{"id":42599,"date":"2021-05-17T12:57:46","date_gmt":"2021-05-17T09:57:46","guid":{"rendered":"https:\/\/forklog.com\/en\/?p=42599"},"modified":"2025-08-30T23:56:50","modified_gmt":"2025-08-30T20:56:50","slug":"elliptic-bitcoin-wallet-used-by-darkside-hackers-has-received-17-5m-since-march","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/elliptic-bitcoin-wallet-used-by-darkside-hackers-has-received-17-5m-since-march\/","title":{"rendered":"Elliptic: Bitcoin wallet used by DarkSide hackers has received $17.5m since March"},"content":{"rendered":"<p>Elliptic specialists <a href=\"https:\/\/www.elliptic.co\/blog\/elliptic-follows-bitcoin-ransoms-paid-by-darkside-ransomware-victims\" target=\"_blank\" rel=\"noreferrer noopener\">\u0443\u0442\u0432\u0435\u0440\u0436\u0434\u0430\u044e\u0442<\/a> that they were able to identify the bitcoin wallet used by the DarkSide hackers to receive ransom from victims.<\/p>\n<p>According to the analysts, on May 8 the wallet received 75 BTC. <a href=\"https:\/\/forklog.com\/en\/news\/media-colonial-pipeline-paid-hackers-a-5-million-ransom-in-cryptocurrency\">\u0441\u043e\u043e\u0431\u0449\u0430\u043b\u043e\u0441\u044c<\/a> that the attacked American company Colonial Pipeline paid the attackers exactly that amount for data recovery.<\/p>\n<p>Elliptic noted that the wallet has been active since 4 March 2021 and has received 57 payments. In total since spring, bitcoins worth $17.5m have been sent to it.<\/p>\n<p>Some transactions correspond to the ransom that victims had previously paid to DarkSide, confirming its link to the hacking group.<\/p>\n<p>Recently DarkSide announced that it would cease operations. The Wall Street Journal, citing FireEye and Intel 471, said the reason is the loss of control over part of its infrastructure and funds, as well as pressure from US law enforcement.<\/p>\n<p>Elliptic noted that from the wallet, presumably belonging to DarkSide, $5m in bitcoins were recently withdrawn.<\/p>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cThere is a hypothesis that the bitcoins were confiscated by the US government. If this is the case, they did not manage to seize most of the Colonial Pipeline ransom \u2014 it was withdrawn on May 9,\u201d said Elliptic specialists.<\/p>\n<\/blockquote>\n<p>Analysts also traced how DarkSide laundered the proceeds. The firm says 18% of the bitcoins were sent to various exchanges, another 4% to the Hydra darknet marketplace.<\/p>\n<p>Recall that DarkSide attacked Colonial Pipeline, <a href=\"https:\/\/forklog.com\/en\/news\/hackers-from-russia-linked-to-colonial-pipeline-attack-via-ransomware\">stealing about 100 GB of data and disabling computer systems<\/a>. The company provides fuel to about 45% of the population of the East Coast of the United States, and the attack disrupted the pipeline&#8221;s operations.<\/p>\n<p>Media reports suggested the hackers may be linked to Russia. DarkSide representatives said they are apolitical, and their aim is \u201cto make money, not to cause trouble for society.\u201d<\/p>\n<p>Read ForkLog&#8217;s Bitcoin news on our <a href=\"\/\/telegram.me\/forklog\" target=\"\u201c_blank\u201d\" rel=\"\u201cnofollow\u201d noopener\">Telegram<\/a> \u2014 crypto news, prices and analytics.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Elliptic specialists say they were able to identify the bitcoin wallet used by the DarkSide hackers to receive ransom from victims.<\/p>\n","protected":false},"author":1,"featured_media":42600,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"1","news_style_id":"1","cryptorium_level":"","_short_excerpt_text":"Elliptic identifies a bitcoin wallet used by DarkSide to collect ransom.","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[1785,1154,1535,167],"class_list":["post-42599","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-buyout","tag-crimes","tag-elliptic","tag-research"],"aioseo_notices":[],"amp_enabled":true,"views":"37","promo_type":"1","layout_type":"1","short_excerpt":"Elliptic identifies a bitcoin wallet used by DarkSide to collect ransom.","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/42599","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=42599"}],"version-history":[{"count":1,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/42599\/revisions"}],"predecessor-version":[{"id":42601,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/42599\/revisions\/42601"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/42600"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=42599"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=42599"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=42599"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}