Cryptocurrency prices have plunged across the board after the FBI said it had seized most of millions of dollars of the Bitcoin sent to an affiliate of the “DarkSide” hacker group behind a major US oil pipeline hack last month.
The FBI said it had seized 63.7 BTC – worth about A$2.8 million – that were paid by Colonial Pipeline to the group to regain control over its systems after the ransomware attack, which led to huge queues for petrol across the eastern United States following panic-buying.
Justice Department Seizes $2.3 Million in Cryptocurrency Paid to Ransomware Extortionists: @TheJusticeDept today announced that it has seized 63.7 bitcoins that allegedly represent the proceeds of a May 8 ransom payment to DarkSide cyber actors. https://t.co/qnCAN8oibW pic.twitter.com/brNopjSN3E
— FBI (@FBI) June 7, 2021
The FBI made the announcement around 6am AEST and crypto prices dropped across the board about 45 minutes later.
Bitcoin fell from around US$35,500 to under US$34,000, while Ethereum fell from over US$2,700 to under $US2,600.
At lunchtime BTC was trading for US$33,789, down 8.1 per cent from 24 hours ago, while ETH was changing hands for US$2,594, down 6.9 per cent.
Every top 100 crypto other than Theta Fuel (no. 41) – which was up 9.0 per cent – and the stablecoin Tether was in the red at 12.28pm AEST.
That the FBI could seize the ransomware payment in a sense undermines a central argument for cryptocurrencies, that they are free from government censorship.
The FBI said it had the “private key” — the rough equivalent of a password — for the wallet containing the 63.7 Bitcoins, but didn’t say how it had obtained it.
We likely aren’t going to know how the FBI got the private key for DarkSide’s bitcoin wallet for a while. If ever.
Likewise- it would be great to understand more details about the cryptocurrency address seized by law enforcement “located in the northern district of california”
— Chris Bing (@Bing_Chris) June 7, 2021
There was some speculation that the hackers might have used a “non-custodial” wallet where the private key is stored on a private company’s server, making it vulnerable to an FBI warrant.
If so that would be quite a security lapse for a group engaged in illegal activity, but the hackers are not thought to be particularly sophisticated.
Most security-minded Bitcoiners use a hardware wallet — a small device about the size of a USB drive — to store their private keys.
Q: “How did the FBI seize the ransomware attackers’ bitcoin?”
A: Assuming they weren’t dumb enough to use an exchange, my bet is a hot wallet hosted on a server in the US, broadcasting txns via clearnet. Network surveillance is a thing…. find originating IP => seizure.
— Jameson Lopp (@lopp) June 7, 2021
Clarification via @KenDilanianNBC: While Bitcoin isn’t stored on a server, the private keys to unlock the Bitcoin may have been. In any event, an FBI official just told reporters that it doesn’t matter where the Bitcoin wallet is—the FBI still can get access. They won’t say how.
— Geoff Bennett (@GeoffRBennett) June 7, 2021
Colonial Pipeline paid 75 BTC in the ransomware attack. Apparently 15 per cent of the BTC went to the DarkSide hackers and the rest to the affiliate group. DarkSide, a Russian-speaking group, operates a “ransomware as a service” operation and apparently takes a 15 per cent cut.