In May, Colonial Pipeline, the largest pipeline system in the US, suffered a ransomware attack, forcing it to shut down its infrastructure. While the company paid hackers $4.4 million in Bitcoin, the FBI recently retrieved part of that ransom. How did authorities outsmart the criminals? Is Bitcoin not as untraceable as it’s claimed to be?
Jun 22, 2021 · 3 min read
The Colonial Pipeline transports around 2.5 million barrels of fuel daily to the east coast and southern states of the US. When the company received a ransomware note on May 7, all operations were halted and the pipeline was shut down for nearly a week.
This had an immediate effect on fuel supply in some states, as more than 9,500 gas stations were left without fuel in the following days. Around 50% of gas stations in DC and 40% in North Carolina experienced outages, which caused panic among consumers and pushed prices up.
Following the attack, the Colonial Pipeline agreed to pay criminals 75 bitcoins, worth more than $4 million. While law enforcement usually discourages companies from paying ransom money, many businesses will still give into such demands, as extended disruptions can cost them more in the long run.
This story would have probably ended here, had it not been for an unexpected plot twist — despite having been paid in cryptocurrency, some of the ransom was retrieved.
One month after the hack, the FBI announced that it had seized 63.7 of the 75 bitcoins, worth approximately $2.3 million. The law enforcement agency had tracked multiple Bitcoin transactions to a specific bitcoin wallet, for which the FBI had the “private key”.
While public keys are available to everyone, allowing anyone to send money through the blockchain, a private key is kept by the owner of a specific bitcoin wallet. This raises the question; how did the FBI acquire the key?
Some cryptocurrencies provide users with a anonymity, hiding the sender’s and recipient’s details and the amount transferred. However, this is not the case for Bitcoin.
Contrary to popular belief, Bitcoin is actually traceable, and users can see the transaction history of a specific online address on the blockchain. Bitcoin still offers a degree of privacy, as it hides the identity of the wallet's owner, but it's certainly not untraceable.
The Colonial Pipeline situation isn't the first time this has been demonstrated either. In 2020, the US government seized $1 billion worth of Bitcoin linked to Silk Road, an online black market shutdown in 2013.
The Colonial Pipeline hack was conducted by a group of Russian hackers known as DarkSide. Experts speculate that the criminals probably didn’t care about their anonymity, because they knew the FBI couldn’t reach them in Russia. However, using a semi-traceable currency may still have been a blunder.
Criminals can’t hide behind Bitcoin, but there are other cryptocurrencies (so-called privacy coins) that provide users with more cover. Dash, Zcash, and Monero are alternatives with enhanced privacy. They hide transaction details, so third parties can’t view user information or track payments.
Officials across various nations have expressed concerns that Bitcoin is used by criminals and should be banned. However, estimates say that illicit activities represent only 0.34% of all cryptocurrency transactions.
Japan and South Korea have already banned anonymous cryptocurrency trades and some other countries are moving in the same direction. But digital money transcends borders and jurisdictions, and the more it’s regulated, the more people will just turn to privacy-focused cryptocurrencies.
The Colonial Pipeline ransomware story will definitely encourage some people — especially hackers and criminals — to choose privacy coins over Bitcoin. Bitcoin’s reputation as an untraceable payment option has been tarnished, but it remains to be seen what impact this has on the wider cryptocurrency market.
Want to read more like this?
Get the latest news and tips from NordVPN