Replies

That still doesn’t make any sense to me.

Are you mixing up addresss/wallet? Are you suggesting they created a fake wallet application like their own version of Wasabi, Bitpay, Electrum, etc.. and then tricked the bad guys into using it? How would they do that?

Are you suggesting they somehow created an address that did something weird and had the bad guys receive BTC from it and that somehow did something to compromise them?

I have have a moderate understanding of how Bitcoin works and I can’t tell if you understand it WAY more than me and just aren’t explaining yourself adequately or you don’t understand it at all.

"Are you suggesting they created a fake wallet application like their own version of Wasabi, Bitpay, Electrum, etc.. and then tricked the bad guys into using it? How would they do that?"

I noted that this was not likely Darkside but hangers-on that had Darkside tools given Darkside went into franchising mode half-a-year ago. Colonial was not "darksupp", but some slav squat script incel "franchisee" (lol) who thought Bitcoin transactions were untraceable.

DARKSIDE Ransomware Service
"Beginning in November 2020, the Russian-speaking actor "darksupp" advertised DARKSIDE RaaS on the Russian-language forums exploit.in and xss.is. In April 2021, darksupp posted an update for the "Darkside 2.0" RaaS that included several new features and a description of the types of partners and services they were currently seeking (Table 1). Affiliates retain a percentage of the ransom fee from each victim. Based on forum advertisements, the RaaS operators take 25% for ransom fees less than $500,000, but this decreases to 10 percent for ransom fees greater than $5 million."

These wodka-slurping sloping-heads not only took alphabet bait - webhook, plink, and sync-er - but in doing so gave away "darksupp" loc, his circle of operations, and his server farm:

"The DarkSide ransomware operation has allegedly shut down after the threat actors lost access to servers and their cryptocurrency was transferred to an unknown wallet."
"In the post, 'Unkn' shared a message allegedly from DarkSide explaining how the threat actors lost access to their public data leak site, payment servers, and CDN servers due to law enforcement action."