Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Merits 2 from 2 users
Re: FBI says it recovered $2 million in Bitcoin Ransomware payment... How?
by
45c3n
on 08/06/2021, 03:29:51 UTC
⭐ Merited by dkbit98 (1) ,vapourminer (1)
Quote from: TwitchySeal on Today at 01:51:14 AM
Seems plausible.  They would still need a seizure warrant, I assume, right?  I can't imagine the hackers would leave the money in an exchange, although it's possiblle it was part of their laundering plan.

I suppose it's also possible the FBI just seized some innocent guys money after the hackers exchanged it several times by now.


The seizure warrant was authorized earlier today by the Honorable Laurel Beeler, U.S. Magistrate Judge for the Northern District of California.
...
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the “private key,” or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address. This bitcoin represents proceeds traceable to a computer intrusion and property involved in money laundering and may be seized pursuant to criminal and civil forfeiture statutes.

DOJ Statement: https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

The thing is, they explicitly stated they had the private key in the affidavit. That was before they received the warrant I believe. The warrant only granted them right to move the fund - but it seems the FBI did not obtain the key via legal seizure.

If that address was indeed a custodial one, then the timeline would be:

1. an exchange gave FBI the key without the presence of a warrant telling it to do so.
2. the FBI then lodged an affidavit in the morning of 7 Jun 2021 (https://www.justice.gov/opa/press-release/file/1402056/), and asked for permission to move the funds.
3. the FBI received warrant on the same day, 9:10 am (https://www.justice.gov/opa/press-release/file/1402051/download)
4. then they made the transfer at 10:40am (https://www.blockchain.com/btc/tx/943f2d576ed8d9f388ba75eb82fe35cce29479b84121827ac368a5a94f44cf7a)

This seems off... unless we take away (1) and assume FBI somehow got the key on their own. I mean, if they managed to get the key from an exchange, why didn't they have a warrant ready at the time?