Coinbase pushes back against the theory it helped US authorities recover Colonial Pipeline ransom crypto

Coinbase pushes back against the theory it helped US authorities recover Colonial Pipeline ransom crypto
Shannon Stapleton/Reuters
  • Coinbase said it did not work with US authorities to recover the Colonial Pipeline crypto ransom.
  • Graphs circulating online seemed to show that the bitcoin ransom was sent via Coinbase servers.
  • The FBI recovered a big chunk of the $4.3 million paid by gaining access to the hackers' wallet.

Coinbase's chief security officer has denied the crypto exchange helped US authorities recover a big chunk of the $4.3 million crypto ransom paid to Colonial Pipeline hackers, after theories about its involvement circulated online.

Company CSO Philip Martin took to Twitter to respond to the claims that the crypto exchange had played a part in the Department of Justice and FBI seizing 63.7 bitcoins, worth $2.3 million, by unlocking a bitcoin wallet. Court filings showed authorities obtained a seizure warrant for the wallet, which contained funds paid to "Dark Side" hackers who shut down the US's largest refined-oil-product pipeline in May.

"Coinbase was not the target of the warrant and did not receive the ransom or any part of the ransom at any point. We also have no evidence that the funds went through a Coinbase account/wallet," Martin tweeted.

Various blockchain data graphs circulating on social media were interpreted as showing the bitcoin ransom was wired through Coinbase's servers, which led to an outcry from Coinbase users and bitcoin fans.

Pointing to BitQuery graphs in particular, Martin said any reference to Coinbase on graphs and documents referred to "Coinbase" as a concept rather than the crypto exchange itself.


Further, Coinbase uses a "pooled hot wallet", whereas the FBI was in possession of just one private key, which the crypto exchange could not provide, Martin explained.

The online uproar centered on complaints that collaboration with government agencies was against the spirit of cryptocurrencies, which fans take pride in being decentralized, private and an alternative to state-regulated finance.

The US authorities have yet to give an official explanation of how they were able to obtain the private key that gave them access to the digital wallet used by the Dark Side hackers, allowing them to seize back the majority of the payment.

"So how did they get the private key? Maybe some whiz-bang magic, but my guess would be it was some good ol' fashioned police work to locate the target servers, and an MLAT request and/or some political pressure to get access." Martin suggested.

One of regulators' main concerns around crypto is its use by criminals to fuel illicit activities, and whether authorities need more tools to respond and handle such situations.


Bitcoin fell by more than 12% on Tuesday alongside most major cryptocurrencies after US authorities said they had been able to recover the ransom. It started to recover on Wednesday morning and was up 5.39% in the 24 hours to 6:42 am E.T. Bitcoin was last trading at $34,587.26.