No. No they did not.

I'm sure some of you freaks are aware that the Department of Justice came out yesterday and announced that the FBI had successfully "seized" some of the bitcoin acquired by the hackers who attacked the Colonial Pipeline with ransomeware last month. Many in the mainstream blogosphere are claiming that the FBI "hacked" the protocol by successfully brute forcing the private keys to take possession of them. This doesn't seem to be a very plausible scenario. It would be pretty obvious if the FBI brute forced ECDSA.

Here's what seems to be the most plausible, at least to me at this current moment, explanation behind the FBI's "seizure" from our friend ErgoBTC:

It seems that the "hacking team" behind the Colonial Pipeline attack was using a desktop Electrum light client as their wallet to receive the ransomeware payment. Since they used an Electrum light client, it means they had to connect to a trusted Electrum Server to receive blockheaders and information about their personal addresses. This means the attackers connected to a server run by a chain surveillance company or a law enforcement agency. By connecting to a malicious server, the attackers' IP address was leaked.

This is how the attacker seems to have been identified. Now, how did they get the keys? That question is yet to be answered. Here are some of the plausible theories as described by Ergo:

It will be interesting to see how the FBI explains (or doesn't explain) the ways in which they acquired the private keys. The best theory to me at the moment is that the FBI seized a cloud server the attackers were running their light client on.

If that is the case, it begs the question, "How could these attackers be smart enough to take down a vital piece of energy infrastructure but too dumb to run their own full node with a connected xpub associated with a dedicated device?" Tinfoil Hat Uncle Marty is very suspicious of these particular "attackers".

Let this be a lesson to all that there are many ways to leak privacy on the Bitcoin network. Exposing your IP address and allocating trust to third party node operators is a very easy way to lose privacy at Bitcoin's P2P communications layer. If you're going to hold vital infrastructure hostage in return for some sats, you better make sure you are receiving those sats with operational security best practices in mind.


To me, the most impactful session at the Bitcoin 2021 conference last weekend was this ~30-minute recorded speech from Ross Ulbricht. Recorded over a collect call from the high security prison he is currently serving a double life sentence, Ross delivers an emotional speech about his intent behind the Silk Road, Bitcoin's success, and why we shouldn't take our freedom for granted and should actively fight to preserve it for ourselves and our descendants.

At one point during the speech, Ross mentions that he will probably be reprimanded by the prison for conducting the interview. Well, it seems that his instinct turned out to be correct as the world got word today that he has been put into solitary confinement for an undisclosed amount of time.

Please listen to Ross' speech and consider donating to the #FreeRoss campaign and signing the petition on their website.

It will be a great day when Ross is set free.

Final thought...

The next few weeks are peak "sleep with the windows open" season in this house.