DOJ Recovers $2.3M in Bitcoin From Colonial Pipeline Ransom Paid to Darkside

On Monday, the Department of Justice (DOJ) announced that it seized 63.7 bitcoins, representing a May 8 ransom payment by Colonial Pipeline to a group known as DarkSide, whose ransomware targeted the largest pipeline system for refined oil products in the United States last month, resulting in critical infrastructure disruption. The seizure warrant was authorized by Magistrate Judge Laurel Beeler earlier on Monday, the press release explained.

The DOJ stated that after the May 7 ransomware attack, Colonial Pipeline notified the Federal Bureau of Investigation (FBI) that DarkSide accessed its computer network and that it received and paid a ransom demand for about 75 bitcoins. According to the Northern District of California-filed affidavit, law enforcement officials were able to track multiple bitcoin transfers after reviewing the cryptocurrency’s public ledger.

The FBI was able to seize the funds because it held the private key, similar to a password, needed to access the accounts that the funds were transferred to. As alleged in the court filing, the funds represented “proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.”

Deputy Attorney General Lisa O. Monaco commented on the matter. “Following the money remains one of the most basic, yet powerful tools we have,” she said. “Ransom payments are the fuel that propels the digital extortion engine, and today’s announcement demonstrates that the United States will use all available tools to make these attacks more costly and less profitable for criminal enterprises. We will continue to target the entire ransomware ecosystem to disrupt and deter these attacks. Today’s announcements also demonstrate the value of early notification to law enforcement; we thank Colonial Pipeline for quickly notifying the FBI when they learned that they were targeted by DarkSide.”