Federal officials say that they have recovered more than half of the ransom paid in bitcoin to hackers who attacked the Colonial Pipeline Co. on April 29, effectively shutting down the gas supply to several major Eastern U.S. cities and sending many motorists into a panic.

The Russia-based hacker group, known as DarkSide, held the Alpharetta, Georgia-based fuel-delivery company at ransom by attacking a virtual private network account that allowed Colonial Pipeline employees to remotely access the company’s computer network. Joseph Blount, CEO of Colonial Pipeline, told The Wall Street Journal that he authorized the ransom payment of 75 bitcoin — roughly valued at $4.4 million — to get the pipeline operating again.

Colonial Pipeline provides about 45 percent of the fuel for the East Coast, according to the company. It is the nation’s largest fuel pipeline.

Federal officials have recovered $2.3 million in bitcoin. Deputy Attorney General Lisa Monaco said that Colonial Pipeline contacted law enforcement, allowing federal agents to track and seize a bitcoin wallet.

“The Department of Justice has found and recovered the majority of the ransom paid,” Deputy Attorney General Lisa Monaco said in a press briefing.

The FBI said it secretly gained access to DarkSide’s bitcoin wallet password, Business Insider reported.

About 15 percent of the total payment went to DarkSide, Coindesk reported.

The funds were seized as part of a ransomware task force created by the Department of Justice.

Ransomware attacks have been increasing and U.S. officials are scrambling to confront them, AP reported.

“By going after the entire ecosystem that fuels ransomware and digital extortion attacks — including criminal proceeds in the form of digital currency — we will continue to use all of our resources to increase the cost and consequences of ransomware and other cyber-based attacks,” Monaco said.

Cybercriminals prefer using cryptocurrency as a ransom because it allows direct online payments regardless of geographical location, and can be difficult to trace. 

Bitcoin users don’t have to provide any identifying information to start a bitcoin account, making it effectively anonymous, The Wall Street Journal reported.

“A bitcoin wallet is something you can possess and control without going through a third party,” said Yaya Fanusie, an adjunct senior fellow at the Center for a New American Security. “Bitcoin is a choice for scammers just because of that.”

Bitcoin is traceable. Since the network launched in 2009, every bitcoin transaction has been recorded and stored in a permanent, inalterable public ledger, which anybody can view and analyze at any time. This ledger is called the blockchain.

But bitcoin account holders aren’t traceable since ID is not needed. 

Users need both the private and the public keys for a Bitcoin address to access the funds. Both keys are a string of words and numbers. By matching the correct private key with the corresponding public key, users can take control over that bitcoin, Decrypt reported.

While bitcoin is thought of as “privacy money,” governments and law enforcement have been coming up with traceability tools to track Bitcoin transactions.

Many on Twitter were surprised that the U.S. government was able to seize part of the ransom.

Sven Henrich, founder of the online publication NorthmanTrader.com tweeted, “Wait, the government can seize #Bitcoin from accounts even overseas?”

Listen to GHOGH with Jamarlin Martin | Episode 74: Jamarlin Martin Jamarlin returns for a new season of the GHOGH podcast to discuss Bitcoin, bubbles, and Biden. He talks about the risk factors for Bitcoin as an investment asset including origin risk, speculative market structure, regulatory, and environment. Are broader financial markets in a massive speculative bubble?

Caitlin Long, founder/CEO digital asset bank Avanti Bank & Trust, wasn’t buying the technique the government said it used to recover the bitcoin.

“‘The FBI had the password to the hackers’ #Bitcoin account.’ Hmm–there’s no such thing as a ‘Bitcoin account.’ Did hackers use an exchange (in which case an ‘account’ existed, but it’s not a ‘bitcoin account’) or did the FBI have the private key to the hackers’ bitcoin wallet?” Long asked.

NBC News White House Correspondent Geoff Bennett tweeted a clarification, “While Bitcoin isn’t stored on a server, the private keys to unlock the Bitcoin may have been. In any event, an FBI official just told reporters that it doesn’t matter where the Bitcoin wallet is—the FBI still can get access. They won’t say how.”

Photo by Mika Baumeister on Unsplash

“The FBI successfully seized criminal proceeds from a Bitcoin wallet..” pic.twitter.com/F9RCKqSiBD

— Acyn (@Acyn) June 7, 2021

Wait, the government can seize #Bitcoin from accounts even overseas? https://t.co/PycQlYMdoO

— Sven Henrich (@NorthmanTrader) June 7, 2021

https://twitter.com/CaitlinLong_/status/1401993323393564673?s=20

It would be problematic for Bitcoin if it were highly useful in ransomware.

And if it's not useful for ransomware, then that's problematic too.

— Joe Weisenthal (@TheStalwart) June 7, 2021

#Bitcoin was NOT hacked
No bitcoin wallet was hacked, nor is even known to be possible. Ransom hackers used a rented cloud server. FBI got a subpoena and took control of it and recovered coins. That's it.

— Adam Back (@adam3us) June 8, 2021

The federal government says it seized by court order $2.3 million of the ransom paid by Colonial Pipeline.

The FBI had the password to the hackers' Bitcoin account, @PeteWilliamsNBC reports.

“Today we turned the tables on DarkSide,” says Deputy Attorney General Lisa Monaco.

— Geoff Bennett (@GeoffRBennett) June 7, 2021

Clarification via @KenDilanianNBC: While Bitcoin isn’t stored on a server, the private keys to unlock the Bitcoin may have been. In any event, an FBI official just told reporters that it doesn’t matter where the Bitcoin wallet is—the FBI still can get access. They won’t say how.

— Geoff Bennett (@GeoffRBennett) June 7, 2021

Photo by Mika Baumeister on Unsplash