FBI confiscates $2.4 million in Bitcoin from member of growing Chaos ransomware group
The FBI in Dallas recently made a significant breakthrough by seizing millions of dollars’ worth of Bitcoin from a member of the Chaos ransomware group. The confiscated funds, totaling $2.4 million, were allegedly owned by a Chaos member known as “Hors,” responsible for launching ransomware attacks in the Northern District of Texas and other locations.
It was reported that the FBI managed to seize 20.2891382 Bitcoins from the Bitcoin address “bc1q5d8af0crjhlnepjq08muhh55899rf2ktye3sxd” on April 15, 2025. Subsequently, the United States Attorney’s office filed a civil complaint seeking the forfeiture of these Bitcoins to the government.
The Chaos ransomware group, according to Cisco’s Talos threat intelligence team, is a relatively new player in the cybercrime arena, emerging in February 2025. The gang is believed to have connections to the BlackSuit ransomware group due to similar tactics and operating methods. Chaos quickly gained notoriety for its double extortion attacks on major corporations like Broadcom in the U.S, U.K., India, and New Zealand, attracting the attention of law enforcement agencies worldwide.
Talos also revealed that Chaos offers ransomware software designed to target various systems, including Windows, ESXi, Linux, and NAS, boasting high-speed encryption and robust security features. This software encrypts files on the host system with a “.chaos” extension and camouflages the encryption process. Victims are threatened with the disclosure of their sensitive data unless they pay the ransom demanded by the gang.
Remarkably, Chaos does not provide initial ransom instructions but instead directs victims to a Tor onion URL to initiate negotiations. If the ransom is paid, the gang promises to decrypt the files and delete any stolen data. Failure to comply results in threats of DDoS attacks on public-facing services and the publication of sensitive data.
While the gang may have believed that using cryptocurrency for extortion activities would shield their identities, the recent FBI seizure demonstrates that such actions do not guarantee anonymity in the cybercrime realm.
The crackdown on Chaos by law enforcement agencies highlights the ongoing efforts to combat ransomware attacks and cybercrime. As criminal groups evolve and adapt, authorities must remain vigilant and proactive in addressing emerging threats. The FBI’s successful operation against Chaos serves as a warning to cybercriminals that the consequences of their actions will eventually catch up with them.
