FBI seizes DarkSide ransom money Bitcoin private key breached?

The U.S. Department of Justice announced the recovery of part of the cryptocurrency ransom previously paid to the ransomware DarkSide by Colonial Pipeline through control of the private key, could it be that the Bitcoin private key was breached?

FBI seizes DarkSide ransom money Bitcoin private key breached?

The U.S. Department of Justice has announced that it has recovered some of the cryptocurrency ransom previously paid by Colonial Pipeline to the ransomware DarkSide.

Colonial Pipeline, the largest fuel pipeline in the United States, was reportedly attacked by the ransomware DarkSide, which demanded a ransom of $5 million in bitcoin.

According to CoinHolmes, PeckShield’s anti-money laundering and anti-fraud system, after Colonial Pipeline delivered the 75 BTC, the 75 BTC was transferred to two wallet addresses beginning with bc1qxu and bc1qu5, representing approximately 84% and 16% of the ransom, respectively.

FBI seizes DarkSide ransom money Bitcoin private key breached?

PeckShield has previously analyzed DarkSide, a ransomware group that has formed a complete “Ransom as a Service (RaaS)” industry chain, in which developers provide tools and methods to their clients, and then make a profit. As you can see from the money flow chart, the funds frozen by the FBI this time are the funds from the downstream of the ransom (starting with bc1qxu, 63.7 BTC), while the developer’s funds have not been touched since they were received (starting with bc1qu5, 11.2 BTC).

The 63.7 BTC belonging to the downstream of the ransom begins with bc1qxu and is first transferred to the address beginning with 3EYkxQ, then to the address beginning with bc1qq2, and then in two separate transfers to the target address beginning with bc1qpx (the address where the FBI holds the private key, 63.7 BTC) and to another address (5.9 BTC).

FBI seizes DarkSide ransom money Bitcoin private key breached?

An affidavit filed Monday shows that the recovery of this ransom stems from the fact that the Federal Bureau of Investigation (FBI) has the private key to a key wallet in the transfer process, but does not disclose how the FBI obtained the key.

FBI seizes DarkSide ransom money Bitcoin private key breached?

PeckShield’s anti-money laundering expert said, “The FBI likely traced the ransomware to a server proxy in the US, which was then terminated, and the private key may exist on top of the server.”

Earlier DarkSide’s website was blocked and they posted a message announcing their dissolution and the transfer of funds from the payment server to an unknown address.

FBI seizes DarkSide ransom money Bitcoin private key breached?

“In our previous cases of helping police track virtual currencies involved in money laundering, generally, by tracking and analyzing the flow of funds, analyzing the transaction pattern and counterparty information, if the suspect uses a centralized trading institution to launder money, the suspected funds can be blocked and the suspects involved can be locked up by locating the centralized trading institution and issuing a judicial warrant. However, in the case of Colonial Pipeline, the assets did not flow to the centralized trading facility, so the FBI should not have seized the funds in this manner. Furthermore, there is no indication of a possible private key compromise at this time, and our judgment leans toward the FBI recovering the ransom money from the server agent.” PeckShield’s anti-money laundering experts explained.

Posted by:CoinYuppie,Reprinted with attribution to:https://coinyuppie.com/fbi-seizes-darkside-ransom-money-bitcoin-private-key-breached/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-06-08 08:26
Next 2021-06-08 08:33

Related articles