Print this article The FBI claimed it recovered millions of dollars in Bitcoin paid as ransom during the attack against the Colonial Pipeline — a feat that is now generating more questions than answers. The Justice Department and the FBI announced Monday it had seized 63.7 bitcoins (worth about $2.3 million at the time) from a Bitcoin wallet thought to be controlled by cybercriminals tied to a Russia-based collective called DarkSide, which operates off a “ransom as service” model. Recovery of the cryptocurrency ransom from its presumably savvy holders, especially in such a short time, left many experts stunned. While many details about the operation to recover the funds remain unclear, perhaps the biggest mystery, and the one that has so many people scratching their heads, is how the FBI managed to get the “private key” used to unlock and pull assets from the criminals’ specific Bitcoin address. In the realm of cryptocurrency, a private key functions like a password and is closely guarded, especially among groups dealing with such large amounts of stolen money. Experienced Bitcoin holders typically don't link their private keys to the internet at all, instead using "cold wallets."