It is also possible, the government is running a mixing service, and recovered the coin when the hacking group tried to launder the stolen coin via mixer.
The government specifically did not reveal how they recovered the coin. If they had not specifically kept this a secret, I would have speculated they seized the coin when they deposited it to an exchange.
I would find it fairly unlikely the government hacked the hackers, and very unlikely they were able to crack their private keys.
But it's equally unlikely the hackers deposited the full amount at once, whether it's a mixer or an exchange.
They may have used the exchange before with similar amounts, but the FBI was unaware of the specific TXID associated with other ransom payments in the past, so they wouldn't have been able to seize the funds in the account until now.
What makes me believe the US government is running a mixer is this quote from a
CNBC article:
The FBI declined to say precisely how it accessed the bitcoin wallet, citing the need to protect tradecraft.
If that's true, I'd expect the hackers to share what happened. What are the odds of the hacker using the one mixer owned by the Feds?
If you are trying to maximize your privacy with a mixer, and are afraid the government is running a mixer as means to monitor transactions, you would send all of your coin through multiple mixers. You won't gain any additional privacy if you split up your coin as you are moving it through the various mixers if you ever recombine your inputs, and this includes cashing out via the same exchange, even if you are making multiple deposits to the exchange. I would also make a similar point as I did above, as the hackers may have used the mixer in the past for similar amounts, but the FBI did not know at the time that stolen coin was being processed via their mixer.
I wonder if this article is related:
The FBI Secretly Ran the Anom Messaging Platform, Yielding Hundreds of Arrests in Global Sting.
The FBI was apparently helping develop a "secure" app, Anom that encrypts messages sent to other Anom users, and inserted a weakness in the encryption such that the FBI was able to trivially decrypt the messages remotely.