When Bitcoin burst onto the scene in 2009, fans heralded the cryptocurrency as a secure, decentralized and anonymous way to conduct transactions outside the traditional financial system.
Criminals, often operating in hidden reaches of the internet, flocked to Bitcoin to do illicit business without revealing their names or locations. The digital currency quickly became as popular with drug dealers and tax evaders as it was with contrarian libertarians.
But this week’s revelation that federal officials had recovered most of the Bitcoin ransom paid in the recent Colonial Pipeline ransomware attack exposed a fundamental misconception about cryptocurrencies: They are not as hard to track as cybercriminals think.
On Monday, the Justice Department announced it had traced 63.7 of the 75 bitcoins — some $2.3 million of the $4.3 million — that Colonial Pipeline had paid to the hackers as the ransomware attack shut down the company’s computer systems, prompting fuel shortages and a spike in gasoline prices. Officials have since declined to provide more details about how exactly they recouped the bitcoin.
Yet for the growing community of cryptocurrency enthusiasts and investors, the fact that federal investigators had tracked the ransom as it moved through at least 23 different electronic accounts belonging to DarkSide, the hacking collective, before accessing one account showed that law enforcement was growing along with the industry.
That’s because the same properties that make cryptocurrencies attractive to cybercriminals — the ability to transfer money instantaneously without a bank’s permission — can be leveraged by law enforcement to track and seize criminals’ funds at the speed of the internet.
Bitcoin is also traceable. While the digital currency can be created, moved and stored outside the purview of any government or financial institution, each payment is recorded in a permanent fixed ledger, called the blockchain.
That means all Bitcoin transactions are out in the open. The Bitcoin ledger can be viewed by anyone who is plugged into the blockchain.
“It is digital breadcrumbs,” said Kathryn Haun, a former federal prosecutor and investor at venture-capital firm Andreessen Horowitz. “There’s a trail law enforcement can follow rather nicely.”
Haun added that the speed with which the Justice Department seized most of the ransom was “groundbreaking” precisely because of the hackers’ use of cryptocurrency. In contrast, she said, getting records from banks often requires months or years of navigating paperwork and bureaucracy, especially when those banks are overseas.
Given the public nature of the ledger, cryptocurrency experts said, all law enforcement needed to do was figure out how to connect the criminals to a digital wallet, which stores the bitcoin. To do so, authorities likely focused on what is known as a “public key” and a “private key.”
A public key is the string of numbers and letters that Bitcoin holders have for transacting with others, while a “private key” is used to keep a wallet secure. Tracking down a user’s transaction history was a matter of figuring out which public key they controlled, authorities said.
Seizing the assets then required obtaining the private key, which is more difficult. It’s unclear how federal agents were able to get DarkSide’s private key.
Justice Department spokesperson Marc Raimondi declined to say more about how the FBI seized DarkSide’s private key. According to court documents, investigators accessed the password for one of the hackers’ Bitcoin wallets, though they did not detail how.
The FBI did not appear to rely on any underlying vulnerability in blockchain technology, cryptocurrency experts said. The likelier culprit was good old-fashioned police work.
Federal agents could have seized DarkSide’s private keys by planting a human spy inside DarkSide’s network, hacking the computers where their private keys and passwords were stored, or compelling the service that holds their private wallet to turn them over via search warrant or other means.
“If they can get their hands on the keys, it’s seizable,” said Jesse Proudman, founder of Makara, a cryptocurrency investment site. “Just putting it on a blockchain doesn’t absolve that fact.”
The FBI has partnered with several companies that specialize in tracking cryptocurrencies across digital accounts, according to officials, court documents and the companies. Startups with names like TRM Labs, Elliptic and Chainalysis that trace cryptocurrency payments and flag possible criminal activity have blossomed as law enforcement agencies and banks try to get ahead of financial crime. Their technology traces blockchains looking for patterns that suggest illegal activity. It’s akin to how Google and Microsoft tamed email spam by identifying and then blocking accounts that spray email links across hundreds of accounts.
“Cryptocurrency allows us to use these tools to trace funds and financial flows along the blockchain in ways that we could never do with cash,” said Ari Redbord, the head of legal affairs at TRM Labs, a blockchain intelligence company that sells its analytic software to law enforcement and banks. He was previously a senior adviser on financial intelligence and terrorism at the Treasury Department.
