I read TFA, but I want to know - how is this possible? Could the taskforce have offered or negotiated with DarkSide to recover the $4.4m in BTC?

This twitter thread has an interesting take based on the warrant: https://twitter.com/jordanschachtel/status/14019885434933329...

Wild guess, but maybe FBI has a database of Bitcoin private keys for machines they have infiltrated, and this was usable in this case?

If you aren’t storing your crypto in an offline wallet, then someone else holds the keys to your crypto.

Very little in this story makes sense. A gang of alleged hackers is sophisticated enough to cause major gasoline shortages in the US but dumb enough to try converting the ransom on a US-based exchange?

An affidavit spells out some of what's alleged to have happened:

https://storage.courtlistener.com/recap/gov.uscourts.cand.37...

The agent used a blockchain explorer to track the payment. This is something anyone can do. A few transfers down the line and suddenly the FBI has the private key.

It's been speculated that because the private key is in the possession of the FBI in the "Northern District of California" that Coinbase was involved. The ransomers got paid, did some easily-tracked transactions, then sent the funds to Coinbase? They must have known full well that the FBI would be waiting.

The message I take away from this so far is either:

1. The attackers were numbskulls who happened to get lucky; or

2. The attackers never cared about the ransom and are using it to mislead investigators and/or the public.

There are venues where exchanges coordinate to track and freeze illicitly obtained funds. The majority of exchanges are represented there. Most likely the funds were frozen when they were sent to an exchange to cash out Fiat currency.