On June 7, the United States Justice Department and the Federal Bureau of Investigation (FBI) announced the â€œrecoveryâ€ of 63.70 bitcoin from the funds Colonial Pipeline sent to the hackers. The official story has a number of inconsistencies and federal investigators did not disclose how the FBI was able to confiscate the Darkside gangâ€™s private key.
Darkside Ransomware Gang Story Loaded With Discrepancies and a Vague Bitcoin Key Capture
The cryptocurrency space has been discussing the recent law enforcement capture of 63.7 BTC or $2.3 million worth of bitcoin at the time of seizure. There have been issues with the way the story has unfolded and people are skeptical of the official story. Bitcoin.com News reported on Monday, how the Justice Department and Deputy Attorney General Lisa Monaco revealed the seizure story. Monaco detailed that federal authorities had â€œturned the tables on Darkside.â€
But from the very moment this story broke by a number of mainstream media outlets, there were a few discrepancies. The first was whether or not the U.S. government advised Colonial Pipeline to oblige the ransomware demands or specifically told the company to pay. If the government did tell the business to pay Darkside then it would contradict the governmentâ€™s stance toward not paying ransomware hackers.
Another issue with the original story is when CNN originally reported on the hack, the news outlet claimed the oil company wasnâ€™t intending to pay the ransom. According to Bloomberg, shortly after, Colonial Pipeline did pay nearly $5 million to the ransomware gang Darkside.
Besides the two contradicting elements in both CNN and Bloombergâ€™s stories, the articles also noted differences with the digital currency used. CNN originally reported that the payment was demanded to be paid in â€œbitcoin,â€ while Bloomberg wrote Darkside asked for â€œdifficult-to-traceâ€ cryptocurrencies. CNNâ€™s article was updated after Bloombergâ€™s article published to reflect the same narrative.
Then thereâ€™s the fact that it is impossible to crack a bitcoin (BTC) key without forcing the owner to reveal the private key. This is a constant theme on Twitter, as the crypto community discusses the situation of how the FBI agent obtained the private key. The storyâ€™s affidavit filed on June 7, 2021, explains how law enforcement leveraged â€œblockchain explorersâ€ to trace the coins. But other than that the affidavit is extremely vague and contains lots of redactions.
The report published yesterday on Bitcoin.com News explains that executives from Blockchain Intelligence Group (CSE: BIGG) highlight that law enforcement was dependent on â€œtraining and analysis [that] requires advanced tools and learningâ€ Other blockchain surveillance companies also followed the ransomware coins as Elliptic recently wrote about following Darkside funds.
So far between all the comments from Monaco, the Justice Department, the FBI agentâ€™s affidavit, and comments from a few blockchain analysis teams, there are no dots that are deeply connected to how the FBI obtained ownership of the private key now in possession.
Crypto Sleuths Discover Hackers Stored Data on the Cloud, Feds Obtain Cloud Server Password via Warrant
A report published by NPR discloses three possible scenarios. One possibility, NPRâ€™s Vanessa Romo notes is that maybe the federal agents were tipped off by an insider in the Darkside gang. The second theory is that Darkside was â€œcarelessâ€ or a member of the gang slipped by releasing information tied to the key.
Another theory could be that the FBI was able to shakedown a third party or possibly a cryptocurrency exchange. Some people even openly attacked bitcoinâ€™s â€œkey selling pointsâ€ that it was supposed to be â€œbeyond the reach of the government.â€
The lawyer Jake Chervinsky who often comments on the blockchain and crypto space regularly said: â€œWe donâ€™t know exactly how FBI seized the Colonial Pipeline ransom [and] theyâ€™re not telling us. The warrant application suggests they got the private key. Maybe from the DarkSide server seizure? Thereâ€™s no suggestion that an exchange or custodian was involved, but thatâ€™s possible.â€
Independent journalist Jordan Schachtel gave his opinion about the situation on Twitter and told his 123,000 followers that the â€œFBI did not â€˜hack backâ€™ a bitcoin wallet, despite claims that they did. Itâ€™s mathematically impossible to hack private keys.â€ Schachtel continued:
Schachtel and many others also discovered the warrant that does indicate the U.S. government obtained the key by leveraging a warrant. The journalist said that it was possibly an exchange based in San Fransico or a database server based in the state of California.
The CSO at Coinbase, Philip Martin, said he saw a lot of accusations pointing at Coinbase as possibly being â€œinvolvedâ€ with the seizure. Martin and Coinbase insist that â€œCoinbase was not the target of the warrant and did not receive the ransom or any part of the ransom at any point. We also have no evidence that the funds went through a Coinbase account/wallet.â€
The election attorney, litigator, and bitcoin practice group leader, Bryan Jacoutot, reiterated the fact that bitcoin private keys cannot be â€œhacked.â€
â€œFor those of you who think the US govâ€™t cracked SHA-256 and correctly guessed the private key of the Colonial Pipeline hackers,â€ Jacoutot said. â€œHereâ€™s a fun fact: The size of bitcoinâ€™s private key space is 10^77. For comparison, the amount of *atoms* in the observable universe is 10^80.â€
A Twitter account called â€œCthulhuâ€ mentioned it could be a false flag and said:
â€œThe FBI either was given the private keys or they stole them,â€ another individual dubbed Kingt Crypto remarked on Monday. The FBI didnâ€™t crack a bitcoin wallet. No one can crack a secure bitcoin wallet. The FBI obtained the private keys to the Darkside funds via getting an encryption key to a cloud server by obtaining a warrant issued in San Fransico.
Currently, as the story continues to trend across the web, there are lots of skeptics questioning the â€˜officialâ€™ tale told by the U.S. government.
Do you believe the federal governmentâ€™s official story about the Colonial Pipeline bitcoin ransomware case? Let us know what you think about this subject in the comments section below.
Disclaimer: This article is for informational purposes only. It is not a direct offer or solicitation of an offer to buy or sell, or a recommendation or endorsement of any products, services, or companies. Bitcoin.com does not provide investment, tax, legal, or accounting advice. Neither the company nor the author is responsible, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any content, goods or services mentioned in this article.