How Exactly Did the Government Get Back the Crypto Ransom in That Pipeline Hack?

Cyber Security, Phishing, E-Mail, Network Security, Computer Hacker, Cloud Computing, Ransomware

If you live anywhere in the Mid-Atlantic, you know all about the recent hack of the Colonial Pipeline. Not so much because you follow IT security news closely, but you likely experienced long lines at the gas station and watched as a troubling number of people started hoarding gasoline.

It wasn’t humanity’s finest hour.

But one tidbit that has largely escaped notice is the fact that Colonial Pipeline paid the hackers a $2.3 million ransom in Bitcoin, and somehow government agents were able to get most of it back.

How? That’s a good question.

What happened here? The hack was apparently the work of an Eastern European group called DarkSide, and they were able to gain access to Colonial’s system and effectively shut it down. That pretty much shut off the flow of gas to much of the Mid-Atlantic, hence the lines and the hoarding.

It was what’s known as a ransomware attack in which an outside party takes control of a victim’s computer system and demand cryptocurrency as payment to end the attack.

Crypto is becoming increasingly popular in these types of attacks because it is untraceable and impossible for authorities to recover. Or so we thought.

Who was involved? This crime was investigated by the DOJ’s newly formed Ransomware and Digital Extortion Task Force, which was able to recover 64 Bitcoin that were paid by Colonial to the hackers.

Although they’re being fairly tight-lipped about the whole thing, court filings have revealed that the DOJ used public blockchain explorers to track the payments made to the hackers. This is something of a new technology that allows users to search and identify on the blockchain details related a specific transaction including the wallet addresses and blockchains involved, as well as the amounts, sources, fund destinations and more.

Takeaway: It’s good new for Colonial, but it’s an interesting step in the evolution of crypto in general. What was once the Wild West just got a little more like a regular currency. 

That might be bad for money launderers who need anonimity, but it could be good for the rest of us and help crypto become a more legitimate store of value going forward, continuing to push its value higher.


Please enter your comment!
Please enter your name here