Get more Mail & Guardian
Subscribe or Login

DarkSide: Following the money in the crypto age

The United States’ department of justice announced last week that it seized 63.7 bitcoin, worth about R35-million, allegedly paid as ransom to hacking group DarkSide. 

Last month DarkSide targeted the Colonial Pipeline, the largest refined oil pipeline system in the US, resulting in critical infrastructure being taken out of operation. The hacking group demanded a ransom of 75 bitcoin.

The crime is an example of one of the many ransomware attacks that have hit companies over the past year. 

Ransomware is malicious software that infects a computer system and prevents it from being used. The computer system and the files on it remain locked until a ransom is paid.

According to a recent report by blockchain data firm Chainalysis, ransomware is the fastest-growing cryptocurrency-related crime. Known payments to ransomware attackers rose 337% from 2019 to 2020, when they reached more than R5.4-billion worth of cryptocurrency. 

This year, ransomware attackers have so far taken more than R1.1-billion, Chainalysis found. And the average known ransomware payment has more than quadrupled from R165 000 in the last quarter of 2019 to R740 000 in the first quarter of this year.

The Chainalysis report notes that blockchain analysis can be used to trace the flow of funds paid to ransomware attackers.

In a speech announcing the DarkSide seizure, US deputy attorney general Lisa Monaco said: “The sophisticated use of technology to hold businesses and even whole cities hostage for profit is a decidedly 21st century challenge — but the old adage ‘follow the money’ still applies. And that’s exactly what we do.”

According to an affidavit, the FBI used a blockchain explorer to identify the two addresses to which the ransom was paid. The FBI found that on 8 May the 75 bitcoin was subsequently transferred to a number of other addresses. 

The law enforcement agency found that about 63.7 bitcoin had been transferred to a specific address, for which the FBI has the private key, used to authenticate digital asset ownership and encrypt a bitcoin wallet.

William Callahan, the director of strategic affairs at the Blockchain Intelligence Group, a Canada-based threat intelligence company, explained: “You have to look at bitcoin as this holder of some sort of value. That value is transferred along the way and could be cashed out for fiat currency, wherever the exchange is located.

“So when we use the term ‘follow the money’, we’re really looking at following the value of what can be exchanged into fiat currency.”

Callahan said it is fortunate that, unlike fiat currency (a government-issued currency), bitcoin is transferred along a blockchain. A blockchain is a decentralised, public ledger that isn’t tied to a single web server. 

“So using software, the FBI was able to follow step by step the transfer of the bitcoin.”

The Blockchain Intelligence Group uses similar software to trace cryptocurrency transactions. “This is a similar kind of analytics to tracing a phone number and eventually doing a wire tap,” said Callahan, who formerly worked at the drug enforcement administration in the US.

Financial investigations have become complex, he added. “As long as there is going to be this criminal activity, law enforcement is going to have to keep up. 

“We always have to try to keep a step ahead of the criminal actor. And if it’s not cryptocurrency, it’ll be something else of value that could be exchanged somewhere else.”

Monica Singer, the former chief executive of Strate and the current South Africa lead for blockchain company ConsenSys, noted that most illicit transactions are happening in US dollars and not in cryptocurrency. 

According to Chainalysis, in 2019 criminal activity represented 2.1% of all cryptocurrency transactions. “The bitcoin ledger is very transparent …. We believe that it is going to change accounting, because you’re going to have real time auditing and much more sophisticated tools to prevent fraud or corruption,” Singer said.

“This will increase transparency as to where the money goes.”

Subscribe to the M&G

Thanks for enjoying the Mail & Guardian, we’re proud of our 36 year history, throughout which we have delivered to readers the most important, unbiased stories in South Africa. Good journalism costs, though, and right from our very first edition we’ve relied on reader subscriptions to protect our independence.

Digital subscribers get access to all of our award-winning journalism, including premium features, as well as exclusive events, newsletters, webinars and the cryptic crossword. Click here to find out how to join them.

Sarah Smit
Sarah Smit
Sarah Smit is a general news reporter at the Mail & Guardian. She covers topics relating to labour, corruption and the law.

Related stories


If you’re reading this, you clearly have great taste

If you haven’t already, you can subscribe to the Mail & Guardian for less than the cost of a cup of coffee a week, and get more great reads.

Already a subscriber? Sign in here


Subscribers only

R350 relief grant will be paid into bank accounts or...

There are concerns that post office branch closures will make it difficult for beneficiaries to access the grant

South Africa at risk of spillover from international inflation, economists...

Higher international oil prices, for example, could affect local transport costs through second-round effects

More top stories

Companies affected by unrest can apply for support as soon...

Labour Minister Thulas Nxesi urges employers to be honest when applying for help

Mboweni extends R38bn to cope with double calamity of Covid-19...

The finance minister extended the Ters relief and the social distress relief grant, and also ensured businesses hit by looting can access insurance

South Africa appalled that Israel given AU observer status

The international relations department has released a statement condemning the decision

Coal on a drive to delay its demise

The just transition that is currently being executed is a balance between energy security and climate change, according to one analyst

press releases

Loading latest Press Releases…