Explained | How US Investigators recovered the Bitcoin ransom paid by Colonial Pipeline

Bitcoin and Cryptocurrency is largely seen as untraceable but how did the FBI do it?

Cryptocurrency is the wave of future. It may not be widely accepted right now but experts suggest that time will come. Unfortunately, thanks to the inherent security standards built into the system, Crypto is also widely used for illicit transactions, one of which was used to hold Colonial Pipeline ransom.

On May 7, 2021 the pipeline system suffered a ransomware attack which was traced to an Eastern European hacking group known as DarkSide. With the assistance of the FBI, Colonial Pipeline decided to pay the ransom (75 bitcoin, valued then at $4.4 million) to resume operations.

Fast forward to June 7, 2021 and an operation led by FBI's San Francisco Division has managed to recover 63.7 bitcoins of the original ransom, which means nearly all of it was recovered. How did the FBI pull this off?

Contrary to popular belief, it is still possible to trace the movements of bitcoin through the digital system by using transaction records. The shared public record is stored in the blockchain and it is often possible to track these.

The Blockchain in itself may be secure but is not fool proof. Every transaction information on a block is secured with a help of cryptographic key and is accessible by the person who has that key. The FBI managed to track down one of these keys that belonged to someone within the hacking group. How they got hold of the key remains a mystery but with the help of the key they were able to track the transactions back to a secure bitcoin wallet.

The investigators then managed to recover most of the ransom amount and transfer it back into their systems. Given some time, everything can eventually be broken and cryptocurrency is not an exception to that rule.