U.S. Authorities Report They Have Recovered Most of Bitcoin Ransom Paid After Colonial Pipeline Hack

Chris Gaetano
Published Date:
Jun 8, 2021

The U.S. Department of Justice announced that it has recovered the majority of the cryptocurrency used to pay off the DarkSide hacker collective, which shut down the Colonial Pipeline in May with a ransomware attack. The amount seized, 63.7 bitcoins (out of 75 ransomed), is equivalent to $2.3 million.

In general, it is very difficult, bordering on nearly impossible, to recover stolen or lost Bitcoin. However the DOJ said that it reviewed the Bitcoin public ledger (which tracks literally every transaction made with the digital asset), and so was able to track multiple transfers and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address. While the DOJ didn't specify exactly how, it was eventually able to obtain the private key (functionally, the password) to the account and seize the digital assets. The statement noted that, as the proceeds of criminal activity, the government was within its right to take them pursuant to criminal and civil forfeiture statutes.

“Following the money remains one of the most basic, yet powerful tools we have,” said Deputy Attorney General Lisa O. Monaco for the U.S. Department of Justice. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”

Click here to see more of the latest news from the NYSSCPA.