I think that the people here speculating about the FBI and private keys are greatly overestimating the competency of these hackers.
While it's possible this it he FBI flexing some muscle that they have a backdoor into bitcoin's hashing algorithm, what seems much more likely (to me) is:
There is a more sophisticated hacking group which created this particular ransomware package. They sell this ransomware package to less sophisticated criminals.
Is it so hard to imagine a scenario where the more advanced creators of this ransomware kit gave instructions to their purchasers on things like private keys, and the end user simply ignored them?
Somebody ignoring a warning when installing a software, and that allowing the FBI to subpeona access to the server where it was running, and grab this private key, seems FAR more likely to me than the FBI having a backdoor into BTC, or this all being a cover spy novel plot, or anything like that.
I mean we know the hack wasn’t sophisticated at all. It seems to me the hackers are opportunists, scanning for vulnerabilities and weak VPNs. People are confusing grunt work with sophistication. They would’ve used ransomware against any target that they breached that they thought could pay. Too young or too stupid to think through the consequences.
Thread below indicates what happened is they were incredibly naive and eventually used a US exchange wallet. Just script kiddies really.
> I think that the people here speculating about the FBI and private keys are greatly overestimating the competency of these hackers.
It's like if some dumbass was beating the crap out of people to steal their money and everyone in the boxing community was suprised that he's not a world class boxer.
It is also possible that criminals made themself look stupid and sacrificed a small part (~70 of 310 BTC) of monthly income to throw FBI a bone, so they can fuck off gracefully.
A "backdoor in bitcoin's hashing algorithm" would not help them recover a private key. "bitcoin's hashing algorithm" is, for PoW, SHA256. The only relevant break for PoW would be a break in preimage resistance; this would allow the attacker to mine blocks faster, which does not allow them to calculate private keys. They could use that to mine an alternate history where the ransomware attack did not occur, but that would of course be immediately obvious.
Preimage attacks tend to be much more rare than collision attacks. MD5 for example still has no publicly known practical preimage attacks.
They seized private key and if it was encrypted/hashed they cracked it. It could've Bitcoin brain wallet and they cracked the actual ASCII password of the wallet.
This story makes absolutely no sense at all. The errors present by these hackers are so comical it's simply unbelievable. I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key? I'm starting to entertain the conspiracies that the future of commodities price manipulation is fake ransomware attacks. There needs to be a serious audit of CME derivatives trading. There will come a day when some oil futures trader pays a ransomware group or an employee at a pipeline company and makes billions.
People overestimate criminals. The ones that get caught, especially.
What would you do if you were a foreign intelligence service? Participate in attacks yourself?
No! You would drop hints and supply tools sideways to sloppy groups of idiots enabling them to be destructive, maybe acquiring some funds, and keeping your hands as clean as possible. Then when it comes out that "elite russian hackers" were incompetent idiots, it makes people think the claims of your connection to the crimes are even less likely.
Tricks and disinformation are the name of the game.
If you actually were elite, you would hide and practice and save your actual actions for critical moments and not show your hand for a few million dollars. Or you'd go into security consulting which is a far safer, more profitable, and overall smarter thing to do.
> I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key?
What is it that's so implausible? That's just one possible interpretation. I see many possibilities here. Below are some, where "The FBI" loosely refers to the bureau, collaborating agencies and their partners and contractors:
* The FBI has (through active exploitation of hosts/services) gained access to a large number of BTC private keys, which they can utilize if and when they become a point of interest
* The FBI has some channel to index and get access to cryptocurrency wallets/private keys from hosts running on cooperating service providers such as GCP, AWS and Azure.
* The FBI continuously monitors for BTC addresses/public keys and opportunistically bruteforces them looking for weak keys, keeping a catalogue of broken ones and waiting until they become a point of interest
* These coins were sent through some anonymization network/protocol/service and the wallet in question actually has no relationship to the hack at all but just belonged to some clueless user.
I have already been assuming all of the above to be going on and this particular instance could be a result of either.
