4 min read

Bitcoin was not hacked…how FBI got access to the funds of the ransom?

Bitcoin was not hacked…how FBI got access to the funds of the ransom?

Today headlines are on one side something extraordinary, but on the other caused some FUD in the crypto community, believing bitcoin was hacked.

I'm talking about the recovery of $2.3M worth of Bitcoin by the FBI from the ransomware group that hacked the Colonial Pipeline company and extorted 75BTC from them. I will explain what has happened, who was hacked, why ransom was paid—all in the correct order.

All information was taken from wired.com, ArsTechnica.com, and Twitter.

Colonial Pipeline hack

On May 7th, the Colonial Pipeline company, which operates a pipeline that carries gasoline, diesel fuel, and natural gas along a 5,500 mile path from Texas to New Jersey, released a  statement  confirming  reports  that ransomware hackers had hit its network. In response, Colonial Pipeline says it shut down parts of the pipeline's operation in an attempt to contain the threat.

Nearly a week after, the company's CEO had decided to pay ransom to the attackers so Colonial Pipeline could resume its system. Company has paid a 75 BTC, where at the time of the transfer, it was worth as much as $5M.

The decision wasn't easy, especially as the FBI and other law enforcement groups recommend not to pay extortion fees in cases like this. As arstechnica.com correctly points out.

"In practice, many organizations resort to paying. They either don't have the backups and other infrastructure necessary to recover otherwise, can't or don't want to take the time to recover on their own, or decide that it's cheaper to just quietly pay the ransom and move on."

I can't say if that was a good decision or not as I don't have the complete picture and how things were in its IT department. One thing is sure. Other groups seeing the payments are done, may encourage them to send ransomware to other places, critical for a country and to health and lives, like hospitals where patients can die.

I won't go into many details, as ArsTechnica wrote an excellent article about this subject. Go check it out.

Colonial Pipeline paid a $5 million ransom—and kept a vicious cycle turning
Stopping payments would go a long way to stopping ransomware.

Rescue mission

On Monday (8th of June), US Justice Department said it had traced 63.7 of the 75 BTC Colonial Pipeline paid to DarkSide group. The Justice Department officials didn't say how they obtained the digital currency other than to say they seized it from a bitcoin wallet through court documents filed in the Northern District of California.

The seizure is consistent with statements from  almost four weeks ago  attributed to a DarkSide team leader. Without providing evidence, the post claimed that the group's website and content-distribution infrastructure had been seized by law enforcement, along with all the cryptocurrency it had received from victims.

As @UnderTheBreach reports

Unfortunately, many people started to think the FBI had a way to crack into any BTC wallet and FUD has begun. People started panic selling their funds, causing the bitcoin price to drop.

I hope the explanation above shows that wasn't the case. If you still think it could be the case, and NSA could do it if they wanted to. Please take your time and read about Bitcoin's underlying technology and how it works.

I couldn't agree more.


ArsTechnica original article -> US seizes $2.3 million Colonial Pipeline paid to ransomware attackers.
The rest of the articles were linked in the text above.

Thanks for reading, and if you like my writing, you can subscribe to my blog to receive the daily newsletter as I'm currently in the middle of 100 days of blogging challenge. Subscription box below 👇

If the newsletter is not your thing, check out my Twitter @adrianhetman, where I post and share exciting news from the Blockchain world and security.

See you tomorrow!