BTC
$80,186.71
-
3.20%
ETH
$1,667.58
-
6.65%
USDT
$0.9995
-
0.04%
XRP
$2.0265
-
4.89%
BNB
$561.12
-
5.14%
USDC
$0.9999
-
0.02%
SOL
$110.05
-
7.13%
DOGE
$0.1557
-
7.44%
TRX
$0.2361
-
0.62%
ADA
$0.6061
-
6.96%
LEO
$9.0079
-
0.96%
TON
$3.2028
-
2.87%
LINK
$11.79
-
6.89%
XLM
$0.2458
-
1.72%
AVAX
$16.57
-
7.50%
SHIB
$0.0₄1152
-
5.74%
SUI
$2.0096
-
9.02%
HBAR
$0.1459
-
9.43%
OM
$5.9702
-
4.72%
BCH
$288.44
-
3.50%
Sign Up
Select Language
English enPortuguês pt-brРусский ruEspañol esFrançais frItaliano itFilipino filУкраїнська uk
Logo
Markets
Share this article

Bitcoin Wallet Used by DarkSide for Ransom Payments ID'd by Elliptic

Since becoming active, the wallet has received bitcoin transactions totaling $17.5 million, the data analysis firm said.

By Kevin Reynolds
Updated Sep 14, 2021, 12:56 p.m. Published May 14, 2021, 7:59 p.m.

The wallet used by the DarkSide ransomware group to receive bitcoin ransom payments has been identified, according to data analysis firm Elliptic, citing intelligence collection and analysis of blockchain transactions.

STORY CONTINUES BELOW
Don't miss another story.Subscribe to the Crypto Long & Short Newsletter today. See all newsletters
By signing up, you will receive emails about CoinDesk products and you agree to our terms of use and privacy policy.

  • The wallet received the 75 BTC payment reportedly made by Colonial Pipeline on May 8, following the cyberattack that led to widespread fuel shortages in the U.S., Elliptic said in its report.
  • The wallet has been active since early March and has received 57 payments from 21 different wallets, including some matching ransoms known to have been paid to the group in other cases of blackmail, the firm said.
  • Since becoming active, the wallet has received bitcoin transactions totaling $17.5 million, Elliptic said.
  • Elliptic also said it has been able to gain intel on how DarkSide laundered prior attacks, potentially allowing authorities to locate the people behind them.
  • Earlier Friday, KrebsOnSecurity and others reported that the DarkSide group has decided to shut itself down after its own servers were seized and someone drained crypto from an account belonging to the group.

Read more: Ransomware Attacks Growing More Profitable: Chainalysis

BitcoinDarkSideRansomware Attack
Kevin Reynolds

Kevin Reynolds is editor-in-chief at CoinDesk. Prior to joining the company in mid-2020, Reynolds spent 23 years at Bloomberg, where he won two CEO awards for moving the needle for the entire company and established himself as one of the world's leading experts in real-time financial news. In addition to having done almost every job in the newsroom, Reynolds built, scaled and ran products for every asset class, including First Word, a 250-person global news/analysis service for professional clients, as well as Bloomberg's Speed Desk and the training program that all Bloomberg News hires worldwide are required to take. He also turned around several other operations, including the company's flash headlines desk and was instrumental in the turnaround of Bloomberg's BGOV unit. He shares a patent for a content management system he helped design, is a Certified Scrum Master, and a veteran of the U.S. Marine Corps. He owns bitcoin, ether, polygon and solana.

X icon
Kevin Reynolds