There is also the more boring explanation that these 64 something BTC was supposedly "tumbled" but not enough, transferred to a centralized exchange and subsequently frozen. It's also important to remember that it's not a single group/entity responsible for the whole chain here. Darkside provides the software and affiliate program, and maybe some servers. The attacks themselves are performed by "partners" (who just pay for access and could be anyone anywhere). Most likely the wallet here was not under control of Darkside ("The Russan elite hacker group") themselves but some affiliate who could be anything from a "lucky" clueless script kiddie and an actual professional who made one stupid mistake along the way.
> The errors present by these hackers are so comical it's simply unbelievable.
True crime stories abound with comical errors (as do plenty of true not-crime stories). As it turns out, real people fuck up in comical ways all the time.
> I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key?
No, you aren't supposed to believe either (a) that DarkSide are an elite group, or (b) any particular narrative about how the FBI got the private key. AFAICT, no one is selling the first claim, and the only people selling narratives about how the FBI got the private key are doing conspiracy-theory-level creative interpretation of documents.
Also completely baffled how the feds got access to the private key and why an elite Russian hacking group would store their crypto on a US based server.
At the same time, the obvious tin foil hat answer of it was the feds who concocked the entire scheme also doesn't add up. If the NSA/CIA was behind it, they would be smart enough to not use a US based server / wallet. That makes the story inconsistent, and brings up the questions I am asking here. Instead, they would just use a clean wallet (preferably out of Russia). I.E. the misdirection and misinformation does not add up if it was an "inside job" by the US government.
I was reading the article in utter confusion too. I personally think it's the authorities trying to save face, as I don't think even a computer-literate high school kid would make these mistakes.
This could have been far downstream from the hackers themselves. They might just have been monitoring the bitcoins and waiting for some to land in one of many addresses for which they have the private key. Presumably FBI is continuously scooping up whatever private keys they can.
The reason why this story doesn't make sense is because it's most likely a lie.
Think about it for a second.
If they wanted to discourage copycat criminals, the easiest way to do it would be to claim they seized the crypto, right?
But what proof do we have that the feds actually seized anything? Is the bitcoin transaction publicly listed anywhere where we can audit what happened? And even if you see the coins were moved, how do we know it was actually the feds that moved them and not the actual criminals?
Computer security is hard. That's why ransomware attacks exist. It's just as hard for ransomware attackers as for their victims. If they were good at computer security, they'd be working a legitimate job. I find your incredulity strange, it's like hearing about the Valentine's day massacre and being shocked that mobsters could be at the receiving end of a Thompson for once.
>I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host.
They host their hacking tools and other software close to the victim because if you see your network infrastructure logs linking back to an IP address in Russia or China for example it would immediately rise alarm and suspicion.
It always struck me as improbable that all these high profile (and notoriously hard/impossible to attribute) attacks on “critical infrastructure” or whatever are always instantly and authoritatively pinned (by US authorities) on groups operating in the US’s geopolitical enemies.
I recall seeing on HN lots of descriptions of just how hard it is to maintain strict opsec, or anonymity. Obscurity sometimes is the best security, but these clowns made themselves a big a$$ target for the FBI. Its one thing to be one among hundreds of small-time ransomware attacks, and another to be the one behind shifting the price of oil of the entire southeast US, and to be the subject of thousands of memes about Americans stockpiling gasoline in the backs of their SUVs.
Indeed was just discussing the same thing. Perhaps they simply are tracking if the money goes anywhere or using this as a way to hide their incompetence? Just saying they can do something they really can’t or put a legal hold on that wallet so if any exchange receives it they get fined?
I have no idea why they censored out parts of the bitcoin addresses as googling the uncensored part and transaction quantities lets you find them on countless sites.
A private key is not needed if the funds are on an exchange. Apparently there is a warrant to seize property on Northern California so I guess it might be Coinbase.
And yeah... if the crackers sent the funds to an exchange they were comically dumb.
I don't understand why so many people are jumping to the conclusion that the FBI broke sha-256.
