- The US DoJ has recovered 63.7 BTC of the 75 Bitcoin paid out to hackers by Colonial Pipeline
- The FBI was in possession of a private key that helped recover the Bitcoin
- A theory has been circulating that the funds were sent to Coinbase and that the exchange helped the authorities
- The CSO at Coinbase has since debunked the theory
Earlier today, news hit the internet that the US Department of Justice (DoJ), alongside the FBI, had recovered 63.7 Bitcoin of the 75 BTC that had been paid out to the hackers of the Colonial Pipeline fuel system.
The hack that happened last month, led to massive fuel shortages in the Eastern parts of the United States thus prompting the company to pay out the aforementioned ransom to avert further damages to its systems.
Theory That Coinbase Was Involved in recovering the Bitcoin
According to the chronology of events leading to the seizure of the Bitcoin by the DoJ, a judge in San Fransisco, approved the seizure of the finds from the said wallet which was located in the Northern District of California. The location of the wallet (California) thus led to the theory that the funds were sent to Coinbase.
Coinbase Debunks the Theory it was Involved With the Seizure of Bitcoin from Colonial Pipeline Hack
It is with this brief background of events that the Chief Security Officer at Coinbase, Philip Martin, has published an elaborate thread on Twitter, debunking the theory that the Bitcoin wallet containing the funds, was hosted by Coinbase.
Mr. Martin started out by stating that Coinbase was not the target of the warrant that granted the seizure of the Bitcoin, neither was the exchange in possession of any BTC from the Colonial Pipeline hack. According to his analysis, the private keys were probably obtained through old fashion police work.
An excerpt of his views on the matter can be found below.
Coinbase uses a pooled hot wallet, so handing over a specific private key wouldn’t make a ton of sense, and we’ve (for obvious security reasons) not built a private key export API endpoint into our signing systems.
I’ve also read that because the seizure warrant specified property in the Northern District of California, it had to be targeted at Coinbase. Nope. What this likely means is that the private key is located at one of the many Northern California FBI field offices.
So how did they get the private key? Maybe some whiz-bang magic, but my guess would be it was some good ol’ fashioned police work to locate the target servers, and an MLAT request and/or some political pressure to get access.