DOJ seizes $2.26 million in ransom paid out by Colonial Pipeline

Department of Justice Headquarters (Photo by Kristi Blokhin/Shutterstock) 

The Justice Department on Monday announced it has managed to recover millions of dollars in Bitcoin paid to hackers following a ransomware attack that shutdown a key East Coast pipeline.

The FBI was able to identify and recover the funds from a Bitcoin wallet being used by the Darkside ransomware group, Deputy Director Paul Abbate said during a press conference. He added that the Bureau has identified at least 90 victims across U.S. critical industry sectors who have been attacked by Darkside including companies in the legal, health, energy and manufacturing industries.

Court documents show law enforcement was able to seize $2.26 million (63.7 BTC) of the $4.3 million (75 BTC) ransom. An affidavit by an FBI special agent in support of the seizure warrant explains how law enforcement was able to work with "Victim X" to identify the addresses of the virtual wallet through the blockchain public ledger using public blockchain explorers.

"The threat of severe ransomware attack pose clear and present danger" to both industry and local communities, Deputy Attorney General Lisa Monaco said during a press conference on Monday.

Monaco said the operation was not the first time the U.S. government has recovered cryptocurrency but said it was the first such operation for the department's new ransomware and digital extortion taskforce.

Asked whether industry should take the FBI's operation as a sign that law enforcement can recover payments, and therefore make them a more plausible solution, Monaco said, "We cannot guarantee – and we may not be able to do this in every instance."

Sen. Mark Warner (D-Va.), chair of the Senate Select Committee on Intelligence, said during an interview on the Meet The Press he wants to pass legislation to require companies to notify the government when they are attacked by ransomware as well as increased transparency if a company does make a payment.

Lawmakers aired frustrations following the attack on Colonial Pipeline because the company initially refused to disclose any information about whether it had made a payment. The company's CEO Joseph Blount eventually said Colonial paid the $4.3 million ransom in an interview with the Wall Street Journal.

Blount is scheduled to testify before the House Homeland Security Committee on June 9 about the attack.

About the Author

Justin Katz is a former staff writer at FCW.


  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected