The U.S. Department of Justice claimed a major blockchain victory on Monday against cybercriminals with the recovery of $2.3 million, about half the ransom collected by hackers who broke into computer files at Colonial Pipeline in April and demanded to be paid in Bitcoin or keep the files locked forever.
Cryptocurrencies are notoriously favored by terrorists and thieves because they offer anonymity, only exist digitally and are hard to trace, according to law enforcement.
The interruption at Colonial Pipeline forced drivers to line up for gas until executives paid 75 Bitcoins in ransom — about $4.3 million at the time. When the hackers — identified by the FBI as Russia-linked cybercrime group DarkSide — unlocked the files, the gas started flowing again and so did the trail of evidence.
“Agents at the FBI’s Cyber Crimes Squad in San Francisco knew something that it seems many people forget: Every Bitcoin transaction is traceable. They’re recorded in a public distributed ledger,” Tim Culpan wrote for Bloomberg News.
Ransomware is very seldom recovered, said April Falcon Doss, executive director of the Institute for Technology Law and Policy at Georgetown Law, in an NPR report. She described it as “a really big win” for the government. “What we don’t know is whether or not this is going to pave the way for future similar successes.”
The blockchain could actually be a good thing for law-enforcement, said former Wall Street analyst Charles Payne, host of the Fox Business show, “Making Money with Charles Payne.”
“Those who I’ve brought on my show that really understand this say that blockchain itself, as a public ledger, has always been actually a better place for law enforcement to be able to use and go after criminals,” Payne said.
Anyone can trace movement to and from any given crypto address and that’s what the FBI did, using a blockchain explorer — a crypto search engine — to literally follow the money.
When the hackers asked for a ransom to be paid in Bitcoin, they had to leave their address. “Getting the money is always the weak point in any kidnapping or hijacking scheme, and this one was no different,” Bloomberg reported.
Armed with the address where 75 Bitcoins were paid, the FBI tracked movement at that address. In the digital world, it’s simple to transfer Bitcoins to other addresses, over and over again, obscuring the trail and masking the flow of funds — something akin to money laundering. By May 27, the FBI had identified at least 24 different Bitcoin addresses used in the distribution. Eventually, 69.6 Bitcoins out of the total of 75 were funneled back to one last address. The feds closed in and pounced.
Most cryptography protocol works on a public-private key. The public key is similar to an email address, and the private key is an extremely long password that’s almost impossible to guess.
Somehow, the FBI had the private key for this last address and they haven’t gone public with how they got it. Maybe the FBI hacked the hackers, or someone else did and gave them the key, or maybe an informant handed it over. It’s also possible that this final address didn’t belong to the hackers, but to a cryptocurrency exchange.
“It’s a widely misunderstood feature of centralized exchanges that people who think they have Bitcoin don’t actually have Bitcoin,” Culpan wrote. “Instead, that Bitcoin sits in the wallet of an exchange, like Coinbase, and all the customer has is what’s akin to an IOU. The private key resides with the exchange, not the customer, giving rise to the mantra: If you don’t own your private keys, you don’t own your Bitcoin.”
Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin…