illegal or showing a hint of doing so!

So how exactly did they go about that, did they find out the location of hackers and maybe arrested or maybe they happened to lay their hands or have access to something that belonged to the hackers? If not like this, I don’t think there is any how they would just magically lay their hands on the money that was sent through cryptocurrency.

By the way I don’t think that FBI is going to disclose how they did that , because they are very good at keeping secret. By the way, I hope the company has gotten back access to their system and are back to work.

I don't how Jordan Schachtel came up with his theory that the ransom funds were recovered from a Coinbase wallet. Our very own NotATether, however, thinks the ransom funds were recovered from a Binance wallet. He/She had made his/her own tracking of the funds and it ended up linked to a Binance.com address.

Either way, the point is that the ransom funds were most probably stored in a centralized exchange where the private keys are in the hands of the company, making them a lot easier to recover. The hackers were good in that they were able to hack Colonial Pipeline but poor in that they stored their proceeds in a wallet which is not under their sole control. Bad move!

I think everyone knows by now that intelligence and surveillance agencies have long held a controlling interest in VPNs, proxies, TOR and anything involving encryption and anonymizing on the internet. As many hacking groups have learned the hard way.

Lack of international cooperation on extradition is likely the biggest obstacle to prosecuting internet criminals. As well as the biggest enabler for how ransomware and electronic crime occurs.

Seizing the ransomware payment proves cryptocurrencies like bitcoin are largely unsuitable as a medium for money laundering and crime. Unfortunately, I doubt many will see it that way. Investors and capitalists often having mentalities revolving around worst case scenarios, some will assume a worst case where the government has broken fundamental aspects of bitcoin encryption. Which I think it is not true.

As everyone said, law enforcement most likely assumed control of the ransomware payment through criminals using a wallet service which was vulnerable.

It was a good move by the US,because by such things some country banning of bitcoin.So it should be done by the US.This thread the person who involve in ransom by using the bitcoin.So by that only good people use the cryptocurrency.This further increase the price of bitcoin to the next level of price.All the countries should take care of such movement in their country.

1) DarkSide put out a message that their servers were compromised and taken down on May 14th and that their Bitcoin had moved to an unknown wallet. Some thought this was just a lie so they could lay low.

2) But yesterday the FBI puts out a press release saying they seized a server hosted by a US cloud company. DarkSide had wallet located on a US based VPS and the FBI tracked the payment from Colonial Pipeline to it and seized it via court order (the warrant likely was for seizure of the server from the cloud company and not to actually move the funds).

Put two and two together.

An update on what we know:

1. The US recovered some (not all) of the ransom paid.
2. The seized ransom was in bitcoins.
3. The funds were recovered because US authorities obtained the private keys that held some of the ransom.
4. It's unknown how authorities obtained the keys, but it was not through a cooperating exchange and had something to do with internet traffic in the US.
5. The FBI obtained a court order to move the coins out of the address holding the ransom.

Pretty much all of the rest is speculation.

I think it is way more likely that somehow they got the hackers and someone confessed and told them how they could access the funds in order to get a reduction of time they will have to serve at jail, while it is obvious governments have the latest and best tools for hacking it is way more simple to appeal to the nature of the people, after all if they can offer a deal to one of the hackers and still put the rest at jail then recovering the funds should be easy, however if the hackers are still free then it is going to be interesting to know how they achieved this.

There is also a chance that FBI actually didn't get the money, but just claimed they got the money back so that they could basically just act as if "if you try to ask for ransom from us, we will catch you and we will get our money back and throw you in jail" so to speak, hell it could be ALL a fake situation, this is FBI we are talking about, these guys (along with NSA and CIA) overthrow whole governments, you think they would be just willingly pay ransom and be fine with that? Of course they are going to make a whole deal out of this. I do not know what really happened but it smells fishy in here and I do not know what it is exactly.

Let's hope that they do not know a method where they can reach wallets because even though I know it is technologically impossible, I still fear that if they ever get their hands on a method like that, they could empty any wallet whenever they want claiming it illegal.

Very much possible! If this news is true, that's really great. I wish FBI will be able to recover all of the ransom paid, every bit of it. My self as a bitcoin holder and supporter, feel immense pain whenever I see bitcoin's involvement in any illegal matters. I hope FBI get a hold on to the hackers and send them behind the bars for a really long time. These kind of incidents actually empowers the bitcoin haters to speak against it.

