Blog Details

FBI Dallas has seized roughly 20 Bitcoins from a cryptocurrency tackle belonging to a Chaos ransomware member that is linked to cyberattacks and extortion payments from Texas corporations.

The crypto became seized on April 15, 2025, and became traced to an affiliate named “Hors,” who’s suspected of launching the attacks against the companies.

“The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as ‘Hors,’ who has been tied to ransomware attacks against victims here in the Northern District of Texas and elsewhere,” reads the FBI’s announcement.

“As the result of the actions, 20.2891382 BTC was seized (now valued at over $2.3 million) from cryptocurrency address bc1q5d8af0crjhlnepjq08muhh55899rf2ktye3sxd on April 15, 2025.”

The U.S. Department of Justice released an announcement informing that, on July 24, 2025, it filed a civil criticism searching out for the forfeiture of the quantity the FBI seized, which is now valued at over $2,400,000.

Civil forfeiture permits the govt. to file a criticism at as soon as against the property, searching out for to clutch permanent possession of resources believed to be linked to prison exercise, in this case, ransomware.

Scam detection Chaos ransomware revival

The cryptocurrency became seized from the reasonably fresh Chaos ransomware operation that is believed to be a rebrand of the BlackSuit ransomware crew.

Even though the name is the identical as a low-tier ransomware variant whose builder has been extinct by cybercriminals since mid-2021, the fresh Chaos gang has no hyperlinks to this older variant.

The fresh Chaos ransomware operation stems from the infamous Conti ransomware gang, which suffered a files breach and shut down in June 2022. Its individuals then splintered into barely quite quite a bit of diverse ransomware gangs.

In January 2023, the Royal (Quantum) ransomware gang became launched, which became believed to be the dispute successor to the infamous Conti operation.

In June 2023, after feeling tension from legislation enforcement for the assault on the Metropolis of Dallas, Texas, the Royal ransomware operation started making an attempt out a fresh BlackSuit encryptor, sooner or later rebranding as BlackSuit.

Cisco Talos researchers deem the fresh Chaos ransomware is a rebrand of BlackSuit in conserving with similarities in the encryption, ransom trace construction, and the toolset extinct in the attacks. 

While the U.S. DOJ and FBI comprise not explicitly principal which Chaos crew ‘Hors’ belonged to, BleepingComputer confirmed that the Bitcoin seizure is linked to the fresh Chaos operation.

Because the BlackSuit ransomware operation had its darkish net extortion net sites seized by legislation enforcement closing week, it is that it is seemingly you’ll remember that the legislation enforcement investigation uncovered this cryptocurrency wallet as share of the operation.