The FBI’s Dallas office has made headlines for confiscating a significant amount of Bitcoin, valued at approximately $2.4 million, from a person involved with the recently emerged Chaos ransomware group. According to a post from FBI Dallas on X, the Bitcoin stash belonged to someone known as “Hors,” who is suspected of carrying out numerous ransomware attacks across Texas and other areas.
On April 15, 2025, the authorities seized a total of 20.2891382 Bitcoins from the address “bc1q5d8af0crjhlnepjq08muhh55899rf2ktye3sxd.” Following this seizure, the U.S. Attorney’s office filed a civil complaint in the Northern District of Texas aiming to forfeit these 20 Bitcoins for the government.
Today, FBI Dallas made public the seizure of over $1.7 million worth of cryptocurrency as part of ongoing efforts to combat ransomware. The seized funds were traced to a cryptocurrency address allegedly associated with a member of the Chaos ransomware group, known as “Hors,” who… pic.twitter.com/uWeIMMGE9J
According to Cisco’s Talos intelligence team, Chaos is a recent ransomware-as-a-service operation that seems to have sprung up in February 2025. They believe it may have arisen from the BlackSuit ransomware gang due to some of their overlapping techniques. Since launching, Chaos has gained notoriety, not just with the FBI, but also with major corporations like Broadcom, partly due to their double-extortion strategies targeting countries like the U.S., U.K., India, and New Zealand.
This gang offers a suite of ransomware tools that can impact various systems, including Windows, ESXi, Linux, and NAS setups, all while prioritizing speedy encryption and advanced security features. When compromised, victims find the files encrypted with a “.chaos” extension, and the attackers employ misleading tactics during the encryption phase. Victims receive a ransom note claiming a security test led to the breach.
Additionally, the Chaos members threaten to leak stolen confidential information if their ransom isn’t paid after breaking into a target’s computer. Strangely, they don’t provide initial payment amounts or instructions right away. Instead, victims receive a Tor onion URL they must use to communicate privately with the hackers. If the ransom is settled, the perpetrators claim they will decrypt the compromised files and permanently erase stolen data. However, failure to pay leads to threats of DDoS attacks on the victim’s services and publicizing sensitive information purloined during the breach.
Although the gang may have thought utilizing cryptocurrency would help disguise their moves, the FBI’s recent confiscations showcase that anonymity isn’t guaranteed in cybercrime realities.
For daily updates, analysis, and reviews, don’t forget to track Tom’s Hardware on Google News.
