Explained | How US Investigators recovered the Bitcoin ransom paid by Colonial Pipeline

The wave of the future is cryptocurrency. Although it may not be accepted widely right now, experts believe that it will soon. Crypto can be used for illicit transactions due to its inherent security features. One example of this was the ransom to pay Colonial Pipeline ransom.

The ransomware attack on the pipeline system occurred May 7, 2021. It was traced back to DarkSide, an Eastern European hacking group. With the assistance of the FBI, Colonial Pipeline decided to pay the ransom (75 bitcoin, valued then at $4.4 million) to resume operations.

Now, fast forward to June 7, 2021. An operation by FBI’s San Francisco Division managed to recover 63.7 Bitcoins of the original ransom. This means that almost all of it was recovered. How did the FBI do this?

Contrary to popular belief it is possible to track bitcoin’s movements through the digital system using transaction records. The shared public record is stored in the blockchain and it is often possible to track these.

Although the Blockchain is secure, it is not foolproof. Each transaction information in a block is protected with a cryptographic key. Only the owner of that key can access it. One of these keys belonged to a hacker group. The FBI was able to locate it. It is not clear how they obtained the key, but they were able track transactions back to a bitcoin wallet with the key.

Investigators were able to recover the majority of the ransom money and then transfer it into their systems. Everything can be broken with a little bit of time and cryptocurrency is no exception.