Bitcoin
$64,230.90-0.55%
Ethereum
$3,144.52-0.30%
Binance Coin
$613.49+0.98%
Solana
$142.88-3.78%
XRP
$0.52247380-1.36%
Dogecoin
$0.14951172-2.05%
Toncoin
$5.38-4.13%
Cardano
$0.46776670-2.26%
Shiba Inu
$0.00002541-2.20%
Avalanche
$35.33-3.67%
Tron
$0.11727925+3.12%
Wrapped Bitcoin
$64,258.05-0.64%
PlayIconNav
Crypto Prices CoinDesk 20 Index CoinDesk 20 Index
Countdown to Consensus 2024The largest and longest running event that covers all sides of Crypto and Web 3
33
DAYS
11
HR
21
MIN
22
SEC
Finance

Almost $7M in Bitcoin Held by Colonial Pipeline Attacker Is on the Move

Elliptic has linked the activity to ransomware group REvil, with which DarkSide has close ties, being hacked and forced offline by a U.S. government-led operation.

By Jamie Crawley
AccessTimeIconOct 22, 2021 at 12:15 p.m. UTC
Updated May 11, 2023 at 7:06 p.m. UTC
(Shutterstock)
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

Bitcoin now worth nearly $7 million held by the DarkSide ransomware group involved in the Colonial Pipeline attack in May is on the move, according to blockchain analytics firm Elliptic.

  • Following the attack, which threatened the petroleum supplies of five eastern states in the U.S., DarkSide’s share of the amount paid in ransom remained dormant until Oct. 21, Elliptic said Friday in a blog.
  • The developer of “ransomware as a service,” DarkSide, maintained a wallet to hold its share of the funds, which included 11.3 BTC. That was identified by Elliptic using its intelligence collection and analysis of blockchain transactions.
  • DarkSide subsequently said the wallet had been claimed by an unknown third party, sending 107.8 BTC ($6.8 million) to a new address.
  • These bitcoin have now been sent through a series of new wallets over a period of several hours, with small amounts being ejected at each step – a common money laundering technique to make funds harder to track.
  • Elliptic has linked this activity to ransomware group REvil, with which DarkSide has close ties, being hacked and forced offline by a U.S. government-led operation.
VolumeMuteUnmute

Bitcoin Was 'Much More International,' Kara Swisher Says

  • Morgan Stanley May Allow Brokers to Pitch Bitcoin ETFs; 'Buy Bitcoin' Sign Auctioned for Over $1M
    01:55
    Morgan Stanley May Allow Brokers to Pitch Bitcoin ETFs; 'Buy Bitcoin' Sign Auctioned for Over $1M
  • Is Bitcoin a Safe-Haven Asset?
    00:57
    Is Bitcoin a Safe-Haven Asset?
  • Crypto Progress Is Not the Same as the Beginning of the Internet: Kara Swisher
    21:07
    Crypto Progress Is Not the Same as the Beginning of the Internet: Kara Swisher
  • How Saga's Chainlets Automate Layer 1s
    01:20
    How Saga's Chainlets Automate Layer 1s

    • Read more: Blockchain Analytics Firm Elliptic Raises $60M to Fund R&D, Expansion

    Disclosure

    Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

    CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

    Jamie Crawley
    Jamie Crawley

    Jamie Crawley is a CoinDesk news reporter based in London.

    Follow @JamieCrawleyCD on Twitter

    Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.