Letter #11: Bitcoin and the FBI Hack That Never Was
This issue of The HiFi Bitcoin Letters is free for everyone. To receive Bitcoin insights and analysis more frequently, consider upgrading to premium membership:
Thank you to those of you who have chosen to financially support my mission to provide honest Bitcoin education with a paid membership!
Bitcoin is highly regarded for the fact that it hasn’t been hacked once in the more than 12 years since the genesis block on the Bitcoin network was mined. For all intents and purposes, Bitcoin stored on the network is safe as long as you protect the private key that secures your Bitcoin wallet.
You can imagine the surprise of many in the community when several media outlets reported today that the FBI had seized around sixty-four Bitcoin allegedly included as part of the payment made to a hacker group in connection with the Colonial Pipeline ransomware attack in May 2021. Missing from their news releases were details on how exactly the FBI had managed to access the Bitcoin, leading many new participants in the Bitcoin space to wonder if the FBI had somehow managed to hack what has up to this point been an un-hackable network.
While the FBI almost assuredly has teams of top tier hackers in its ranks, the idea that the FBI could infiltrate the Bitcoin network was laughable from the start, and seems to have been proven wrong by the FBI’s own press release (more on that below).
What protects my Bitcoin wallet?
In order to send and receive Bitcoin on the Bitcoin network, every user must have a Bitcoin wallet. A Bitcoin wallet is vastly different from the wallet you have in your pocket, or even the wallet you have on your iPhone.
Remember that the Bitcoin network and everything on it are completely digital and are not managed or operated by any centralized entity like a government or corporation. Instead, every Bitcoin wallet consists of two things: a public key, or address that’s visible to anyone so that other users can transfer their Bitcoin to you, and a private key that is known to no one but you and controls your entire Bitcoin fortune.
The private key is like a password that protects your Bitcoin wallet and is required anytime you want to transfer your Bitcoin on the network. However, a private key is significantly more secure than a common password because it is a randomly generated sequence of characters that is not stored anywhere except for the spot you choose to secure it. In essence, the private key is as safe as you choose to make it. In fact, a private key is so secure that the Bitcoin in the associated wallet will be lost if the key is lost.
It’s estimated that there are 2^256, or 115,792,089,237,316,195,423,570,985,008,687,907,852,837,564,279,074,904,382,605,163,141,518,161,494,336, possible private keys. It would be impossible for even the strongest computer in the world to correctly guess any private key over the course of several lifetimes, let alone guess the correct key for a specific Bitcoin wallet. In summary, the FBI did not and cannot brute force its way into taking anyone’s Bitcoin.
So how did the FBI access the hackers’ Bitcoin?
The United States Department of Justice was kind enough to provide some additional details in its own press release:
As alleged in the supporting affidavit, by reviewing the Bitcoin public ledger, law enforcement was able to track multiple transfers of bitcoin and identify that approximately 63.7 bitcoins, representing the proceeds of the victim’s ransom payment, had been transferred to a specific address, for which the FBI has the ‘private key,’ or the rough equivalent of a password needed to access assets accessible from the specific Bitcoin address.
But wait, didn’t we just prove that it’s essentially impossible for the FBI to have guessed the private key for the hackers’ BTC wallet? And it’s perhaps almost as unlikely that the hackers gave the private key to the FBI since they reportedly haven’t been caught.
It’s worth saying again: the private key is as safe as you choose to make it. If you post it to the internet, leave it on a piece of paper in your office, or entrust it to a company like an exchange or lender, your private key can be stolen.
The following quote from the Wall Street Journal makes it seem likely that the hackers made the choice to entrust the private key for their Bitcoin to a cryptocurrency exchange:
Almost all centralized cryptocurrency exchanges hold onto the private keys associated with users’ wallets on the platform. In fact, most of those exchanges don’t even share the private keys with the users themselves. Users are at the mercy of the people running the centralized cryptocurrency exchange for as long as they leave their Bitcoin on the platform.
It’s impossible to hack a private key. But it’s relatively easy for the FBI and the Department of Justice to coerce a person or company into handing over your personal information, including your private key when it’s held in the exchange’s databases. The FBI did not confirm exactly how they acquired the private key used to secure the hackers’ Bitcoin, but it seems much more probable that the Bitcoin were recovered from an exchange rather than through seizure of the private key from the hackers themselves (i.e., hacking the hackers).
How can I protect my Bitcoin from hackers and the FBI?
While the government will argue that it’s in the best interest of all citizens that it be able to seize or freeze assets, it certainly won’t feel that way if it happens to you, whether or not you deserve to be on the wrong side of the law. If you don't protect your Bitcoin, you put your Bitcoin at risk.
The first thing to do is to never leave your Bitcoin on a centralized exchange when you’re not actively trading them. Once you’ve removed your Bitcoin hodlings from the exchange, the next thing to do is learn how to “self-custody” your crypto. Whether you write your private key on a piece of paper locked in a safe, etch it on a piece of metal to be buried in your backyard, or secure it using a hardware wallet like a Trezor, your private key will almost assuredly be safer than it would be sitting with a company that can be hacked or can have a warrant served to it.
FUD seems inevitable, but it doesn’t have to be
It’s essential that everyone educate themselves. Otherwise, you’ll misunderstand the technical aspects of the technology, panic sell your Bitcoin, and possibly miss out on the opportunity of a lifetime.
Like What You See, But Not A Subscriber Yet?
Consider subscribing for two weekly emails about Bitcoin, subscriber giveaways, real-time community discussions and more!
Wish You Could Easily Take The Podcast With You?
Can’t Get Enough Bitcoin In Your Life? Follow Me On Social Media:
🙋🏽♂️Did You Enjoy This Edition Of The HiFi Bitcoin Letters?
This 3-question survey is your chance to tell me how I can improve the newsletter for you.
This is not financial or business advice. This newsletter and related content are for informational purposes only. Cryptocurrencies and digital assets can be risky. Always do your own research before making any sort of investment.