U.S. seizes $2.3 million in bitcoin paid to Colonial Pipeline hackers
Send a link to a friend
 [June 08, 2021]
By Sarah N. Lynch, Christopher Bing and Joseph Menn
WASHINGTON (Reuters) -The Justice
Department on Monday recovered some $2.3 million in cryptocurrency
ransom paid by Colonial Pipeline Co, cracking down on hackers who
launched the most disruptive U.S. cyberattack on record.
Deputy Attorney General Lisa Monaco said investigators had seized 63.7
bitcoins, now valued at about $2.3 million, paid by Colonial after last
month's hack of its systems that led to massive shortages at U.S. East
Coast gas stations.
The Justice Department has "found and recaptured the majority" of the
ransom paid by Colonial, Monaco said.
An affidavit filed on Monday said the FBI was in possession of a private
key to unlock a bitcoin wallet that had received most of the funds. It
was unclear how the FBI gained access to the key.
A judge in San Francisco approved the seizure of funds from this "cryptocurrency
address," which the filing said was located in the Northern District of
California.
Colonial Pipeline had said it paid the hackers nearly $5 million to
regain access. Bitcoin was trading down nearly 5% around 1800 ET (2200
GMT). The cryptocurrency's value has dropped to around $34,000 in recent
weeks after hitting a high of $63,000 in April.
Bitcoin seizures are rare, but authorities have stepped up their
expertise in tracking the flow of digital money as ransomware has become
a growing national security threat and put a further strain on relations
between the United States and Russia, where many of the gangs are based.
"Right now, prosecution is a pipedream," Vice President John Hultquist
of the Mandiant cybersecurity firm said in praising the move. "Disrupt.
Disrupt. Disrupt."
The hack, attributed by the FBI to a gang called DarkSide, caused a
days-long shutdown that led to a spike in gas prices, panic buying and
localized fuel shortages. It posed a major political headache for
President Joe Biden as the U.S. economy was starting to emerge from the
COVID-19 pandemic.
The White House urged corporate executives and business leaders last
week to step up security measures to protect against ransomware attacks
after the Colonial hack and later intrusions that disrupted operations
at a major meatpacking company.
Deputy FBI Director Paul Abbate, who spoke at the same news conference
as Monaco on Monday, described DarkSide as a Russia-based cybercrime
group.
Abbate said the FBI was tracking more than 100 ransomware variants.
DarkSide itself victimized at least 90 U.S. companies, including
manufacturers and healthcare providers, he said.
[to top of second column]
|
Deputy U.S. Attorney General Lisa Monaco announces the recovery of
millions of dollars worth of cryptocurrency from the Colonial
Pipeline Co. ransomware attacks as she speaks during a news
conference with FBI Deputy Director Paul Abbate and Acting U.S.
Attorney for the Northern District of California Stephanie Hinds at
the Justice Department in Washington, U.S., June 7, 2021.
REUTERS/Jonathan Ernst/Pool
Colonial Chief Executive Joseph Blount, who will
testify before the Senate on Tuesday, said in a statement that the
company had worked closely with the FBI from the beginning and was
"grateful for their swift work and professionalism."
"Holding cyber criminals accountable and disrupting the ecosystem
that allows them to operate is the best way to deter and defend
against future attacks," Blount said.
Commerce Secretary Gina Raimondo said on Sunday the Biden
administration was looking at all options to defend against
ransomware attacks and that the topic would be on the agenda when
Biden meets Russian President Vladimir Putin this month.
Tom Robinson, co-founder of crypto tracking firm Elliptic, said that
the bitcoin wallet from which the funds were taken had contained
69.6 bitcoins. The seizure announced on Monday was of just 63.7
bitcoins, which Robinson said likely represented the share that had
gone to the DarkSide "affiliate" who had initially hacked into
Colonial.
Investigators say DarkSide often used a partnership model with other
hacking groups to compromise numerous victims.
DarkSide would normally keep a smaller share for its role in
providing the encryption software and negotiating with the victim,
Robinson said. On Monday, minutes after the first funds were
transferred out, the rest followed. The U.S. government might have
seized that second amount as well but not announced it yet, Robinson
said.
The FBI affidavit filed on Monday said that the bureau had tracked
the bitcoin through multiple wallets, using the public blockchain
and tools. Small amounts were shaved off the initial 75 bitcoin
payment along the way.
The remaining amount reached the final wallet on May 27 and stayed
there until Monday.
(Reporting by Sarah N. Lynch, Jan Wolfe, Tim Ahmann, and Christopher
Bing in Washington, Joseph Menn in San Franciso and Stephanie Kelly
in New York; Writing by Mohammad Zargham and Lisa Lambert; Editing
by Howard Goller)
[© 2021 Thomson Reuters. All rights
reserved.] Copyright 2021 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
Thompson Reuters is solely responsible for this content. |
