3

From Wikipedia:

Colonial Pipeline cyber attack

This article states that it is not known how the FBI obtained the private key of the address with the ransom in it. Can't find any other sources on this. Are there any theories or evidence of how this was done?

nonpoliticaltag
  • 33
  • 4

1 Answers1

5

It seems that the FBI seized their servers and found the private keys there.
If you wanted to know if there was a flaw in Bitcoin software or the protocol, there is no evidence of that.

https://krebsonsecurity.com/2021/05/darkside-ransomware-gang-quits-after-servers-bitcoin-stash-seized/


Edit:

The latest news indicates that ransom's bitcoins were deposited in a California based custodial address (an exchange or wallet provider) and the FBI seized it with a DOJ warrant.

So (astonishingly) it seems that the hackers lost their bitcoins because they used a custodial wallet (U.S. based) instead of one they had the private keys for.

The transactions flow also seems very easy to track: it is possible to do it by anyone even without knowing the ransom's address, knowing only its amount, as shown here:

https://blog.wolfram.com/2021/05/25/sleuthing-darkside-crypto-ransom-payments-with-the-wolfram-language/

leevancleef
  • 862
  • 6
  • 17
  • Thank you - I was pretty sure it wasn't a blockchain vulnerability. Seems rather careless of the criminals not to have immediately transferred the coins to a more secure cold wallet. But good result for the FBI, well done – nonpoliticaltag Jun 08 '21 at 13:58