There is an abundance of FUD (fear, uncertainty, doubt) the Cryptoverse is fighting to debunk today – after millions of USD in bitcoin (BTC) was allegedly seized, used as ransom in the US Colonial Pipeline ransomware attack in early May. One of these flames being put out today is that Bitcoin was “hacked” and “cracked”, with numerous other questions about the seizure being raised.
On June 7, the US Department of Justice announced that it has seized BTC 63.7, valued at approximately USD 2.3m, which “allegedly represent the proceeds of a May 8, ransom payment to individuals in a group known as DarkSide, which had targeted Colonial Pipeline, resulting in critical infrastructure being taken out of operation.”
One of the largest FUDs surrounding this is that the “FBI cracked Bitcoin” and that this has put Bitcoin in a highly dangerous situation, which possibly contributed to a selloff in the market today.
oh look I found where this came from https://t.co/bqhaGXc3jw
— Matthew Graham (@mattysino) June 8, 2021
This is not correct, as the private keys can’t simply be hacked.
Instead, the ransom was paid and the authorities followed the money “until the crooks tried to cash it out,” Anders Larsson, founder of CTO Larsson Invest, wrote. The public ledger makes this tracking easier, he said – which others took as a good argument against the ‘BTC is only good for money laundering’ narrative.
Adam Back, CEO of major blockchain technology firm Blockstream who was also cited in the Bitcoin white paper, stressed that neither Bitcoin nor a bitcoin wallet were hacked, as it’s not known to even be possible.
just setting up my twttr
— jack (@jack)
The “cracked Bitcoin” story continued to fuel a flurry of comments arguing against it.
Andrew M. Bailey, Associate Professor at Yale-NUS College, described the reporting on Bitcoin in relation to Colonial Pipeline as “the FBI traced books to your library address and scanned for missing spinal irregularities, finding four batteries” – grammatically sound, but nonsense nonetheless.
The tweets about how Bitcoin was “hacked” contain outright lies, said Warren Togami, Vice President of Solutions at Blockstream, adding that “breaking SHA256 [Secure Hash Algorithm 256] is not even how you would steal funds from an address. Bitcoin doesn’t work that way.”
According to one of the more prominent theories going around currently is that the hackers may have used an exchange. Alex Thorn, Head of Firmwide Research at Galaxy Digital, noted that, based on the on-chain data, no evidence of Bitcoin / BTC wallet vulnerability was found – but that there was a pattern that seems to show the funds ultimately flowed to a trading desk or exchange willing to comply with a US warrant.
As to which exchange this may have been, quite a few people pointed to one of the biggest out there, stating that the coins likely went through the Californian servers of Coinbase and were seized there by the US investigators.
However, Coinbase Chief Security Officer Philip Martin replied that the exchange was not involved in this BTC seizure, it was not the target of the warrant, it did not receive any part of the ransom at any point, and that there is no evidence that the funds went through a Coinbase account/wallet.
7/ So how did they get the private key? Maybe some whiz-bang magic, but my guess would be it was some good ol’ fashioned police work to locate the target servers, and an MLAT request and/or some political pressure to get access.
— Philip Martin (@SecurityGuyPhil) June 8, 2021
Also, the attackers could’ve used a hot wallet hosted on a server in the US, broadcasting transactions via Clearnet, or publicly accessible Internet, as Casa‘s Chief Technology Officer Jameson Lopp wrote, adding that “network surveillance is a thing…. find originating IP => seizure.”
The key question
Per a June 7 affidavit, the victim told the FBI that they were instructed to send around BTC 75, at the time worth USD 4.3m. The text goes into listing the transactions and addresses seen on a public blockchain explorer, then stating that “the private key for the Subject Address in the possession of the FBI.”
Many, like Open Money Initiative co-founder Jill Carlson, took an issue with this, as it does not explain how the FBI got the keys in the first place. “Obtaining the key is the hard part! Anyone can look at the block explorer,” she said. The announcement doesn’t offer any more information, just saying that the ransom payment “had been transferred to a specific address, for which the FBI has the ‘private key’.”
The Russian hacking claim has been used illegitimately numerous times in recent years, argued journalist Jordan Schachtel, so much so that it’s impossible to know if the authorities are being truthful now, particularly given that the messaging around the Colonial Pipeline incident is “a total mess.” He wondered why would they need a court order if they have the keys for the wallet, while the reverse is also true – if the BTC was transferred to a custodial wallet, why would they need the keys?
Indeed, if the wallet was hacked, why did the authorities need a warrant to seize property, asked Danny Scott, CEO of UK bitcoin exchange CoinCorner. There are those, however, who say that using a warrant is a legal requirement.
An additional major question many had is – if these hackers were so skillful that they could take over such a massively important facility, where did their skill go when it came to keeping the taken BTC and the private keys safe? But Jordan Schachtel suggested that it’s possible these hackers were “grossly incompetent.”
Some in the Cryptoverse even claimed that this may have been an inside job, or that the FBI was working with the hacking group in some capacity, though nobody has provided substantial information and evidence to support this theory.
Others, like computer security researcher Marcus Hutchins, gave more details about the history, evolution, as well as past and current usage of ransomware attacks, also noting that even if it were somehow possible to just do away with bitcoin, these attacks would continue nonetheless – attackers would just get paid in USD most likely.