While this is true, there certainty are some experts on Bitcoin in the government, I think most agents just get cases dropped on their desk regardless of expertise.

Finally, I see some other opinions!
Every time there is a discussion about laws and stuff bitcoiners are the first to criticize the government as being stupid, they don't know what bitcoin is, they don't understand shit when in reality I think there are a lot of agents working in almost every branch that has knowledge on par with the oldest members here that were actually involved in at a technical level. Underestimating those agencies just based on some of their failures simply shows how narrow-minded some are, those agencies would have been long dissolved if they would be that useless, but they are still there and one has to remember that before a lot of people even heard of bitcoin they were infiltrating dark markets and taking user after user down.


Yeah, just after they are done with the border, crisis, the china trade war, the covid drama, the economic recovery, the unemployment...
It might take a while, but they will 

A lot of replies here. Here are my thoughts based on what I've read from multiple sources.

The DarkSide hacking group ran a RaaS (Ransomware as a Service) and the wallet used to payout affiliates was stored on a US based cloud server. The FBI physically seized this (through a court ordered warrant). The server then contained the wallet / private key. We all know it's possible to track a wallet to an IP address. Colonial Pipeline worked with the FBI from the start. The FBI is obviously running their own nodes to be able to track transactions to IP addresses and this is how it was tracked down to the US based cloud server. I'm guessing these hackers used a US based cloud server to avoid firewall/geo-filter rules from many firewalls. (I know we block all non-US IPs on our network).

Someone else here mentioned the FBI hacking the hackers. Yes, this is something the US government has started doing in recent years. Instead of being reactive, they've started to be proactive and going after these hacking groups before they strike in the first place.  

In my opinion, I think crypto should stay anonymous, even if criminals use it, there are people in this forum that think crypto should be traceable. Just because criminals can use it doesn't mean that its bad for it to be non traceable.

And for the mentioned speculation on how the crypto was seized, if the people behind the attack make enough money for it to be headlines, they can afford a 3TB drive, download a node, and host their own wallet. My theory is that they somehow got access to some info (info through file metadata, server ips, the like) and used some kind of security exploit in windows server or linux server. The NSA and other government entities have a large vault of vulnerabilitys. Take the Wannacry Ransomware for example, it used the leaked 'EternalBlue' exploit developed by the NSA to operate.  They then used an exploit or the like to get some kind of access to their server where the wallet was hosted.

Just speculation though !

It is strange that they are not mentioning what Crypto currency it is.... could be anything, XRP / ETH / Dash etc... I reckon if it was Bitcoin, they would have grabbed the opportunity to "name and shame" it. 

The only way for them to seize it, is if the hackers were caught and if they gave up the "Private Key" by themselves OR if the hackers moved the coins through a government controlled Mixer service and then to a KYC (Exchange) that can be used to identify them. 

Will be interested to know how they did this... and kuddos for them to be able to seize that. 

if this is indeed real and not some made up story by US government then it is like all the previous times they caught the hackers. these hackers probably had a completely verified coinbase account that they used to send their bitcoins to and got caught.
there are dozens of stories like this so far!!!

Wonder what cryptocurrency the hacker really used.
It's actually foolish to do that on Bitcoin, seeing how transparent the network is. And I expect the Bitcoin Network participants to be able to handle the issue successfully without breaking the network rules. If the ransom was paid in something else like physical currency or gold, it would be more difficult to trace and retrieve compared to doing so on a transparent currency like Bitcoin. The activities of security agencies on the network has to be Transparent too or atleast Immutable for the sake of playing according to the rules and accountability. Bitcoin makes it easy for the security agencies , so it's important they reciprocate by being accountable.

Was the private keys really retrieved? I'm interested to know how they did it.

It's either conspiracy or his own fault (weak password, not managed properly etc), there's no way FBI could hack the entire blockchain, Bitcoin protocol or even cryptography. Even brute forcing the private keys is almost impossible because there's a lot possibilities of the private keys. This FUDs is really make people scared of Bitcoin, especially for the newcomer that has no idea of Bitcoin itself.

I'm really hope if FBI could sign a messages of the hacker's address and give detailed explanation how they can get the private key, otherwise it's just a rumor.

The way the US seized this crypto currency ransom that was paid to the colonian pipeline hackers are very intriguing. I really cannot think of any possible legal way for them to recover these funds from these hackers except for setting traps with the cooperation of some exchanges. Which is why I am thingking that there really must be something more under the surface than what they are saying because these hackers are not small flies, they are good at what they do. It'll be interesting to know more about this.

