What the recovery of a Bitcoin ransom shows about cryptocurrencies and privacy.
The revelation this week that federal officials had recovered most of the Bitcoin paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think.
That’s because the same properties that make cryptocurrencies attractive to cybercriminals — the ability to transfer money instantaneously without a bank’s permission — can be leveraged by law enforcement to track and seize criminals’ funds at the speed of the internet, The New York Times’s Nicole Perlroth, Erin Griffith and Katie Benner report.
Bitcoin is also traceable:
The digital currency can be created, moved and stored outside the purview of any government or financial institution, but each payment is recorded in a permanent fixed ledger, called the blockchain.
That means all Bitcoin transactions are out in the open. The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain.
On Monday, the Justice Department said it had traced 63.7 of the 75 Bitcoins — some $2.3 million of the $4.3 million — that Colonial Pipeline had paid to the hackers as the ransomware attack shut down the company’s computer systems, prompting fuel shortages and a jump in gasoline prices. Officials have since declined to provide more details about how exactly they recouped the Bitcoin.
“It is digital bread crumbs,” said Kathryn Haun, a former federal prosecutor and investor at venture capital firm Andreessen Horowitz. “There’s a trail law enforcement can follow rather nicely.”
Given the public nature of the ledger, cryptocurrency experts said, all law enforcement needed to do was figure out how to connect the criminals to a digital wallet, which stores the Bitcoin.