One of the main perks the use of cryptocurrencies offers its users is the security of transactions. While a lot of people have joined the Bitcoin train because of this reason, there are also bad actors in this crowd who see Bitcoin and indeed cryptocurrencies as a way to continue to carry out their nefarious activities. This is why the seizure of about $2.3 million worth of Bitcoin by the U.S. Department of Justice has been lauded around the world.
The back story
Criminal hacking group DarkSide on May 7 2021, reportedly carried out a ransomware cyberattack on Colonial Pipeline; an American oil pipeline system with origins in Houston, Texas. This pipeline carries mainly jet fuel and gasoline to the southeastern parts of the United States. The impact of this attack affected computerised equipment that was managing the pipeline, and Colonial Pipeline was forced to halt operations to contain the attack. Within several hours of the attack, Colonial Pipeline paid the demanded ransom of 75 Bitcoins (or $4.4 million at the time) with the assistance of the FBI. After the ransom was paid, the hackers then sent Colonial Pipeline software that would restore their network but this software was too slow and Colonial Pipeline had to carry out the restoration using their own backups.
This attack was the largest cyber attack on an oil facility in the history of the US.
Impact of the attack
As a result of the attack on the pipeline facility, the billing system of Colonial Pipeline was compromised and amid increasing concerns, and as a measure of precaution, the authorities at Colonial Pipeline shut down the pipeline. This shutdown resulted in fuel shortages at major American airports like the Charlotte Douglas International Airport, the Hartsfield-Jackson Atlanta International Airport and at least five other airports that are directly serviced by the pipeline. American Airlines changed flight schedules temporarily as a result of this and at least two flights going to London and Honolulu had to either change planes or stop for refuelling for a four-day period.
Fuel shortages began occurring at filling stations and the shutdown entered its fourth day. By May 11, 71% of filling stations in Charlotte had run out of fuel and by May 14, 87% of filling stations In Washington DC were exhausted. Fuel prices also rose to their highest since 2014, with a gallon going for $3.
In response to these happenings, U.S. President Joe Biden declared a state of emergency on May 9, and in an attempt to reduce potential shortages, removed the limits to which transportation of fuel by road can be carried out.
In a statement that did not directly mention the Colonial pipeline released on May 9, the criminal hacking group DarkSide said “our goal is to make money, and not creating problems for the society”. They also went on to say that they would launch checks on fellow online criminals “to avoid consequences in the future.”
Investigation and seizure
After launching an investigation into the hack and the hackers behind it, the U.S. Justice Department on June 7 announced it had recovered about $2.3 million of the ransom paid in cryptocurrency by Colonial Pipeline. In a news conference, Deputy Attorney General Lisa Monaco said 63.7 Bitcoins were seized by investigators. That bitcoin seizure was valued at about $2.3 million at the time. Monaco said the Justice Department had “found and recaptured the majority” of the ransom paid by Colonial.
A judge in San Francisco approved the application to seize the funds in a Cryptocurrency wallet to which the FBI was said to be in possession of a private key. Vice president of Mandiant Cybersecurity firm, John Hultquist while praising the move said, “Right now, the prosecution is a pipedream. Disrupt. Disrupt. Disrupt.”
Speaking at the same news conference as Monaco, FBI Deputy Director Paul Abbate described DarkSide as a cybercrime group that is based in Russia. He went on to say the FBI was tracking over 100 variants of ransomware and that DarkSide alone had victimised at least 90 U.S. Companies.
In a statement, Colonial Chief Executive Joseph Blount said the company worked closely with the FBI from the start and was “grateful for their swift work and professionalism.”
Co-Founder of Crypto tracking firm Elliptic, Tom Robinson said the Bitcoin wallet the DOJ had seized funds from had contained 69.6 Bitcoins. The announcement of 63.7 Bitcoins in seizures likely represented the share that DarkSide’s “affiliates” had received.
In an affidavit filed by the FBI, the Bitcoin was said to be tracked by the Bureau through multiple wallets on the public blockchain. On the way to the final wallet transfer on May 27, small amounts were shaved off the initial 75 Bitcoin payment.