FBI colonial ransom recovery ‘mystery’ as Bitcoin unhackable without private key

The circumstances under which the FBI obtained the private key and recovered a part of bitcoins, used to pay ransom to the DarkSide ransomware group in the wake of the attack on the Colonial pipeline, remain a mystery, since authorities would have no way to seize the stolen funds without the private key, Bobby Ong, co-founder and COO of Coingecko told Sputnik. In May, a massive cyberattack forced Colonial Pipeline, the largest pipeline system for oil products in the country, to take its systems offline for almost a week and led to serious gas shortages in a number of states in the American southeast. As a result, the giant had to pay about 75 bitcoins, valued at some $4.4 million at the time to DarkSide as part of efforts to restore its computer systems.

On Monday, the FBI announced that it had managed to trace subsequent transactions of the 75 bitcoins and led to the successful seize of 63.7 bitcoins that were sent to a cryptocurrency address, which the FBI was able to obtain control over through the seize warrant. “The circumstances on how the FBI obtained the private key and seized the Bitcoin are shrouded in secrecy. It is currently the main subject of discussion by many security analysts. It is important to note that this seizure does not make Bitcoin any less secure or decentralized as the FBI could only seize the stolen funds with the private key that was already in their possession. Nobody can hack the Bitcoin system unless they have access to the private key,” Ong explained. Ong believes that the criminals may have bad operational security, which led to the information “falling into the wrong hands.”

“Having the ransom cryptocurrency is one thing but cashing it out into fiat currency is another thing. Money laundering involves a complicated process and law enforcers are heavily monitoring it,” the expert said. According to the Coingecko COO, bitcoin is a transparent technology and every transaction can be tracked on the blockchain ledger. “It is generally not a good idea to commit crimes using bitcoin as advanced forensics can be used to narrow down or trace the identity of criminals. Using cash is better for any criminal activity,” he concluded. Meanwhile, public records of the Bitcoin blockchain have recently revealed that DarkSide may still be in possession of more than $5 million, despite the successful efforts of the FBI, since the authorities did not seize the full sum.

In light of the recent Colonial Pipeline incident, the crypto community is opposing any such criminal activities, Ong stressed. “The FBI has every right to seize bitcoin held in custody by a third party if proven to be used in illegal activities. Crypto crimes are the same as any other crimes, and the criminals should receive the same treatment as stipulated by the relevant laws,” he said. Ong noted that custodial cryptocurrency service providers are already heavily regulated, and the crypto space is also transparent. “However, the industry as a whole can still benefit from clearer regulations surrounding the treatment of crypto assets. We welcome the regulators to come up with a feasible framework in regulating the industry,” he stressed.

Following the FBI operation, claims emerged that Coinbase, a major US cryptocurrency exchange platform that went public on the Nasdaq Stock Market exchange via a direct stock listing in April, may have been involved in the FBI operation. Ong believes that Coinbase “may likely have cooperated” with the authorities by design, as they are heavily regulated. “Bitcoin held on a custodial provider such as Coinbase is not owned by the cryptocurrency holder but is held in trust by Coinbase. Similar to how money in bank accounts can be seized by authorities with sufficient evidence, the same applies to cryptocurrencies held in a custodial service provider like Coinbase. In this case, the criminal’s mistake was assuming that Coinbase would not have surrendered the bitcoin to the authorities,” he said. Reacting to the accusations on social media, Coinbase CSO Philip Martin took to Twitter to clarify that the company did not work with US authorities to recover the crypto ransom. He stressed that Coinbase “was not the target of the warrant and did not receive the ransom or any part of the ransom at any point.”