Yesterday June 8th, the U.S. Department of Justice (DOJ) announced the successful partial recovery of $4.4 million paid with 63.7 Bitcoin. The operation was undertaken by a special task force created by the Biden administration to address cyber-attacks.
The affected company, Colonial Pipeline, controls over 45% of the East Coast fuel. After the main computer in a control room was taken hostage by an alleged Russian-backed hacker group called DarkSide, its CEO Joseph Blount was forced to pay the criminals.
The DOJ shared the details of the operation via a press conference, but the report was confusing, and the authorities provided mixed information, as many experts pointed out. Initially, the government officials hinted at the possibility of a Bitcoin wallet being hack to obtain its private keys.
However, the improbability of this action and additional data provided by the government has led expert to speculate on the true course of action. Anderson Kill Law partner Preston Byrne believes that DarSide’s wallet was on an exchange or cloud server which the authorities hit with both a warrant and gag order.
Criminal Incompetence Or Bitcoin Conspiracy?
Perhaps the most peculiar theory is the one that involves crypto exchange Coinbase as part of the Federal investigation. In response to these comments, Philip Martin, Coinbase’s CSO, officially denied the rumors. Via his Twitter handle, he said:
I’ve seen a bunch of incorrect claims that Coinbase was involved in the recent DOJ seizure of bitcoin associated with the Colonial Pipeline ransomware attack. We weren’t.
Martin added that Coinbase was not the recipient of the aforementioned warrant. In addition, he clarified that the exchange has not received Bitcoin related to a ransom or criminal activity, “at any point”. The executive said there is no evidence that the stolen funds ever went through a Coinbase Bitcoin wallet. Martin said:
You can take my word for it, or take the (sworn!) word of the agent who wrote the affidavit: “34. The private key for the Subject Address is in the possession of the FBI in the Northern District of California”
Due to the exchange’s funds mechanism, a pooled hot wallet, the executive claims it “wouldn’t make sense” to surrender a specific private key. Martin also claims there is no private key export API endpoint operating in the platform for “obvious security reasons”.
I’ve also read that because the seizure warrant specified property in the Northern District of California, it had to be targeted at Coinbase. Nope. What this likely means is that the private key is located at one of the many Northern California FBI field offices.
Martin speculates that the authorities obtained the private keys with “good ol’ fashioned police work”. According to a report by Vice, the FBI has been conducting an operation called “Trojan Shield” for years. Thus, they have been able to secretly attract criminals and get them to surrender their personal information and messages.
Arrest warrants have been issued due to this operation. Data from Vice indicates that around 20 million messages from 11,800 devices were obtained by the FBI and international partners. No connection has been made between the recent BTC recovery and operation “Trojan Shield”, but it goes to show the extent of the U.S. Federal Government law enforcement capabilities.
At the time of writing, Bitcoin trades at $32,010 with moderate losses in the daily chart. BTC losses support at $35,000 and could face more downside in the short term if the bulls failed to display conviction.