FBI HACKING?!!?!? Did they h4x0r Bitcoin?

No. No they did not.

I’m sure some of you freaks are aware that the Department of Justice came out yesterday and announced that the FBI had successfully “seized” some of the bitcoin acquired by the hackers who attacked the Colonial Pipeline with ransomeware last month. Many in the mainstream blogosphere are claiming that the FBI “hacked” the protocol by successfully brute forcing the private keys to take possession of them. This doesn’t seem to be a very plausible scenario. It would be pretty obvious if the FBI brute forced ECDSA.

Here’s what seems to be the most plausible, at least to me at this current moment, explanation behind the FBI’s “seizure” from our friend ErgoBTC:

It seems that the “hacking team” behind the Colonial Pipeline attack was using a desktop Electrum light client as their wallet to receive the ransomeware payment. Since they used an Electrum light client, it means they had to connect to a trusted Electrum Server to receive blockheaders and information about their personal addresses. This means the attackers connected to a server run by a chain surveillance company or a law enforcement agency. By connecting to a malicious server, the attackers’ IP address was leaked.

This is how the attacker seems to have been identified. Now, how did they get the keys? That question is yet to be answered. Here are some of the plausible theories as described by Ergo:

It will be interesting to see how the FBI explains (or doesn’t explain) the ways in which they acquired the private keys. The best theory to me at the moment is that the FBI seized a cloud server the attackers were running their light client on.

If that is the case, it begs the question, “How could these attackers be smart enough to take down a vital piece of energy infrastructure but too dumb to run their own full node with a connected xpub associated with a dedicated device?” Tinfoil Hat Uncle Marty is very suspicious of these particular “attackers”.

Let this be a lesson to all that there are many ways to leak privacy on the Bitcoin network. Exposing your IP address and allocating trust to third party node operators is a very easy way to lose privacy at Bitcoin’s P2P communications layer. If you’re going to hold vital infrastructure hostage in return for some sats, you better make sure you are receiving those sats with operational security best practices in mind.