When Bitcoin burst onto the scene in 2009, fans introduced cryptocurrency as a secure, decentralized, and anonymous way to transact outside of the traditional financial system.
Criminals, often operating in hidden areas of the internet, have flocked to Bitcoin to conduct illicit business without revealing their names or locations. Digital currency quickly became as popular with drug traffickers and tax evaders as it was with counter-current libertarians.
But this week’s revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack revealed a fundamental misconception about cryptocurrencies: They are not as hard to follow as cybercriminals think.
On Monday, the Justice Department announced that it had traced 63.7 of the 75 Bitcoins – some $ 2.3 million of the $ 4.3 million – which Colonial pipeline had paid the hackers when the ransomware attack shut down the company’s computer systems, causing fuel shortages and a soaring gasoline prices. Officials have since declined to provide further details on exactly how they recovered the Bitcoin, which has fluctuated in value.
Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators tracked the ransom as it passed through at least 23 different electronic accounts owned by Dark side, the hacking collective, before accessing an account, showed that law enforcement was developing with industry.
This is because the same properties that make cryptocurrencies attractive to cybercriminals – the ability to transfer money instantly without the authorization of a bank – can be exploited by law enforcement to track and seize funds from criminals at Internet speed.
Bitcoin is also trackable. While digital currency can be created, moved, and stored outside the purview of any government or financial institution, every payment is recorded in a permanent fixed ledger, called a the blockchain.
This means that all Bitcoin transactions are open. The Bitcoin ledger can be viewed by anyone connected to the blockchain.
“These are digital breadcrumbs,” said Kathryn Haun, former federal prosecutor and investor in venture capital firm Andreessen Horowitz. “There is a lead law enforcement can follow quite well.”
Ms Haun added that the speed with which the Justice Department seized most of the ransom was “revolutionary” precisely because of the use of cryptocurrency by hackers. In contrast, she said, obtaining documents from banks often requires months or years of navigating through paperwork and bureaucracy, especially when those banks are overseas.
Given the public nature of the ledger, cryptocurrency experts said, all law enforcement needed to do was figure out how to connect criminals to a digital wallet, which stores Bitcoin. To do this, the authorities have probably focused on what is called a “public key” and a “private key”.
A public key is the string of numbers and letters that Bitcoin holders have to transact with others, while a “private key” is used to secure a wallet. According to authorities, tracking a user’s transaction history was about determining which public key they controlled.
The seizure of the assets then required obtaining the private key, which is more difficult. It is not known how the federal agents were able to obtain DarkSide’s private key.
Justice Department spokesman Marc Raimondi declined to say more about how the FBI seized DarkSide’s private key. According to court documents, investigators gained access to the password for one of the hackers’ Bitcoin wallets, although they did not specify how.
The FBI does not appear to be relying on an underlying vulnerability in blockchain technology, cryptocurrency experts have said. The most likely culprit was good old-fashioned policing.
Federal agents could have seized DarkSide’s private keys by implanting a human spy in DarkSide’s network, hacking into the computers where their private keys and passwords were stored, or forcing the service that holds their private wallet to hand them over. via a search warrant or other means.
“If they can get their hands on the keys, it’s seizable,” said Jesse Proudman, founder of Pulley, a cryptocurrency investment site. “Just putting it on a blockchain doesn’t absolve that fact.”
The FBI has partnered with several companies that specialize in tracking cryptocurrencies on digital accounts, according to officials, court documents and the companies. Start-ups with names like TRM Labs, Elliptic, and Chainalysis that track cryptocurrency payments and report possible criminal activity have flourished as law enforcement and banks try to get ahead of financial crime.
Their technology traces blockchains for patterns suggesting illegal activity. It sounds like how Google and Microsoft tamed email spam by identifying and then blocking accounts that serve email links to hundreds of accounts.
“Cryptocurrency allows us to use these tools to track funds and financial flows along the blockchain in a way we could never do with cash,” said Ari Redbord, head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytics software. law enforcement and banks. He was previously Senior Financial Intelligence and Terrorism Advisor at the Treasury Department.
Several long-time cryptocurrency enthusiasts have said that collecting much of the Bitcoin ransom is a victory for the legitimacy of digital currencies. It would help change Bitcoin’s image as a criminal playground, they said.
“The public is slowly being shown, case after case, that Bitcoin is good for law enforcement and bad for crime – the opposite of what many historically believed,” said Hunter Horsley, chief executive of Bitwise asset management, a cryptocurrency investment company.
In recent months, cryptocurrencies have become more and more common. Companies such as PayPal and Square have expanded their cryptocurrency services. Coinbase, a start-up that allows people to buy and sell cryptocurrencies, went public in April and is now valued at $ 47 billion. During the weekend, a Bitcoin conference in Miami drew more than 12,000 attendees, including Twitter CEO Jack Dorsey and former boxer Floyd Mayweather Jr.
As more and more people use Bitcoin, most are accessing digital currency in a way that mirrors traditional banking, through a central intermediary like a crypto exchange. In the United States, anti-money laundering and identity verification laws require these services to know who their customers are, thereby creating a link between identity and account. Customers must upload government ID when registering.
Ransomware attacks have put unregulated crypto exchanges under the microscope. Cybercriminals have flocked to thousands of high-risk cybercriminals in Eastern Europe who break these laws.
After the attack on the Colonial Pipeline, several financial executives proposed a ban on cryptocurrency.
“We can live in a world with cryptocurrency or a world without ransomware, but we can’t have both,” Lee Reiners, executive director of the Global Financial Markets Center at Duke Law School, wrote in The Wall Street Journal.
Cryptocurrency experts said the hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency holders go to great lengths to store their private keys away from anything connected to the Internet, in what is called a “cold wallet”. Some memorize the string of letters and numbers. Others write them down on paper, although these can be obtained through search warrants or through police work.
“The only way to get the truly elusive feature of the asset class is to memorize the keys and not have them written down anywhere,” Mr. Proudman said.
Justice Department’s Mr. Raimondi said the Colonial Pipeline ransom seizure was the latest undercover operation by federal prosecutors to recover illegally acquired cryptocurrency. He said the department made “numerous seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets” used for criminal activity.
In January, the Department of Justice disrupted another ransomware group, NetWalker, who used ransomware to extort money from municipalities, hospitals, law enforcement and schools.
As part of the sting, the department obtained approximately $ 500,000 worth of NetWalker’s cryptocurrency that had been collected from victims of their ransomware.
“Although these individuals believe they are operating anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the fullest extent of the law and seize their criminal proceeds,” Maria Chapa Lopez, then American lawyer for the Middle East. District of Florida said when the case was announced.
In February, the Justice Department said it had warrants to seize nearly $ 2 million in cryptocurrency that North Korean hackers had stolen and put into accounts at two different cryptocurrency exchanges.
Last August, the department also unsealed a complaint against North Korean hackers who stole $ 28.7 million in cryptocurrency from a cryptocurrency exchange, then laundered the proceeds through Chinese money laundering services. of cryptocurrency. The FBI has traced the funds to 280 cryptocurrency wallets and their owners.
In the end, “cryptocurrencies are actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, spokesperson for Chainalysis, the start-up that tracks payments in cryptocurrency. “Definitely more transparent than cash.”