This story about the recovery of ransomware funds says:
Officials said that they identified a virtual currency account, often referred to as a “wallet,” that DarkSide had use to collect payment from one of its ransomware victims, and that a magistrate judge in the Northern District of California had granted a warrant to seize funds from the wallet earlier in the day.
My question is, how do you “seize” funds from a digital wallet? Does this require the cooperation of whoever owns the wallet? Or some intermediary?
There is not enough information about it in your link to give details. It says it was a Bitcoin wallet: if it were a simple bitcoin wallet then anyone with the secret key can “seize” the funds.
I’d say there are three broad categories of things that they might have meant:
Online cryptocurrency exchanges
Paper wallet
Offline wallet
For the first, the court can issue a warrant to the exchange directing them to move the funds in that account to somewhere else. Unless the exchange is in some out-of-the-way place, it’s probably going to comply.
The paper wallet is a printout of the necessary keys. The police can seize it from wherever it’s stored, like a safe. It’s basically like cash.
The offline wallet is probably hardest to deal with, and is probably protected via password. The courts could direct the person to give up the password under threat of contempt of court, and lock up the person indefinitely until they do so. The police might be able to brute-force the password or use some other way of guessing it. But they might also just be locked out completely if the suspect is uncooperative and used best practices for the password.
There were reports last February of German official seizing a bitcoin wallet - but were unable to access its contents because they couldn’t crack the password. So apparently denying use of bitcoin is different from cashing it in.
The situation highlights not a flaw but a feature of cryptocurrencies: money isn’t centrally controlled, and therefore authorities cannot compel a bank to simply hand over a person’s money. It gets a little bit more complicated if one stores their crypto with a digital wallet provider like Coinbase, as that company holds the private keys for a person’s wallet and therefore can be compelled by law to unlock it. But if cryptocurrency is stored on a private medium, like a flash drive, the key can be hidden away, perhaps on a piece of paper buried underground, and nothing can be done to access it without knowledge of the key. Police seized a hacker's Bitcoin wallet but can't get in without the password
How it came to have that private key is the key question. Nicholas Weaver , a lecturer at the computer science department at University of California, Berkeley , said the most likely explanation is that law enforcements agent seized money from a specific DarkSide affiliate responsible for bringing the crime gang the initial access to Colonial’s systems.
“The ‘obtained the private key’ part of their statement is doing a lot of work,” Weaver said, point out that the amount the FBI recovered was less than the full amount Colonial paid.
“It is ONLY the Colonial Pipeline ransom, and it looks to be only the affiliate’s take.”
Experts at Elliptic came to the same conclusion.