back to article Uncle Sam recovers 63.7 of 75 Bitcoins Colonial Pipeline paid to ransomware crew

The US Department of Justice on Monday said it has recovered 63.7 Bitcoins, right now worth $2.1m and falling, of the 75 or so BTC the Colonial Pipeline operators paid the ransomware miscreants who infected the fuel provider's computers. Deputy Attorney General Lisa Monaco said Colonial contacted the Feds shortly after some of …

  1. Anonymous Coward
    Anonymous Coward

    Sure i'll download a PDF from US gov website...

    . not.

  2. Anonymous Coward
    Anonymous Coward

    Blockchain

    Or Blockheadchain?

    1. bombastic bob Silver badge
      Devil

      Re: Blockchain

      BlockHEADchain

      ('cause they thought it couldn't be traced)

  3. Winkypop Silver badge
    Black Helicopters

    OK, I'll go first

    All your Bitcoin are belong to us

  4. Anonymous Vulture
    Facepalm

    Not your keys, not your crypto

    I will observe that the document referenced states "The private key for the Subject Address is in the possession of the FBI in the Northern District of California."

    Is it coincidence that the largest US Crypto Exchange, Coinbase is out of San Francisco, which is within the Northern District?

    In my mind its pretty clear how that private key wound up with the FBI. Coinbase or another exchange turned it over. This is why leaving crypto in an exchange wallet is a risky proposition.

    It's right here: https://www.coinbase.com/learn/crypto-basics/what-is-a-crypto-wallet "The Coinbase app will securely manage the rights to your private keys." Yes, and in this case it securely managed those rights to the FBI.

    Even the bad guys don't have a good handle on crypto management.

    1. sev.monster
      Black Helicopters

      Re: Not your keys, not your crypto

      They were probably getting ready to turn them into fiat, or had already turned some of it into fiat—hence the partial recovery. I'm surprised that the crims didn't immediately mix it ten ways from Sunday and convert it to other coins before trying to cash out. At least, that's what I would do. I'd also use Monero as an initial unit of exchange, since it's much harder to track.

      Hold on, someone's knocking at my door.

      1. General Purpose Silver badge

        Re: Not your keys, not your crypto

        Assuming the crooks aren't daft and could think it through much as you have, what does this tell us about the liquidity of BTC?

        1. Anonymous Coward
          Anonymous Coward

          Re: Not your keys, not your crypto

          Should the bad guys had the ransom paid in petroleum products then? Those are liquid at most realistic temps, unlike bitcoin.

          1. Yet Another Anonymous coward Silver badge

            Re: Not your keys, not your crypto

            Hand over is tricky.

            Leave a million barrels of Brent crude in unmarked drums under the mailbox on the corner.

            1. Charlie Clark Silver badge

              Re: Not your keys, not your crypto

              This is why the art market is so popular. But there have already been criminal investigations over some the metal "stored" in warehouses in London and elsewhere.

              1. Yet Another Anonymous coward Silver badge

                Re: Not your keys, not your crypto

                My moving several hundred gold bricks from the Brinks-Matt warehouse to a lockup in East London was a performance piece

          2. bombastic bob Silver badge
            Mushroom

            Re: Not your keys, not your crypto

            maybe they could pay it out using those exploding dye packs...

      2. Charlie Clark Silver badge

        Re: Not your keys, not your crypto

        US law holds any that plays along with conversion in such situations not just liable for the money but criminally liable: this means potentially much bigger fines. And part of the fun of blockchain, is that every transaction is recorded. Basically, cryptocurrencies come with their own indelible ink. Or, you can't hold them without at some point having to identify yourself. Traditional money laundering via the service industries is much more reliable and the banks will continue to make money by stealing from or betting against their customers.

        1. Claptrap314 Silver badge

          Re: Not your keys, not your crypto

          BTC is, ETH is. I do not believe that all are. Can't be bothered to work out what the truth is, even if they weren't spreading like a pox.

        2. sev.monster

          Re: Not your keys, not your crypto

          There are cryptos with much less open but still cryptographically verifiable transaction schemes, like the Monero I mentioned above. There are ways to cover your tracks with crypto, just seems the crims here didn't bother.

    2. Graham Cobb Silver badge

      Re: Not your keys, not your crypto

      It seems unlikely that this particular criminal gang is so ill-informed about Bitcoin that it would put so much money in a wallet with a key held by a commercial company. Aren't they supposed to be the creme-de-la-creme of ransomware hackers?

      I am going with the speculation in the article: that they feds acquired the key due to breaching the gang's servers.

      I am guessing that the "missing" money is the money-launderers fees - I have never laundered any money but 15-20% seems like a likely fee (if anything a bit low, but they were obviously rubbish launderers if the FBI were able to trace the transactions back to the satisfaction of the US court authorising the impounding).