Theres so many other lower hanging fruit posibilities...
1: they served the server provider with a warrant they provided physical access.
2: their server infra was running vulnerable code for another service.
3. weak passwords / weak security in general
4. they cut a deal with the upstream ransomware providers and were provided with the private key used.
Netsec Twitter's theory is that the attacker(s) had a VPS operating in the US that the FBI was able to access and which contained the key to the wallet where the final payment ended up.
>Based on ... I have probable cause to believe that the aforementioned property may be seized...
Forgive me if this is a dumb question; I have not used a blockchain explorer for anything consequential. Isn't that wallet just the last place it ended up? So, you have chain of custody but does that prove that the owner of that wallet is the "target"?
I am guessing that the key pair generation process was faulty. The FBI found an exploit in a wallet used by the hackers allowing the private key to be predicted. The prefix is bc1,which is uncommon. A few weeks ago there was such a vulnerability with Cake Wallet.
Or they installed malware on the hacker's computers and were able to log the private key as it was generated.
Or the hackers foolishly stored the key pairs on a server
Bitcoin is falling and this news does not help because it shows that some aspect is less secure than previously thought.
bc1 is for bech32 addresses. A feature of the new segwit. Aparently there is a way to predict the private key derived from using multiple times the bc1 address. Details are available here: https://sudonull.com/post/8212-Bitcoin-Pseudo-Random-Number-...
Could it be that bech32 is less secure than thought?
Almost certainly what's not secure is the endpoint, wherever the keys were stored. That shouldn't really be news. The endpoints are always the weakest links in an encrypted channel.
bc1 isn't an uncommon prefix, its a bech32 native segwit address that's been in use for years now (IIRC 1 and 3 are the other prefixes, 1 being the first and most popular and 3 being a backwards compatible segwit address, i.e. non native). Stats: https://txstats.com/dashboard/db/bech32-statistics?orgId=1
faulty key pairs being generated is a well known issue with poorly developed wallets, not with Bitcoin itself. None of the popular wallets have this issue so it doesn't undermine Bitcoin.
I'm wondering if the attackers sent their coins through a mixer, and now some chump with money on coinbase just got his coins jacked b/c he deposited after using a shady mixer.
Can someone explain simply why it is supposed to be so hard to track ransomware bitcoin payments, if all bitcoin transactions are in a shared public ledger?
If the victim pays someone we know which account it goes to, right? Then we know that account is criminal.
If bitcoins move from that account to other accounts we know that accounts that receive them are essentially "hiding stolen goods". So they are criminal accounts as well.
Then at some point they want to get dollars, and FBI can catch them by following where the dollars were sent. No?
>Can someone explain simply why it is supposed to be so hard to track ransomware bitcoin payments, if all bitcoin transactions are in a shared public ledger?
Clearly, it's not. This is a pervasive misconception. Bitcoin is not, and is not even meant to be, private. Even with obfuscation attempts, nearly every ransomware gang has their bitcoin payments fully tracked, as this one did. There is a robust industry of blockchain analytics that pulls in many many millions each year surveilling the bitcoin blockchain. Virtually all exchanges (fiat on and off ramps) collaborate with those analytics companies and require full KYC/AML of their customers, and can thus apply their KYC label data to blockchain metadata.
Bitcoin is not account based: it is based on unspent transaction output sets. UTXOs can be combined with many other UTXOs, combined into one, or split into many. This leaves a large amount of potential for obfuscation strategies such as CoinJoin[^1]. Nearly all of these gangs attempt to use CoinJoin or similar but make small mistakes such as being representative of a large amount of the volume, leaking information through timing, combining their outputs into one, or countless other potential errors, and often a simple "FIFO" strategy can trace flows. Obfuscation is not a robust anonymity strategy, and pseudonymity is not anonymity. To quote Vitalik Buterin, "If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure."[^2]
Leaving aside services like bitcoin mixers designed to obfuscate the process, I think the usefulness of bitcoin for ransomware is that it allows you to move a big sum of money quickly without verifying your identity and without going through bank checks.
