DarkSide ransomware bitcoins worth $6.8 million moved

The DarkSide hacking group moved most of the bitcoins from its cryptocurrency wallets. This drew the attention of cybersecurity researcher Omri Segev Moyal.

According to him, roughly 107 BTC (about $6.8 million) were moved from wallets that received funds after the attack on Colonial Pipeline, the operator of the U.S. pipeline.

Seven addresses received 7–8 BTC per transaction. The remainder, 38 BTC transferred to a separate wallet. Now this amount is also split into smaller parts and withdrawn to other addresses.

The expert suggested that the attackers intend to launder the proceeds from crime in this manner. He did not rule out that law enforcement agencies may have gained access to DarkSide’s wallets.

Moyal appealed to cryptocurrency exchange operators to block wallets associated with DarkSide.

In early May, the DarkSide attacked Colonial Pipeline, locking its computer systems and exfiltrating around 100 GB of data. To restore operations and recover the data, Colonial Pipeline paid the attackers 75 BTC.

A week after the attack, as a result of a law-enforcement operation, the group lost servers and part of its cryptocurrency and announced that it had ceased operations.

In June, the FBI, by an unnamed means, gained access to the extortionists’ Bitcoin wallet and returned 63.7 BTC of the ransom paid.

In late July, the DarkSide hackers resumed operations under the name BlackMatter.

Subscribe to ForkLog news on Twitter.