- The U.S. Department of Justice is seeking control of $2.3 million in Bitcoin connected to Ransomware crimes.
- The funds are linked to the recently identified Chaos ransomware group.
- The FBI in Dallas seized 20.3 Bitcoin from a suspected Chaos member in April.
- Authorities used a recovery seed phrase via Electrum wallet for the seizure.
- Court documents explaining the details remain sealed due to sensitivity.
Federal officials are moving to forfeit $2.3 million in Bitcoin tied to alleged ransomware attacks. The U.S. Department of Justice wants to take ownership of the digital funds, which are connected to the Chaos ransomware group. The seizure occurred in April, targeting a member known as “Hors” who is believed to have conducted attacks in Texas.
According to a statement from the U.S. Attorney’s Office for the Northern District of Texas, authorities filed a civil complaint last week to claim 20.3 Bitcoin as proceeds of money laundering and ransomware activity. The FBI’s Dallas division led the recovery, accessing the assets using a seed phrase—a series of words that can restore a digital wallet—through Electrum, a Bitcoin storage program.
The funds are now stored in a government-controlled digital wallet. The official explanation and specific criminal allegations are filed “under seal as a highly sensitive document,” the government stated.
A spokesperson for the U.S. Attorney’s Office declined to comment to Decrypt, citing the ongoing litigation.
The Chaos group is described by Cybersecurity company Cisco Talos as a “ransomware-as-a-service” operator. This means they offer malicious software for rent, enabling attacks across Windows, ESXi, Linux, and NAS systems. The group demands payments after encrypting a victim’s files, threatening to leak confidential data if ransoms are not paid. Cisco Talos observed Chaos activities beginning in February.
Officials also noted that earlier government seizures, such as 69,370 Bitcoin from the Silk Road case, represent even larger asset recoveries. That Bitcoin would now be worth about $8.2 billion.
Although other threat actors use the name “Chaos” and similar software, Cisco Talos said the current group likely has no connection to past developers, and may be using the shared name to obscure their real identities. For more on the group’s tactics, see Cisco Talos’ recent writeup at this link.
The forfeiture is ongoing, with authorities holding the seized Bitcoin as the legal process continues.
✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.
Previous Articles:
- Spiko Raises $22M, Nears Top 5 in Tokenized MMF With $400M AUM
- Bitcoin Surges After $9B Shock, Analysts Predict Cycle Is Over
- ECB Adviser: Digital Euro Alone Won’t Rival US Dollar Stablecoins
- Morgan Stanley: India to Lead BRICS with Fastest GDP Growth by 2026
- Hedera to Raise ConsensusSubmitMessage Fee to $0.0008 in 2026