I think you are correct about getting dollars out being the risky part, but this way the criminals will at least have a head start in their race against the FBI.
The FBI doesn't have access to every Bitcoin exchange. There are exchanges in other countries that let you trade anonymously, either into fiat or other cryptocurrencies.
> The Special Prosecutions Section and Asset Forfeiture Unit of the U.S. Attorney’s Office for the Northern District of California is handling the seizure
Hah, of course the DoJ office doing bitcoin investigations is in San Francisco.
Also interesting that they were able to recover only $2.3M out of the $4.4M paid. I wonder if Colonial Pipeline will ever see this money.
tl;dr: The hackers used the same full node wallet more than once, and the FBI was able to narrow in on an IP address because the first relay of the transactions was the same across multiple transactions. This server was in California, which allowed the FBI to seize it.
The warrant isn't proof that the server was in California. That's simply where the FBI field office that is going to access the bitcoin address is based out of.
Rather than the us just "having" the key, could it not be a possibility that they in fact managed to somehow crack it? If any power could surely it's the us right?
>As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address
does it mean that "tainted" BTC can be seized any time, even if the current holder may have no relation to the original crime?
That's not entirely true. Bitcoin is neither anonymous nor untraceable. governments however can't control it. They can only observe what's happening on the chain. Hope that helps.
The only thing anywhere in the “supporting” documents or diagrams concerning coinbase is that it is shown as the destination of a 0.001 BTC transfer from the address the funds went to.
This is one of several pieces I’ve seen claiming things about Coinbase and embedding documents or other evidence that doesn’t seem to come close to supporting the conclusion.
I’m not saying Coinbase wasn’t used and that that didn't have something to do with the seizure, but its being repeatedly claimed with the same kind of evidence presentation that tends to accompany conspiracy theories.
Don't they mean Putin in an agreement with the Biden administration made Darkside give some money back as a way of easing American public tensions and political fallout ahead of the summit?
LOL... I simply don't believe any of these press releases. For all we know, the government negotiated a deal with the cyber-attackers to create this press release as a way to try to thwart future attacks. Seriously wouldn't put it past them one bit.
Or, maybe something like the FBI knows who's behind it through other means (friendly foreign government, etc.). They contact them and let them know they are going to prosecute to the full extent of the law, long prison sentences. The hackers offer to give the money back in exchange for not being prosecuted, FBI agrees, private key is supplied by hackers.
It's possible they underestimated how serious things would get and got cold feet.
blhack|4 years ago
While it's possible this it he FBI flexing some muscle that they have a backdoor into bitcoin's hashing algorithm, what seems much more likely (to me) is:
There is a more sophisticated hacking group which created this particular ransomware package. They sell this ransomware package to less sophisticated criminals.
(https://www.theverge.com/2021/5/10/22428996/colonial-pipelin...)
Is it so hard to imagine a scenario where the more advanced creators of this ransomware kit gave instructions to their purchasers on things like private keys, and the end user simply ignored them?
Somebody ignoring a warning when installing a software, and that allowing the FBI to subpeona access to the server where it was running, and grab this private key, seems FAR more likely to me than the FBI having a backdoor into BTC, or this all being a cover spy novel plot, or anything like that.
wyager|4 years ago
erentz|4 years ago
Thread below indicates what happened is they were incredibly naive and eventually used a US exchange wallet. Just script kiddies really.
https://twitter.com/intangiblecoins/status/14020730011899125...
BrissyCoder|4 years ago
It's like if some dumbass was beating the crap out of people to steal their money and everyone in the boxing community was suprised that he's not a world class boxer.
coolspot|4 years ago
avhwl|4 years ago
Preimage attacks tend to be much more rare than collision attacks. MD5 for example still has no publicly known practical preimage attacks.
mrkramer|4 years ago
shiado|4 years ago
colechristensen|4 years ago
What would you do if you were a foreign intelligence service? Participate in attacks yourself?
