The U.S. Justice Department scored a rare victory against ransomware criminals this week, recovering most of the Bitcoin the crooks extorted following a high-profile attack on Colonial Pipeline.
As the New York Times recounted, the feds' victory against the hackers shows how Bitcoin can be traced on its public blockchain network—a fact well-known to those versed in crypto, but less so to the general public. But what the Times and others did not explain is just how the Justice Department got its hands on the Bitcoin in the first place.
The mystery is especially puzzling since the ransomware gang's attack was sophisticated enough to cripple the east coast energy supply. If the gang could pull that off, how could they be so dumb as to put the Bitcoin ransom in a digital wallet that lay within the reach of U.S. law enforcement?
In a typical ransomware attack, the victims can't recover the Bitcoin because the perpetrators and their wallet are located overseas. Sure, it's possible to trace the payments on the public blockchain. But the crooks usually whisk the Bitcoins into so-called mixers—services that blend the Bitcoins with other funds' or convert them into other cryptocurrencies—and disperse them into other wallets, making the funds all but impossible to seize. So what happened with the Colonial Pipeline ransom?