The crypto markets got hammered over fears that the FBI had recovered the ransom Colonial Pipeline paid in bitcoin (true), and, therefore, all crypto can be easily hacked (false). The FUD is still rampant, and the depth and breath of misinformation and misunderstanding about the hackability of cryptocurrency is profound.
To suggest that the FBI is capable of hacking a SHA-256 encrypted key pair is, by itself, to suggest that the U.S. Government is capable of invading almost every secure digital environment. This is clearly not the case. It is far more likely that these hackers simply made an amateur mistake with their ill-gotten gains, which is a mistake you are likely to make with your own cryptocurrency.
All cryptocurrency transactions are written to a public ledger (blockchain) that is verified to be accurate by the validators of the particular blockchain. Everyone can read it. Here’s a link to the bitcoin blockchain explorer, a search engine with access to every bitcoin transaction ever done, including the transaction(s) in question.
My guess is that the FBI did exactly what they said they did in the press conference: they followed the money. (Not hard, there’s an app for that.) After following all subsequent transactions the hackers did to launder the money, they found 63.7 bitcoins sitting in a “hot wallet.” (That’s a slang term for a wallet that’s online and accessible via the public internet.)
Once that was done, the FBI only needed a password or a copy of the private key to the wallet. If the wallet belonged to an individual, they could have used the “$5 wrench method” to obtain the required access codes or simply socially engineered their way into it. Or, if the wallet was on a crypto exchange, they could just go all “FBI” on the exchange.
There are some lessons here (other than the obvious “don’t be a criminal” lesson):
- Never, ever, never, ever, ever, ever, ever put all your crypto in one wallet. EVER!!!
- If you have a substantial amount of crypto of any flavor, put it in a hardware wallet and keep it offline until the moment you need to use it.
If the ransom was in an offline hardware wallet, the FBI would have had zero capability to get it back. Zero. You can’t get a file from someone’s desk drawer if you don’t know where the desk drawer is, what’s on it, who it belongs to, or where it is in the world.
Crypto is complicated, but we’ll all get better at it. Sadly, so will the criminals. In the meantime, don’t worry about your crypto being hacked. Worry about the stupid stuff you’ll do because you don’t understand how to properly use and safeguard your crypto. People are way easier to hack than SHA-256 encrypted files.
If you want to learn more, my new eBook, Blockchain – Cryptocurrency, NFTs & Smart Contracts: An executive guide to the world of decentralized finance is Amazon’s #1 bestseller in Money & Monetary Policy. It’s only $2.99 (or free with KindleUnlimited), and I’m donating my proceeds to Girls Who Code. Mark Cuban calls it “a crisp, easy to understand overview of crypto and DeFi.”
Want to chat about a blockchain project?
If the form is not visible, click here.
Author’s note: This is not a sponsored post. I am the author of this article and it expresses my own opinions. I am not, nor is my company, receiving compensation for it. I am not a financial advisor. Nothing in this article should be considered financial advice. If you are considering any type of investment you should conduct your own research and, if necessary, seek the advice of a licensed financial advisor.