Breaking News
0
Ad-Free Version. Upgrade your Investing.com experience. Save up to 40% More details

U.S. seizes $2.3 million in bitcoin paid to Colonial Pipeline hackers

CommoditiesJun 07, 2021 08:16PM ET
Saved. See Saved Items.
This article has already been saved in your Saved Items
 
2/2 © Reuters. Deputy U.S. Attorney General Lisa Monaco announces the recovery of millions of dollars worth of cryptocurrency from the Colonial Pipeline Co. ransomware attacks as she speaks during a news conference with FBI Deputy Director Paul Abbate and Acting U.S. At 2/2

By Sarah N. Lynch, Christopher Bing and Joseph Menn

WASHINGTON (Reuters) -The Justice Department on Monday recovered some $2.3 million in cryptocurrency ransom paid by Colonial Pipeline Co, cracking down on hackers who launched the most disruptive U.S. cyberattack on record.

Deputy Attorney General Lisa Monaco said investigators had seized 63.7 bitcoins, now valued at about $2.3 million, paid by Colonial after last month's hack of its systems that led to massive shortages at U.S. East Coast gas stations.

The Justice Department has "found and recaptured the majority" of the ransom paid by Colonial, Monaco said.

An affidavit filed on Monday said the FBI was in possession of a private key to unlock a bitcoin wallet that had received most of the funds. It was unclear how the FBI gained access to the key.

A judge in San Francisco approved the seizure of funds from this "cryptocurrency address," which the filing said was located in the Northern District of California.

Colonial Pipeline had said it paid the hackers nearly $5 million to regain access. Bitcoin was trading down nearly 5% around 1800 ET (2200 GMT). The cryptocurrency's value has dropped to around $34,000 in recent weeks after hitting a high of $63,000 in April.

Bitcoin seizures are rare, but authorities have stepped up their expertise in tracking the flow of digital money as ransomware has become a growing national security threat and put a further strain on relations between the United States and Russia, where many of the gangs are based.

"Right now, prosecution is a pipedream," Vice President John Hultquist of the Mandiant cybersecurity firm said in praising the move. "Disrupt. Disrupt. Disrupt."

The hack, attributed by the FBI to a gang called DarkSide, caused a days-long shutdown that led to a spike in gas prices, panic buying and localized fuel shortages. It posed a major political headache for President Joe Biden as the U.S. economy was starting to emerge from the COVID-19 pandemic.

The White House urged corporate executives and business leaders last week to step up security measures to protect against ransomware attacks after the Colonial hack and later intrusions that disrupted operations at a major meatpacking company.

Deputy FBI Director Paul Abbate, who spoke at the same news conference as Monaco on Monday, described DarkSide as a Russia-based cybercrime group.

Abbate said the FBI was tracking more than 100 ransomware variants. DarkSide itself victimized at least 90 U.S. companies, including manufacturers and healthcare providers, he said.

Colonial Chief Executive Joseph Blount, who will testify before the Senate on Tuesday, said in a statement that the company had worked closely with the FBI from the beginning and was "grateful for their swift work and professionalism."

"Holding cyber criminals accountable and disrupting the ecosystem that allows them to operate is the best way to deter and defend against future attacks," Blount said.

Commerce Secretary Gina Raimondo said on Sunday the Biden administration was looking at all options to defend against ransomware attacks and that the topic would be on the agenda when Biden meets Russian President Vladimir Putin this month.

Tom Robinson, co-founder of crypto tracking firm Elliptic, said that the bitcoin wallet from which the funds were taken had contained 69.6 bitcoins. The seizure announced on Monday was of just 63.7 bitcoins, which Robinson said likely represented the share that had gone to the DarkSide "affiliate" who had initially hacked into Colonial.

Investigators say DarkSide often used a partnership model with other hacking groups to compromise numerous victims.

DarkSide would normally keep a smaller share for its role in providing the encryption software and negotiating with the victim, Robinson said. On Monday, minutes after the first funds were transferred out, the rest followed. The U.S. government might have seized that second amount as well but not announced it yet, Robinson said.

The FBI affidavit filed on Monday said that the bureau had tracked the bitcoin through multiple wallets, using the public blockchain and tools. Small amounts were shaved off the initial 75 bitcoin payment along the way.

The remaining amount reached the final wallet on May 27 and stayed there until Monday.

U.S. seizes $2.3 million in bitcoin paid to Colonial Pipeline hackers
 

Related Articles

Add a Comment

Comment Guidelines

We encourage you to use comments to engage with other users, share your perspective and ask questions of authors and each other. However, in order to maintain the high level of discourse we’ve all come to value and expect, please keep the following criteria in mind:  

  •            Enrich the conversation, don’t trash it.

  •           Stay focused and on track. Only post material that’s relevant to the topic being discussed. 

  •           Be respectful. Even negative opinions can be framed positively and diplomatically. Avoid profanity, slander or personal attacks directed at an author or another user. Racism, sexism and other forms of discrimination will not be tolerated.

  • Use standard writing style. Include punctuation and upper and lower cases. Comments that are written in all caps and contain excessive use of symbols will be removed.
  • NOTE: Spam and/or promotional messages and comments containing links will be removed. Phone numbers, email addresses, links to personal or business websites, Skype/Telegram/WhatsApp etc. addresses (including links to groups) will also be removed; self-promotional material or business-related solicitations or PR (ie, contact me for signals/advice etc.), and/or any other comment that contains personal contact specifcs or advertising will be removed as well. In addition, any of the above-mentioned violations may result in suspension of your account.
  • Doxxing. We do not allow any sharing of private or personal contact or other information about any individual or organization. This will result in immediate suspension of the commentor and his or her account.
  • Don’t monopolize the conversation. We appreciate passion and conviction, but we also strongly believe in giving everyone a chance to air their point of view. Therefore, in addition to civil interaction, we expect commenters to offer their opinions succinctly and thoughtfully, but not so repeatedly that others are annoyed or offended. If we receive complaints about individuals who take over a thread or forum, we reserve the right to ban them from the site, without recourse.
  • Only English comments will be allowed.

Perpetrators of spam or abuse will be deleted from the site and prohibited from future registration at Investing.com’s discretion.

Write your thoughts here
 
Are you sure you want to delete this chart?
 
Post
Post also to:
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Thanks for your comment. Please note that all comments are pending until approved by our moderators. It may therefore take some time before it appears on our website.
Comments (8)
Alan Rice
Alan Rice Jun 08, 2021 12:12AM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Nice to see the US Government earning an honest buck , again !!
David David
David9 Jun 07, 2021 8:38PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
This is very very suspicious... how did they get the private key? I think this is another propaganda to blame Russia.... cause it totally does not make sense...
Steven Coom
Steven Coom Jun 07, 2021 6:20PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Anybody who knows anything about bitcoin knows that this story makes zero sense. You cannot simply gain access to private wallet keys and "seize" bitcoin...and, even if so, these sorts of criminals do not simply receive bitcoin and keep it all in one wallet. Hackers who have the capability of committing this type of cyber crime would not permit this to happen unless they were colluding with the government and/or this entire thing was simply a fabrication. A "Russian hacker" targeting Colonial Pipeline and demanding bitcoin, the government telling them to pay ransom, and then magically they gained access to the wallet where the hackers magically left all the funds sitting. There sure have been a lot of amazing explainable "coincidences" in DC involving the Biden administration that they do not explain, the media does not ask about, and people are just asked to blindly believe and give the government more power...
Ethan Strong
Ethan Strong Jun 07, 2021 6:20PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Very odd indeed.
James Andrews
James Andrews Jun 07, 2021 5:55PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Don't believe this for a second, the moment hackers received a sum like that it would be immediately transferred between myriad wallets and dispersed, never kept in the original receiving wallet in a lump sum. That money is GONE, trust me, this is desperate damage control.
Dean Patterson
Dean Patterson Jun 07, 2021 5:55PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
it's fake news, govt clinging to power through lies again
Jody Darden
Jody Darden Jun 07, 2021 5:55PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Or complete BS to begin with. Look where it affected. It literally FROZE a huge demonstration that was going to take place in Elizabeth City, NC after some footage was released of a criminal being gunned down.
Peemil Nicho
Peemil Nicho Jun 07, 2021 5:36PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
Each country currency have historical and value.from historical,why we.accept something.that.worthless.instead our unique,our pround,accept somethimg that.creat by someone ,some company instead??country is not for someone or some company.Its time to control use of crypto and time to use national digital currency instead.national digital currency differ from crypto but its same as paper cash ,another form.
Privacy Please
WTIHedge Jun 07, 2021 5:27PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
I would never buy $amc et al., but on the flip side who can really say what bitcoin is worth? Its worth what anyone is willing to pay and its possibly inherently worthless as well
Peemil Nicho
Peemil Nicho Jun 07, 2021 5:22PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
I want our currency,dont want crypto instead.
Peemil Nicho
Peemil Nicho Jun 07, 2021 5:22PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
national currency is unique and express ourself,cant instead.
Felipe Daniel
Felipe Daniel Jun 07, 2021 4:38PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
What is not told is that hackers are using our own NSA tools.
Steven Coom
Steven Coom Jun 07, 2021 4:38PM ET
Saved. See Saved Items.
This comment has already been saved in your Saved Items
At this point, the hackers seem more honest and trustworthy than the government..
 
Are you sure you want to delete this chart?
 
Post
 
Replace the attached chart with a new chart ?
1000
Your ability to comment is currently suspended due to negative user reports. Your status will be reviewed by our moderators.
Please wait a minute before you try to comment again.
Add Chart to Comment
Confirm Block

Are you sure you want to block %USER_NAME%?

By doing so, you and %USER_NAME% will not be able to see any of each other's Investing.com's posts.

%USER_NAME% was successfully added to your Block List

Since you’ve just unblocked this person, you must wait 48 hours before renewing the block.

Report this comment

I feel that this comment is:

Comment flagged

Thank You!

Your report has been sent to our moderators for review
Disclaimer: Fusion Media would like to remind you that the data contained in this website is not necessarily real-time nor accurate. All CFDs (stocks, indexes, futures) and Forex prices are not provided by exchanges but rather by market makers, and so prices may not be accurate and may differ from the actual market price, meaning prices are indicative and not appropriate for trading purposes. Therefore Fusion Media doesn`t bear any responsibility for any trading losses you might incur as a result of using this data.

Fusion Media or anyone involved with Fusion Media will not accept any liability for loss or damage as a result of reliance on the information including data, quotes, charts and buy/sell signals contained within this website. Please be fully informed regarding the risks and costs associated with trading the financial markets, it is one of the riskiest investment forms possible.
Continue with Google
or
Sign up with Email