When Bitcoin exploded on the scene in 2009, fans declared cryptocurrency a secure, decentralized and anonymous way to make transactions outside the traditional financial system.
Criminals, often operating in hidden internet spaces, flocked to Bitcoin to engage in illegal activities without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with libertarians in other countries.
But this week’s revelation that federal officials have recovered most of the bitcoin ransom paid in the recent Colonial Pipeline Ransomware attack has revealed a fundamental misconception about cryptocurrencies: They are not as difficult to track as cybercriminals think.
Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators tracked the ransom as it traveled through at least 23 different e-accounts belonging to DarkSide, the hacker team, before accessing an account, shows that law enforcement grows along with the industry.
This is because the same properties that make cryptocurrencies attractive to cybercriminals – the ability to transfer money instantly without a bank’s permission – can be used by law enforcement to track and seize criminals’ funds at the speed of the Internet.
Bitcoin is also traceable. While digital currency can be created, moved and stored outside the jurisdiction of any government or financial institution, each payment is recorded in a permanent fixed ledger called a blockchain.
This means that all bitcoin transactions are open. The bitcoin book can be seen by anyone involved in the blockchain.
“These are digital bread crumbs,” said Catherine Haun, a former federal prosecutor and investor in venture capital firm Andreessen Horowitz. “There is a clue that law enforcement can follow quite well.”
Ms Hawn added that the speed with which the Justice Department had seized most of the ransom was “innovative” precisely because of the use of cryptocurrency by hackers. In contrast, she said, obtaining records from banks often requires months or years of document navigation and bureaucracy, especially when those banks are abroad.
Given the public nature of the ledger, cryptocurrency experts said all law enforcement agencies should figure out how to link criminals to a digital wallet containing bitcoins. To this end, the authorities have probably focused on what is known as the “public key” and the “private key”.
The public key is a string of numbers and letters that bitcoin holders have for transactions with others, while a “private key” is used to protect the wallet. Tracking a user’s transaction history was a matter of determining which public key they controlled, authorities said.
Back then, seizing assets required obtaining a private key, which is more difficult. It is not clear how federal agents managed to obtain the DarkSide private key.
Justice Department spokesman Mark Raimondi declined to say more about how the FBI seized DarkSide’s private key. According to court documents, investigators gained access to the password for one of the hacker bitcoin wallets, although they did not specify in detail how.
The FBI does not appear to be relying on any major vulnerabilities in blockchain technology, cryptocurrency experts said. Most likely the culprit was good old-fashioned policing.
Federal agents could seize DarkSide’s private keys by planting a human spy on the DarkSide network, hacking into computers where their private keys and passwords are stored, or forcing the service holding their personal wallet to hand them over by search warrant or another way.
“If they can touch the keys, that’s applicable,” said Jesse Proudman, founder of Makara, a cryptocurrency investment site. “The mere placement of a blockchain does not negate this fact.”
The FBI has partnered with several companies that specialize in tracking cryptocurrencies in digital accounts, according to officials, court documents and companies. Start-ups with names like TRM Labs, Elliptic and Chainalysis, which track cryptocurrency payments and signal possible criminal activity, have flourished as law enforcement and banks try to anticipate financial crime.
Their technology tracks the blockchain, looking for models that suggest illegal activity. This is similar to the way Google and Microsoft tame email spam by identifying and then blocking accounts that spread email links to hundreds of accounts.
“Cryptocurrency allows us to use these tools to track funds and financial flows across the blockchain in ways we could never do with cash,” said Ari Redboard, head of legal affairs at TRM Labs, a blockchain intelligence company. which sells its analytical software to law enforcement agencies and banks. He previously served as a senior adviser on financial intelligence and terrorism at the Ministry of Finance.
Several longtime cryptocurrency enthusiasts have said that recovering much of Bitcoin’s ransom is a gain for the legitimacy of digital currencies. That would help change the image of Bitcoin as a platform for criminals, they said.
“The public is slowly showing, on a case-by-case basis, that bitcoin is good for law enforcement and bad for crime – the opposite of what many have believed in history,” said Hunter Horsley, CEO of Bitwise Asset Management, an investment company. in cryptocurrencies.
In recent months, cryptocurrencies have become more widespread. Companies such as PayPal and Square have expanded their cryptocurrency services. Coinbase, a startup that allows people to buy and sell cryptocurrencies, went public in April and is now valued at $ 47 billion. This weekend, a Bitcoin conference in Miami drew more than 12,000 attendees, including Twitter CEO Jack Dorsey and former boxer Floyd Mayweather Jr.
As more people use bitcoin, most have access to the digital currency in a way that reflects a traditional bank, through a central intermediary such as cryptocurrency exchange. In the United States, money laundering and identity verification laws require such services to know who their customers are, creating a link between the identity and the account. Customers must upload a government ID when registering.
The Ransomware attacks put unregulated cryptocurrency under the microscope. Cybercriminals have flocked to thousands of high-risk people in Eastern Europe who do not comply with these laws.
Following the colonial pipeline attack, several financial leaders proposed a ban on cryptocurrency.
“We can live in a world with cryptocurrency or a world without ransomware, but we can’t have both,” Lee Rainers, executive director of the Center for Global Financial Markets at Duke Law School, wrote in The Wall Street Journal.
Cryptocurrency experts say hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency owners go to great lengths to keep their private keys away from everything related to the Internet in a so-called “cold wallet.” Some remember the string of numbers and letters. Others write them down on paper, although they can be obtained through search warrants or police work.
“The only way to get a really incomprehensible feature of an asset class is to memorize the keys and not write them down anywhere,” Mr Prudman said.
Mr Raimondi of the Ministry of Justice said that the withdrawal of a ransom for a colonial pipeline was the last terrible operation by federal prosecutors to recover the illegally earned cryptocurrency. He said the department had carried out “many seizures of hundreds of millions of dollars from unenforced cryptocurrency portfolios” used for criminal activity.
In January, the Justice Department disbanded another buyout group, NetWalker, which uses ransomware to extort money from municipalities, hospitals, law enforcement and schools.
As part of this sting, the department received about $ 500,000 in NetWalker cryptocurrency collected from victims of their ransomware.
“Although these individuals believe they work anonymously in the digital space, we have the ability and perseverance to identify and prosecute these actors to the fullest extent of the law and to confiscate their criminal proceeds,” said Maria Chapa Lopez, then a U.S. Middle East lawyer. Florida, said in announcing the case.
In February, the Justice Department said there were orders to confiscate nearly $ 2 million in cryptocurrencies that North Korean hackers had stolen and counted on two different cryptocurrency exchanges.
Last August, the department also filed a complaint against North Korean hackers who stole $ 28.7 million in cryptocurrency from a cryptocurrency exchange and then laundered revenue through Chinese cryptocurrency laundering services. The FBI tracked funds to 280 cryptocurrency portfolios and their owners.
After all, cryptocurrencies are actually more transparent than most other forms of value transfers, “said Madeleine Kennedy, a spokeswoman for Chainalysis, the startup that tracks cryptocurrency payments. “Certainly more transparent than money.”