DOJ Claims It Recovered Millions in Bitcoin Paid to Colonial Pipeline Hackers
The explanation raises a lot of questions. How did the DOJ get the key to access the Bitcoin? Was the professional hacker group that sloppy?
The Department of Justice announced it recovered millions in Bitcoin that Colonial Pipeline paid DarkSide after a ransomware attack shut down the main pipeline for gas on the East Coast.
But many crypto experts raised their eyebrows with this announcement.
What the DOJ Says
A cyberattack forced Colonial Pipeline to shut down for six days in May. People stocked up on gasoline on the East Coast, causing a shortage.
Colonial Pipeline told the FBI the hacker group DarkSide accessed the network and demanded 75 Bitcoin (BTC). They paid the ransom.
The DOJ took 63.7 BTC, which is valued at around $2.3 million. However, Colonial Pipeline paid the hackers 75 BTC ($4.4 million).
From the press release:
“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”
“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” said FBI Deputy Director Paul Abbate. “We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”
“Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital extortion,” said Acting U.S. Attorney for the Northern District of California Stephanie Hinds. “We need to continue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern District of California. We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments.”
Hinds also said, “The extortionists will never see this money.”
An FBI agent explained in an affidavit why the FBI had probable cause to seize the BTC from DarkSide.
The agent wrote in the affidavit that one address received two payments on May 8. The agent then detailed how payments went to different addresses on that same day.
The following day, May 9, BTC payments went to two addresses.
The agent noted “[A]n online public blockchain explorer identified at least 23 other addresses collected together with” the address that collected almost 64 BTC on May 9.
On May 27, almost 70 BTC, including the almost 64 BTC, went to one address. No one has touched those funds since that date.
What Crypto Experts Say
I am no crypto expert, but I know enough to know the story from the DOJ is a little…off.
First off, Colonial Pipeline paid 75 BTC. The DOJ only retrieved 63.7 BTC.
Where is the rest of the money?
Second, DarkSide is a professional group. It does not keep a BTC in a wallet accessible only by password.
The crypto experts secure their BTC. In other words, you can only access their BTC if you have the device that stores the BTC. You can have their password, but you’d only see their balance.
This leads to the most crucial question: How did the DOJ receive the private key of that final wallet housing the majority of the BTC?
As I said, DarkSide is professional. It likely does not hold its BTC in a wallet only accessible by a password.
Crypto experts and others who understand crypto raised important questions and observations on Twitter.
"The FBI had the password to the hackers' #Bitcoin account." Hmm–there's no such thing as a "Bitcoin account." Did hackers use an exchange (in which case an "account" existed, but it's not a "bitcoin account") or did the FBI have the private key to the hackers' bitcoin wallet?🤔 https://t.co/iO1NT8mcDz
— Caitlin Long 🔑 (@CaitlinLong_) June 7, 2021
So I’m supposed to believe that the DOJ was able to “seize” crypto? So if the Colonial Pipeline hackers’ Bitcoin password was figured out, no crypto is safe. This is bull bruh! Unbelievable story. https://t.co/rNahPelId7
— Rance the Royal 🤴🏾 (@RanceRob) June 7, 2021
Umm..that’s not how Bitcoin works 🤔 https://t.co/qWIAMr9Vz5
— Mike Garvey Jr. 🌴☀️ (@MikeGarveyJr) June 7, 2021
I’m curious as to how FBI got their passwords. Either the hackers were sloppy and stored their wallet information on their computers, or the FBI found a way to override that wallet’s login.
Moral of the story, paper ledgers and cold wallets are key🔑 https://t.co/dy0cgt7EiH
— Sam Trujillo❄️ (@SAMT_WX) June 7, 2021
best argument for a cold wallet i've ever seen! #BTC #Bitcoin #cryptotrading https://t.co/UXXIzUw5Bh
— Stranger in my own land (@chuckberry3141) June 7, 2021
How did Russian hackers manage to shutdown part of our infrastructure but weren’t able to keep their bitcoin hidden? Were not getting the full story here… You look awfully suspect DOJ…
— Roger (@Roger93528023) June 7, 2021
DONATE
Donations tax deductible
to the full extent allowed by law.
Comments
Hmm
When it’s all smoke and mirrors, you remove the smoke and mirrors and there is nothing left to see. See?
Of course the party stooges are lying. Anyone who believes ANYTHING excreted by the Dept. of Injustice is a moron.
Yet, where are hillarys emails one might ask
She keeps them in a big lock box under her television set.
Next to the Bleachbit cloth.
I wouldn’t be surprised if they hald a press conference showing off a leather wallet full of old bus tokens.
The FBI may be taking the victory lap, but I’ll bet they’re not the ones who did the job.
Could this have been an FBI sting?
