The FBI reportedly used blockchain tools to track the 75 bitcoins as hackers moved them through several wallets.
The US Justice Department has seized $2.3 million worth of Bitcoin from a wallet that hackers used to receive a ransom from Colonial Pipeline Co, Deputy Attorney General Lisa Monaco said on Monday.
Colonial Pipeline reportedly paid 75 bitcoins valued at $5 million on 8 May. According to the Justice Department, investigators had recovered 63.7 bitcoins, worth about $2.3 million.
“Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises,” Monaco said in a press release published by the Justice Department.
The recovery follows a crackdown by US authorities, with the hack that led to the ransom described as the most disruptive cyberattack in the country. Last month, hackers breached Colonial’s security systems and caused a massive shortage of gas on the US East Coast.
The attack saw an extended shutdown of operations at the company. Gas prices ballooned amid panic buying and shortages.
“We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks,” Monaco added during a news conference.
FBI links hackers to Russia-based DarkSide group
An affidavit filed in court on Monday shows that the bitcoins were recovered after the FBI accessed the private key to the Bitcoin wallet the attackers used. Although investigators did not specify how they got the private key, court documents show that the address was accessed in the Northern District of California and is connected to the DarkSide group.
“There is no place beyond the reach of the FBI to conceal illicit funds that will prevent us from imposing risk and consequences upon malicious cyber actors,” said Deputy FBI Director Paul Abatte.
According to the FBI, DarkSide is a Russia-based hacker group that allegedly carries out its attacks in collaboration with other hacker groups, which is seen as an attempt to victimise as many targets as possible.
It is estimated nearly 90 companies in the US have fallen victim to the group, including healthcare providers and manufacturers.
