LONDON (AFP) – Regulators have repeatedly criticised the growth of cryptocurrencies such as bitcoin because of their popularity with criminals but the technology’s transparent transactions can also work against law breakers.
The lesson is one that has been learnt by cybercriminal hackers Darkside the hard way after the organisation extracted a $4.4 million ransom from oil company Colonial Pipeline in bitcoin.
Following the ransomware extortion, which forced the shutdown of a major fuel network in the eastern United States last month, the US Justice Department said it has clawed back $2.3 million of the funds by tracing financial transactions.
“Following the money remains one of the most basic, yet powerful, tools we have,” US Deputy Attorney General Lisa Monaco said on Monday.
The financial forensics to track crypto transactions are more complex on the decentralised and anonymous networks.
For a traditional bank payment, police can turn to the bank that sent or received the money but for bitcoin, the registry that records these transactions — the blockchain — does not ask users to reveal their identity.
But the blockchain is also public and available to everyone to download and piece together who might own the anonymous addresses where the bitcoin arrives.
While some users keep their bitcoin safe in an offline wallet, for example on a USB stick or hard drive, Darkside’s bitcoins were always linked to an online account.
Without specifying how they came by it — whether by hacking or through an informant — US authorities have said they were able to access the “private key” to the hackers’ online account.
In 2019, analysis of the blockchain enabled British and American authorities to dismantle a child pornography ring and arrest more than 300 people in 38 countries.
The complex tracking of transactions has become an industry in its own right. Firms specialising in blockchain analysis have developed, such as Chainalysis in the United States and Elliptic in Britain.