how did government retrieve ransomware bitcoin?

[avikz]

https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside

Any ideas how they would have retrieved the bitcoin,

We will continue to target the entire ransomware ecosystem

-- makes me curious how they would technically retrieve the coins unless they located the individual and got the device they were on.

I am sure FBI wouldn't let us know how they have recovered the stolen bitcoins from the hackers without actually arresting them. But I think they have done it through some kind of whitelisted malware. But there are many other possibilities as well. If you see any article which claims to know the exact process, steer clear of that! For obvious reasons, FBI wouldn't disclose the process.

[HashFace]

The most plausible explanation (guess) I've heard as to how the FBI claimed to be holding the private keys is that the FBI has set up "Bit Coin Mixers", "anonymous exchanges", or some other money laundering service to attract criminals and monitor criminal activity.  They just got lucky and the criminals sent their coins right to them.

[HashFace]

In my honest opinion, I don't feel an international hacker group will be so sloppy to giveaway or not be cautious about their private keys.
If it was transferred to some custodial wallets then I might say they have caught it. But if not then this might be a complete scam pulling by the government to everyone whose thinking that holding Bitcoin will keep them out of government's sight.

It wasn't the hacker's (Darkside) share of the ransom that was recovered. Darkside partners with "affiliates" -- as they call them -- to help install their ransomware.  The affiliate may be another hacker or just some idiot who works at a big company and has access to the right computer.  It appears that only the "affiliates" portion of the ransom was recovered ... not the sophisticated hacker's bitcoins.