The Seattle Times reprinted a NYT story on Colonial Pipeline and their ransomware episode. Title (in the print edition):
Colonial Pipeline probe upends idea that Bitcoin is untraceable
Earlier this week news came out about federal officials seizing $2.3 million of the $4.3 million ransom payment from Darkside (the hacking collective that pulled off the ransomware attack against Colonial Pipeline). The article today goes into a bit more detail.
One interesting point the reporters noted was that the feds made use of some of the key features of cryptocurrencies to facilitate tracing the currency AND seizing it without requiring:
months or years of navigating paperwork and bureaucracy, especially when those banks are overseas
The blockchain itself contains all the information of every transaction the bitcoin has been involved in — and you only need the public key to access it once you figure out the location of the wallet. Now, the wallet location and the private key is a harder problem, it turns out that there are a number of companies the FBI collaborates with that:
specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents, and the [specialist] companies
Exactly how they got the private key(s) that would have allowed them to transfer the money back is a bit murkier — but the FBI (and Australian intelligence) has a lot of experience available when they want to use it — informants, direct takeover and compromise of apps and networks (as noted here in Kos by overwatch on Tuesday — nice catch on the An0m story!), direct pressure on publicly known wallet managers, and sloppy security on the part of the more dicey organizations controlling some of the wallets. According to the NYT, no breaking of bitcoin’s encryption mechanism was required — just good, old, (and possibly somewhat shady) police work.
The NYT article also mentions North Korean based ransomware attempts this past February (2021) where $2 million was recovered and an earlier FBI complaint unsealed last August (2020) on $28.7 million laundered through Chinese cryptocurrencies where the FBI revealed they’d traced the funds to 280(!) cryptocurrency wallets AND their owners. Sounds like the FBI has been getting some practice in this — and probably a lot of other national police, intelligence, and private specialist agencies are in the game too.
Another point raised in the article was about how the more people use cryptocurrencies, the more they treat it in ways that mirror traditional banking practices:
through a central intermediary like a crypto exchange
If the exchange is based in the US, that means they are subject to anti-money laundering and identity verification laws that require that the services know who their customer really is — and require you to present government verified ID when you sign up. The ransomware attacks have also resulted in putting unregulated crypto exchanges under a microscope — so it’s highly likely that a lot of LE and intel services are watching traffic to known unregulated players closely — a US DOJ spokesman confirmed that they have made:
“many seizures, in the hundreds of millions of dollars, from unhosted crypto-currency wallets”, used for criminal activity
I assume “unhosted” means unregulated. To do anything with cryptocurrency means you have some kind of host. There are private wallet apps for a number of platforms — but I don’t think too many people have the ability to securely and safely run their own. Not based on my 44+ years experience in the computer industry.
ETA — treat it in ways that mirror traditional banking practices
ETA — remove an extraneous “a”