Get more Mail & Guardian
Subscribe or Login

DarkSide: Following the money in the crypto age

The United States’ department of justice announced last week that it seized 63.7 bitcoin, worth about R35-million, allegedly paid as ransom to hacking group DarkSide. 

Last month DarkSide targeted the Colonial Pipeline, the largest refined oil pipeline system in the US, resulting in critical infrastructure being taken out of operation. The hacking group demanded a ransom of 75 bitcoin.

The crime is an example of one of the many ransomware attacks that have hit companies over the past year. 

Ransomware is malicious software that infects a computer system and prevents it from being used. The computer system and the files on it remain locked until a ransom is paid.

According to a recent report by blockchain data firm Chainalysis, ransomware is the fastest-growing cryptocurrency-related crime. Known payments to ransomware attackers rose 337% from 2019 to 2020, when they reached more than R5.4-billion worth of cryptocurrency. 

This year, ransomware attackers have so far taken more than R1.1-billion, Chainalysis found. And the average known ransomware payment has more than quadrupled from R165 000 in the last quarter of 2019 to R740 000 in the first quarter of this year.

The Chainalysis report notes that blockchain analysis can be used to trace the flow of funds paid to ransomware attackers.

In a speech announcing the DarkSide seizure, US deputy attorney general Lisa Monaco said: “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies. And that’s exactly what we do.”

According to an affidavit, the FBI used a blockchain explorer to identify the two addresses to which the ransom was paid. The FBI found that on 8 May the 75 bitcoin was subsequently transferred to a number of other addresses. 

The law enforcement agency found that about 63.7 bitcoin had been transferred to a specific address, for which the FBI has the private key, used to authenticate digital asset ownership and encrypt a bitcoin wallet.

William Callahan, the director of strategic affairs at the Blockchain Intelligence Group, a Canada-based threat intelligence company, explained: “You have to look at bitcoin as this holder of some sort of value. That value is transferred along the way and could be cashed out for fiat currency, wherever the exchange is located.

“So when we use the term ‘follow the money’, we’re really looking at following the value of what can be exchanged into fiat currency.”

Callahan said it is fortunate that, unlike fiat currency (a government-issued currency), bitcoin is transferred along a blockchain. A blockchain is a decentralised, public ledger that isn’t tied to a single web server. 

“So using software, the FBI was able to follow step by step the transfer of the bitcoin.”

The Blockchain Intelligence Group uses similar software to trace cryptocurrency transactions. “This is a similar kind of analytics to tracing a phone number and eventually doing a wire tap,” said Callahan, who formerly worked at the drug enforcement administration in the US.

Financial investigations have become complex, he added. “As long as there is going to be this criminal activity, law enforcement is going to have to keep up. 

“We always have to try to keep a step ahead of the criminal actor. And if it’s not cryptocurrency, it’ll be something else of value that could be exchanged somewhere else.”

Monica Singer, the former chief executive of Strate and the current South Africa lead for blockchain company ConsenSys, noted that most illicit transactions are happening in US dollars and not in cryptocurrency. 

According to Chainalysis, in 2019 criminal activity represented 2.1% of all cryptocurrency transactions. “The bitcoin ledger is very transparent …. We believe that it is going to change accounting, because you’re going to have real time auditing and much more sophisticated tools to prevent fraud or corruption,” Singer said.

“This will increase transparency as to where the money goes.”

Subscribe for R500/year

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them and get a 57% discount in your first year.

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

Fears of violence persist a year after the murder of...

The court battle to stop coal mining in rural KwaZulu-Natal has heightened the sense of danger among environmental activists

Data shows EFF has lower negative sentiment online among voters...

The EFF has a stronger online presence than the ANC and Democratic Alliance

More top stories

Libyan town clings to memory of Gaddafi, 10 years on

Rebels killed Muammar Gaddafi in his hometown of Sirte on 20 October 2011, months into the Nato-backed rebellion that ended his four-decade rule

Fishing subsidies in the W. Cape: ‘Illegal fishing is our...

Fishers claim they are forced into illegal trawling because subsidies only benefit big vessels

Kenya’s beach boys fall into sex tourism, trafficking

In the face of their families’ poverty, young men, persuaded by the prospect of wealth or education, travel to Europe with their older female sponsors only to be trafficked for sex

press releases

Loading latest Press Releases…