      1. Claptrap314 Silver badge

        Re: Not your keys, not your crypto

        The article references "affiliate fees"--think like a sales commission. The BTC had not been laundered yet--that's why they could grab it out of a single wallet.

        My understanding is that 2% is something of a going historic rate for laundering. No idea what it's like in coin.

  5. Androgynous Cupboard Silver badge

    FBI has been busy

    Clearly they had the private key because they actually ARE Darkside. It's all part of their master plan to abuse paedophiles in the basement of the set of the moon landings while eating Pizza. And we still don't know what the frequency is. Where's Kenneth? KENNETH?

    1. John Brown (no body) Silver badge
      Coat

      Re: FBI has been busy

      They killed Kenny. The bastards!

    2. Arthur the cat Silver badge
      Black Helicopters

      Re: FBI has been busy

      Clearly they had the private key because they actually ARE Darkside.

      You're just spreading that rumour because you're part of the Illuminati and the Trilateral Commission wants you to stop it.

    3. Anonymous Coward
      Devil

      Re: FBI has been busy

      Obviously, the Lizard People can break blockchain. How do you think they're financing their master plan .

      1. Snake Silver badge
        Alien

        Re: financing

        We have had access to plenty of various forms of human trading materials for quite a while now, "financing" is not the problem. Converting warmbloods' physiology we have now realized is a much slower process, however.

        That, and controlling / removing their constant war-like tendencies. Such a headache. Previous projects on other planets were so much simpler. I miss the good times.

  6. Anonymous Coward
    Black Helicopters

    Something doesn't smell right about this

    As others have already observed, the only way the FBI could have obtained the private key to this wallet is if the crooks were stupid enough to send the same coins, or insufficiently laundered coins to an internet wallet where the provider holds the private key and where they are subject to US control.

    Are they really that stupid?

    1. Logiker72

      Re: Something doesn't smell right about this

      BTC is stored on ordinary computers. Said computers* have cyber weaknesses. FBI and the rest of gov own stashes of exploits. So they used an exploit to read the contents of the bad guy computer. As part of this operation, they got the wallet key and all other keymat, such as passphrase and account pw.

      *yeah,even Linux and xBSD

      1. jake Silver badge

        Re: Something doesn't smell right about this

        "cyber weaknesses"

        Yet another phrase to filter on for the bitbucket ...

  7. Duffaboy
    Coat

    Mulder and Scully

    Strike again

  8. Danny 2 Silver badge

    News websites down (off topic)

    The Atlantic and NYT sites are down. I thought it may be a transatlantic issue but the BBC just reported it's affecting British and Australian sites too.

    1. MiguelC Silver badge
  9. oiseau Silver badge
    WTF?

    Fishy all over

    Something smells bad here.

    Fishy all over.

    I don't know exactly how the virtual currency system works.

    But if you can store your keys in someone else's wallet and depend on their alleged security, you can also store it in your wallet and depend on whatever security you decide to implement and move it only once you want to make it physical currency.

    If there's someone who knows how to do that it's the ransomware crew.

    No?

    So ...

    How come these crooks did not store it in an encrypted drive hidden somewhere or in their posession?

    ie: if I ran from my office with my company's payroll, be sure you will not see me making a bank deposit.

    Could it be that they are really that stupid?

    Me thinks not.

    This looks like part of a very elaborate government (?) sponsored plan to push for the implementation of backdoors.

    Has anyone noticed that ransomware targets are never off shore/overseas investment banks up to the ceiling in dark/pre-laundered money?

    O.

    1. Arthur the cat Silver badge

      Re: Fishy all over

      Something smells bad here.

      Fishy all over.

      You think they should be prosecuted under the Common Porpoise legal doctrine?

    2. yetanotheraoc Silver badge

      Re: Fishy all over

      "How come these crooks did not store it in an encrypted drive hidden somewhere or in their posession?"

      Maybe there is more than one crook and they couldn't agree which one would hold the encrypted hidden drive.

    3. jake Silver badge

      Re: Fishy all over

      "Has anyone noticed that ransomware targets are never off shore/overseas investment banks up to the ceiling in dark/pre-laundered money?"

      How would you know, if they never report it?

      I mean, would YOU draw attention to yourself if you were laundering dirty money?

  10. yetanotheraoc Silver badge

    Another stake in the heart

    BTC -.> sell.

    1. bombastic bob Silver badge
      Pirate

      Re: Another stake in the heart

      sorta mentioned in the article, BTC apparently dropped quite a bit in value... and if it is THAT easy for the FBI to play 'follow the money' to find crooks, BTC has significantly less value at hiding them from Johnny Law.

      (yet another reason why I don't invest in it)

      1. Claptrap314 Silver badge

        Re: Another stake in the heart

        By design, all transactions of BTC are public between wallets. Establishing the link between a wallet and an individual is left as an exercise for your local TLA. There are services (Bitmixer?) that darken things.

  11. David 164

    I think after today, my guess is the store the keys on the FBI ANoM phone.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like