Seems that the headlines these few days are all about the FBI seizing bitcoins (back) from the Colonial Pipeline ransomware attackers. And this got me a bit curious on how did the FBI even manage to get the private key of the attacker(s) and got into the bitcoin wallet. Note that the wallet which the FBI managed to get into (aka via its private key) is not controlled by the Darkside group but apparently just an “associate” of Darkside. So basically Darkside provide the service while the “associate” did the actual attacks. Think of it as “hacking as a service” kind of thing. Nowadays “hacking” have to be very complicated and requires a good number of parts to execute. So a group of hackers with different expertise are most likely needed in order to execute the attack successfully.
For those who don’t know what happened, let me give you a brief rundown of the “hacking” incident. In early May or late April of this year (2021), Colonial Pipeline which provides transportation of gas and other fuel suffered a ransomware attack. This caused a lot of their systems to go offline and thus the pipeline was affected. And yes, they are the handling the biggest petroleum pipeline in the United States. That means this disruption caused a lot of problems for the Americans and the American government. Gas prices rise and shortages occurred in parts of the country, mainly due to panic buying rather than actual shortage. But we are talking about an attack which made the headline news and probably lots of government officials had to be awakened from their sleep. And yes it seems that Colonial Pipeline did pay the ransom to the attackers to get their system up and running. About 75 bitcoin in total. So go forward to today (6th June) and it was announced that the FBI has retrieved the majority of the bitcoin paid to the attackers (about 63.7 bitcoin).
But the interesting thing about this is how did the FBI manage to get the private key of the attacker’s wallet? I know that it is not difficult to trace the transactions as the blockchain ledger is public. Anyone with a blockexplorer can see where the bitcoin(s) came from and where they went. But actually getting the private key to the wallet is quite amazing, even if we are talking about the dark arts of the FBI. Mathematically it is nearly impossible to “crack” the public wallet address to get the private key. So I think it is highly unlikely that the Americans have some special software or code to. And if they did, it would seriously be something that will affect the entire crypto market. People will lose trust in bitcoin and the entire crypto sphere as well. Perhaps that is why the market is tanking today. But we might be thinking a bit too off right? If the FBI can get into anyone’s private keys, why did they stop at the “associate’s” wallet only? Why not get all the bitcoins back even from Darkside group themselves? So hold your horses and stay calm.
A better answer would be Darkside group itself. We do need to be reminded that it was not Darkside’s wallet that got compromised. It was their “associate’s”. Could it be that Darkside backstabbed their “associate” to get the FBI off their heels? I mean private keys are merely numbers and letters that one can just write down on a piece of paper. Or stored somewhere maybe in a computer? If you know the person doing the attacks, surely it would not be that difficult to get the private keys by hook or by crook. So we shouldn’t be too alarmed. I am fairly confident that the Bitcoin network is still secure.
Or perhaps even the Russian government trying to make sure that this ransomware attack does not become a political nightmare for them in the international scene. Or perhaps too much American political pressure on them. We know Americans can be a bit heavy-handed when it comes to petrol right? They love their gasoline and if you disrupt the flow, you are going to get it! Not a good idea to get in the way of Americans and their petrol. Or maybe just to protect their own reputation a bit. Or they worry about what the Americans would do to counter these criminal groups? Even though the Russian government themselves might not be directly involved, it certainly does not look good on the country. I read that the Americans did indeed ask for the Russian’s assistance which is entirely plausible.
Furthermore it could even be possible that the hacker group themselves gave the private key to the FBI. Maybe they cannot take the heat or maybe they are under pressure by others in their organization. Or for them to avoid any sort of prosecution from the authorities.
I initially thought that the FBI had retrieved the Bitcoins because the attackers had sent the coins to an centralized exchange. In most cases, there isn’t really a good way for these criminals to convert their bitcoins into fiat currencies which they can use. So they have no choice but to send to these exchanges. This is usually where the authorities are able to catch them as most exchanges need some form of KYC. Especially when we are talking about millions in value. Or at least they will force the exchanges to freeze the accounts. But seems that this is not the case.