Image 01 Image 03

DOJ Claims It Recovered Millions in Bitcoin Paid to Colonial Pipeline Hackers

DOJ Claims It Recovered Millions in Bitcoin Paid to Colonial Pipeline Hackers

The explanation raises a lot of questions. How did the DOJ get the key to access the Bitcoin? Was the professional hacker group that sloppy?

The Department of Justice announced it recovered millions in Bitcoin that Colonial Pipeline paid DarkSide after a ransomware attack shut down the main pipeline for gas on the East Coast.

But many crypto experts raised their eyebrows with this announcement.

What the DOJ Says

A cyberattack forced Colonial Pipeline to shut down for six days in May. People stocked up on gasoline on the East Coast, causing a shortage.

Colonial Pipeline told the FBI the hacker group DarkSide accessed the network and demanded 75 Bitcoin (BTC). They paid the ransom.

The DOJ took 63.7 BTC, which is valued at around $2.3 million. However, Colonial Pipeline paid the hackers 75 BTC ($4.4 million).

From the press release:

“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”

“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” said FBI Deputy Director Paul Abbate. “We will continue to use all of our available resources and leverage our domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.”

“Cyber criminals are employing ever more elaborate schemes to convert technology into tools of digital extortion,” said Acting U.S. Attorney for the Northern District of California Stephanie Hinds. “We need to continue improving the cyber resiliency of our critical infrastructure across the nation, including in the Northern District of California. We will also continue developing advanced methods to improve our ability to track and recover digital ransom payments.”

Hinds also said, “The extortionists will never see this money.”

An FBI agent explained in an affidavit why the FBI had probable cause to seize the BTC from DarkSide.

The agent wrote in the affidavit that one address received two payments on May 8. The agent then detailed how payments went to different addresses on that same day.

The following day, May 9, BTC payments went to two addresses.

The agent noted “[A]n online public blockchain explorer identified at least 23 other addresses collected together with” the address that collected almost 64 BTC on May 9.

On May 27, almost 70 BTC, including the almost 64 BTC, went to one address. No one has touched those funds since that date.

What Crypto Experts Say

I am no crypto expert, but I know enough to know the story from the DOJ is a little…off.

First off, Colonial Pipeline paid 75 BTC. The DOJ only retrieved 63.7 BTC.

Where is the rest of the money?

Second, DarkSide is a professional group. It does not keep a BTC in a wallet accessible only by password.

The crypto experts secure their BTC. In other words, you can only access their BTC if you have the device that stores the BTC. You can have their password, but you’d only see their balance.

This leads to the most crucial question: How did the DOJ receive the private key of that final wallet housing the majority of the BTC?

As I said, DarkSide is professional. It likely does not hold its BTC in a wallet only accessible by a password.

Crypto experts and others who understand crypto raised important questions and observations on Twitter.


Donations tax deductible
to the full extent allowed by law.



    UserP in reply to gonzotx. | June 8, 2021 at 12:28 am

    When it’s all smoke and mirrors, you remove the smoke and mirrors and there is nothing left to see. See?

    raven397 in reply to gonzotx. | June 8, 2021 at 7:42 am

    Of course the party stooges are lying. Anyone who believes ANYTHING excreted by the Dept. of Injustice is a moron.

Yet, where are hillarys emails one might ask

UnCivilServant | June 7, 2021 at 7:34 pm

I wouldn’t be surprised if they hald a press conference showing off a leather wallet full of old bus tokens.

The FBI may be taking the victory lap, but I’ll bet they’re not the ones who did the job.

JusticeDelivered | June 7, 2021 at 8:40 pm

Could this have been an FBI sting?

What I would like to know, is did they get names and location, and are there any plans to neutralize this threat?

ThePrimordialOrderedPair | June 7, 2021 at 8:46 pm

Sounds weird. Most criminals take bitcoin and convert it to dash or monero where the trail pretty much gets lost.

Of course, I don’t trust anything the DOJ says. They are a bunch of treasonous weasels, most of whom should have been arrested and imprisoned over the past years for the many crimes that have been committed by using that agency. I wouldn’t be surprised if they (and other government agencies) had something to do with the alleged ransomware attack.

ThePrimordialOrderedPair | June 7, 2021 at 8:47 pm

The FBI had the password to the hackers’ Bitcoin account, @PeteWilliamsNBC reports.

“Today we turned the tables on DarkSide,” says Deputy Attorney General Lisa Monaco.

LOL. Sure … okay …

If the DOJ did manage to seize the funds, there are only 3 possible explanations:

1- The hackers are a bunch of naive fools that didn’t know how to protect their funds. ( Raise your hand if you believe this is the case. Anyone? Anyone? Bueller? )

2- The DOJ (or some other US government agency) are the “hackers”.

3- The whole story is bullshit, from A to Z.

