The U.S. Department of Justice said Monday that they have recovered "a majority" of the bitcoin funds paid after a ransomware attack against an American pipeline operator.
Colonial Pipeline was hit by the ransomware attack in early May, triggering a temporary shutdown and an East Coast gas shortage across U.S. states in that region. It was later confirmed that Colonial paid 75 BTC, or about $5 million at then-current prices. Some of those funds were later sent to crypto exchanges as well as the dark web market Hydra for cash-outs.
On Monday, deputy U.S. attorney general Lisa Monaco said that an operation was conducted Monday to recover some of the funds, amounting to 63.7 BTC, an amount worth approximately $2.26 million. Monaco characterized the amount as "a majority." The operation was conducted by a task force dedicated to digital extortion and ransomware established in April.
"After Colonial Pipeline’s quick notification to law enforcement, and pursuant to a seizure warrant issued by the United States District Court for the Northern District of California earlier today, the Department of Justice has found and recaptured the majority of the ransom Colonial paid to the Dark Side Network in the wake of last month’s ransomware attack," Monaco said during a press conference.
According to a partially redacted court affidavit, the FBI traced transactions on the bitcoin blockchain following the payment by Colonial Pipeline through May 27, when some 63.7 BTC sent to one particular address, called the Subject Address in the document. The FBI has taken possession of the private key for this address, but the process by which it did so is unclear.
U.S. officials, including those in the Biden White House, have become increasingly vocal about ransomware — and cryptocurrency — in recent days. Earlier this month, a White House press official identified "expanding cryptocurrency analysis" as part of a broader focus on ransomware.
On Monday, National Security Advisor Jake Sullivan said the topic would be up for discussion during an upcoming G7 meeting.
In her remarks, Monaco issued a warning to U.S. companies about the threat to their operations.
"Pay attention now. Invest the resources now. Failure to do so could be the difference between being secure now or a victim later," Monaco said.
This is a developing story and more details will be added as information is obtained.
Gov.uscourts.cand.379840.1.0 by MichaelPatrickMcSweeney on Scribd