FBI Recovered Colonial Pipeline’s DarkSide Bitcoins – Cryptocurrency Ransom

FBI Recovered Colonial Pipeline's DarkSide Bitcoins – Cryptocurrency Ransom

The pleasant news concerning crypto ransomware befell our ears recently from the Department of Justice. At a press conference on June 7, 2021, Deputy Attorney General Lisa Monaco announced a successful recovery of cryptocurrency ransom. She said the Department of Justice had recovered 63.7 out of the 75 bitcoins paid to the DarkSide RaaS (ransomware-as-a-service) by Colonial Pipeline. Moreover, she claimed to have seized $2.3 million worth of bitcoin from the $4.4 million cryptocurrency ransom that DarkSide received from Colonial Pipeline.


LIFARS offers an inclusive and customized organizational response after a Ransomware or Cyber Extortion Incident. Ransomware Response and Cyber Extortion control are our proficiency.


To your surprise, Colonial Pipeline, a private company, provides roughly 45% of fuel for the East Coast. Last month, it shut down its operations that precipitated massive fuel shortages and price surges. Interestingly, the CEO Joseph Blount of Colonial Pipeline also had appeared multiple times before lawmakers. He landed in the congressional hot seat because he decided to pay the cryptocurrency ransom equivalent to $4.4 million to hackers. However, the decision of ransom payment caused tremendous dismay to the government crimefighters.

Colonial Pipeline CEO Defended Paying Cryptocurrency Ransom

Colonial Pipeline CEO defended his decision to pay the cryptocurrency ransom in millions of dollars to a criminal gang in Russia. CEO Joseph Blount expressed his helplessness in the face of the cyberattack. Hence, he said he had left with no choice since he feared far-reaching consequences given the uncertainty persists. Furthermore, he emphasized the importance of the pipeline to the country. What he had done was in the country’s interest.

How Come the FBI Get Able to Recover $2.3 Million Worth of Bitcoins?

During the 7th of June press conference, Attorney General Lisa Monaco elaborated on this account. She said the law enforcement traced multiple transfers of bitcoin by reviewing the bitcoin public ledger. They spotted roughly 63.7 bitcoins designating the proceeds of ransom payment of the victim that got transferred to a specific address. The FBI had the private key, effectively the password, to the given address. Typically, wallets are utilized to store digital currency. Furthermore, a private key is needed to open the wallet and manage or monitor any funds it stores.

She further added that the Department of Justice leveraged a time-tested approach to regain the cryptocurrency ransom payment. Simultaneously, she maintained that cybercriminals exploited increasingly sophisticated technology to commit crimes. Nevertheless, her press release claimed that following the money remains the most basic but powerful tool.

Apart from this, according to an FBI agent, the cryptocurrency payment done by Colonial Pipeline was moved through six other bitcoin wallets. Meanwhile, the bureau tracked the flow of funds. Finally, they wound up in a wallet for which the private key was in the ownership of the FBI.


While no security strategy can ransomware-proof an organization, there are measures to mitigate the risk. More importantly, organizations need to align their access control with zero-trust, guaranteeing only trustworthy users maintain access to their infrastructure. Along these lines, contact us 24/7 to get the tools, processes, and team at your service. We will help you deal with even the most meandering ransomware attack, including crypto-ransomware attacks.




Here you see how the FBI recovered bitcoins paid to DarkSide

The FBI managed to gain access to the private key

The DOJ seized $2.3 million in bitcoin

The DOJ press release regarding the recovery of $2.3 million

Lessons learned from the Colonial Pipeline ransomware attack

Colonial Pipeline CEO appearance before lawmakers