When Bitcoin hit the market in 2009, fans touted the cryptocurrency as a secure, decentralized, and anonymous way to conduct transactions outside of the traditional financial system.
Criminals, often operating in hidden areas of the internet, flocked to Bitcoin to do illegal business without revealing their name or location. The digital currency quickly became just as popular with drug dealers and tax evaders as it was with contrary libertarians.
But this week’s revelation that federal officials got back most of the Bitcoin ransom paid in the Colonial Pipeline’s most recent ransomware attack revealed a fundamental misconception about cryptocurrencies: they’re not as difficult to track as cybercriminals think they are.
On Monday, the Justice Department announced that it had tracked 63.7 of the 75 bitcoins – about $ 2.3 million of the $ 4.3 million – that Colonial Pipeline paid to the hackers when the ransomware attack took place the company’s computer systems had shut down, leading to fuel shortages and an increase in revenue for gasoline prices. Since then, officials have refused to provide any further details on how they exactly recovered the bitcoin, which is fluctuating in value.
Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators tracked the ransom as it moved through at least 23 different electronic accounts from DarkSide, the hacking collective, before accessing an account, showed that law enforcement grew with the industry.
That’s because the same properties that make cryptocurrencies attractive to cyber criminals – the ability to instantly transfer money without a bank’s permission – can be used by law enforcement agencies to track and track criminals’ funds at the speed of the internet confiscate.
Bitcoin is also traceable. While digital currency can be created, moved and stored outside the jurisdiction of a government or financial institution, every payment is recorded on a permanent fixed ledger called a blockchain.
This means that all Bitcoin transactions are open. The Bitcoin ledger can be viewed by anyone connected to the blockchain.
“It’s digital breadcrumbs,” said Kathryn Haun, former federal prosecutor and investor at the venture capital company Andreessen Horowitz. “There’s a path that law enforcement can follow pretty well.”
Ms. Haun added that the speed with which the Justice Department confiscated most of the ransom was “groundbreaking” precisely because of the use of cryptocurrencies by hackers. In contrast, she said, obtaining records from banks often requires months or years of navigating paperwork and red tape, especially when those banks are overseas based.
Given the public nature of the ledger, cryptocurrency experts said, all law enforcement agencies need to do is figure out how to connect the criminals to a digital wallet that holds the bitcoins. To do this, the authorities have likely focused on what is known as a “public key” and a “private key”.
A public key is the sequence of numbers and letters that Bitcoin holders use to transact with others, while a “private key” is used to keep a wallet secure. Tracking down a user’s transaction history was a matter of determining which public key they controlled, authorities said.
The seizure of the assets then required obtaining the private key, which is more difficult. It is unclear how federal agents got hold of DarkSide’s private key.
Justice Department spokesman Marc Raimondi declined to say more about how the FBI confiscated DarkSide’s private key. According to court documents, investigators accessed the password for one of the hackers’ Bitcoin wallets, but did not do exactly how.
The FBI didn’t seem to be relying on any underlying flaw in blockchain technology, cryptocurrency experts said. The most likely culprit was good old-fashioned policing.
Federal agents could have confiscated DarkSide’s private keys by infiltrating a human spy into DarkSide’s network, hacking the computers that stored their private keys and passwords, or forcing the service holding their private wallet to use them to be surrendered by a search warrant or otherwise.
“If they get their hands on the keys, they can be confiscated,” said Jesse Proudman, founder of Makara, a cryptocurrency investment site. “Just relying on a blockchain does not solve this fact.”
The FBI has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Startups with names like TRM Labs, Elliptic, and Chainalysis, tracking cryptocurrency payments and exposing possible criminal activity, have emerged as law enforcement agencies and banks seek to stay ahead of financial crime.
Their technology tracks blockchains in search of patterns that suggest illegal activity. It’s similar to how Google and Microsoft tamed email spam by identifying and then blocking accounts that distribute email links across hundreds of accounts.
“Cryptocurrency enables us to use these tools to track funds and financial flows along the blockchain in ways we could never do with cash,” said Ari Redbord, general manager of legal at TRM Labs, a blockchain intelligence company who sells its analytics software to law enforcement agencies and banks. Previously, he was senior financial information and terrorism advisor at the Treasury Department.
Several longtime cryptocurrency enthusiasts said recovering much of the Bitcoin ransom was a win for the legitimacy of digital currencies. That would help change Bitcoin’s image as a criminal playground, they said.
“The public is slowly being shown on a case-by-case basis that Bitcoin is good for law enforcement and bad for crime – the opposite of what many in the past believed,” said Hunter Horsley, CEO of Bitwise Asset Management, a cryptocurrency company. Investment company.
In the last few months, cryptocurrencies have become more and more mainstream. Companies like PayPal and Square have expanded their cryptocurrency services. Coinbase, a startup that enables people to buy and sell cryptocurrencies, went public in April and is now valued at $ 47 billion. Over the weekend, a Bitcoin conference in Miami drew more than 12,000 attendees, including Twitter CEO Jack Dorsey and former boxer Floyd Mayweather Jr.
As more and more people use Bitcoin, most of them access the digital currency in a way that mirrors a traditional bank, through a centralized intermediary such as a crypto exchange. In the United States, anti-money laundering and identity verification laws require such services to know who their customers are, thereby establishing a link between identity and account. Customers must upload an official ID when registering.
Ransomware attacks have taken a close look at unregulated crypto exchanges. Cyber criminals are flocking to thousands of high risk areas in Eastern Europe that do not obey these laws.
After the attack on the Colonial Pipeline, several financial leaders proposed a ban on the cryptocurrency.
“We can live in a world with cryptocurrency or a world without ransomware, but we cannot have both,” Lee Reiners, executive director of the Global Financial Markets Center at Duke Law School, wrote in the Wall Street Journal.
Cryptocurrency experts said the hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency holders go to great lengths to store their private keys away from anything connected to the Internet in what is known as a “cold wallet”. Some people remember the sequence of numbers and letters. Others write them down on paper, although they can be obtained through search warrants or police work.
“The only way to get the really intangible properties of the asset class is to memorize the keys and not have them written anywhere,” said Mr Proudman.
Justice Department Mr Raimondi said the ransom seizure by the Colonial Pipeline was the federal prosecutor’s most recent stabbing operation to recover illegally acquired cryptocurrency. He said the department had “many hundreds of millions of dollars of seizures of non-hosted cryptocurrency wallets” used for criminal activity.
In January, the Justice Department disrupted another ransomware group, NetWalker, which was using ransomware to extort money from communities, hospitals, law enforcement agencies and schools.
As part of that sting, the department received approximately $ 500,000 of the cryptocurrency from NetWalker that was collected from victims of their ransomware.
“Although these people believe they are acting anonymously in the digital space, we have the ability and tenacity to identify and prosecute these actors to the full extent of the law and to confiscate their criminal proceeds,” said Maria Chapa Lopez, then US Attorney for the Middle Area District of Florida said when the case broke.
In February, the Justice Department announced that it had arrest warrants for the seizure of nearly $ 2 million in cryptocurrencies that North Korean hackers had stolen and debited from two different cryptocurrency exchanges.
Last August, the department also unsealed a complaint against North Korean hackers who stole $ 28.7 million in cryptocurrencies from a cryptocurrency exchange and then laundered the proceeds through Chinese cryptocurrency laundering services. The FBI traced the funds to 280 cryptocurrency wallets and their owners.
In the end, “cryptocurrencies are actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, a spokeswoman for Chainalysis, the start-up that tracks payments in cryptocurrencies. “Certainly more transparent than cash.”