The Announcement of the Seizure of $2 million bitcoins which was a part of the ransom payment to the foreign hackers who attacked the major pipeline by the United States Department of Justice spread like fire on the internet on Tuesday. The special task force created by the DOJ marked the recovery of $4.4 million as their first achievement in the cyber-attack operations. Joseph Blount, CEO, Colonial Pipeline was pushed to pay the hackers as the hacker group, Darkside, attacked the company and took it hostage.
1/ I’ve seen a bunch of incorrect claims that Coinbase was involved in the recent DOJ seizure of bitcoin associated with the Colonial Pipeline ransomware attack. We weren’t. a thread:
— Philip Martin (@SecurityGuyPhil) June 8, 2021
The Department of Justice announced this achievement by the task force in a press conference, and since then, there are rumors around the involvement of Crypto Exchange Coinbase in the investigation around the seizure. Responding to all the fake claims on the internet, Philip Martin, CSO at Coinbase officially denied all the rumors by his tweet on Thursday. Martin said, “I’ve seen a bunch of incorrect claims that Coinbase was involved in the recent DOJ seizure of bitcoin associated with the Colonial Pipeline ransomware attack. We weren’t”.
4/ You can take my word for it, or take the (sworn!) word of the agent who wrote the affidavit: “34. The private key for the Subject Address is in the possession of the FBI in the Northern District of California” https://t.co/QHwCggHb3h
— Philip Martin (@SecurityGuyPhil) June 8, 2021
Martin also mentioned in his tweet that Coinbase has no proof that the ransom went through a coinbase bitcoin account or wallet at any point. “You can take my word for it, or take the (sworn!) word of the agent who wrote the affidavit: “34. The private key for the Subject Address is in the possession of the FBI in the Northern District of California”, Martin added.
The report that is shared by the Department of Justice was not clear and the Federal Department shared mixed information as per the experts. It is assumed that the hackers might have hacked the bitcoin wallet to get the private keys. While the Coinbase CSO claimed that the “‘good ol’ fashioned police work’ landed the FBI the private keys” and questioned the investigators.
6/ I’ve also read that because the seizure warrant specified property in the Northern District of California, it had to be targeted at Coinbase. Nope. What this likely means is that the private key is located at one of the many Northern California FBI field offices.
— Philip Martin (@SecurityGuyPhil) June 8, 2021
Martin simply denied the claims which stated the connection with coinbase being in the Northern District of California, “I’ve also read that because the seizure warrant specified property in the Northern District of California, it had to be targeted at Coinbase. Nope. What this likely means is that the private key is located at one of the many Northern California FBI field offices”, Martin Said.
7/ So how did they get the private key? Maybe some whiz-bang magic, but my guess would be it was some good ol’ fashioned police work to locate the target servers, and an MLAT request and/or some political pressure to get access.
— Philip Martin (@SecurityGuyPhil) June 8, 2021
“Due to the exchange’s storage mechanisms which use a pooled hot wallet, it “wouldn’t make a ton of sense” to hand over a specific private key”, He added.