Experts traced DarkSide group bitcoin wallets

Bitcoin wallets of the DarkSide
Written by Emma Davis

Blockchain investigation company Crystal Blockchain has announced the discovery of bitcoin wallets used by DarkSide cyber ransomware group to obtain a ransom from Colonial Pipeline.

Last week, the American fuel giant Colonial Pipeline had to suspend its operations for six days due to a cyberattack using ransomware DarkSide. On May 8, the company paid the extortionists 75 bitcoins (about $5 million) and was able to start rebuilding soon after.

As previously reported by the information security company Elliptic, it also managed to identify the address of the DarkSide wallet, but it decided not to publish it. However, Crystal Blockchain found no reason to hide it from the public and provided the address to CoinDesk readers – bc1q7eqww9dmm9p48hx5yz5gcvmncu65w43wfytpsf.

According to Kyrylo Chykhradze, Product Director of Crystal Blockchain, there are several facts indicating that this particular address was used by DarkSide to obtain ransom from its victims.

We have identified transactions on the blockchain by knowing the date of the transaction and the amount sent. We analyzed each potential cluster (addresses) and found additional evidence in one of them: a $4.4 million or 78 BTC transaction sent by the chemical distribution company Brenntag. Chikhradze said.

Brenntag, another DarkSide victim, paid the ransom on May 11th. Elliptic also cited this transaction as additional evidence pointing to hacker-linked bitcoin addresses. Another piece of evidence cited by both Elliptic and Crystal: the last transaction involving these addresses took place on Thursday, May 13, the day the DarkSide faction lost access to their servers.

According to Crystal Blockchain, the DarkSide cluster included 30 addresses, to which a total of 321.5 bitcoins have been transferred since the first transaction on March 4. All of these funds eventually left the cluster, with the largest amount sent to the Binance cryptocurrency exchange (over 53.3 bitcoins, or 16% of all funds).

The second largest recipient of funds is the underground marketplace Hydra, which received more than 14.6 bitcoins (4.5% of funds) from DarkSide wallets.

Hydra is the world’s largest drug market, operating primarily in Russia and Eastern Europe.the experts said.

Other recipients of DarkSide funds include the little-known exchanges Ren, Zillion Bits, as well as the centralized exchange Poloniex in the US and Garantex in Estonia. Smaller amounts have also been sent to other well-known major exchanges and peer-to-peer crypto platforms including Coinbase, Huobi, OKEx, Paxful, and LocalBitcoins. A relatively small amount ended up in a secure Wasabi wallet.

The last transaction involving the aforementioned address clusters occurred on May 13, when 107 bitcoins were sent to a single unknown address that was active for only one day and received only three incoming transactions. Currently 107 bitcoins worth over $4.5 are still in this wallet. It is unknown, who owns them.

User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About the author

Emma Davis

I'm writer and content manager (a short time ago completed a bachelor degree in Marketing from the Gustavus Adolphus College). For now, I have a deep drive to study cyber security.

Leave a Reply


This site uses Akismet to reduce spam. Learn how your comment data is processed.