New analysis sheds light on DOJ Bitcoin seizure as JBS pays massive $11M ransom

Published at: June 10, 2021

JBS USA Holdings Inc. has paid an $11-million ransom in Bitcoin (BTC) to cybercriminals as new details emerge over the United States Federal Bureau of Investigation’s recovery of assets from a previous heist.

The payment, estimated to be more than 300 BTC at current prices, was made to shield JBS factories from further disruption. The firm is the world’s largest meat company by sales, processing beef, poultry and pork from Australia to South America and Europe.

Andre Nogueira, CEO of the Brazilian meat company’s U.S. division, said that the payment was painful and made after the majority of JBS plants were up and running again to ensure there were no further attacks. According to the Wall Street Journal, the FBI last week attributed the JBS attack to REvil, a criminal cybercrime group with ties to Russia.

The latest high-profile Bitcoin ransom payment will no doubt add to pressure on legislators to act. Earlier today, Senator Elizabeth Warren called for tighter regulation, stating that cryptocurrency has “created opportunities to scam investors, assist criminals, and worsen the climate crisis.” Regarding the recent ransomware attacks, she said:

“Every hack that is successfully paid off with a cryptocurrency becomes an advertisement for more hackers to try more cyberattacks.”

The attack on JBS, which was discovered on May 30, was part of a wave of incursions using ransomware that also targeted Colonial Pipeline, the operator of a pipeline bringing gasoline to parts of the U.S. East Coast.

As reported by Cointelegraph, the FBI managed to recover 63.7 BTC from the 75 BTC ransom paid by the firm to another Russian-linked hacker group called DarkSide.

At the time, the crypto community questioned the methods used by the federal agency to gain access to the private keys for the target address. It was also suggested by some that Coinbase was involved in the seizure, but company executives denied any connection.

According to crypto asset insurance company Evertas, DarkSide was likely already on the law enforcement’s radar and had confirmed that it had lost control of its infrastructure, including the ability to extricate crypto funds.

It notes that according to the affidavit, the private key for the subject address was in the possession of the FBI in the Northern District of California, not the actual funds.

Evertas analyzed the transfers, using a combination of open-source tools and subscription-based blockchain analytics to reveal that the hacker group split the ransom over three addresses in early May.

The analysis reveals that DarkSide controlled multiple addresses containing a total of 114 BTC up until the middle of May. On Monday, 63.7 BTC were seized from one of the addresses, and Evertas believes the FBI probably controls the rest:

“Evertas suspects that the FBI likely now controls the remaining almost 114 BTC and may be working to tie other payments made to DarkSide by other victims of the hackers’ RaaS [ransomware-as-a-service] before effecting official seizures of the remaining funds.”

The revelation may sound positive, but analysts at data analytics firm GlobalData believe that cryptocurrencies have just become a lot less secure as the seizure sets the path toward fiat-currency-style control. Thematic analyst at GlobalData, Danyaal Rashid, said:

“Bitcoin was supposed to liberate us from government control: decentralized and out of the government’s hands. The fact that the US Government has managed to recover most of this ransom, despite it being paid in Bitcoin, goes directly against this.”
Tags
Related Posts
US Treasury Dept sanctions crypto OTC broker Suex for alleged role in facilitating transactions for ransomware attacks
The United States Department of the Treasury has announced it will impose sanctions on the Czech Republic and Russia-based business Suex OTC for allegedly allowing hackers to access cryptocurrency sent as payment for ransomware attacks. In an advisory update issued on Tuesday, the Treasury Department Office of Foreign Assets Control, or OFAC, added Suex OTC to its list of Specially Designated Nationals for which “assets are blocked and U.S. persons are generally prohibited from dealing with them.” The government agency listed Suex OTC’s offices in Moscow and Prague, as well as its website and 25 crypto addresses for Ether (ETH), …
Regulation / Sept. 21, 2021
Crypto in the crosshairs: US regulators eye the cryptocurrency sector
In her monthly Expert Take column, Selva Ozelli, an international tax attorney and CPA, covers the intersection between emerging technologies and sustainability, and provides the latest developments around taxes, AML/CFT regulations and legal issues affecting crypto and blockchain. Lately, news headlines are focused on regulators’ concerns over the lack of investor protections in the cryptocurrency market, which has ballooned to more than $2 trillion, and the possible risks to financial stability. National security agencies across the administration of United States President Joe Biden are grappling with high-profile cases of cryptocurrencies playing a role in ransomware attacks, intellectual property espionage, sanctions …
Regulation / Oct. 24, 2021
The IRS offers a $625,000 bounty to anyone who can break Monero and Lightning
The United States Internal Revenue Service has offered a bounty of up to $625,000 to anyone who can break purportedly untraceable privacy coins such as Monero (XMR) as well as trace transactions on Bitcoin’s (BTC) Lightning Network. The official proposal, published last week, says the IRS will accept submissions in the form of working prototypes until Sept. 16. If accepted, applicants will receive an initial payment of $500,000. This grant will allow applicants to develop their prototype into a working concept over the next eight months. Once the pilot test is completed and approved by the government, a further $125,000 …
Technology / Sept. 11, 2020
Crypto-Ransomware Attacks Are Spreading Like a Hacking Wildfire
The last two years have witnessed a hefty uptick in crypto-centric ransomware attacks. Not only are bad actors becoming more refined, but they are facilitating access to other, less sophisticated ones. According to experts, crypto crime of this nature has been especially prevalent amid the coronavirus pandemic. But how does it all connect, and what can the industry do to stamp it out? As with all groups, the cryptocurrency sector has its portion of bad apples. Since 2018, ransomware attacks worldwide have increased by 200%. To make matters worse, the software required to carry out such attacks is widely available …
Regulation / June 17, 2020
Skewed data: How could a new US law boost blockchain analysis?
2020 was a record year for ransomware payments ($692 million), and 2021 will probably be higher when all the data is in, Chainalysis recently reported. Moreover, with the outbreak of the Ukraine-Russia war, ransomware’s use as a geopolitical tool — not just a money grab — is expected to grow as well. But, a new U.S. law could stem this rising extortionist tide. United States President Joe Biden recently signed into law the Strengthening American Cybersecurity Act, or the Peters bill, requiring infrastructure firms to report to the government substantial cyber-attacks within 72 hours and within 24 hours if they …
Blockchain / April 1, 2022