Several longtime cryptocurrency enthusiasts said the recovery of much of the Bitcoin ransom was a win for the legitimacy of digital currencies. That would help shift the image of Bitcoin as the playground of criminals, they said.
“The public is slowly being shown, in case after case, that Bitcoin is good for law enforcement and bad for crime — the opposite of what many historically believed,” said Hunter Horsley, chief executive of Bitwise Asset Management, a cryptocurrency investment company.
In recent months, cryptocurrencies have become increasingly mainstream. Companies such as PayPal and Square have expanded their cryptocurrency services. Coinbase, a startup that allows people to buy and sell cryptocurrencies, went public in April and is now valued at $47 billion. Over the weekend, a Bitcoin conference in Miami attracted more than 12,000 attendees, including Twitter’s chief executive, Jack Dorsey, and the boxer Floyd Mayweather Jr.
As more people use Bitcoin, most are accessing the digital currency in a way that mirrors a traditional bank, through a central intermediary like a crypto exchange. In the United States, anti-money laundering and identity verification laws require such services to know who their customers are, creating a link between identity and account. Customers must upload government identification when they sign up.
Ransomware attacks have put unregulated crypto exchanges under the microscope. Cybercriminals have flocked to thousands of high-risk ones in Eastern Europe that do not abide by these laws.
After the Colonial Pipeline attack, several financial leaders proposed a ban on cryptocurrency.
“We can live in a world with cryptocurrency or a world without ransomware, but we can’t have both,” Lee Reiners, the executive director of the Global Financial Markets Center at Duke Law School, wrote in The Wall Street Journal.
Cryptocurrency experts said the hackers could have tried to make their Bitcoin accounts even more secure. Some cryptocurrency holders go to great lengths to store their private keys away from anything connected to the internet, in what is called a “cold wallet.” Some memorize the string of numbers and letters. Others write them down on paper, though those can be obtained by search warrants or police work.
“The only way to obtain the truly unseizable characteristic of the asset class is to memorize the keys and not have them written down anywhere,” Proudman, of Makara, said.
Raimondi, of the Justice Department, said the Colonial Pipeline ransom seizure was the latest sting operation by federal prosecutors to recoup illicitly gained cryptocurrency. He said the department has made “many seizures, in the hundreds of millions of dollars, from unhosted cryptocurrency wallets” used for criminal activity. In January, the Justice Department disrupted another ransomware group, NetWalker, which used ransomware to extort money from municipalities, law enforcement agencies and schools.
As part of that sting, the department obtained about $500,000 of NetWalker’s cryptocurrency that had been collected from victims of their ransomware.
“While these individuals believe they operate anonymously in the digital space, we have the skill and tenacity to identify and prosecute these actors to the full extent of the law and seize their criminal proceeds,” Maria Chapa Lopez, then the U.S. attorney for the Middle District of Florida, said when the case was announced.
In February, the Justice Department said it had warrants to seize nearly $2 million in cryptocurrencies that North Korean hackers had stolen and put into accounts at two different cryptocurrency exchanges.
Last August, the department also unsealed a complaint outing North Korean hackers who stole $28.7 million of cryptocurrency from a cryptocurrency exchange, and then laundered the proceeds through Chinese cryptocurrency laundering services. The FBI traced the funds to 280 cryptocurrency wallets and their owners.
In the end, “cryptocurrencies are actually more transparent than most other forms of value transfer,” said Madeleine Kennedy, a spokesperson for Chainalysis, the startup that traces cryptocurrency payments. “Certainly more transparent than cash.”
All subunit vaccines are made using living organisms, such as bacteria and yeast, which require substrates on which to grow them, and strict hygiene to avoid contamination with other organisms. This makes them more expensive to produce than chemically-synthesised vaccines, such as RNA vaccines. The precise manufacturing method depends on the type of subunit vaccine being produced. Protein subunit vaccines, such as the recombinant hepatitis B vaccine, are made by inserting the genetic code for the antigen into yeast cells, which are relatively easy to grow and capable of synthesising large amounts of protein. The yeast is grown in large fermentation tanks, and then split open, allowing the antigen to be harvested. This purified protein is then added to other vaccine components, such as preservatives to keep it stable, and adjuvants to boost the immune response – in this case alum. For polysaccharide or conjugate vaccines, the polysaccharide is produced by growing bacteria in industrial bioreactors, before splitting them open and harvesting the polysaccharide from their cell walls. In the case of conjugate vaccines, the protein that the polysaccharide is attached to must also be prepared by growing a different type of bacteria in separate bioreactors. Once its proteins are harvested, they are chemically attached to the polysaccharide, and then the remaining vaccine components added.
