$6.8M in Bitcoin held by DarkSide ransomware group on the move

on Oct 22, 2021
  • The attack on Colonial put the petroleum supplies of five US states at risk
  • DarkSide got about $5 million in ransom, money didn't move until yesterday
  • REvil was hacked and forced offline in a US government-led operation this week

Follow Invezz on Telegram, Twitter, and Google News for instant updates >

Bitcoin (BTC/USD) worth $6.8 million held by the DarkSide ransomware group, which was involved in the Colonial Pipeline attack in May, is on the move, analytics company Elliptic reported, cited by CoinDesk. The analyst associates the activity with another ransomware group – REvil, which is closely connected to DarkSide.

Are you looking for signals & alerts from pro-traders? Sign-up to Invezz Signals™ for FREE. Takes 2 mins.

Ransom was dormant until yesterday

Copy link to section

After the attack on Colonial, which put the petroleum supplies of five US states at risk, DarkSide got about $5 million in ransom. Its share didn’t shift until October 21, Elliptic said Friday in a blog. At first, the victim refused to pay, but eventually did so. According to insiders, their biggest wish was to restore functionality to the biggest pipeline in the US.

Elliptic identified DarkSide wallet, ransom payments keep coming

Copy link to section

DarkSide, who describes itself as developer of “ransomware as a service,” kept a wallet for its share of the ransom. Elliptic identified it through blockchain transaction analysis and its intelligence collection. This wallet received the ransom on May 8 after the cyberattack, which caused fuel shortages nationwide.

This wallet has been active for more than six months now. In that time, it has received 57 payments from 21 different wallets. These include ransoms known to have been paid by the group’s other victims. DarkSide has received Bitcoin transactions worth $17.5 million in total since opening the wallet, Elliptic said.

DarkSide wallet presumably claimed by REvil

Copy link to section

DarkSide informed an unknown third party had claimed its wallet. This party sent 107.8 BTC ($6.8 million) to a new address. This sum was sent over a period of few hours through a series of new wallets, with small sums being transferred at each step, making the funds harder to trace.

US government forces REvil offline

Copy link to section

Elliptic associates this activity with ransomware group REvil, which was hacked and forced offline in a US government-led operation this week. According to VMWare head of cybersecurity strategy Tom Kellermann, intelligence staff and law enforcement prevented the group from inflicting further damage:

The FBI, in conjunction with Cyber Command, the Secret Service and like-minded countries, have truly engaged in significant disruptive actions against these groups. REvil was top of the list.


Want easy-to-follow crypto, forex & stock trading signals? Make trading simple by copying our team of pro-traders. Consistent results. Sign-up today at Invezz Signals.

Learn more
Bitcoin Crypto