How FBI recovered Bitcoin?

The Federal Bureau of Investigation (FBI) is the domestic intelligence and security service of the United States and its most powerful law enforcement agency. Over the years, the FBI has been involved in recovering stolen or seized Bitcoins worth millions of dollars through high-profile investigations and operations.

Bitcoin is a decentralized digital currency that was created in 2009 by an unknown person or group using the name Satoshi Nakamoto. Unlike fiat currencies, Bitcoin does not rely on any central authority and is governed by a distributed network using blockchain technology. The FBI’s interest in Bitcoin stems primarily from its use in illegal activities due to the pseudonymous nature of Bitcoin transactions.

Some of the major ways in which the FBI has managed to seize or recover Bitcoins from cybercriminals are:

  • Silk Road takedown
  • AlphaBay shutdown
  • Bitcoin exchange thefts
  • Ransomware attacks
  • Dark web marketplace seizures

Silk Road Takedown

In 2013, the FBI shut down Silk Road, which was the most extensive illegal drug and contraband marketplace on the dark web at the time. The marketplace relied exclusively on Tor encryption and Bitcoin for protecting user anonymity and transactions. The alleged founder and operator of Silk Road, Ross Ulbricht, was arrested by the FBI and 144,000 Bitcoins worth $28.5 million were seized by the FBI. The bureau was able to identify and seize the Bitcoins associated with Silk Road’s operations through forensic analysis of the web server and Ulbricht’s seized laptop.

The FBI then proceeded with auctioning the seized Bitcoins periodically in blocks after Ulbricht’s trial and conviction. Multiple auctions were held for selling the Bitcoin holdings from 2014-2015. Tim Draper, a venture capitalist, reportedly bought nearly 30,000 Bitcoins at an auction held at below market rates at the time. The FBI was able to retrieve a total of over $48 million from the seized Silk Road Bitcoins through these auctions.

Impact of Silk Road seizure

The Silk Road takedown and Bitcoin seizures had significant implications for both Bitcoin adoption and perceptions about its use for illegal activities. Some of the key effects were:

  • Showed that Bitcoin transactions were not entirely anonymous and could be traced
  • Led to increased mainstream awareness and adoption of Bitcoin
  • Sparked greater regulatory interest in cryptocurrencies
  • Demonstrated FBI’s capabilities in tracking illicit dark web activities

AlphaBay Shut Down

In July 2017, the FBI carried out Operation Bayonet, which led to the shutdown of AlphaBay, the largest dark web marketplace at the time. It had emerged after Silk Road’s takedown and offered an extensive range of illicit goods and services like drugs, stolen data, and counterfeit documents.

An international law enforcement operation spanning the US, Thailand, Canada, and Europe was initiated for investigating and taking down AlphaBay. The alleged founder of AlphaBay, Alexandre Cazes, was arrested in Thailand and later found dead in his jail cell. The US Department of Justice (DoJ) reported that law enforcement agencies were able to identify and seize several thousand Bitcoins, worth around $8 million at the time, linked to AlphaBay.

Investigation techniques

Some of the ways in which the FBI tracked and seized AlphaBay’s Bitcoin holdings were:

  • Infiltration ofAlphaBay by undercover agents for gathering intelligence
  • Identification of Cazes through his personal email address
  • Tracking Bitcoin transactions between AlphaBay and Cazes’ accounts
  • Tracking cryptocurrency mixers and tumblers
  • Use of blockchain analytics tools for transaction mapping

This demonstrated the FBI’s enhanced capabilities for identifying cryptocurrency users on the dark web through blockchain tracking and analysis.

Bitcoin Exchange Thefts

There have also been instances where the FBI has successfully recovered Bitcoins that were stolen from cryptocurrency exchanges through hacks and thefts. Some notable examples include:

Bitfinex hack

In 2016, about $72 million worth of Bitcoin was stolen from Bitfinex, which was one of the largest Bitcoin exchanges at the time. Nearly 120,000 BTC were taken. The FBI was able to track down and recover about 100 BTC worth around $104,000 from the stolen funds in 2020. The Bitcoins were transferred to a bitcoin wallet address controlled by the FBI, four years after the hack.

Bitcoin Savings and Trust

The Bitcoin Savings and Trust was a pyramid scheme disguised as a Bitcoin investment platform. Its operator, Trendon Shavers, defrauded investors of over 100,000 Bitcoins by promising unrealistic returns. The FBI seized 30,000 Bitcoins (~$8.2 million) from Shavers in 2012 after shutting down his fraudulent operation. The funds were returned to the victims through a refund program.

Ransomware Attacks

Ransomware attacks typically involve hacking networks and systems and encrypting data until a Bitcoin ransom is paid. While most ransomware operators are never caught, the FBI has been able to track down some of them and recover the ransom payments. The techniques used involve blockchain transaction tracing and identification of crypto wallet addresses used by the attackers for receiving payments.

Colonial Pipeline attack

In 2021, the major US fuel pipeline operator Colonial Pipeline was hit with a crippling ransomware attack that caused widespread fuel shortages across parts of the US East Coast. The operators paid a 75 Bitcoin ransom worth over $4 million to the hacking group DarkSide. The FBI was able to later trace 63.7 Bitcoins worth $2.3 million that were paid as a ransom. This was possible due to the hackers leaving a digital trail for investigators to track their Bitcoin transactions.

