Why is the market panicking? How did the FBI obtain the hacker's private key? Hitting two "weak points" of Bitcoin

Wu Shuo Author | Tan Shu

Editor of this issue | Colin Wu

On Monday, the U.S. Department of Justice announced that they had recovered most of the bitcoins that were paid in ransom last month by Colonial Pipeline, the largest oil pipeline company in the United States. With this news, perhaps worried that Bitcoin's encryption technology has been cracked by the FBI and has lost its "anti-censorship" characteristics, the price of Bitcoin fell sharply, falling to a low of $31,716.

Ransomware is an important "application" of Bitcoin

Since its birth, Bitcoin has often been criticized by people, who call it "useless". Although companies such as Steam, Microsoft and Tesla once accepted Bitcoin payments, they often stopped accepting it for a period of time. There are two main reasons. One is that there are very few users willing to use Bitcoin payments; the other is that according to the current situation in the world, it is more convenient to accept legal currency than Bitcoin in all legal fields. Therefore, most legal businesses are not willing to accept Bitcoin payments.

In the illegal or black and gray areas, Bitcoin is often the first choice for payment. Therefore, Bitcoin has been widely used in the fields of money laundering, gambling, dark web markets, etc. Ransomware is one of the applications of Bitcoin in the illegal field. In fact, many people first heard about Bitcoin through ransomware.

In 2017, the famous ransomware WannaCry swept the world. Some people on the Internet translated the name of the software as “want to cry”. In fact, it is the abbreviation of “Wanna Crypto”, which really means “want cryptocurrency”. WannaCry had a wide impact, and some domestic universities and energy institutions were also affected. Therefore, in May 2017, the National Internet Emergency Center issued a special [Situation Report](1).

According to US media reports, the United States suffered a total of 15,000 ransomware incidents in 2020, causing economic losses ranging from US$596 million to US$2.3 billion.

How does the FBI obtain hacker private keys?

Although there are many speculations about how the FBI obtained the private key to the hacker's Bitcoin address, apparently no one knows the truth.

Elvis Chan, an FBI agent in San Francisco, declined to reveal details of how he obtained the private keys in an interview with NBC (2), as the same method may be used in future operations. However, he also made it clear that this operation did not rely on "waiting for criminals to use cryptocurrency services in the United States."

This statement at least denies the FBI's speculation that the hacker funds were obtained through exchanges. Most exchanges have strict KYC/AML policies, not to mention US exchanges. Therefore, it is unlikely that hackers would directly use US exchanges to launder money.

Since this operation only recovered part of the ransom funds, it also basically denied the speculation that the FBI had cracked the Bitcoin encryption algorithm, because if the FBI had cracked the encryption algorithm, it could obviously recover all the funds.

Elvis Chan also mentioned that the operation benefited from the fact that "most of the Internet infrastructure is in the United States", which provided convenience for the FBI.

Therefore, the closest guess is that the blackmailer used a full-node wallet located in North America, and the full-node wallet will leak the node's IP when broadcasting transactions. From a security perspective, each address can only be used once, and through the blockchain browser query, it can be seen that the blackmailer used the address bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq to send bitcoins twice, resulting in IP leakage, which gave the FBI the opportunity to obtain the private key.

Biyin CTO Li Tianzhao said that the hacker stored the extorted bitcoins in a Bitcoin wallet that used the cloud service of an American company. The cloud server was located in the United States and was directly taken over by the FBI, so the ransom was recovered without the private key.

The impact of the FBI's acquisition of private keys on the market

Over the past month, ransomware attacks have become more widespread and have had a wider impact. The attack on the Colonial Pipeline seriously affected the oil supply on the east coast of the United States and caused panic in the short term; the attack on JBS, the world's largest beef manufacturer, affected the beef supply in the United States.

According to Reuters[report](3), on the 4th of this month, the US Department of Justice has raised the threat of ransomware to the level of terrorism, and FBI Chairman Christopher Wray directly compared the threat of ransomware to 9/11. Since it is terrorism, when asked whether military action would be taken against ransomware, US Commerce Secretary Gina Raimondo replied that "all possible options can be considered to combat ransomware crimes."

The FBI's action to recover the extorted funds from Colonial Pipeline was swift. However, for cryptocurrencies, this is equivalent to "limiting" their important uses in the short term, causing their prices to fall rapidly. But in the long run, reducing their use in the criminal field is crucial to the healthy development of cryptocurrencies.