How Did the Feds Seize the Colonial Pipeline Ransomware Bitcoins?
When Colonial Pipeline was hit with a ransomware attack in early May, the firm—which transports some 45 percent of the East Coast’s fuel supply—shut down its operations as a precaution and paid the ransom, reportedly 75 bitcoins (about $4.4 million then). Fuel shortages ensued, and the US government announced it would intensify its focus on ransomware hacks.
On Monday, the United States Department of Justice made a surprising announcement: it claimed to have recovered a majority of the cryptocurrency ransom paid, some 63.7 BTC—about $2.1 million now, due to a weakened cryptocurrency market. It’s an unexpected postscript to a story that many assumed was already complete, as the pseudonymous nature of cryptocurrency seemingly makes such ransom payments incredibly difficult to claw back. Now, the question on many crypto-watchers’ minds is: how did the feds seize the bitcoins?
According to the Justice Department’s Monday announcement, it traced movement of the ransom payment on the Bitcoin blockchain from the original digital wallet to others, with that 63.7 BTC sum discovered in a wallet that the FBI obtained the private key to unlock. A cryptographic private key corresponds to the public key, which is a Bitcoin address, and ownership of the private key confers ownership of the funds. In fact, there’s a common saying in crypto: “Not your keys, not your coins.”