No! You would drop hints and supply tools sideways to sloppy groups of idiots enabling them to be destructive, maybe acquiring some funds, and keeping your hands as clean as possible. Then when it comes out that "elite russian hackers" were incompetent idiots, it makes people think the claims of your connection to the crimes are even less likely.
Tricks and disinformation are the name of the game.
If you actually were elite, you would hide and practice and save your actual actions for critical moments and not show your hand for a few million dollars. Or you'd go into security consulting which is a far safer, more profitable, and overall smarter thing to do.
tiahura|4 years ago
Why not. Remember Elite Russian GRU hackers identified because they all registered their cars with the DMV at the same address? https://www.bellingcat.com/news/uk-and-europe/2020/10/22/rus...
Smart people do dumb things.
2OEH8eoCRo0|4 years ago
3np|4 years ago
What is it that's so implausible? That's just one possible interpretation. I see many possibilities here. Below are some, where "The FBI" loosely refers to the bureau, collaborating agencies and their partners and contractors:
* The FBI has (through active exploitation of hosts/services) gained access to a large number of BTC private keys, which they can utilize if and when they become a point of interest
* The FBI has some channel to index and get access to cryptocurrency wallets/private keys from hosts running on cooperating service providers such as GCP, AWS and Azure.
* The FBI continuously monitors for BTC addresses/public keys and opportunistically bruteforces them looking for weak keys, keeping a catalogue of broken ones and waiting until they become a point of interest
* These coins were sent through some anonymization network/protocol/service and the wallet in question actually has no relationship to the hack at all but just belonged to some clueless user.
I have already been assuming all of the above to be going on and this particular instance could be a result of either.
There is also the more boring explanation that these 64 something BTC was supposedly "tumbled" but not enough, transferred to a centralized exchange and subsequently frozen. It's also important to remember that it's not a single group/entity responsible for the whole chain here. Darkside provides the software and affiliate program, and maybe some servers. The attacks themselves are performed by "partners" (who just pay for access and could be anyone anywhere). Most likely the wallet here was not under control of Darkside ("The Russan elite hacker group") themselves but some affiliate who could be anything from a "lucky" clueless script kiddie and an actual professional who made one stupid mistake along the way.
dragonwriter|4 years ago
True crime stories abound with comical errors (as do plenty of true not-crime stories). As it turns out, real people fuck up in comical ways all the time.
> I'm supposed to believe some elite Russian hacking group keeps their crypto wallets running on a US host where the FBI just logs right in and snatches the private key?
No, you aren't supposed to believe either (a) that DarkSide are an elite group, or (b) any particular narrative about how the FBI got the private key. AFAICT, no one is selling the first claim, and the only people selling narratives about how the FBI got the private key are doing conspiracy-theory-level creative interpretation of documents.
nodesocket|4 years ago
At the same time, the obvious tin foil hat answer of it was the feds who concocked the entire scheme also doesn't add up. If the NSA/CIA was behind it, they would be smart enough to not use a US based server / wallet. That makes the story inconsistent, and brings up the questions I am asking here. Instead, they would just use a clean wallet (preferably out of Russia). I.E. the misdirection and misinformation does not add up if it was an "inside job" by the US government.
floatingatoll|4 years ago
osrec|4 years ago
mortehu|4 years ago
spoonjim|4 years ago
t0mbstone|4 years ago
Think about it for a second.
If they wanted to discourage copycat criminals, the easiest way to do it would be to claim they seized the crypto, right?
