- Chainalysis has broken down how the FBI was able to retrieve the majority of the Colonial Pipeline ransomware payment
- The unnamed hacking group, affiliated to the DarkSide group, received 85% of the ransomware proceeds last year
- The FBI already controlled the wallet the bitcoin was sent to
Blockchain analytics firm Chainalysis has revealed how the FBI recovered 85% of the ransom paid by Colonial Pipeline to an affiliate of the DarkSide hacking group last year following the hack on its systems. The Colonial Pipeline hack made headline news last year as one of a number of high-profile ransomware attacks, but the FBI, with Chainalysis’ help, was able to recover 63.7 of the 75 bitcoin paid as a ransom, and a Chainlaysis blog post gave an insight into how the company was able to help the FBI do this.
DarkSide Affiliate Carried Out Ransomware Attack
DarkSide, a hacking group based in Eastern Europe, rented out its services to an affiliate which held Colonial Pipeline hostage in May last year, reducing gas supplies in several areas in the U.S. It made a ransom demand of ₿75 which Colonial Pipeline paid, ₿63.7 of which was sent to the affiliate carrying out the attack, with the remainder going to DarkSide’s administrators who take a small cut from each successful attack carried out by affiliates.
The affiliate in question seems to have been busy between 2020 and 2021 as it received a total of ₿595.3 in late May and early June of 2020, suggesting that was responsible for other ransomware attacks.
Colonial Pipeline Hackers Left Empty Handed
What the affiliate hackers didn’t know however was that the FBI already owned the private keys to their Bitcoin wallet, and as soon as the bitcoin arrived there it was quickly seized, meaning that the Colonial Pipeline hackers ended up earning nothing from their endeavours. Naturally the FBI hasn’t revealed how it was able to get hold of the private keys ahead of the arrival of the bitcoin, but hopefully one day we’ll find out this key piece of information.