The United States government officials with a task force have seized more than $2 million in crypto used to pay for ransom after an attack on the Colonial Pipeline system.
It has been reported that Deputy Attorney General Lisa Monaco said that the task force “found and recaptured” millions of dollars worth of Bitcoin (BTC) connected to Russia-based DarkSide hackers, the majority of the $4.4 million funds originally paid.
However, a warrant filed with the US District Court for the Northern District of California shows that authorities recovered 63.7 BTC, worth around $2.3 million at the time.
Monaco said that this action was the first major operation in the task force’s mission to investigate, disrupt, and prosecute ransomware attacks.
“Today, we turned the tables on DarkSide. […] By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks.”
Likewise, DarkSide’s attack on the major pipeline last month caused fuel shortages for many people in the United States.
Monaco said that the company quickly notified authorities of the problem and ransom demand, leading to the task force’s involvement.
A U.S. government task force recovered $2.3M, that's roughly 64 BTC, from the Colonial Pipeline ransom. How did they do it? https://t.co/a7lt6BriTD — Cointelegraph (@Cointelegraph) June 8, 2021
In the same press conference, FBI Deputy Associate Director Paul Abatte said officials seized the funds from a BTC wallet used to pay the ransom for the cyberattack.
Thus, officials could have identified DarkSide as the ones responsible and used their network to trace the funds soon after the attack, but this method has had mixed success with ransomware groups.