Read that article, the ransomware attackers left their wallet's private key on a server the feds could get at (either an exchange or a rented server). Pretty dumb thing to do honestly.
I thought it was hilarious they just said they had the keys magically and made no mention how they obtained it. Had to have been on an exchange.
If they were smarter about it they would have asked for ethereum and used tornado cash or sold it into monero. Assuming they didn't hack themselves which is totally possible.
Yeah despite the FBI trying to play coy and pretend they are masters are investigation, the DarkSeid crew themselves mentioned that their "payment server" was seized, which leads me to believe that it's scenario #2 (DarkSeid having a rented server containing their wallet) mentioned in the article that led to the Federal Bureau of Matters being able to recover the coins.
I'm still confused as to why they'd bother with a hotwallet for this sort of thing though.
That was speculation.
It's speculation but it's also what DarkSeid group said happened as well.
(post is archived)