The FBI has regained most of the Colonial Pipeline ransom by secretly accessing Darkside’s Bitcoin wallet password.

The Bitcoin logo appears on the device on the smartphone screen and is

The FBI managed to gain access to the “private key” of the Bitcoin wallet used by the dark side of the hacking group to pay the ransom. Budoluru Chukult / Getty Images

The Justice Ministry said on Monday Regained most of the ransom The Colonial Pipeline shut down last month and paid hackers who caused major fuel shortages and price increases.

The DOJ said it had regained $ 2.3 million worth of Bitcoin out of the $ 4.4 million ransom paid by Colonial to the group behind the hack, the Dark Side.

How did the government withdraw it?

According to the DOJ, the FBI had the actual password for the Bitcoin wallet to which the Dark Side sent the ransom, so the FBI could easily seize the funds.

“Chasing money”

Despite the increasingly sophisticated use of technology by cybercriminals to commit crimes, the Justice Department said it used a proven approach to regaining colonial ransom payments.

Deputy Attorney General Lisa Monaco said in a Judiciary Ministry press release:

Colonial hacked on the dark side According to the DOJ, he warned the FBI on May 7, and on the same day.

Operation stopped on May 8th, New gas crisis, Colonial chose to pay the ransom (at the same time) Trying to shut down the hack).

The Colonial told the FBI that the Dark Side had instructed them to send about $ 4.3 million worth of 75 Bitcoins at the time. Affidavit from FBI Special Investigator Involved in the investigation.

FBI agents then use Blockchain Explorer, a software that allows users to search blockchains such as Bitcoin to determine the amount and destination of a transaction, and the dark side uses a variety of Bitcoin addresses (bank accounts). I found out that I tried to wash the money through (similar to). , According to Afadabit.

Finally, through Blockchain Explorer, the FBI agent was able to track 63.7 Bitcoins and a single address that received a large amount of payments on May 27th.

Fortunately for the FBI, according to the agent’s affidavit, the FBI had the very private key (essentially the password) for that address.

Bitcoin address Two-key encryption method To keep your transactions secure: One is public and the other is your private public key, so anyone can send money to that address. However, if the sender encrypts the payment with the recipient’s public key, only the recipient’s private key can decrypt and access the money.

Therefore, the private key is kept confidential and stored in a safe place. As of January $ 140 billion Bitcoin -Approximately 20% of existing Bitcoins-were stored in wallets where people forgot or lost their private keys.

In the case of Darkside, the FBI managed to get access to the public key, and after getting a foreclosure warrant from federal court, the FBI used that key to access Darkside’s address, 63.7 Bitcoin (about $ 2.3 million). Swipe.

The FBI did not reveal how it got the key, but said it sent a warning to other potential ransomware hackers.

“Ransom payments are the driving force behind digital blackmail engines, and today’s announcement is to use all the tools available in the United States to make these attacks more expensive and less profitable for criminal companies. “Shows,” Monaco said in the release.

Read the original article Business insider

Posted on