U.S agencies claim they have recovered most of the $4.4 million in crypto paid out to hackers of the Colonial Pipeline. But hazy details around the case leave more questions than answers.
Last month, news broke that hackers had exploited a pipeline that carries refined gasoline from Texas to New York, forcing a shutdown of operations. The pipeline is responsible for 45% of the East Coast’s fuel supply.
The chaos that ensued triggered a 6 cent per gallon rise at the pump. But more than that, fear of shortages had market analysts sounding the alarm.
Although the general practice is not to pay hackers, given what was at stake, Joseph Blount, the CEO of Colonial Pipeline Company, authorized payment of the $4.4 million demanded by hackers.
“I know it was a controversial decision. I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this.”
Yesterday, U.S agencies announced the recovery of the majority of those funds from DarkSide; the Eastern-European-based group said to be responsible for the attack. CNBC claims U.S agencies recovered just over half of the crypto funds or $2.3 million in cash value.
The Deputy Director of the FBI, Paul Abbate, said his agency successfully seized the ransom funds from a Bitcoin wallet used by DarkSide to collect the ransomware payment from the Colonial Pipeline Company.
However, further details on this were not disclosed, leading to speculation on how that was possible.
If the FBI had cracked the wallet or somehow brute-forced it open, then crypto security isn’t as strong as we are led to believe. Alternatively, if the crypto wallet was an exchange wallet, why would the exchange make a partial return?
If the details are to be believed, then logic dictates the FBI must have cracked the wallet. But how easy is it to crack a crypto wallet?
Reports on this are mixed. A Reddit poster claims that a wallet recovery service cracked his wallet and returned his funds, minus a fee after he had mistyped his passphrase (twice). It took five months, and the poster had also sent his wallet.dat file as well.
Another method is brute-forcing the crypto wallet, which tries every possible combination until the correct one is found.
The Things That Matter Most blog said brute-forcing a Bitcoin wallet is near impossible. The tries required to achieve this is more than the number of atoms in the universe.
“When I tell you a Bitcoin private key is a 256-bit number you see the “256” and think it’s relatively small. In reality, 256 bits means 2256. There are that many possible private keys.
Expanded out, 2256 is: 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984, 665,640,564,039,457,584,007,913,129,639,936.”
Based on current computing power, a conservative estimate puts a brute force wallet attack taking 0.65 billion billion years.