I thought bitcoins were untraceable? Colonial ransom partially recovered

Just saw that the Justice Dept reportedly has recovered about $2.3-million of the ransomware paid to Darkside by Colonial Pipeline.

I thought bitcoins were supposed to be untraceable? Or is this a case of everything online is traceable if you look hard enough? What are the weaknesses that would allow you to trace the transactions back to a person? Converting it into a hard currency?

DOJ release:

Bitcoin transactions are traceable— that is in fact how the scheme works— bitcoin addresses are basically just numbers, though.

However your very computer access is also potentially traceable (as it was in this case— note the FBI even has the private key), and so are transactions like selling bitcoins and buying $$$ and wiring them to a bank account.

How did they pay with bitcoins? They have to be created – how long does it take? Or did Colonial just happen to have a few million bitcoins already created? If so, why? And what’s the point? What are they worth? Says who?

Yes, I tried reading the Wiki article – it’s all worse than Greek to me.

Or they just bought the bitcoins like you or I can do (on a presumably larger scale).

They would have purchased them, paying US dollars to someone who could supply them with the Bitcoins. It’s similar to converting money between any two currencies. Usually you do this through some private institution, like a bank, which has a lot of money in different currencies. The same is true of Bitcoin.

While there are some unique aspects to Bitcoin, the underlying concepts of currency still apply.

It wasn’t millions in bitcoins. It was $2.3-million worth of bitcoin. A bitcoin is currently worth about $34000, so they had to buy about 67 bitcoins. As to where they came from, they came from other people who had bitcoins and wanted to sell them for dollars. Think of it like the stock market. I can place an order for $2.3-million worth of Amazon stock and I’ll get about 720 shares. Those 720 shares already exist and came from other people who already owned them and were willing to sell them to me.

As to why a bitcoin is worth $34000, again, it’s kind of like the stock market. That is the price where bitcoin buyers and sellers are currently meeting with their buy/sell prices. It’s the same with Amazon shares. Amazon shares are $3200 because that’s the intersection between buy and sell orders. If there are more buyers, the price goes up. If there are more sellers, the price goes down. These ransomware attacks can have the effect of making the price of bitcoin go up. The victims have to buy bitcoin to pay the ransom, so it helps raise the price. If no one was buying bitcoins, the price would drop way down.

Bitcoins aren’t like sit-down restaurants, where you place your order and wait for them to be cooked.

Do you have to sit down and wait while the transaction is verified or processed?

Yes, bitcoin transactions are packed into “blocks” and (in some sense) not in real time. You may also want to wait for a few more blocks to be queued to be extra sure your transaction is really locked in.

My computer knowledge is somewhat limited. All I know is that when I type stuff, the computer gods get a signal and if they are pleased with me, my computer does what I want it to do.

Which is why I find this interesting, the hype seemed to be that bitcoins were anonymous and great for illegal transactions because it goes to private hidden accounts and nobody is the wiser.

I get that the transactions have to be traceable to the extent we have to keep track of who owns what. It also sounds like, if a private key is similar to a password, that someone got their password stolen. So the FBI guys could only get what was in that one account? Would they know where the other coins are but just can’t get to them because they don’t have a key?

All bitcoin transactions are visible in a public dataset, so (if I could be bothered…) we could examine the exact same set of transactions that the FBI did in their investigation and see how many coins went where and to how many accounts.

Less visible is metadata like which IP addresses posted which transactions at what times, but that is easier to get if you have the resources of a governmental agency.

As for stealing/cracking the password, as I replied in the other thread, we would need to know more details. Easier to seize funds from a currency exchange than from a password-protected offline wallet that you have to find in the first place.

Bitcoins are completely and forever traceable. That’s exactly what the block chain does.

The owner of a bitcoin is whoever can provide the cryptographic key.

Presumably the company told the FBI which transactions were used to pay the criminals. The FBI can then follow those bitcoins forever. Whether or not they can be linked to particular people is a separate problem.

If the government really wanted to crack down on ransom paying, we could pass a law making possession of illegally gained bitcoins illegal. Enforced by publishing the illegal transactions and then confiscating and/or arresting any person found to have any of them. Then leave it up to the market to avoid the published illegal bit coins and thus reduce their value.

I’ve been thinking the same thing for a long time and I don’t understand why no country has implemented any law like it. I get that there is some risk that we won’t be able to associate people to wallets and that in some cases, well-meaning innocent people will take in illicit Bitcoin in otherwise legal transactions but we shouldn’t let the perfect be the enemy of the good.

So if the crooks own (say) 10 bitcoins currently worth x, and they demand $2.3 million in bitcoin, their original 10 bitcoins rise in value to (x+delta) and they get the 2.3 million, too, making a total of 2.3 million + 10 delta. A two-fer.

That’s not really a problem. Anyone doing a transaction can, as a first step of the transaction, check that the involved bitcoins are not on the illegal list. From a software application perspective, that’s even easier than confirming that your counter-party actually owns the bitcoin. Trading apps and brokers would quickly implement the checks, especially if they were liable for trading illegal bit coins.

I think it’s because legislators (like most people) don’t really understand crypto currencies.

I am pretty sure ransomware sabotage and blackmail is already illegal. As would be any subsequent money laundering, tax evasion, and anything else the FBI nails (or threatens to nail) people with. I suppose you could attempt to add “transacting in tainted bitcoins” to the list but that seems like peanuts at some point.

Ransomware is not illegal in Russia, so long as the victim is outiside the country. This is why so many ransomware groups are headquartered in Russia

Any idea how they might have obtained it?

I read the same articles you did, which explicitly point out that the FBI is not publicly revealing details of their operation. We could wildly speculate all day. Someone cracked under pressure and cooperated? Physical or remote compromise of computing equipment?