Report: A weak password granted FBI agents access to Darkside’s BTC wallet

By: Jinia Shawdagor
Jinia Shawdagor
Jinia is a cryptocurrency and blockchain enthusiast based in Sweden. She loves everything positive, travelling, and extracting joy and happiness from… read more.
on Jun 9, 2021
  • Per Chainalysis’ Jesse Spiro, it is easier to track cryptocurrencies than fiat currencies.
  • The FBI declined to disclose how it obtained the private key to Darkside’s Bitcoin wallet.
  • Nic Carter believes FBI agents accessed the server holding Darkside’s private key.

The US Federal Bureau of Investigation (FBI) exploited a weak password to gain access to the Bitcoin wallet belonging to Darkside, a notorious hacker group behind Colonial Pipeline’s ransomware attack in April. A report unveiled this news on June 8, citing crypto experts who believe the FBI’s ability to breach the wallet does not depict a security vulnerability in BTC. The experts shared their opinions after the US Department of Justice (DoJ) announced on Monday that it had successfully retrieved $2.3 million from the attackers’ wallet. 

Reportedly, FBI agents traced BTC transaction records to discover the digital wallet, which they took control over through its private key. However, it remains a mystery as to how they retrieved the private key. Keeping a tight lip on this matter, Elvis Chan, an assistant special agent with the FBI’s San Francisco office, said the agency does not wish to disclose its techniques, seeing as it might need to use them in other similar cases.

Are you looking for fast-news, hot-tips and market analysis? Sign-up for the Invezz newsletter, today.

Trying to conjure how the FBI managed to retrieve the wallet’s private key, experts shared their knowledge. The first possible option was that Darkside used a payment server, which is easy for the FBI to track, to collect the funds. Per Deputy Attorney General Lisa O. Monaco, following money might appear basic but powerful.

A case of bad IT hygiene

Jesse Spiro, Global Head of Policy at blockchain forensics firm Chainalysis noted that blockchain-based transactions are transparent and traceable. As such, it is easier to follow crypto transactions than fiat ones. Spiro added that Chainalysis could generate unprecedented intelligence and information by monitoring the supply chain of a cryptocurrency once someone makes a ransomware-related payment. However, he did not disclose whether Chainalysis was involved in Colonial Pipeline’s case.

Nic Carter, a founding partner at Castle Island Ventures, did not dispute that the FBI might have tracked the wallet. However, he said that it is unlikely the agency breached past the Elliptic Curve Digital Signature Algorithm, which ensures only the wallet’s owner can use the BTC stored in it. Emphasizing how the FBI had slim chances to crack into the wallet, Carter said such an occurrence is so far-fetched and might as well be impossible. 

He noted that the FBI might have been able to access the server where Darkside had stored its private key information. According to him, this does not point to any flaws in BTC, but rather a case of bad IT hygiene for the criminal group. 

Invest in crypto, stocks, ETFs & more in minutes with our preferred broker, eToro
67% of retail CFD accounts lose money