The U.S. Department of Justice has seized over $2.3 million in Bitcoin linked to the Chaos ransomware group, marking a significant step in combating ransomware-related crypto crimes.
-
DOJ filed a civil complaint to forfeit 20.2891382 Bitcoin tied to Chaos ransomware member “Hors.”
-
The FBI seized the funds in April 2025 from a wallet associated with the ransomware operator.
-
Chaos operates as a ransomware-as-a-service platform targeting multiple systems since early 2025.
DOJ seizes $2.3M Bitcoin linked to Chaos ransomware group member “Hors.” Discover how authorities are disrupting crypto-enabled cybercrime. Read more on COINOTAG.
What are the DOJ’s allegations against the Chaos ransomware group?
The Department of Justice alleges that the seized Bitcoin represents proceeds from illegal activities including extortion and money laundering linked to ransomware attacks. The group member known as “Hors” is accused of targeting victims in Texas and beyond, encrypting data, and demanding cryptocurrency payments to restore access and prevent data leaks.
How did the DOJ recover the seized Bitcoin?
Federal agents accessed the wallet using a recovery seed phrase linked to Electrum, an older Bitcoin wallet platform. The seized cryptocurrency was transferred to a government-controlled address. While specific technical details remain confidential, the DOJ confirmed the funds’ connection to illicit ransomware operations.
What is the Chaos ransomware group and how does it operate?
Chaos is a ransomware-as-a-service (RaaS) group active since February 2025. It offers ransomware tools to affiliates who pay a share of ransom profits. The group targets Windows, Linux, ESXi, and NAS systems, encrypting files and threatening to leak sensitive data to extort victims.
Why is Chaos distinct from other ransomware groups?
Despite sharing a name with an existing ransomware builder, Chaos appears unrelated and uses the name to obscure its identity. The group’s cross-platform capabilities and aggressive tactics make it a significant threat to individuals and businesses alike.
How is the DOJ advancing cryptocurrency crime recovery efforts?
The DOJ collaborates with law enforcement and blockchain firms to recover stolen cryptocurrency. Recent efforts include recovering over $40,000 in USDT linked to scams and filing complaints to seize hundreds of millions in illicit crypto assets. The DOJ’s largest recovery to date involves $9 billion from the 2016 Bitfinex hack.
| Case | Amount Recovered | Year |
|---|---|---|
| Chaos Ransomware Bitcoin Seizure | $2.3 Million | 2025 |
| Bitfinex Hack Recovery | $9 Billion | 2016-2025 |
| Tether Scam Recovery | $40,300 USDT | 2025 |
What impact does this seizure have on ransomware enforcement?
The seizure highlights the DOJ’s growing capability to trace and recover cryptocurrency linked to ransomware. It serves as a deterrent to cybercriminals and demonstrates the effectiveness of cross-agency collaboration and blockchain analytics in disrupting illicit crypto flows.
What challenges remain in combating ransomware groups like Chaos?
Despite advances, ransomware groups continuously evolve tactics to evade detection. The anonymous nature of cryptocurrency and the use of decentralized platforms complicate enforcement. Ongoing innovation in blockchain forensics and legal frameworks is essential to keep pace.
Frequently Asked Questions
How does the DOJ trace cryptocurrency linked to ransomware?
The DOJ uses blockchain analytics, wallet forensics, and legal tools like recovery seed phrases to identify and seize illicit cryptocurrency assets tied to ransomware activities.
What is ransomware-as-a-service (RaaS)?
RaaS is a business model where ransomware developers lease their malware to affiliates who conduct attacks, sharing ransom profits with the developers.
Key Takeaways
- DOJ seized over $2.3 million in Bitcoin linked to Chaos ransomware group member “Hors.”
- Chaos operates as a ransomware-as-a-service platform targeting multiple operating systems since early 2025.
- DOJ’s coordinated efforts demonstrate growing success in tracing and recovering illicit cryptocurrency assets.
Conclusion
The Department of Justice’s seizure of over $2.3 million in Bitcoin connected to the Chaos ransomware group underscores the increasing effectiveness of law enforcement in combating crypto-enabled cybercrime. As ransomware threats evolve, continued collaboration and innovation in blockchain forensics remain critical to safeguarding digital assets and deterring criminal activity.