Well.. that is the most important question.

Why should the hackers send the coins to a wallet, that is controlled by FBI. There are all sort of possibilities in play here. My theory goes like this:

The FBI guys arrested an individual or a group of individuals, who were operating a Bitcoin mixer. The arrested individuals shared the details of all their cryptocurrency wallets with the FBI (including the private key). The hackers think that the mixer is still in operation and they send the stolen coins to the wallet, in order to wash them.

But someone in this forum claims that the wallet is linked to the Gemini exchange. In that case, I can't really explain what happened.

I'm sure we're not going to see the detailed version, so most likely they'll give bits of information with a lot of missing parts to cover their tracks.

@JordanSchachtel has posted a lot of interesting tweets recently and in one of them he mentions being a "Coinbase wallet".
^{- I'm still not sure which one is the real reason...}

That's not always the case ^{[unfortunately]}.

I think this information here said FBI probably has the private key but for me, I can't say how they were able to get hold of the private key.


With the above, the justice department and the FBI seem to have a synergy to go after hackers. We may be having more revelation on this as the day come.

https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

Just wait until the details are known. We still don't know how the FBI managed to retrieve these coins. In case the hackers sent the coins to an exchange wallet and the exchange handed them over to the FBI, then I would say that the hackers have acted in an idiotic manner. On the other hand, if the FBI had tracked down the hackers somehow and forced them to forfeit the stolen coins, then I would appreciate the FBI. In this case, it would act as a serious deterrent to any such criminal activity in the future.

Well said. I've read another news somewhere in the last 12h, which may or may not be related: some international group was caught with the help of an application that was supposed to offer encrypted messaging, but it was actually owned by NSAFBI. My point is that I would not rule it out that the hackers were telling the private key to each other via the very same "encrypted messaging" app.

Will now US govt pump Bitcoin back to the prices from the moment the ransom was paid?  


Edit: link to the (translated) news is here.

That's actually pretty cool and scary at times because it can help deter the criminal activity in the cryptospace but at the same time when being held by a nefarious hands, this way of seizure could mean that any user in cryptospace is going to be on the cross hairs of that entity and it's only a matter of time.

How else can they get to seize them? The assets have been seized and it appears that the only ones who had access to the funds are the hackers themselves. Tainted or not, this doesn't make the coins more seizable or not.

That wasa ransomware that they used so that means that they will be paid in cryptocurrency like any other ransomware out there. Also, this seizure doesn't mean that they have got it from the hackers, remember that cryptocurrency can be tainted so I don't think there's nothing for this news.

I'm not surprised to hear about this and I wouldn't be surprised to hear that the gov is doing something perhaps... less legal to get to those funds or to persons such as Ross Ublricht.

I feel like they're only acting like they can't do that much about it when in fact they have access to way more information than we think they do. Anyway, it's funny to think that it's illegal for me to hack someone but it's completely legal for authorities to hack me, lol.

It is less likely that the FBI has gotten access to a physical device used by the hackers. There's a mention that the funds were seized from the Russia-based Dark Side. My hunch is that there was indeed a cooperating exchange. After all, Colonial's CEO has also said that the private sector has played an important role in bringing the cybercriminals to accountability. Moreover, the FBI was also able to track the transfers of ransom funds to a certain wallet. It is possible the wallet has got the private keys and cooperated with the investigation.

Really hard to say if they got the private key, but it is really weird if they try to hack back the hackers?

Servers doesn't contained private key, and I believed that the hackers will keep in somewhere safe. So it is really mind boggling, if governments has the ability to track and seized the ransom, then by all means they can get to anyone.

Anyhow, this is clearly an cyber war now against those group of hackers who is targeting, anything, from universities to hospitals to private companies to demand huge amount of money in bitcoins.

According to this article they got the hacker's private key: https://californianewstimes.com/us-says-it-has-recovered-large-portion-of-colonial-pipeline-ransom/383269/
Unclear how, but it mentions some servers being seized, so maybe they got access to a physical device. Or perhaps they got malware onto the device or there was a cooperating exchange.

The Associated Press is reporting that US authorities have seized the ransom that was paid to the Colonial Pipeline hackers.  Since the payment was made in cryptocurrency, I'm actually really interested in what they're going to say at the press conference later about how they "seized" the ransom.