    Dathurtz in reply to Exiliado. | June 7, 2021 at 8:51 pm

    It’s 2.

    scooterjay in reply to Exiliado. | June 7, 2021 at 10:02 pm

    I’ll take door number 3, Wink

    Milhouse in reply to Exiliado. | June 8, 2021 at 9:26 am

    Or, the culprits are genuine criminals, but the FBI has an informer on the inside, with access to the private key of that one account that the 63.7 BTC were in when they seized it.

    4. The FBI grabbed the first few millions of dollars it could find in an undefended Bitcoin account or that it hacked, then declared victory.

      Milhouse in reply to georgfelis. | June 8, 2021 at 10:44 am

      Not the first few millions. 85% of the haul. It waited until there was that much in one account. Perhaps the only one they had the key for, perhaps not. But it was following the cash around, from account to account, waiting for an opportunity.

ThePrimordialOrderedPair | June 7, 2021 at 8:51 pm

You can have their password, but you’d only see their balance.

That’s not true. Anyone who has the private key to an account has full access to that account. It has nothing to do with wallets or any other stuff. But the idea that the feds got the private key(s) for the accounts the ransom went to is … laughable, to be charitable.

ThePrimordialOrderedPair | June 7, 2021 at 8:55 pm

but you’d only see their balance.

ANYONE can see the balance of ANY account on the bitcoin blockchain. That’s the whole thing with the blockchain. Everything is open. It has to be that way in order for it to be truly distributed, with no special entity that has more access to it than anyone else. Everyone gets to see everything. THe only thing that secures ones account is the private key, but anyone who has that private key can do anything with the contents of that account that they want to.

henrybowman | June 7, 2021 at 9:10 pm

Third, did we all notice the bad math here?

If 75BTC=$4.4M, then 67.3BTC is worth $3.95M, not $2.3M.
Is the Big Guy getting his 40%?

Now for the Occam’s Razor explanation:

The swamp, using CIA’s UMBRAGE tool, ransomwared Colonial themselves, to create an artificial crisis, and left Russian fingerprints to divert suspicion. They returned half the money to look like superheroes, and kept the other half as a slush fund donation.

What evidence do I have? Absolutely none but my own paranoia, which has been proven right more times in the past decade than I can count.

Remember, you heard it here first.

    scooterjay in reply to henrybowman. | June 7, 2021 at 10:00 pm

    See my previous comments exorciating Ms. Fuzzy Slippers for misspelling “CIA” when she previously wrote of this supposed “hacking”.
    Of course, we know who is behind it.

    James B. Shearer in reply to henrybowman. | June 8, 2021 at 2:18 am

    “If 75BTC=$4.4M, then 67.3BTC is worth $3.95M, not $2.3M.
    Is the Big Guy getting his 40%?”

    An alternative explanation is that the value of a bitcoin went down between the time the ransom was paid and the time the bitcoins were partially recovered. The price of a bitcoin has gone down a lot in the last month.

    rickmcinnis in reply to henrybowman. | June 8, 2021 at 9:10 am

    I was worried no here could do arithmetic.

    Sounds like another Oklahoma City setup but this one is going as planned.

    Milhouse in reply to henrybowman. | June 8, 2021 at 9:14 am

    Third, did we all notice the bad math here?

    If 75BTC=$4.4M, then 67.3BTC is worth $3.95M, not $2.3M.
    Is the Big Guy getting his 40%?

    No bad arithmetic. At least the reports I saw said explicitly that the ransom was worth 4-5M when it was paid, but the recovered portion was only worth 2.3M at the time of the announcement. Bitcoin lost a lot of value in the interim. In fact right now 75 BTC is worth less than 2.5M.

Is it possible that Darkside has a traitor who sold them out for immunity? Or that the FBI has an infiltrator?

    ThePrimordialOrderedPair in reply to sheepgirl. | June 8, 2021 at 12:34 am

    Sure … it’s possible, but how many people do you think even have access to the private keys? And what was the last serious infiltration that the FBI did?

    This sounds a lot more like the FBI and their BS “grizzly steppe” hacker they blamed the Podesta phish and DNC files on. It was a joke. The report was beyond laughable. Not one shred of evidence, at all, but they concluded that it was all such a sophisticated operation (a friggin phishing of a guy whose password was something like “password”) that it had to be “a state actor”. It was laughable.

    Yeah … it’s possible that the FBI actually got the secret keys through some serious spycraft (in the span of a few days!) but so unlikely as to not merit serious consideration. It is much more likely that the FBI was running the ransomware operation than that they did some hot shit spycraft like that in a week.

    Owego in reply to sheepgirl. | June 8, 2021 at 6:20 am

    Yes, and yes. Just hazarding a guess.

It’s been said above, but I can’t help adding: amazing how the FBI can work a miracle in this situation, but is lost at sea when it comes to hillary clinton, obama, pelosi, fauci and the like.

In any event, we know Christopher Wray is in on the plot, and we know the CIA is in on the plot, and we know half the GOP is in on the plot.

At least we know.

