FBI Uses Security Hole and Recovers Paid Bitcoins in Ransomware


The FBI has made a major breakthrough in the investigations into the cyberattack against Colonial Pipeline, the largest company in the US pipeline sector.

Last Monday (07), investigators gained access to one of the private virtual wallets used by the hacker group DarkSide, recovering about US$ 2.3 million in bitcoin that was paid by the company as a “ransom” to end the invasion of servers . The wallet was seized after a court order and an investigation that identified the path of transactions from the time of the ransomware.

The action, however, was seen as both good news and a worrying factor. The positive point is that the agency’s strategy of “following the money” continues to yield results and reach concrete clues and actions. On the other hand, some suspect that the FBI may have discovered a vulnerability in the cryptocurrency itself.

It’s safe?

So far, it is not known how the wallet’s private key was obtained. And the procedure used by the FBI will not be detailed — after all, the agency can use the same successful mechanism now in future cases. As of now, investigations of ransomware attacks have gained the same priority as terrorism in the country.

Experts consulted by CNBC believe that the cryptocurrency has not had its security compromised. The most likely hypothesis is that DarkSide used some centralized payment server that facilitated tracking, in addition to having “careless” in storing the key.

Bitcoin’s market value even dropped sharply on Tuesday, when the lawsuit documents detailing the FBI’s action were released. However, the currency soon returned to growth throughout the day.