The ransomware group known as DarkSide appears to be in possession of more than $5 million, despite the successful efforts of the Federal Bureau of Investigation (FBI) in recovering approximately $2.3 million ransom payment paid by the Colonial Pipeline, public records of the Bitcoin blockchain showed
MOSCOW (Pakistan Point News / Sputnik - 08th June, 2021) The ransomware group known as DarkSide appears to be in possession of more than $5 million, despite the successful efforts of the Federal Bureau of Investigation (FBI) in recovering approximately $2.3 million ransom payment paid by the Colonial Pipeline, public records of the Bitcoin blockchain showed.
Honorable Laurel Beeler, US Magistrate Judge for the Northern District of California, authorized a warrant on Monday to seize 63.7 bitcoins, valued at about $2.3 million, which was a part of the ransom payment Colonial Pipeline offered to the DarkSide group, the US Department of Justice said in a statement.
The surprising attack from the DarkSide group forced Colonial Pipeline to take its systems offline for almost a week in early May and led to serious gas shortages in a number of states in the US southeast coast.
According to a detailed report from the FBI on the case, Colonial Pipeline paid about 75 bitcoins on May 8, valued at approximately $4.4 million at the time, to the DarkSide group as part of its efforts to restore its computer systems.
The FBI was able to trace subsequent transactions of the 75 bitcoins on the cryptocurrency's public ledger known as the blockchain and led to the successful seize of 63.7 bitcoins that were sent to a cryptocurrency address, which the FBI was able to obtain control over through the seize warrant.
Although the FBI did not publicize the full bitcoin address, listed as the "subject address" in its report, a Sputnik reporter identified the address "bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq" on the bitcoin blockchain, which matched the description in the FBI report perfectly.
As the FBI report described, this bitcoin address received 63.7 bitcoins from a second bitcoin address on May 28.
According to publicly available transaction records on the bitcoin blockchain, the second address received the 63.7 bitcoins from a third address on May 9.
The third bitcoin address was one of the two bitcoin addresses where the DarkSide group sent the 75 bitcoins it received from the Colonial Pipeline.
According to the FBI report, the Colonial Pipeline send 75 bitcoins to two bitcoin addresses provided by the DarkSide group on May 8. On the next day, the DarkSide group split the 75 bitcoins into two addresses, the bitcoin blockchain records showed.
One of the two addressed used by the DarkSide group was the third address mentioned above, which received 63.7 bitcoins. The FBI was eventually able to trace the 63.7 bitcoins to the first address mentioned above, which was seized through a warrant on Monday.
Cryptocurrency industry watchers speculated that the FBI was able to seize the first bitcoin address mentioned above because it was an address managed by one of the US-based bitcoin exchanges, which had to comply with the seize warrant issued by the judge in for the Northern District of California.
However, the remaining 11.3 bitcoins, out of the 75 bitcoins paid by Colonial Pipeline, were transferred to a fourth address.
This fourth address sent all of its 11.3 bitcoins on May 13 to a fifth address, which received 107.8 bitcoins, valued at about $5.2 million at the time, through 24 transactions.
The fifth address still has 107.8 bitcoins as of Tuesday.
Out of the 107.8 bitcoins the fifth address received on May 13, about 66.5 bitcoins came from the third address mentioned above, which was used by the DarkSide group to move the 63.7 bitcoins, which were eventually seized by the FBI.
After transferring the 63.7 bitcoins from the Colonial Pipeline away from the third address on May 9, this same addressed received another 66.5 bitcoins, which was part of a split of 78.2 bitcoins, on May 12.
All the 78.2 bitcoins involved in the transaction on May 12 were also eventually moved as part of the 24 transactions on May 13 to the fifth address. It's unclear where the 78.2 bitcoins, valued at $4.4 million at the time of the transaction, came from.
Based on the transaction records of the bitcoin blockchain, it appears highly likely that the fifth address is under the possession of the DarkSide group and currently holds 107.8 bitcoins, valued about $5.2 million when the transactions took place on May 13.
According to the bitcoin blockchain records, at least 11.3 out of the 107.8 bitcoins under this fifth address came from the Colonial Pipeline.
