When Bitcoin exploded in 2009, fans heralded that the cryptocurrency was a secure, decentralized, and anonymous way to conduct transactions outside of the traditional financial system.
Criminals, often operating in the hidden confines of the Internet, flock to Bitcoin for nefarious business without revealing their names or locations. The digital currency quickly became popular with drug dealers and tax evaders as well as with opposition libertarians.
But the revelation this week that federal officials have recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack reveals a fundamental misconception about cryptocurrencies: They are not difficult to follow. Watch as cybercriminals think.
On Monday, the Justice Department announced it had traced 63.7 of the 75 Bitcoins — about $2.3 million out of $4.3 million — that Colonial Pipeline paid hackers as part of the ransomware attack. shutting down the company’s computer systems, causing fuel shortages and a spike in gasoline prices. Officials have since declined to provide more details on how exactly they recovered the Bitcoins.
However, for the growing community of crypto enthusiasts and investors, it’s clear that federal investigators tracked the ransom as it moved through at least 23 other electronic accounts. each other belonging to DarkSide, the hacking collective, before accessing an account that shows law enforcement is growing with the industry.
That’s because the same attributes that make cryptocurrencies attractive to cybercriminals — the ability to instantly transfer funds without the need for a bank’s permission — can be leveraged by law enforcement. Used to track and seize the money of criminals with internet speed.
Bitcoin is also traceable. While digital currency can be created, moved, and stored outside the sight of any government or financial institution, each payment is recorded in a permanent, fixed ledger called is blockchain.
That means all Bitcoin transactions are open. The Bitcoin ledger can be viewed by anyone plugged into the blockchain.
“It’s digital breadcrumbs,” said Kathryn Haun, a former federal prosecutor and investor at venture capital firm Andreessen Horowitz. “There’s a trail that law enforcement can follow quite nicely.”
Ms. Haun added that the speed with which the Justice Department seized most of the ransom was “groundbreaking”, precisely because of the hackers’ use of cryptocurrencies. In contrast, she said, getting applications from banks often requires months or years to learn the paperwork and administrative procedures, especially when those banks are overseas.
Given the public nature of the ledger, crypto experts say, all law enforcement needs to do is figure out how to connect criminals to a digital wallet where Bitcoin is stored. . To do so, authorities can focus on what are known as “public keys” and “private keys”.
A public key is a string of numbers and letters that Bitcoin owners have to transact with others, while a “private key” is used to keep wallets secure. According to the authorities, tracking users’ transaction history is a problem to find out which public keys they control.
Seizing the asset then requires obtaining the private key, which is more difficult. It’s unclear how federal agents were able to obtain DarkSide’s private key.
Justice Department spokesman Marc Raimondi declined to elaborate on how the FBI obtained DarkSide’s private keys. According to court documents, investigators accessed the password of one of the hackers’ Bitcoin wallets, although they did not detail how.
Cryptocurrency experts say the FBI doesn’t appear to rely on any fundamental flaws in blockchain technology. More dangerous perpetrators are good old-fashioned cops.
Federal agents may have obtained DarkSide’s private keys by breeding a human spy inside DarkSide’s network, hacking the computers where their private keys and passwords are stored, or forcing the service to keep them. their own wallets deliver them through search warrants or other means.
“If they can get their hands on the keys, it can happen,” said Jesse Proudman, founder of Makara, a crypto investment website. “Just putting it on a blockchain can’t erase that fact.”
The FBI has partnered with several companies that specialize in tracking cryptocurrencies on digital accounts, according to officials, court documents and companies. Startups with the likes of TRM Labs, Elliptic, and Chainalysis that track crypto payments and flag possible criminal activity have blossomed as law enforcement agencies and banks. trying to prevent financial crime.
Their technology monitors blockchains for patterns that suggest illegal activity. It’s like how Google and Microsoft tame spam by identifying and then blocking accounts that spray email links across hundreds of accounts.
“Cryptocurrencies allow us to use these tools to track funds,” said Ari Redbord, head of legal affairs at TRM Labs, a blockchain intelligence firm that sells analytics software. financial flows along the blockchain. to law enforcement agencies and banks. Previously, he was a senior adviser on financial intelligence and counterterrorism at the Treasury Department.
Some longtime crypto enthusiasts say the recovery of the majority of Bitcoin ransoms is a victory for the legitimacy of digital currencies. They say it will help change the image of Bitcoin as a playground for criminals.
Hunter Horsley, chief executive officer of Bitwise Asset Management, a crypto investment firm, said: “The public is slowly being shown that Bitcoin is good for law enforcement and not good for criminals – which is what happens. contrary to what many have historically believed,” said Hunter Horsley, chief executive officer of Bitwise Asset Management, a crypto investment firm.
In recent months, cryptocurrencies have become more and more mainstream. Companies like PayPal and Square have expanded their crypto offerings. Coinbase, a startup that allows people to buy and sell cryptocurrencies, went public in April and is currently valued at $47 billion. Over the weekend, a Bitcoin conference in Miami drew more than 12,000 attendees, including Twitter CEO Jack Dorsey and former boxer Floyd Mayweather Jr.
As more and more people use Bitcoin, most are accessing the digital currency in a way that mirrors a traditional bank, through a central intermediary such as a cryptocurrency exchange. In the United States, anti-money laundering and identity verification laws require such services to know who their customers are, creating a link between identity and account. Customers must upload government identification when they register.
Ransomware attacks have put unregulated cryptocurrency exchanges under the microscope. Cybercriminals have flocked to thousands of high-risk individuals in Eastern Europe who do not comply with these laws.
Following the Colonial Pipeline attack, several financial leaders proposed a ban on cryptocurrencies.
“We can live in a world with crypto or a world without ransomware, but we can’t have both,” said Lee Reiners, executive director of the Center for Global Financial Markets at the School Duke Law, written in The Wall Street Journal.
Cryptocurrency experts say hackers may have tried to make their Bitcoin accounts even more secure. Some cryptocurrency owners go to great lengths to store their private keys away from anything connected to the internet, in so-called “cold wallets”. Some memorize strings of numbers and letters. Others put them on paper, although they can be obtained by search warrant or police work.
“The only way to get a really hard-to-find property of an asset class is to memorize the keys and not write them anywhere,” said Mr.
The Justice Department’s Mr Raimondi said the Colonial Pipeline’s ransom seizure is the latest thorny operation by federal prosecutors to recover illegally obtained cryptocurrency. He said the department has made “multiple seizures, worth hundreds of millions of dollars, from non-custodial crypto wallets” used for criminal activity.
In January, the Department of Justice cracked down on another ransomware group, NetWalker, that used ransomware to extort money from cities, hospitals, law enforcement, and schools.
As part of that sting, the department collected about $500,000 in NetWalker cryptocurrency that was collected from victims of their ransomware.
“While these individuals believe they operate anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the full extent of the law. and seize their proceeds of crime,” Maria Chapa Lopez, Florida County United States Attorney for Intermediary, said when the case was made public.
In February, the Justice Department said it had warrants to seize nearly $2 million in cryptocurrency that North Korean hackers had stolen and deposited into accounts at two different crypto exchanges.
Last August, the ministry also dropped a complaint regarding North Korean hackers who stole $28.7 million in cryptocurrency from a crypto exchange and then laundered the proceeds. through Chinese crypto-laundering services. The FBI traced the funds from 280 crypto wallets and their owners.
Ultimately, “cryptocurrency is actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, a spokeswoman for Chainalysis, a startup that tracks cryptocurrency payments. . “Definitely more transparent than cash.”