New analysis sheds light on DOJ Bitcoin seizure, as JBS pays massive $11M ransom
The FBI may have access to a lot more BTC in hacking group’s addresses.
JBS USA Holdings Inc. has paid an $11 million ransom in Bitcoin to cybercriminals as new details emerge over the FBI’s recovery of assets from a previous heist.
The payment, estimated to be more than 300 BTC at current prices, was made to shield JBS factories from further disruption. The firm is the world’s largest meat company by sales, processing beef, poultry, and pork from Australia to South America and Europe.
Andre Nogueira, chief executive of the Brazilian meat company’s U.S. division, said that the payment was painful and made after the majority of JBS plants were up and running again to ensure there were no further attacks. According to the Wall Street Journal, the FBI last week attributed the JBS attack to REvil, a criminal cybercrime group with ties to Russia.
The latest high-profile Bitcoin ransom payment will no doubt add to pressure on legislators to act. Earlier today Democratic Senator Elizabeth Warren hacalled for tighter regulation stating that cryptocurrency has “created opportunities to scam investors, assist criminals, and worsen the climate crisis”. Regarding the recent ransomware attacks, she said:
“Every hack that is successfully paid off with a cryptocurrency becomes an advertisement for more hackers to try more cyberattacks,”
The attack on JBS, which was discovered on May 30, was part of a wave of incursions using ransomware that also targeted Colonial Pipeline, the operator of a pipeline bringing gasoline to parts of the U.S. East Coast.
As reported by Cointelegraph, the FBI managed to recover 63.7 BTC from the 75 BTC ransom paid by the firm to another Russian-linked hacker group called DarkSide.
At the time, the crypto community questioned the methods used by the federal agency to gain access to the private keys for the target address. It was also suggested by some that Coinbase was involved in the seizure but company executives denied any connection.
According to crypto asset insurance company Evertas, DarkSide was likely already on the law enforcement radar and had themselves confirmed that they had lost control of their infrastructure, including the ability to extricate crypto funds.
It notes that according to the affidavit, the private key for the subject address was in the possession of the FBI in the Northern District of California, not the actual funds.
Evertas analyzed the transfers using a combination of open-source tools and subscription-based blockchain analytics to reveal that the hacker group split the ransom over three addresses in early May.
The analysis reveals that DarkSide controlled multiple addresses containing a total of 114 BTC up until the middle of May. On 7 June, 63.7 BTC were seized from one of the addresses and Evertas believes the FBI probably controls the rest:
“Evertas suspects that the FBI likely now controls the remaining almost 114 BTC and may be working to tie other payments made to DarkSide by other victims of the hackers’ RaaS [Ransomware as a Service] before effecting official seizures of the remaining funds.”
The revelation may sound positive but analysts at data analytics firm GlobalData believe that cryptocurrencies have just become a lot less secure as the seizure sets the path towards fiat-currency-style control. Thematic Analyst at GlobalData, Danyaal Rashid, said:
“Bitcoin was supposed to liberate us from government control: decentralized and out of the government’s hands. The fact that the US Government has managed to recover most of this ransom, despite it being paid in Bitcoin, goes directly against this.”