On May 7, the Colonial Pipeline’s computer systems were breached in a highly publicized ransomware attack. It had to shut down the pipeline until it paid approximately 75 bitcoins to an organization called DarkSide. The bitcoins were worth $4.4 million.
By June 7, the Justice Department announced it had seized 63.7 bitcoins from DarkSide. Due to the volatility of the electronic currency, the seized bitcoins were worth only $2.3 million, but that meant that law enforcement had recovered 85% of the ransom paid by Colonial Pipeline.
Many people were surprised that the bitcoins could be traced at all. Isn’t the point of cryptocurrency that it is not traceable?
Not exactly. As a matter of fact, because it uses blockchain technology, cryptocurrency is inherently traceable.
“Law enforcement are becoming very adept in their use of blockchain analytics capabilities to disrupt illicit activity,” said a risk management expert for the cryptocurrency industry, “and this is one of the best examples of that we’ve seen to date.”
Seizure of ransom shows law enforcement’s capabilities
Cryptocurrencies are supposed to be private. They’re protected by a private key, and only the possessor of that key is supposed to be able to unlock the cryptocurrency wallet.
According to Thomson Reuters, the FBI said in an affidavit that it had come into possession of the private key, and thus the bitcoin wallet, into which much of the ransom had been paid. It’s entirely unclear how the FBI obtained the key. However, the Department of Justice and the FBI contract with numerous private sector experts who have been able to trace down illicit crypto transfers in a number of cases recently.
“We can’t speak to the Colonial investigation specifically,” said one such expert, “but we can say generally that the key to tackling ransomware is disrupting the ransomware supply chain, including identifying authors and developers, affiliates, infrastructure services providers, launderers, and cash-out points.”
In other words, the very transparency of blockchain transactions allows law enforcement to follow the money from a ransom transaction down the chain to the criminal organization’s operations center.
With cryptocurrencies traceable, will extortionists change tactics?
With the FBI and Justice Department apparently able to trace transactions through the blockchain, using cryptocurrency is not itself enough to launder the dirty money. They will need to find a way to translate their stolen cyber coin into cash money.
According to the risk management expert, it’s already happening – although perhaps not efficiently. For example, at least one money laundering organization advertising on the dark web says that it will convert ill-gotten bitcoins to cash and then physically bury the cash in the ground for its owners to dig up.