The warrant does not imply that the coins were on an exchange. The warrant only indicates that they needed legal authority to seize coins, wherever they are.
It seem more likely that the FBI/NSA had and gained some access to the gang's infrastructure and seized the money.
Transmitting ransom money to an exchange without any type of tumbler or atomic swapping, that it's not a realistic scenario.
That’s my prediction: these guys are like bike thieves who found out the hard way that they just stole a bike belonging to the police chief and so it’s actually being investigated rather than written off. I don’t think they were remotely prepared for this level of scrutiny.
My thoughts exactly. Isn't the tactic to phish multiple potential victims and then they just get email responses from the victims whose data was caught? From the attackers' perspective they could have accidentally made a big catch instead of "targeted critical national infrastructure".
DarkSide's announcement that they were shutting down said that their servers were compromised and taken offline. Presumably the private key was on the server and the server was hosted on a business that responds to U.S. subpoenas.
The warrant is for a location in Northern California and they needed a warrant to get it.
Use your head man, this means they literally went to a Federal Judge and said "hey we have probable cause that this address is on Coinbase" and the Judge was like "wow that is pretty probable" and then they took the warrant to Coinbase who was like "oh damn that's legit ..... can we squirm out of dealing with this .... no ... oh wow that is our address too, okay here is the private key" and then the FBI transferred it
> The warrant is for a location in Northern California
No, its not.
Its for a particular Bitcoin address for which the FBI had the primary key. The FBI can’t legally seize coins just because it has a private key any more than it can seize physical property because it has a key to a house. It needs a warrant to use the key, which will only be issued with probable cause that the material is subject to seizure.
> Use your head man, this means they literally went to a Federal Judge and said "hey we have probable cause that this address is on Coinbase"
They literally did not; the warrant and supporting affidavit are public (with some redactions), and that is not, even remotely, what they say.
> Transmitting ransom money to an exchange without any type of tumbler or atomic swapping, that it's not a realistic scenario.
Maybe not nowadays, but some time ago, after the possibility of tracing transactions was already well known, criminals were still a) first sending all the ransoms they collected directly from the initial ransom address to one address, linking them b) then sending them to their exchange account. No tumbling or obfuscation whatsoever.
It seem more likely that the FBI/NSA had and gained some access to the gang's infrastructure and seized the money.
Transmitting ransom money to an exchange without any type of tumbler or atomic swapping, that it's not a realistic scenario.
Maybe they tried to use an ineffective tumbler?