DarkSide, the hacker group behind the recent Colonial Pipeline ransomware attack, received a total of $90 million in bitcoin ransom payments before shutting down last week, according to fresh research.
On Friday, London-based blockchain analytics firm Elliptic said it had identified the bitcoin wallet used by DarkSide to collect ransom payments from its victims. That same day, security researchers Intel 471 said DarkSide had closed down after losing access to its servers and as its cryptocurrency wallets were emptied. DarkSide also blamed “pressure from the U.S.,” according to a note obtained by Intel 471.
In a new blog post Tuesday, Elliptic said DarkSide and its affiliates bagged at least $90 million in bitcoin ransom payments, originating from 47 distinct cryptocurrency wallets. The average payment from organizations was likely $1.9 million, Elliptic said.“To our knowledge, this analysis includes all payments made to DarkSide, however further transactions may yet be uncovered, and the figures here should be considered a lower bound,” said Tom Robinson Elliptic’s co-founder and chief scientist.
Of the $90 million total haul, $15.5 million went to DarkSide’s developer while $74.7 million went to its affiliates, according to Elliptic. The majority of the funds are being sent to crypto exchanges, where they can be converted into fiat money, Elliptic said.NBC Colonial Pipeline hackers received $90 million in bitcoin before shutting down