Security lapse, not ‘hack’, likely behind FBI’s recovery of ransomware Bitcoins

Experts are still puzzling out how the FBI clawed back most of the bitcoins that a pipeline operator paid as ransom to an affiliate of the DarkSide hacker — but they say there’s nothing about the matter that shows the cryptocurrency network is insecure.

Bitcoin FBI

© Stockhead Australia
Bitcoin FBI

Rather, the hacker or hackers simple made some kind of elementary blunder that let the FBI take the coins, analysts said.


Load Error

“Basically it is theft from a wallet due to poor security practices from a wallet owner,” Jonothon Miller, managing director at crypto exchange Kraken Australia, told Stockhead.

“You can’t hack the bitcoin blockchain. It’s pretty much impossible and would break the whole network.”

The FBI wasn’t able to recover all 75 bitcoin paid by Colonial Pipeline, but they took back 63.7 coins – 85 per cent.

Court papers indicated that the FBI had the private key to the wallet — the rough equivalent of a password — but gave no indication as to how they got it.

“The ‘obtained the private key’ part of their statement is doing a lot of work,” Nicholas Weaver, a lecturer at the computer science department at University of California, Berkeley, told KrebsOnSecurity.

“It is ONLY the Colonial Pipeline ransom, and it looks to be only the affiliate’s take.”

There was some one speculation that ransom was able to be seized because the hackers had tried to move it through Coinbase — but both the exchange and the FBI shot that down.

Coinbase’s director of security also tweeted that a line in the FBI affidavit mentioning Northern California didn’t mean much.