Explained: Aducanumab, new drug for Alzheimer’s disease and row over approval
The autumnal equinox is one of two points in Earth’s orbit where the sun creates equal periods of daytime and nighttime across the globe. Many mark it as the first day of the fall. See what it looks like from space here.
NASA’s Osiris-Rex spacecraft could try to collect a sample from the asteroid Bennu
This NASA spacecraft has been orbiting an Empire State Building-sized near Earth asteroid for more than a year. It will attempt to collect a sample during a brief touch down on its surface, and eventually return it to Earth. Read about Osiris-Rex’s landing site here.
Starting October 21
The Orionids meteor shower will peak
Starting in the evening of Oct. 21, through the next day’s dawn, you might get your best chance to catch a glimpse of the Orionids meteor shower. Learn more about the major meteor showers and how to watch them here.
SpaceX could launch more astronauts to orbit in its Crew Dragon capsule
In May, SpaceX carried two NASA astronauts to the International Space Station. Now that those astronauts have safely returned to Earth, NASA is preparing for Crew Dragon to transport a team of four, including a Japanese astronaut, on the capsule’s second piloted trip. Read more about how NASA became SpaceX’s customer here.
Starting November 16
The Leonids meteor shower will peak
Starting in the evening of Nov. 16, through the next day’s dawn, you might get your best chance to catch a glimpse of the Leonids meteor shower. Learn more about the major meteor showers and how to watch them here.
Starting November 29
A lunar eclipse will be visible in the Americas, Australia and parts of Asia and Europe.
This will be a subtle, penumbral lunar eclipse much like the one in July, but shifted to the East. Moon gazers in the Americas and Australia can try to detect the change, as can people throughout East Asia. Read about forthcoming lunar astronomy events here.
Japan’s Hayabusa2 spacecraft could return a sample from the asteroid Ryugu to Earth
Throughout 2019, this Japanese probe collected multiple samples from this near Earth asteroid, including a memorable operation that blew a hole in the space rock’s surface. After returning to Earth, it will eject a sample capsule that will attempt to touch down in the Australian outback. Read more about Hayabusa2 here.
Starting December 13
The Geminids meteor shower will peak
Starting in the evening of Dec. 13, through the next day’s dawn, you might get your best chance to catch a glimpse of the Geminids meteor shower. Learn more about the major meteor showers and how to watch them here.
A total solar eclipse will be visible in parts of South America
Darkness will fall during daytime in parts of South America as the moon obscures the sun. See last year’s total solar eclipse in Chile and Argentina, here.
Starting December 21
The Ursids meteor shower will peak
Starting in the evening of Dec. 21, through the next day’s dawn, you might be able to catch a glimpse of the Ursids meteor shower. Learn more about the major meteor showers and how to watch them here.
It’s the scientific start to winter in the Northern Hemisphere, when this half of the world tilts away from the sun. Read more about the solstice here.
Answers to common questions we’ve received
- Does the calendar work with Android devices?
- Yes. Use the signup at the top of this page to subscribe using your Google account. The calendar will be synced to your phone.
- Is there a webcal/iCal feed I can use to subscribe directly?
- I subscribed to the calendar on my iPhone but it isn’t showing up on my computer or tablet. How do I fix that?
- You will need to add an iCloud Calendar subscription. Use the webcal link mentioned above.
- Can I subscribe if I use Outlook?
- Yes. Using the webcal link above, you can add the calendar to Outlook.com or an Outlook desktop client.
- How do I submit feedback, or suggest another important space or astronomy event that I think you missed?
- Email us at firstname.lastname@example.org.
- How do I unsubscribe?
- Google Calendar: Unsubscribe using a desktop computer
iCloud: Delete the calendar from iCloud.com
iPhone/iPad: Open “Settings,” then “Accounts,” and remove the Space Calendar subscription. If you do not see any entry for Space Calendar, follow the directions for Google Calendar or iCloud.