Colonial Pipeline’s ransom recovery sparks debate on Bitcoin traceability

US investigators recovered 63.7 digital coins worth $2.4m from DarkSide by sneaking into their system

A technician inspects the back of a Bitcoin mining centre in Quebec. AFP 
Powered by automated translation

The partial recovery of millions of dollars in cryptocurrency paid to DarkSide, the criminal group behind the cyber attack on Colonial Pipeline, as a ransom has proved that transactions using the digital assets are not impossible to trace.

Cryptocurrencies, which rely on blockchain technology, have been used by hackers to easily move money outside of the conventional banking system and their encrypted nature was believed to offer anonymity.

However, US investigators were last week able to recover 63.7 Bitcoin, worth about $2.29 million as of 5.30pm UAE time on Saturday, out of the 75 digital coins the company paid to regain control of its systems.

"The developments earlier this week have put threat actors, ransomware writers and other malware authors on notice that the gloves are off," Sam Curry, chief security officer at Boston security company Cybereason, told The National.

A technician monitors cryptocurrency mining rigs in Quebec, Canada. Bloomberg

“This also sends a clear message to the criminals ... that you are not immune to repercussions. Ransomware gangs are start-ups with their own venture capital and business models. The investors in these organisations must be getting nervous that their ill-gotten gains can be recouped.”

Blockchain – the technology behind cryptocurrencies such as Bitcoin – is a digital chain of transactions linked by cryptography, a mechanism for secure communications, on an open ledger. The database is a real-time library of records that are difficult to tamper with.

Blockchain spending in the Middle East and Africa has grown at a compound yearly rate of more than 70 per cent since 2016 and is set to reach $307m this year, according to the US-based International Data Corporation.

Representations of cryptocurrency Bitcoin are seen in this picture illustration taken June 7, 2021.   REUTERS/Edgar Su/Illustration

Colonial, the country’s largest fuel pipeline, suffered a major cyber attack that caused fuel shortages and price increases across the US last month. It reported the incident to the FBI.

The US Department of Justice said it managed to recover part of the ransom to DarkSide by sneaking into the group’s systems. However, it did not disclose how it did so.

“Now is the time for law enforcement agencies and other important players in the public and private sector to continue in the same vein and put pressure on all fronts – technological, economic and diplomatic,” said Mr Curry.

“It is far past time to let the malware authors and the cyber criminal gangs know that they have been put on notice and that their criminal enterprises will be exposed one by one.”

The cryptocurrency market is large, with the value of all coins in circulation currently at about $1.6 trillion. Bitcoin's market capitalisation is worth about $700 billion, or 44 per cent of the total, while Ether accounts for about 15 per cent, or $294bn.

There are hundreds of marketplaces where digital assets such as Bitcoin and Ether are traded. Ownership details, known as private keys in cryptocurrency parlance, can be hacked if not secured properly and the funds held in those accounts stolen.

The US authorities managed to seize part of the Bitcoin ransom from DarkSide by gaining access to their private keys, according to reports.

Court documents showed that investigators had cracked the password to one of the hackers' digital wallets, according to The New York Times.

"Globally, Bitcoiners are very sceptical of this announcement as it does not make much sense," Irina Heaver, a technology lawyer and cryptocurrency enthusiast in Switzerland, told The National.

“The FBI said that they had a private key to the US-based server that hosted the wallet, called tumbler, where the criminals transferred the Bitcoin. But no one has properly explained how they did it.

“There are a lot of questions ... why were the hackers so stupid to keep the bulk of the money on US infrastructure? How did they get duped to transfer Bitcoin to a wallet controlled by the FBI?”

An employee inspects machines for the production of Bitcoin at a mining centre in Kirishi, Russia. AFP

One thing that seems clear is the US government’s ability to recover Bitcoin was not the result of any breach of the blockchain, according to Avinash Advani, founder and chief executive of Dubai-based digital security company CyberKnight.

“The fundamental security features of blockchain and Bitcoin are always intact ... as security experts, we have no doubt about that,” he said.

The US government sought the power to go after entities involved in Bitcoin transactions, citing national security concerns related to critical infrastructure, he said.

“So, they had the power to go after the entities involved in the overall transactions on the blockchain ... it gave them the accessibility to get funds back before they were converted into fiat money,” said Mr Advani.

Criminals stole $1.9bn worth of cryptocurrencies last year, down from $4.5bn in 2019, according to data by London finance and investment company Finaria.

Fraud was the leading cryptocurrency crime last year, followed by coin theft and ransomware attacks.