The Justice Department, in conjunction with other federal authorities, on Monday said that the majority of the ransomware Colonial Pipeline Co. paid to hackers last month has been recaptured.
During a news conference, Deputy Attorney General Lisa Monaco said federal investigators seized 64 bitcoin, valued at roughly $2.3 million, that were allegedly the proceeds from the ransom attack against Colonial Pipeline.
Colonial CEO Joseph Blount told The Wall Street Journal last month that he authorized the ransom payment of $4.4 million, because the company was unsure how badly the cyberattack had breached its systems, and how long it would take to bring the pipeline back.
The cyberattack was a significant one in the U.S. because Colonial operates the largest refined-products pipeline in the country, which spans more than 5,500 miles and transports more than 100 million gallons, or 2.5 million barrels, of fuel a day to consumers from Houston to the New York Harbor.
The temporary energy-market disruption fueled fears of an extended pipeline shutdown that could have significantly curtailed refinery activity had weighed on nearby oil futures relative to later contracts, analysts said.
The seizure of the funds was conducted by the Ransomware and Digital Extortion Tax Force, Monaco said at the Monday news conference. She said it was the first such seizure by the newly formed body, created to coordinate federal efforts in tackling growing cyberattack threats in the U.S.
Critics of digital assets say that one of the biggest drawbacks of crypto is its use in illicit transactions and money laundering, as evidenced by the Colonial Pipeline episode. However, Champions of bitcoin and blockchain technology make the cause that tracking bad actors is made easier on the decentralized, distributed ledger, even if the actors are otherwise anonymized by the technology.
Federal investigators said that tracking a virtual-currency wallet helped to lead to reclamation of part of the bitcoin paid by Colonial.
Despite the success of the task force, some $2 million in bitcoin paid to the hackers remains at large.
on Monday were down less than 1% and were last changing hands at $35,599 on CoinDesk.
The Wall Street Journal had previously reported that U.S. investigators had linked the ransomware attack to a criminal enterprise known as DarkSide, believed to be based in Eastern Europe. The group is said to specialize in creating harmful software that can take over corporate systems, unless ransom in the form of digital currency is paid.