-
The U.S. Department of Justice has taken decisive action by filing a civil complaint to forfeit over $2.3 million in Bitcoin linked to a member of the Chaos ransomware group.
-
The FBI successfully seized the cryptocurrency in April 2025 from a wallet controlled by the individual known as “Hors.”
-
Chaos operates as a ransomware-as-a-service platform, targeting multiple operating systems and extorting victims since early 2025, according to cybersecurity experts at Cisco Talos.
DOJ seizes $2.3M Bitcoin linked to Chaos ransomware group member “Hors.” Discover how authorities are disrupting crypto-enabled cybercrime. Read more on COINOTAG.
What are the DOJ’s allegations against the Chaos ransomware group?
The Department of Justice alleges that the seized Bitcoin represents proceeds from illegal activities including extortion and money laundering linked to ransomware attacks. The group member known as “Hors” is accused of targeting victims in Texas and beyond, encrypting data, and demanding cryptocurrency payments to restore access and prevent data leaks.
How did the DOJ recover the seized Bitcoin?
Federal agents accessed the wallet using a recovery seed phrase linked to Electrum, an older Bitcoin wallet platform. The seized cryptocurrency was transferred to a government-controlled address. While specific technical details remain confidential, the DOJ confirmed the funds’ connection to illicit ransomware operations.
What is the Chaos ransomware group and how does it operate?
Chaos is a ransomware-as-a-service (RaaS) group active since February 2025. It offers ransomware tools to affiliates who pay a share of ransom profits. The group targets Windows, Linux, ESXi, and NAS systems, encrypting files and threatening to leak sensitive data to extort victims.
Why is Chaos distinct from other ransomware groups?
Despite sharing a name with an existing ransomware builder, Chaos appears unrelated and uses the name to obscure its identity. The group’s cross-platform capabilities and aggressive tactics make it a significant threat to individuals and businesses alike.
How is the DOJ advancing cryptocurrency crime recovery efforts?
The DOJ collaborates with law enforcement and blockchain firms to recover stolen cryptocurrency. Recent efforts include recovering over $40,000 in USDT linked to scams and filing complaints to seize hundreds of millions in illicit crypto assets. The DOJ’s largest recovery to date involves $9 billion from the 2016 Bitfinex hack.
| Case | Amount Recovered | Year |
|---|---|---|
| Chaos Ransomware Bitcoin Seizure | $2.3 Million | 2025 |
| Bitfinex Hack Recovery | $9 Billion | 2016-2025 |
| Tether Scam Recovery | $40,300 USDT | 2025 |
What impact does this seizure have on ransomware enforcement?
The seizure highlights the DOJ’s growing capability to trace and recover cryptocurrency linked to ransomware. It serves as a deterrent to cybercriminals and demonstrates the effectiveness of cross-agency collaboration and blockchain analytics in disrupting illicit crypto flows.
What challenges remain in combating ransomware groups like Chaos?
Despite advances, ransomware groups continuously evolve tactics to evade detection. The anonymous nature of cryptocurrency and the use of decentralized platforms complicate enforcement. Ongoing innovation in blockchain forensics and legal frameworks is essential to keep pace.
Frequently Asked Questions
How does the DOJ trace cryptocurrency linked to ransomware?
The DOJ uses blockchain analytics, wallet forensics, and legal tools like recovery seed phrases to identify and seize illicit cryptocurrency assets tied to ransomware activities.
What is ransomware-as-a-service (RaaS)?
RaaS is a business model where ransomware developers lease their malware to affiliates who conduct attacks, sharing ransom profits with the developers.
Key Takeaways
- DOJ seized over $2.3 million in Bitcoin linked to Chaos ransomware group member “Hors.”
- Chaos operates as a ransomware-as-a-service platform targeting multiple operating systems since early 2025.
- DOJ’s coordinated efforts demonstrate growing success in tracing and recovering illicit cryptocurrency assets.
Conclusion
The Department of Justice’s seizure of over $2.3 million in Bitcoin connected to the Chaos ransomware group underscores the increasing effectiveness of law enforcement in combating crypto-enabled cybercrime. As ransomware threats evolve, continued collaboration and innovation in blockchain forensics remain critical to safeguarding digital assets and deterring criminal activity.
