Federal authorities confiscate 2.4 million dollars worth of Bitcoin from a network associate linked to a surging Chaos crypto-extortion gang
A new ransomware-as-a-service (RaaS) group, known as Chaos, has been causing havoc since its emergence in February 2025. Believed to be an offshoot of the BlackSuit ransomware gang, Chaos operates by offering ransomware software that can quickly and securely encrypt various systems, including Windows, ESXi, Linux, and NAS.
The group employs a double-extortion tactic, encrypting victim data and threatening to release stolen sensitive information if the ransom is not paid. Rather than providing immediate ransom payment instructions, Chaos directs victims to contact the threat actors via a Tor onion URL for negotiation. If paid, the ransom operators decrypt the files and claim to delete stolen data permanently; if not, they threaten DDoS attacks and public data leaks to pressure victims.
The Chaos ransomware software encrypts a victim's files with the ".chaos" file extension and hides the encryption process under false pretenses, claiming that it was performing security testing and successfully compromised the system. The group has been responsible for multiple ransomware attacks against victims in the Northern District of Texas and elsewhere.
In a significant move, the FBI Dallas Field Office seized more than $2.4 million worth of Bitcoin from an affiliate of Chaos known as “Hors.” This seizure occurred on April 15, 2025, but was only publicly recorded via a civil forfeiture complaint on July 24, 2025. The recovered cryptocurrency is linked to ransomware extortion and money laundering activities attributed to Chaos operators.
The United States Attorney's office in the Northern District of Texas has filed a civil complaint seeking the forfeiture of the 20 Bitcoins to the United States government. This case illustrates that despite employing cryptocurrency for extortion, ransomware groups like Chaos remain vulnerable to coordinated efforts by law enforcement agencies to trace and confiscate illicit proceeds.
The FBI's seizure of Bitcoin from a member of the Chaos ransomware group indicates that cryptocurrency offers limited anonymity in the world of cybercrime. The Chaos group has grown in popularity and caught the attention of large corporations such as Broadcom. As law enforcement continues to crack down on such activities, it is crucial for individuals and businesses to remain vigilant and take necessary steps to protect their systems.
[1] FBI Press Release
[2] Civil Forfeiture Complaint
[3] Cybersecurity Dive Article
- The FBI's seizure of Bitcoin from a member of the Chaos ransomware group highlights the limited anonymity that crypto offers in the realm of cybercrime, indicating that technology-driven crimes like these can still be traced and penalized.
- Amidst the growing popularity of Chaos ransomware, large corporations such as Broadcom have been targeted, underlining the importance of upholding robust cybersecurity practices in the face of increasing crime-and-justice threats in the general-news sphere.
