US officials recover $2.3M in crypto from Colonial Pipeline ransom

Government officials did not specify the exact method used to seize the funds from the ransomware group.

Officials with a United States government task force have seized more than $2 million in crypto used to pay for ransom following an attack on the Colonial Pipeline system. 

In a Monday press conference, Deputy Attorney General Lisa Monaco said that the task force “found and recaptured” millions of dollars worth of Bitcoin (BTC) connected to Russia-based DarkSide hackers — the majority of the $4.4 million funds originally paid. A warrant filed with the U.S. District Court for the Northern District of California shows that authorities recovered 63.7 BTC, worth roughly $2.3 million at the time.

Monaco said this action was the first major operation in the task force’s mission to investigate, disrupt and prosecute ransomware attacks:

“Today, we turned the tables on DarkSide. […] By going after the entire ecosystem that fuels ransomware and digital extortion attacks, including criminal proceeds in the form of digital currency, we will continue to use all of our tools and all of our resources to increase the cost and the consequences of ransomware attacks.”

DarkSide’s attack on the major pipeline last month caused fuel shortages for many people in the United States. Monaco said the company quickly notified authorities of the problem and ransom demand, leading to the task force’s involvement.

In the same press conference, FBI Deputy Associate Director Paul Abatte said officials seized the funds from a BTC wallet used to pay the ransom for the cyberattack. However, at the time of publication, the method used to recover the crypto funds is unclear. A CNN report said that officials could have identified DarkSide as the ones responsible and used their network to trace the funds soon after the attack, but this method has had mixed success with ransomware groups.