advertisement
advertisement

Stolen bitcoin is hard to get back, but the FBI says it just did it

Federal agents have recovered most, but not all, of the bitcoin ransom paid in the Colonial Pipeline hack, Justice Department officials say.

Stolen bitcoin is hard to get back, but the FBI says it just did it
[Photo: Drew Angerer/Getty Images]
advertisement
advertisement

An operation led by the FBI San Francisco Division recovered $2.3 million, or 63.7 bitcoin, of the ransom paid by Colonial Pipeline after its systems were infected with ransomware, officials said Monday.

advertisement
advertisement

The total ransom was reportedly 75 bitcoin, then valued at around $4.4 million, meaning the majority, but not all, of the funds were recovered. Officials said they looked at bitcoin transaction records and identified a bitcoin wallet used to hold the digital currency and were able to seize it under court order. The FBI had obtained the private encryption key, similar to a password, used to transfer funds out of the digital wallet, officials said.

“Following the money remains one of the most basic, yet powerful, tools we have,” said Deputy Attorney General Lisa O. Monaco in a statement.

Neither the official statement nor public court records explain how the FBI got the key.

advertisement
advertisement

Traditionally, bitcoin is used for ransomware and other illicit transactions because it is considered more difficult to trace and seize than other means of sending money, such as wiring money to a bank account. But it is often still possible to track the movement of bitcoin through the shared public transaction record known as the blockchain, making it difficult for high-profile proceeds of criminal activity to be exchanged for traditional currency. And bitcoin can generally be transferred by anyone who is able to obtain the private key associated with the virtual wallet where it’s stored.

The Colonial hack led to some gasoline shortages along the East Coast, after the shuttering of the pipeline that carries a substantial portion of the region’s motor fuel supply spurred panic buying. The pipeline was shut for about six days, fully resuming service by May 15.

Ransomware has become an increasingly visible problem in recent months, also affecting operations at meatpacking giant JBS and some local TV stations.

About the author

Steven Melendez is an independent journalist living in New Orleans.

More