But what proof do we have that the feds actually seized anything? Is the bitcoin transaction publicly listed anywhere where we can audit what happened? And even if you see the coins were moved, how do we know it was actually the feds that moved them and not the actual criminals?
smoldesu|4 years ago
himinlomax|4 years ago
vmception|4 years ago
mrkramer|4 years ago
They host their hacking tools and other software close to the victim because if you see your network infrastructure logs linking back to an IP address in Russia or China for example it would immediately rise alarm and suspicion.
sneak|4 years ago
“Russian hackers” once again, eh?
unknown|4 years ago
[deleted]
jonnycomputer|4 years ago
kerng|4 years ago
Maybe the US struck a deal with whoever did this to safe face or something.
lettergram|4 years ago
pharrington|4 years ago
dheera|4 years ago
audit|4 years ago
[deleted]
gremloni|4 years ago
[deleted]
russian-hacker|4 years ago
Anyone competent enough to extort a foreign company out of millions is not going to attempt to cash out through an exchange.
shiado|4 years ago
https://www.blockchain.com/btc/address/bc1qq2euq8pw950klpjca...
Which got funds from
https://www.blockchain.com/btc/address/3EYkxQSUv2KcuRTnHQA8t...
This is the wallet explorer used for clustering the wallet
https://www.walletexplorer.com/wallet/123085fff68ee703/addre...
I have no idea why they censored out parts of the bitcoin addresses as googling the uncensored part and transaction quantities lets you find them on countless sites.
kart23|4 years ago
What's up with the disparity?
https://www.justice.gov/opa/press-release/file/1402056/downl...
*edited
openmosix|4 years ago
unknown|4 years ago
[deleted]
unknown|4 years ago
[deleted]
walrus01|4 years ago
benmmurphy|4 years ago
ulzeraj|4 years ago
And yeah... if the crackers sent the funds to an exchange they were comically dumb.
Wheaties466|4 years ago
Theres so many other lower hanging fruit posibilities...
1: they served the server provider with a warrant they provided physical access. 2: their server infra was running vulnerable code for another service. 3. weak passwords / weak security in general 4. they cut a deal with the upstream ransomware providers and were provided with the private key used.
Frazmatazz|4 years ago
yamrzou|4 years ago
They kept following transactions on the blockchain, but it's not clear how the private key became in the posession of the FBI.
ianhawes|4 years ago
remarkEon|4 years ago
Forgive me if this is a dumb question; I have not used a blockchain explorer for anything consequential. Isn't that wallet just the last place it ended up? So, you have chain of custody but does that prove that the owner of that wallet is the "target"?
hellbannedguy|4 years ago
Can anyone here (hn) add anything?
It seems like steps in the investigation, or process to identifying the bad guys were left out.
qeternity|4 years ago
koheripbal|4 years ago
paulpauper|4 years ago
Or they installed malware on the hacker's computers and were able to log the private key as it was generated.
Or the hackers foolishly stored the key pairs on a server
Bitcoin is falling and this news does not help because it shows that some aspect is less secure than previously thought.
john37386|4 years ago
Could it be that bech32 is less secure than thought?
unknown|4 years ago
[deleted]
lvs|4 years ago
gge|4 years ago
faulty key pairs being generated is a well known issue with poorly developed wallets, not with Bitcoin itself. None of the popular wallets have this issue so it doesn't undermine Bitcoin.
mnouquet|4 years ago
[deleted]
bpodgursky|4 years ago
galaxyLogic|4 years ago
If the victim pays someone we know which account it goes to, right? Then we know that account is criminal.
If bitcoins move from that account to other accounts we know that accounts that receive them are essentially "hiding stolen goods". So they are criminal accounts as well.
Then at some point they want to get dollars, and FBI can catch them by following where the dollars were sent. No?
avhwl|4 years ago
Clearly, it's not. This is a pervasive misconception. Bitcoin is not, and is not even meant to be, private. Even with obfuscation attempts, nearly every ransomware gang has their bitcoin payments fully tracked, as this one did. There is a robust industry of blockchain analytics that pulls in many many millions each year surveilling the bitcoin blockchain. Virtually all exchanges (fiat on and off ramps) collaborate with those analytics companies and require full KYC/AML of their customers, and can thus apply their KYC label data to blockchain metadata.