Dark Web Marketplace Seizures

The FBI and other US government agencies have continually targeted dark web marketplaces facilitating illicit trade through Tor encryption and Bitcoin payments. When these operations are taken down, large amounts of Bitcoins used for transactions are often seized. Some examples include:

Operation Onymous

In 2014, the FBI, Europol, and other government agencies jointly took down multiple dark web markets as part of Operation Onymous. Over $1 million in Bitcoin was reportedly seized during the operation.

Welcome to Video

In 2019, the South Korean dark web child exploitation site Welcome to Video was taken down by authorities. Over $370,000 worth in Bitcoin seized was specifically traced to 24 site users in 11 countries.

Wall Street Market

In 2019, after investigators shut down Wall Street Market, one of the largest dark web marketplaces active then, more than $11 million worth in Bitcoin was reportedly seized by the FBI and Europol.

Challenges in Recovering Bitcoin

While the FBI has had success in seizing or forfeiting Bitcoins in many cases, there are significant challenges when it comes to identification and recovery of cryptocurrency assets used for illicit financing:

  • Blockchain transactions are highly encrypted and difficult to de-anonymize
  • Cryptocurrency mixing services obscure transaction trails
  • Suspects store crypto assets in cold wallets or offline storage media
  • Jurisdictional issues across countries
  • Limited law enforcement resources and specialized training

Some of the ways in which the FBI is enhancing its capabilities for tracing cryptocurrencies include:

  • Developing advanced blockchain analytics tools and forensics techniques
  • Collaborating with cryptocurrency intelligence firms and exchanges
  • Operating seized dark web marketplaces to identify active users
  • Improving training for agents on blockchain technology

Legal Basis for FBI Bitcoin Seizures

The legal basis under which the FBI is able to seize or recover Bitcoin assets linked to criminal cases depends on the specific circumstances and nature of crimes involved. Some of the key laws and provisions used are:

Civil asset forfeiture

The FBI can seize assets like Bitcoin that are proceeds or instruments of criminal activity under federal asset forfeiture statutes. This involves a civil action against the property itself rather than the defendant.

Criminal asset forfeiture

This allows seizure of property after the criminal conviction of a defendant based on nexus between the property and the crime committed.

Search warrants

Courts authorize search warrants that allow law enforcement to search devices or addresses and seize discovered Bitcoins as evidence in an investigation.

Mutual legal assistance treaties

The US has bilateral MLATs with many countries for asset sharing or recovery in cross-border cases.

While the FBI has had its failures in recovering all Bitcoin assets in major cases, its track record demonstrates an increasing ability to counter illicit use of cryptocurrencies with both legal powers and technical capabilities.

Storage of Seized Bitcoins

The FBI has to ensure proper accounting, storage and management of any Bitcoin assets it seizes during investigations and operations. Some of the ways seized cryptocurrencies may be handled include:

  • Transfer to federally managed Bitcoin wallets or addresses
  • Conversion to fiat currency through auctions or direct sales
  • Storage on encrypted drives or cold wallets in FBI custody
  • Depositing into asset forfeiture funds or accounts

The FBI has set up cryptocurrency wallets for asset seizures. It uses third-party blockchain analysis tools like Chainalysis for managing seized assets as well. Cold storage and multi-signature wallets are used for securely storing larger seized holdings.


There are risks associated with the FBI handling seized Bitcoins:

  • Loss of private keys or theft can lead to asset losses
  • Price volatility between seizure and liquidation
  • High costs for prolonged cryptocurrency storage

The FBI has to follow strict protocols and security measures for storing, tracking, and liquidating seized cryptocurrency holdings without any leakages or losses.

FBI Cryptocurrency Seizures and Forfeitures

The following table provides an overview of some major FBI seizures of Bitcoin and other cryptocurrency assets related to criminal cases and dark web activities:

Year Case/Operation Estimated Value of Crypto Seized
2012 Bitcoin Savings and Trust $8.2 million in BTC
2013 Silk Road 144,000 BTC ($28.5 million)
2017 AlphaBay Several thousand BTC (~$8 million)
2019 Welcome to Video site Over $370,000 in BTC
2019 Wall Street Market Over $11 million in BTC
2020 Bitfinex hack 100 BTC ($1 million)
2021 Colonial Pipeline ransomware 63.7 BTC ($2.3 million)

This table illustrates the broad range of cryptocurrency seizure values by the FBI spanning from thousands to hundreds of millions of dollars based on the cases involved. The FBI is one of the global leaders in terms of law enforcement seizures of Bitcoin and other cryptocurrencies used for illicit financing.


The FBI has established itself as one of the most capable law enforcement agencies when it comes to identifying, seizing and recovering illicit Bitcoin and crypto funds. It has continually evolved its investigative techniques for dark web marketplaces and cryptocurrency crimes. FBI cryptocurrency seizure operations like the Silk Road takedown have become iconic examples of dismantling criminal networks abusing virtual currencies.

At the same time, technical and legal challenges remain in tracing pseudonymous ownership of cryptocurrency wallets and transfers. As cryptocurrency adoption rises, the FBI is likely to direct more strategic focus and resources towards developing its institutional expertise in cryptocurrency forensic analysis and asset seizure procedures. Better interagency coordination as well as public-private partnerships can further enhance outcomes in FBI cryptocurrency investigations and operations.