What I would like to know, is did they get names and location, and are there any plans to neutralize this threat?
If it was it didn’t sting much!
That was their way of announcing that they are willing to fake an extortion scheme against any company they feel like oppressing. Biden & Garland both hate pipelines, after all.
Sounds weird. Most criminals take bitcoin and convert it to dash or monero where the trail pretty much gets lost.
Of course, I don’t trust anything the DOJ says. They are a bunch of treasonous weasels, most of whom should have been arrested and imprisoned over the past years for the many crimes that have been committed by using that agency. I wouldn’t be surprised if they (and other government agencies) had something to do with the alleged ransomware attack.
The FBI had the password to the hackers’ Bitcoin account, @PeteWilliamsNBC reports.
“Today we turned the tables on DarkSide,” says Deputy Attorney General Lisa Monaco.
LOL. Sure … okay …
It’s easy to have the password when it was them all along. I need that Obi-Wan meme: of course I know him! He’s me!
If the DOJ did manage to seize the funds, there are only 3 possible explanations:
1- The hackers are a bunch of naive fools that didn’t know how to protect their funds. ( Raise your hand if you believe this is the case. Anyone? Anyone? Bueller? )
2- The DOJ (or some other US government agency) are the “hackers”.
3- The whole story is bullshit, from A to Z.
It’s 2.
I’ll take door number 3, Wink
Or, the culprits are genuine criminals, but the FBI has an informer on the inside, with access to the private key of that one account that the 63.7 BTC were in when they seized it.
4. The FBI grabbed the first few millions of dollars it could find in an undefended Bitcoin account or that it hacked, then declared victory.
Not the first few millions. 85% of the haul. It waited until there was that much in one account. Perhaps the only one they had the key for, perhaps not. But it was following the cash around, from account to account, waiting for an opportunity.
That’s not true. Anyone who has the private key to an account has full access to that account. It has nothing to do with wallets or any other stuff. But the idea that the feds got the private key(s) for the accounts the ransom went to is … laughable, to be charitable.
ANYONE can see the balance of ANY account on the bitcoin blockchain. That’s the whole thing with the blockchain. Everything is open. It has to be that way in order for it to be truly distributed, with no special entity that has more access to it than anyone else. Everyone gets to see everything. THe only thing that secures ones account is the private key, but anyone who has that private key can do anything with the contents of that account that they want to.
Third, did we all notice the bad math here?
If 75BTC=$4.4M, then 67.3BTC is worth $3.95M, not $2.3M.
Is the Big Guy getting his 40%?
Now for the Occam’s Razor explanation:
The swamp, using CIA’s UMBRAGE tool, ransomwared Colonial themselves, to create an artificial crisis, and left Russian fingerprints to divert suspicion. They returned half the money to look like superheroes, and kept the other half as a slush fund donation.
What evidence do I have? Absolutely none but my own paranoia, which has been proven right more times in the past decade than I can count.
Remember, you heard it here first.
See my previous comments exorciating Ms. Fuzzy Slippers for misspelling “CIA” when she previously wrote of this supposed “hacking”.
Of course, we know who is behind it.
“If 75BTC=$4.4M, then 67.3BTC is worth $3.95M, not $2.3M.
Is the Big Guy getting his 40%?”
An alternative explanation is that the value of a bitcoin went down between the time the ransom was paid and the time the bitcoins were partially recovered. The price of a bitcoin has gone down a lot in the last month.
I was worried no here could do arithmetic.
Sounds like another Oklahoma City setup but this one is going as planned.
No bad arithmetic. At least the reports I saw said explicitly that the ransom was worth 4-5M when it was paid, but the recovered portion was only worth 2.3M at the time of the announcement. Bitcoin lost a lot of value in the interim. In fact right now 75 BTC is worth less than 2.5M.
Is it possible that Darkside has a traitor who sold them out for immunity? Or that the FBI has an infiltrator?
Sure … it’s possible, but how many people do you think even have access to the private keys? And what was the last serious infiltration that the FBI did?
This sounds a lot more like the FBI and their BS “grizzly steppe” hacker they blamed the Podesta phish and DNC files on. It was a joke. The report was beyond laughable. Not one shred of evidence, at all, but they concluded that it was all such a sophisticated operation (a friggin phishing of a guy whose password was something like “password”) that it had to be “a state actor”. It was laughable.
Yeah … it’s possible that the FBI actually got the secret keys through some serious spycraft (in the span of a few days!) but so unlikely as to not merit serious consideration. It is much more likely that the FBI was running the ransomware operation than that they did some hot shit spycraft like that in a week.
Yes, and yes. Just hazarding a guess.
