Several media outlets have received anonymous ransom notes demanding millions in Bitcoin in exchange for the release of Nancy Guthrie, mother of Today Show host Savannah Guthrie, but cryptocurrency is not as untraceable as the potential kidnappers might think.
TODAY — Pictured: Savannah Guthrie and mother Nancy Guthrie (Photo by: Nathan Congleton/NBC via Getty Images)
Nathan Congleton/NBC via Getty Images
Key Facts
84-year-old Nancy Guthrie was taken from her home on Sunday in what authorities described as a “possible kidnapping or abduction,” with traces of her blood found on her front porch.
Early this week, TMZ and local Tucson station KOLD-TV received ransom notes from anonymous individuals alleging to be in possession of Guthrie.
The note received by TMZ reportedly contained a specific cryptocurrency address for payment, which TMZ confirmed is real and active (the address was not published).
The authenticity of the ransom notes is still being investigated by the FBI (Derrick Callella, a Los Angeles man, was arrested Thursday for texting Guthrie’s family members false ransom demands, but was not connected to the notes).
At a press conference on Thursday, Heith Janke, the special agent in charge of the FBI’s Phoenix division, announced that there will be a $50,000 reward for information leading to Guthrie’s rescue or the arrest of those involved.
Big Number
$813.55 million. That’s the total value of the cryptocurrency paid as ransom in 2024, according to blockchain intelligence firm Chainalysis. That number went down 35% from the 2023 high of $1.25 billion, largely thanks to “increased law enforcement actions, improved international collaboration, and a growing refusal by victims to pay,” according to the report.
Tangent
In 2021, the DOJ established the National Cryptocurrency Enforcement Team to investigate crimes involving digital assets, including money laundering, ransomware, and dark market activities, but the special unit was disbanded in April to shift focus away from “regulation by prosecution,” according to a memorandum published by the agency.
Can Bitcoin Payments Be Traced?
Cryptocurrency transactions are permanently recorded on shared digital records called blockchains. That means that, technically, all Bitcoin transactions can be traced. When a ransom payment is made in Bitcoin, law enforcement can observe the transaction on the blockchain in real time, tracking the exact amount paid, the wallet that received it and any subsequent transfers. Investigators then use blockchain-analysis tools to map how the funds are split, combined or moved across multiple addresses, making it difficult for criminals to cover their tracks by simply scattering the funds.
A common misconception is that Bitcoin is anonymous. While wallet addresses are not linked to names, once an address is connected to a real-world identity, the entire transaction history of that address becomes visible, and there are several ways to connect a wallet address to its owner. Some criminals get sloppy and reuse known addresses, communicate wallet details in emails that can be traced or leave identifying digital footprints elsewhere during an investigation. Several cryptocurrency exchanges also have know-your-customer rules that enable them to collect personal information they can then use to cooperate with authorities. However, since these transactions are often international, “U.S. law enforcement may encounter significant challenges” due to the variety of jurisdictions involved, especially when funds enter countries that are soft on money laundering, according to the government’s Internet Crime Complaint Center. When compromised funds are traced and identified in a cooperative jurisdiction, they can be seized pursuant to criminal and civil forfeiture statutes.
Key Background
Cryptocurrency is often used as a form of ransom because payments can be made quickly across borders with a high degree of anonymity, but several criminals have been caught in the act. In July, the U.S. Department of Justice (DOJ) announced that it had charged three foreign nationals with fraud and extortion for targeting companies throughout the United States with malicious software, after tracing a total of 1,610 bitcoins in ransom payments worth over $15 million at the time of payment. In 2021, attackers from criminal group DarkSide launched a massive ransomware cyberattack on the Colonial Pipeline Company, which carries nearly half of the fuel used on the U.S. East Coast, according to the firm, encrypting data critical to the pipeline’s operation and demanding payment of about 75 bitcoins (roughly $4.4 million at the time). Colonial paid the ransom, but the DOJ was able to recover the vast majority of the Bitcoin paid (about 63.7 bitcoins) just one month later.
Look back on the week that was with hand-picked articles from Australia and around the world. Sign up to the Forbes Australia newsletter here or become a member here.
