Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...

Darkside Hackers Learn Bitcoin Ransom Payment Not Out of DOJ Reach

In view of the U.S. Department of Justice’s (DOJ) successful seizure of most of the cryptocurrency paid ($2.3 million) to the ransomware hackers by Colonial Pipeline last month — and my continued use of the UK RUSI report as a reference, this is a good time to jump ahead in the report and consider Part Three titled, “The Role of Financial Disruption in Tackling IP Crime.”

Part Three of the report addresses the need for financial institutions to disrupt the ability of thieves to collect the proceeds of their crimes.

One sub-section is titled, “Crypto-Asset Service Providers.”


As an IP investigations and protection blogger, I am interested to know how the DOJ could seize the cryptocurrency, and the answer was provided in the RUSI report,

“… blockchain analytics, namely the ability to analyse publicly available transaction data recorded on the respective virtual asset’s blockchain.”

And to reinforce the notion of applying this seizure technology, a blog post written by Dr. Tom Robinson, Co-Founder and Chief Scientist at Elliptic, titled, US Authorities Seize Affiliate’s Share of the Darkside Ransom Paid by Colonial Pipeline, details how his company could identify the Colonial Pipeline bitcoin transaction in particular, and said,

“This action by US authorities demonstrates the value of blockchain analytics to track down proceeds of crime in cryptocurrency, and ensure that ransomware does not pay for the criminals behind it.”

*Elliptic is a blockchain analytics financial compliance firm.


This is encouraging news. It is important for IP investigators, attorneys, and CEOs to know there is a technology that can track a cryptocurrency ransom payment after it is made.

The hackers may remain anonymous (for now) but there is a mechanism in which to retrieve the extortion payout before the criminals empty their cryptocurrency wallets.


This seizure illustrates the benefits of making a prompt notification to law enforcement when attacked. But, can all companies expect the same response from law enforcement?

As we know, most ransomware attacks do not affect critical infrastructure. Companies with IP taken hostage (i.e., trade secrets) often pay a ransom in the thousands of dollars instead of millions. These cases may not receive as urgent a law enforcement response (even though we applaud DOJ’s recent establishment of the “Ransomware and Digital Extortion Task Force“.)


It may be worthwhile for companies (that pay a ransom in cryptocurrency) to contract with a blockchain analysis firm, and, if the analysis identifies the crypto wallet with the ransom payment, to consider applying for an ex parte seizure order under the Defend Trade Secrets Act.


Of course, it won’t take long for hackers to adjust to cashing out as soon as the ransom lands in their cryptocurrency account.

Traditionally, for example, fraudsters—through (paper currency) bank accounts attached to their shell companies — cash out and vanish as soon as a victim’s money lands.

Disclaimer: is a service to the professional IP community. While every effort has been made to check information in this blog, we provide no guarantees or warranties, express or implied, regarding the content provided in We disclaim all liability and responsibility for the qualification or accuracy of representations made by the contributors or for any disputes that may arise. It is the responsibility of the readers to independently investigate and verify the credentials of such persons and the accuracy and validity of the information provided by them. This blog is for general information only and not intended to provide legal or other professional advice.

Did you find this post useful?
I agree to have my personal information transfered to MailChimp ( more information )
Join other IP protection professionals, i.e., investigators, attorneys, and brand protection specialists and receive updates straight to your inbox.
We hate spam. Your email address will not be sold or shared with anyone else.

Ron Alvarez is an IP investigations and protection consultant and writer in New York City. He is a former NYPD lieutenant where he investigated robbery, narcotics, internal affairs, and fine art theft cases. Ron has since coordinated the private investigation of international fraud and money laundering cases, as well as IP-related investigations and research involving the four pillars of IP: copyright, patents, trademarks, and trade secrets. Ron is a graduate of the FBI National Academy and earned a B.A. in Government and Public Administration from John Jay College of Criminal Justice in Manhattan. He has written a number of articles for various investigative publications, as well as published "The World of Intellectual Property (IP) Protection and Investigations" in November 2021.

1 comment on “Darkside Hackers Learn Bitcoin Ransom Payment Not Out of DOJ Reach


    This is an excellent edition
    The FBI and other Cyber Security entities combined their efforts for
    this successful conclusion.To be certain there is more work to be done.
    Thank You
    Tom Manley Special Agent FBI-Retired

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Get the Global IP Investigations and Enforcement Perspective

Industry content delivered straight to your inbox.
Email address
Secure and Spam free...
%d bloggers like this: