FBI Recovers $2.3 Million of Colonial Ransomware Payout

Reading Time: 2 minutes
  • An FBI-led operation has recovered 85% of the $4.5 million in bitcoin paid to the Colonial Pipeline hackers last month
  • Hacking group DarkSide thought they had got away with 75 after infiltrating Colonial in May
  • The FBI and Colonial worked together to allow tracing of the bitcoin payment

An FBI-led operation has resulted in the recovery of $2.3 million worth of bitcoin sent to the hackers of the Colonial Pipeline last month. The Colonial Pipeline was infiltrated on May 7 by hacking group DarkSide, with Colonial paying the 75 ransom shortly afterwards to try and limit the fallout. However, the FBI was tracking the flow of the money and was able to recover the vast majority of the payout, suggesting a potential power shift in the ability of authorities to deal with hackers who demand payouts in cryptocurrency.

Colonial Had Informed FBI of Intention to Pay

Operators of a criminal hacking group known as DarkSide infiltrated the network of Colonial Pipeline, a key East Coast gasoline and jet fuel pipeline, causing gas shortages at airports and vehicle pump stations. Colonial paid the 75 ransom, then worth $4.5 million, just a day after receiving the demand, but had secretly informed the FBI of the incident and its intention to pay.

According to CNN, the FBI had been investigating DarkSide for over a year and provided Colonial with instructions on how to go about sending the bitcoin so they could track it. The public nature of the Bitcoin blockchain allowed the FBI and other agencies to trace the flow of money, allowing them to recover 63.7 of the 75 paid by Colonial, representing an 85% recovery.

Recovery Could Lead to Potential Power Shift

Allied to the loss of the bitcoin, the remaining 15% of the Colonial ransom payment has halved in value since the payout given Bitcoin’s recent price drop, meaning the dollar value of DarkSide’s haul has gone from $4.5 million to $371,000.

The fact that the FBI was able to not just track but also recover such a large portion of the Colonial Pipeline ransom payout suggests that the balance of power may have shifted back towards the authorities, thanks in many ways to advances in blockchain analytics. It could also reflect the recent escalation in treatment of ransomware attacks by the Biden administration to be equal to terrorist incidents.