It’s been said above, but I can’t help adding: amazing how the FBI can work a miracle in this situation, but is lost at sea when it comes to hillary clinton, obama, pelosi, fauci and the like.
In any event, we know Christopher Wray is in on the plot, and we know the CIA is in on the plot, and we know half the GOP is in on the plot.
At least we know.
It’s amazing what you can do with the right motivation.
When do gas prices come back down?
They already are – a bit – here in the Tri-Cities area of Tennessee.
This sounds more and more to me like one of those FBI press releases with “we got to the bad people just in the nick of time!” deals.
Really!?! If DOJ Cryptonerds can extract millions sitting at their ‘putors, why don’t they identify the other bad actors and take back all the loot? How much free crap could be paid for?
“Consequences? Someone steals seventy five bitcoins, the FBI recovers sixty five and a half – with nary a word about how much they returned to Colonial – and that is “consequences?” It used all “available resources” and leveraged its “domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.” I’m the public and I don’t feel protected by the FBI.
WHO are the responsible parties? The last time the FBI did this kind of a full court press was when a collection of rowdies ran screaming between the velvet ropes in the Capitol on January 6 or, led by the intrepid (now) Professor Robert Mueller, during four consecutive years of rummaging through the lives of Donald Trump supporters while ignoring the Strzok/Paige bedsheets and putsch underway in the J Edgar Hoover building. Asking for the Babbitt family and us millions of “deplorables.”
How about Hunter Biden’s notebook? Hillary Clinton’s server? Antifa? The source of COVID-19? Anthony Fauci’s connections? Eric Swallwell’s pillow talk? Dianne Feinstein’s driver? Nation wide vote fraud? Here’s what works FBI, take a page from Israel, or Donald Trump; sink a ship, bug some centrifuges, kill an assassin. Prevent the next shutdown. Cut the primping, posturing and ‘protecting’ (my suspicion) your “domestic and international partnerships” (probably our enemies).
What a disgraceful organization.Be American, do something for America for a change.
The big news would be that bitcoin isn’t secure.
Inside job.
That’s probably because the DOJ WAS the Colonial Pipeline hackers…
Scattered across many different wallets, to which the DOJ doesn’t have the private keys. As they said, it was all about following the money. They knew where to start, so they simply watched money in and money out. When the bulk of the money had been transferred to one account, to which they (somehow) had access, they pounced. Or maybe the same source who gave them the private key to that account also arranged for so much of it to be there at once.
These were Russian hackers, so perhaps the missing piece of information here is a backroom deal with Russia. Russian agents may have strong armed the information from the hackers, and sent it to DoJ. And we should be told of this because if that is how it played out what did they promise Russia?
Yeah uhmm, I have a hard time believing this without far more detailed information. Here is my tinfoil hat theory. This is an attempt to undermine the utility of crypto currency as a means of exchange while also creating a narrative of action by the administration and a win by the DoJ.
After all, no government likes crypto. Its the ultimate ‘cash’ precisely because it is secure from banking disclosure rules or government oversight. The trend from financial institutions to push digital payments v cash is another manifestation of the cooperation between government and the would be oligarchy, IMO.
Interesting theory. They’re trying to steer us back to currencies they can hack, by claiming to be able to hack the ones they can’t?
Not hack in terms of necessarily making withdrawals from your bank account, though that has happened in some Nations.
More like monitor your purchase habits. The bank could simply sell the data to marketing firms and the government could simply purchase the data.
What kind of data? How about silver or gold? Knowing who had purchased gold would be helpful if the federal government decided to make the private possession of gold illegal, as they did once upon a time.
Very handy data to have if one wanted to use that as a pretext to search a property and potentially find other things that an independent minded person might possess.
Cash purchases are untraceable. Debit or credit card purchases are very visible. If interested in monitoring purchases or even deterring certain purchases because some of the financial institutions won’t process certain items then working to eliminate cash is a smart idea.
Forget Bitcoin. This debt needs to be paid off in lead every single time. If you kill enough of these terrorists, sooner or later they’re gonna stop doing this. (apologies to Curtis LeMay)
I’m not sure why everyone is so skeptical. There’s been lots of smoke for years that the FBI can hack and track bitcoin. This is nothing new if you’ve been paying attention. See 2016 article, among others.
https://www.sciencemag.org/news/2016/03/why-criminals-cant-hide-behind-bitcoin
Honestly, these guys were total amateurs for using bitcoin in the first place. It is the most exchangeable and the longest running crypto, so there are the most counter-crime info and resources about it and the most connections to easily trackable, affiliated currencies.
I said as soon as they paid the ransom that this was going to get at least partially recovered. The truly sad state of news right now is the media pretending like this is some huge win for a Biden admin that has never happened before. But hey, at least the lack of prior knowledge fooled the ransom crooks I guess!