US Federal Officials Recover $2.3M Bitcoin Ransom Paid To Colonial Pipeline Hacker Gang

US Federal Officials Recover $2.3M Bitcoin Ransom Paid To Colonial Pipeline Hacker Gang

Federal officials with a United States government task force have managed to recover over $2 million in crypto paid by Colonial Pipeline to the DarkSide Hacking Group that choreographed a devastating ransomware attack that crippled the East Coast oil pipeline, the Department of Justice announced on June 7.

Colonial Pipeline paid a staggering $4.4 million in bitcoin to the Russia-based hacker ring to regain control of its systems which had ceased operating for close to a week last month. At the time, the firm was forced to stop the transportation of fuel across the US East Coast — subsequently causing oil shortages in several US states.

Speaking during a press conference on Monday, Deputy Attorney General Lisa Monaco indicated that Colonial Pipeline contacted lawforcement, allowing the U.S. task force to retrieve the bitcoin. This ransomware task force was created by the DoJ. “Today we turned the table on DarkSide. The Department of Justice has found and recovered the majority of the ransom paid,” Monaco said.

Monaco further posited:

“The sophisticated use of technology to hold businesses and even whole cities hostage for profit is decidedly a 21st century challenge, But the old adage ‘follow the money’ still applies. And that’s exactly what we do.”


Documents filed with the U.S District for the Northern District of California indicate that the government seized 63.7 BTC ($worth 2.3 million) out of the 75 BTC that was paid to the hackers. The recovered bitcoin was transferred to an address whose private key is in the possession of the FBI. 

At the moment, the Darkside ransomware thugs still have approximately $2 million worth of crypto. The development was first reported by leading news publication CNN.

During the same press conference, FBI Deputy Associate Paul Abbate noted that the federal investigators seized the BTC from a wallet used to pay the ransom demand, thus preventing the DarkSide rogue hackers from using it.

Ransomware attacks have been roiling businesses and governments across the globe in recent months. One common denominator in these kinds of attacks is that the crooks demand to be paid in bitcoin or monero, primarily because of their perceived privacy.

The news comes as U.S. President Joe Biden is preparing to embark on his first trip abroad where he is expected to hold talks with G7 leaders and Russian President Vladimir Putin about how to prevent and deter ransomware attacks.