Coinbase Security Officer Philip Martin tweeted to clarify the recent related articles reporting that Coinbase participated in the seizure of the US Department of Justice and the Colonial Pipeline ransomware attack on Bitcoin:

Coinbase did not authorize participation, and at no time has the ransom, or any part of it, been received. We also have no evidence that the funds went through the Coinbase account/wallet. As for the Coinbase icon listed on the related article, it's just a reference to the concept, not the company. The tx lacks a receiver address field in the underlying GraphQL data, which makes their UI think it's a coinbase (conceptual) tx.

chart:https://explorer.bitquery.io/bitcoin/addres/bc1qq2euq8pw950klpjcawuy4uj39ym43hs6cfsegq/chart… ; 

coinbase concept:https: //en.bitcoin.it/wiki/Coinbase；

The private key for the address can be viewed at https://justice.gov/opa/press-release/file/1402056/download, Federal Bureau of Investigation for the Northern District of California.

Also, Coinbase uses hot wallets, so handing over specific private keys doesn't make much sense, and we (for obvious security reasons) didn't build a private key export API endpoint into our signing system.

"Because the seizure order specifies property in the Northern District of California, it must target Coinbase". That statement is not true, it simply means that the private key is located in one of the many field offices of the FBI in Northern California.

For the acquisition of the private key, Philip Martin speculates that the location of the target server was used, as well as some political pressure of MLAT request or gain access.