Bitcoin is not account based: it is based on unspent transaction output sets. UTXOs can be combined with many other UTXOs, combined into one, or split into many. This leaves a large amount of potential for obfuscation strategies such as CoinJoin[^1]. Nearly all of these gangs attempt to use CoinJoin or similar but make small mistakes such as being representative of a large amount of the volume, leaking information through timing, combining their outputs into one, or countless other potential errors, and often a simple "FIFO" strategy can trace flows. Obfuscation is not a robust anonymity strategy, and pseudonymity is not anonymity. To quote Vitalik Buterin, "If your privacy model has a medium anonymity set, it really has a small anonymity set. If your privacy model has a small anonymity set, it has an anonymity set of 1. Only global anonymity sets (eg. as done with ZK-SNARKs) are truly robustly secure."[^2]
[^1]: https://en.bitcoin.it/wiki/CoinJoin [^2]: https://twitter.com/vitalikbuterin/status/119646811199575654...
probably_wrong|4 years ago
I think you are correct about getting dollars out being the risky part, but this way the criminals will at least have a head start in their race against the FBI.
lacker|4 years ago
alex_young|4 years ago
FBI recovers $2.3M in BTC today. Current BTC/USD around $34K today.
34 / 58 = .58
4.4 * .58 = 2.552
Looks like they recovered more or less all of it?
[1] https://www.coindesk.com/price/bitcoin
ls612|4 years ago
koheripbal|4 years ago
dogman144|4 years ago
I’m curious what the wallet provider was.
unknown|4 years ago
[deleted]
unknown|4 years ago
[deleted]
paxys|4 years ago
Hah, of course the DoJ office doing bitcoin investigations is in San Francisco.
Also interesting that they were able to recover only $2.3M out of the $4.4M paid. I wonder if Colonial Pipeline will ever see this money.
koheripbal|4 years ago
alksjdalkj|4 years ago
Geee|4 years ago
ac29|4 years ago
tl;dr: The hackers used the same full node wallet more than once, and the FBI was able to narrow in on an IP address because the first relay of the transactions was the same across multiple transactions. This server was in California, which allowed the FBI to seize it.
nojito|4 years ago
h3cate|4 years ago
yamrzou|4 years ago
How secure is 256 bit security? : https://www.youtube.com/watch?v=S9JGmA5_unY
trhway|4 years ago
does it mean that "tainted" BTC can be seized any time, even if the current holder may have no relation to the original crime?
cirowrc|4 years ago
blancNoir|4 years ago
https://blog.wolfram.com/2021/05/25/sleuthing-darkside-crypt...
Animats|4 years ago
Russian hackers have been captured in Israel, Spain, Belarius... Sometimes, after the FBI identifies them, they just watch and wait.
ipsin|4 years ago
Is it returned to the company, or does the DoJ keep it as an asset forfeiture?
void_mint|4 years ago
yaa_minu|4 years ago
Haemm0r|4 years ago
joemazerino|4 years ago
not2b|4 years ago
Black101|4 years ago
doggosphere|4 years ago
https://twitter.com/thisisbullish/status/1402056137340604418...
How amateur is that…
openmosix|4 years ago
dragonwriter|4 years ago
This is one of several pieces I’ve seen claiming things about Coinbase and embedding documents or other evidence that doesn’t seem to come close to supporting the conclusion.
I’m not saying Coinbase wasn’t used and that that didn't have something to do with the seizure, but its being repeatedly claimed with the same kind of evidence presentation that tends to accompany conspiracy theories.
rawtxapp|4 years ago
ProjectArcturis|4 years ago
paulpauper|4 years ago
unknown|4 years ago
[deleted]
labrador|4 years ago
rejectedandsad|4 years ago
TZubiri|4 years ago
xwdv|4 years ago
vmception|4 years ago
SHUTC - Should have used Tornado.cash
SHURENVM+TC - Should have used RenVM and Tornado.cash
unknown|4 years ago
[deleted]
encryptluks2|4 years ago
spfzero|4 years ago
It's possible they underestimated how serious things would get and got cold feet.
bellyfullofbac|4 years ago
Or they asked Google to hack the hackers' Android phones!
nkrisc|4 years ago