VaGentleman | June 8, 2021 at 4:08 am

When do gas prices come back down?

The Friendly Grizzly | June 8, 2021 at 4:58 am

This sounds more and more to me like one of those FBI press releases with “we got to the bad people just in the nick of time!” deals.

Really!?! If DOJ Cryptonerds can extract millions sitting at their ‘putors, why don’t they identify the other bad actors and take back all the loot? How much free crap could be paid for?

“Consequences? Someone steals seventy five bitcoins, the FBI recovers sixty five and a half – with nary a word about how much they returned to Colonial – and that is “consequences?” It used all “available resources” and leveraged its “domestic and international partnerships to disrupt ransomware attacks and protect our private sector partners and the American public.” I’m the public and I don’t feel protected by the FBI.

WHO are the responsible parties? The last time the FBI did this kind of a full court press was when a collection of rowdies ran screaming between the velvet ropes in the Capitol on January 6 or, led by the intrepid (now) Professor Robert Mueller, during four consecutive years of rummaging through the lives of Donald Trump supporters while ignoring the Strzok/Paige bedsheets and putsch underway in the J Edgar Hoover building. Asking for the Babbitt family and us millions of “deplorables.”

How about Hunter Biden’s notebook? Hillary Clinton’s server? Antifa? The source of COVID-19? Anthony Fauci’s connections? Eric Swallwell’s pillow talk? Dianne Feinstein’s driver? Nation wide vote fraud? Here’s what works FBI, take a page from Israel, or Donald Trump; sink a ship, bug some centrifuges, kill an assassin. Prevent the next shutdown. Cut the primping, posturing and ‘protecting’ (my suspicion) your “domestic and international partnerships” (probably our enemies).

What a disgraceful organization.Be American, do something for America for a change.

The big news would be that bitcoin isn’t secure.

nordic_prince | June 8, 2021 at 8:15 am

Inside job.

That’s probably because the DOJ WAS the Colonial Pipeline hackers…

First off, Colonial Pipeline paid 75 BTC. The DOJ only retrieved 63.7 BTC.

Where is the rest of the money?

Scattered across many different wallets, to which the DOJ doesn’t have the private keys. As they said, it was all about following the money. They knew where to start, so they simply watched money in and money out. When the bulk of the money had been transferred to one account, to which they (somehow) had access, they pounced. Or maybe the same source who gave them the private key to that account also arranged for so much of it to be there at once.

These were Russian hackers, so perhaps the missing piece of information here is a backroom deal with Russia. Russian agents may have strong armed the information from the hackers, and sent it to DoJ. And we should be told of this because if that is how it played out what did they promise Russia?

Yeah uhmm, I have a hard time believing this without far more detailed information. Here is my tinfoil hat theory. This is an attempt to undermine the utility of crypto currency as a means of exchange while also creating a narrative of action by the administration and a win by the DoJ.

After all, no government likes crypto. Its the ultimate ‘cash’ precisely because it is secure from banking disclosure rules or government oversight. The trend from financial institutions to push digital payments v cash is another manifestation of the cooperation between government and the would be oligarchy, IMO.

    CorkyAgain in reply to CommoChief. | June 8, 2021 at 1:40 pm

    Interesting theory. They’re trying to steer us back to currencies they can hack, by claiming to be able to hack the ones they can’t?

      CommoChief in reply to CorkyAgain. | June 8, 2021 at 8:28 pm

      Not hack in terms of necessarily making withdrawals from your bank account, though that has happened in some Nations.

      More like monitor your purchase habits. The bank could simply sell the data to marketing firms and the government could simply purchase the data.

      What kind of data? How about silver or gold? Knowing who had purchased gold would be helpful if the federal government decided to make the private possession of gold illegal, as they did once upon a time.

      Very handy data to have if one wanted to use that as a pretext to search a property and potentially find other things that an independent minded person might possess.

      Cash purchases are untraceable. Debit or credit card purchases are very visible. If interested in monitoring purchases or even deterring certain purchases because some of the financial institutions won’t process certain items then working to eliminate cash is a smart idea.

Forget Bitcoin. This debt needs to be paid off in lead every single time. If you kill enough of these terrorists, sooner or later they’re gonna stop doing this. (apologies to Curtis LeMay)

healthguyfsu | June 8, 2021 at 2:47 pm

I’m not sure why everyone is so skeptical. There’s been lots of smoke for years that the FBI can hack and track bitcoin. This is nothing new if you’ve been paying attention. See 2016 article, among others.

Honestly, these guys were total amateurs for using bitcoin in the first place. It is the most exchangeable and the longest running crypto, so there are the most counter-crime info and resources about it and the most connections to easily trackable, affiliated currencies.

I said as soon as they paid the ransom that this was going to get at least partially recovered. The truly sad state of news right now is the media pretending like this is some huge win for a Biden admin that has never happened before. But hey, at least the lack of prior knowledge fooled the ransom crooks I guess!