Almost $7M in Bitcoin Held by Colonial Pipeline Attacker Is on the Move

Elliptic has linked the activity to ransomware group REvil, with which DarkSide has close ties, being hacked and forced offline by a U.S. government-led operation.

Oct 22, 2021 at 12:15 p.m. UTC
Updated Oct 22, 2021 at 1:35 p.m. UTC

Jamie Crawley is a CoinDesk news reporter based in London.

Bitcoin now worth nearly $7 million held by the DarkSide ransomware group involved in the Colonial Pipeline attack in May is on the move, according to blockchain analytics firm Elliptic.

  • Following the attack, which threatened the petroleum supplies of five eastern states in the U.S., DarkSide’s share of the amount paid in ransom remained dormant until Oct. 21, Elliptic said Friday in a blog.
  • The developer of “ransomware as a service,” DarkSide, maintained a wallet to hold its share of the funds, which included 11.3 BTC. That was identified by Elliptic using its intelligence collection and analysis of blockchain transactions.
  • DarkSide subsequently said the wallet had been claimed by an unknown third party, sending 107.8 BTC ($6.8 million) to a new address.
  • These bitcoin have now been sent through a series of new wallets over a period of several hours, with small amounts being ejected at each step – a common money laundering technique to make funds harder to track.
  • Elliptic has linked this activity to ransomware group REvil, with which DarkSide has close ties, being hacked and forced offline by a U.S. government-led operation.
The Festival for the Decentralized World
Thursday - Sunday, June 9-12, 2022
Austin, Texas
Save a Seat Now

DISCLOSURE

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

The leader in news and information on cryptocurrency, digital assets and the future of money, CoinDesk is a media outlet that strives for the highest journalistic standards and abides by a strict set of editorial policies. CoinDesk is an independent operating subsidiary of Digital Currency Group, which invests in cryptocurrencies and blockchain startups. As part of their compensation, certain CoinDesk employees, including editorial employees, may receive exposure to DCG equity in the form of stock appreciation rights, which vest over a multi-year period. CoinDesk journalists are not allowed to purchase stock outright in DCG.

Jamie Crawley is a CoinDesk news reporter based in London.

Jamie Crawley is a CoinDesk news reporter based in London.

Trending

1
Brian Forde: Why Congress Needs a Crypto 'Truth Teller'

He explained Bitcoin to Barack Obama and ran one of the first election campaigns emphasizing crypto. He says Congress needs more people who understand science and technology.

He explained Bitcoin to Barack Obama and ran one of the first election campaigns emphasizing crypto. He says Congress needs more people who understand science and technology.

2
US Agencies Warn of Attempts by North Koreans to Get IT Jobs While Concealing Nationality

In many cases, these workers say they are U.S.-based and not North Korean teleworkers, and they often take on virtual currency projects.

In many cases, these workers say they are U.S.-based and not North Korean teleworkers, and they often take on virtual currency projects.

3
Oasis Pro Raises $27M for Crypto Securities Trading Platform

CEO Pat LaVecchia, a former MakerDAO compliance adviser, said Oasis Pro is in the “early stages” of integrating with DeFi platforms.

CEO Pat LaVecchia, a former MakerDAO compliance adviser, said Oasis Pro is in the “early stages” of integrating with DeFi platforms.

4
UST Won't Be the End of Algorithmic Stablecoins

The trail for a monetary "Holy Grail" continues, despite Terra’s collapse. So what do we do about it?

The trail for a monetary "Holy Grail" continues, despite Terra’s collapse. So what do we do about it?