In my May 25, 2021, blog post “Sleuthing DarkSide Crypto-Ransom Payments with the Wolfram Language,” I detailed how I used the Wolfram Language, public knowledge and some guesswork to track crypto-ransom payments made by Colonial Pipeline on May 8 and Brenntag on May 11 to the Russian hacker group DarkSide. These payments, which totaled millions of dollars, were subsequently distributed to different accounts, and on May 13, DarkSide announced it was disbanding.
On June 7, the FBI seized 63.7 bitcoin (BTC), approximately $2.3 million USD, from one of the addresses to which DarkSide’s cluster, described in my earlier post, sent their ransom funds. Normally, this should have been inaccessible to anyone without a private key for that address. The FBI apparently managed, however, to obtain one.
Did the FBI run a brute-force attack on a billion-dollar supercomputer to find the private key? For the elliptic curve secp256k1, which Bitcoin is based on, the number of possible private keys for a particular public key is approximately: