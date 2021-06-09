The US Federal Bureau of Investigation (FBI) took advantage of a weak password to gain access to the Bitcoin wallet that belongs to Darkside, a notorious group of hackers behind the Colonial Pipeline ransomware attack in April. A report broke this news on June 8, citing crypto experts who believe that the FBI’s ability to breach the wallet does not represent a security vulnerability in BTC. Experts shared their views after the United States Department of Justice (DoJ) announced Monday that it had successfully recovered $ 2.3 million from the attackers’ wallet.

Reportedly, FBI agents traced BTC’s transaction records to discover the digital wallet, which they took over via its private key. However, how they recovered the private key remains a mystery. Keeping his mouth shut on this matter, Elvis Chan, an assistant special agent in the FBI’s San Francisco office, said the agency does not want to reveal its techniques, as it may need to use them in other similar cases.

Trying to imagine how the FBI managed to recover the private key of the wallet, the experts shared their knowledge. The first possible option was for Darkside to use a payment server, which is easy for the FBI to trace, to collect the funds. According to Assistant Attorney General Lisa O. Monaco, tracking money may seem basic but powerful.

A case of poor computer hygiene

Jesse Spiro, global policy director at blockchain forensic firm Chainalysis, noted that blockchain-based transactions are transparent and traceable. As such, crypto transactions are easier to follow than fiat ones. Spiro added that Chainalysis could generate unprecedented intelligence and information by monitoring a cryptocurrency’s supply chain once someone makes a ransomware-related payment. However, it did not reveal whether Chainalysis was involved in the Colonial Pipeline case.

Nic Carter, founding partner of Castle Island Ventures, did not deny that the FBI may have tracked down the portfolio. However, he said that the agency is unlikely to have passed the elliptic curve digital signature algorithm, which ensures that only the owner of the wallet can use the BTC stored in it. Emphasizing how the FBI had little chance of getting into the portfolio, Carter said such an event is so implausible and could be impossible.

He noted that the FBI may have been able to access the server where Darkside had stored his private key information. According to him, this does not point to failures in BTC, but rather to a case of poor IT hygiene for the criminal group.

