Feds Somehow Recover Bitcoin Ransom from Colonial Pipeline Hack

UPDATE: 

I said below that no one would try to move it to an exchange, but the theory currently is that the master haxxor tried to cash out at… Coinbase.

This is one of the top tweets on the story:

Many questions.

The CSO of Coinbase is saying they had nothing to do with it.

But I guess he would say that, wouldn’t he? If Coinbase isn’t directly named, I’m sure they’d rather not be involved. It doesn’t mean they weren’t involved.

If this hack was done by some intelligence group, it would make sense they would want to involve Coinbase.

It’s a strange story, for sure.

FBI seems to want to push FUD.

Original article follows. 

The feds have announced that they were able to recover some of the Bitcoin that was received as ransom from the Colonial Pipeline hack.

Yahoo! News:

The Department of Justice announced Monday that it had recovered $2.3 million in cryptocurrency from criminal hackers who compromised a major U.S. pipeline in mid-May that resulted in fuel outages and hoarding across the East Coast for six days.

The U.S. District Court for the Northern District of California issued a seizure warrant on Monday, allowing the DOJ to take action to confiscate a large chunk of the $4.4 million paid by Colonial Pipeline to the DarkSide ransomware operators, who demanded payment in exchange for unlocking their victims’ stolen digital files.

“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge, but the old adage ‘follow the money’ still applies,” said Lisa Monaco, President Biden’s deputy attorney general, during a press conference on Monday afternoon. “Today we turned the tables on DarkSide.”

According to U.S. intelligence officials, DarkSide is a criminal group operating somewhere in Russia that sells access to its malicious tools in exchange for a cut of the profits from successful extortions.

The FBI was able to track the destination of Colonial’s payment in bitcoin to a virtual wallet used by the criminal perpetrators, Monaco said.

It’s not at all clear how they did this. Presumably, the only possible way would be if it was for some reason in an exchange, which makes no sense, or if they actually caught the guy who did it, which makes a lot more sense, but would mean that it was definitely not a Russian.

They’re saying they “figured out the password,” and I don’t even know what that means. The “password” to a Bitcoin wallet is at least 12 random words, something which is not possible to just guess. (Unless of course it was a brainwallet, where you make your own series of words instead of using random words, or a warpwallet, which is your own series of words with an encrypted key. But if that was the case, why would the feds crack it before some random group that cracks these professionally? And why was the hacker so stupid?)

But if they caught the guy, they are not announcing his name. And apparently, journalists are too confused by the situation to bother asking for his name. They think the feds just reverse-hacked him or something, I’m sure. But there is no way to just seize Bitcoin. The Bitcoin ledger is public, so you can see where the Bitcoin that was ransomed went – at least when it was originally paid out – but you can’t just seize it. You have to have access to the wallet to get the money out of it.

More than likely, this is all a conspiracy. It was probably someone from the feds who did the hack. Yes, the Darkside operation does exist and operates out of Russia (in theory), but the feds could have simply went to them to get the software, and then run it themselves against the Colonial Pipeline. Then they recover the money from themselves, and present this whole narrative of how they’re fighting back against the Russian hackers.

The feds are now trying to make this about how cryptocurrency is bad, which is disgusting. This entire spectacle no doubt played a role in the crypto crash that happened last night – along with the vile comments by “The Vaxx Man” Donald Trump.

This was combined with short sellers, who appeared to be operating on inside information.

This Cyber Pandemic is going to be heavily used to attack crypto. They are going to shut down the internet; they might even shut down electricity.