The statement of facts is linked to from the press release, and describes generally how the Feds were able to trace the stolen funds (they found a file listing private keys, after gaining access to the suspect's cloud storage)
https://www.justice.gov/opa/press-release/file/1470186/downl...
> The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys.
> ...The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to LICHTENSTEIN’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts
> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products. In 2021, agents obtained a copy of the contents of the cloud storage account pursuant to a search warrant. Upon reviewing the contents of the account, agents confirmed that the account was used by LICHTENSTEIN. However, a significant portion of the files were encrypted
Random example but my passwords look something like chOf$Tyl83fhn@54R. I keep them written down because they are hard to remember. My threat model is no one. Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.
>Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.
There's selection bias going on because only dumb criminals get caught, so you only hear about the dumb opsec practices of those criminals. Conversely, you'll never hear about the opsec practices of that professional crew with perfect opsec that hacked an exchange/difi contract and disappeared into thin air.
Until the least bright member of the crew makes a mistake, gets caught, and turns in the rest. Being perfect is difficult to maintain forever, though it's possible in principle. It might require the thief to live like a grad student even though he has billions of dollars/euros worth of stolen wealth; being flashy attracts attention and if nothing else, the tax authorities.
If a person is that financially rich but still has to live like a grad student, it seems like the only point of that wealth is to rebel against the legal system. Even if one isn't caught, there's still a loss of freedom to avoid getting caught.
I haven't studied criminology, but I alternatively suppose someone who does that just doesn't think that far ahead. This likely also explains why the vast majority of people with these capabilities choose to live a life in accordance to their country's laws.
There's money laundering; have a front business and gradually mix in a bit of the illegal money and pretend it came from the business. That's how mobsters do it.
That's right; your comment brings to mind this scene where the character Saul Goodman explains money laundering in Breaking Bad (this clip is supposedly shown as part of university lectures): https://www.youtube.com/watch?v=RhsUHDJ0BFM
Or, the TLA involved have some sort of crack or acceleration procedure; the TLA say "the criminals were dumb" because the people involved can't combat that without admitting guilt, and who'd believe them. The real reason is the TLA used illegal access and tools that we wouldn't be happy they're using against the civilian population? Oh, and the people using the tools are guilty by association so they're inhibited from whistleblowing.
Or the one that stole $3.9B worth, went to great lengths to put $3.6B where it could get tracked down, but linked to somebody else. Then they took $200M and made it even harder to track down, but linked to somebody else. Then they kept $100M with insane opsec knowing that the incentive to recover it had been reduced by 90+%.
It doesn't unless you chose something stupid like "correct horse battery staple" or "word + word + number". 7 words chosen from 1000 word dictionary password encrypted AES 256 cannot be cracked with existing technology, 8 words impossible with future tech.
This depends on the key derivation function used. PBKDF2 or BCrypt with strong enough difficulty factor makes even fairly short passwords difficult to crack. On the other hand, a straight SHA-256 hash method can be broken insanely quick with fairly long passwords.
I never really did the math before but I whacked something together real quick in Excel. At $0.30/THash BTC we can come up with some cost expectations for password lengths. Here I will use a 74 possible character password using 26 upper and lower case letters, 10 numbers and 12 symbols. Totally random of course. Using (Possible Chars ^ Password Length) as the number of combinations and guessing we will find our answer at about %50 of our guesses. (See! Super rough)
With SHA-256 it takes about $21 to crack a 6 character password.
$1500 to crack 7 characters.
$108,330 to crack 8 characters.
$7.8 million to crack 9 characters.
$561 million to crack 10 characters.
$40 billion to crack 11 characters.
$3 trillion to crack 12 characters.
$200 trillion to crack 13 characters.
Edit Note: BTC is kinda expensive per hash right now. Usually this would all be cheaper. Past 14 characters it could be 1 cent and still outrun the usual US budget for a couple years.
Yeah, but at the end of the day these keys have to be used by human beings so the passwords were likely something practically sized and easy to use.
Especially since in general the likeliest failure mode would be the user forgetting the password to their millions of dollars worth of Bitcoin keys, followed by someone attacking the password.
That depends entirely on the hash function being used.
With a bad choice like SHA256, a 7 word passphrase could be cracked in as little as a few months with a single ASIC. The US government probably has a bunch of them already, so I think that an 8 word passphrase is already within reach for current tech.
Of course, with a real key derivation function like Argon2id, things would look much better.
I assume they’d get it on roughly the same basis as the warrant they got for the cloud storage.
I’m also curious what here looks like parallel construction to you - I thought the statement of facts was surprisingly mundane, but perhaps I missed some red flags?
Is it me or should he have literally just gotten a hardware wallet, transferred everything to that account, then burned the old key?
Of course that txn would show up on-chain, but if you don't have possession of the private key for the first account, and no digital device has ever "seen" the hardware account then he would've been fine.
This is assuming the key piece of evidence was his private key, and he wouldn't have been prosecuted without it.
Additionally, putting your key in cloud storage sounds like the dumbest thing ever... Just memorize your seed phrase and write it down. Its 4bn for christ sake.
Yeah, a hardware wallet is good, although for a billion dollars, 100 hardware wallets would be better. Could even go so far as to split a private key into seven horcruxes using Shamir's Secret Sharing and bury them in locations around the world.
Memorizing a seed phrase leaves you vulnerable to a $5 wrench attack, I wouldn't recommend it.
> Taihuttu has two hiding spots in Europe, another two in Asia, one in South America, and a sixth in Australia.
> We aren’t talking buried treasure – none of the sites are below ground or on a remote island – but the family told CNBC the crypto stashes are hidden in different ways and in a variety of locations, ranging from rental apartments and friends’ homes to self-storage sites.
I hope this is all a decoy or else it’s the worst opsec I’ve seen since about five hours ago.
I would not want to be a friend to the sort of idiots who would say stuff like this. Having a target painted on my back as a decoy somehow makes it even worse.
You don’t need splitting the private key. Bitcoin has multisig setup. For example, you can setup your wallet such that 6 out of 10 private keys need to sign in order to transfer funds. Spread that 10 private keys out. Or 3 out of 10. Or 2 out of 5. Any n out of m.
> they found a file listing private keys, after gaining access to the suspect's cloud storage
That's backwards. It's how they wrapped it all up. The real trail is pretty clearly AlphaBay 2016/2017 transactions (under gov control around that timeframe), to KYC-flagged accounts at an exchange, with a web of accounts with real info linked together past there.
If he instead started to draw NFTs, and sell it from his KYC account to his dirty wallet, could he still be convicted? What if only one out of every 100 NFTs his dirty wallet purchased was from his KYC account?
Or what if he decided to create his own crypto-currency and it just so happened that his dirty wallet was an early investor of ETH to his fund.
Seems like he could have done more to distance himself.
> Seems like he could have done more to distance himself.
On a value system with an inherently public ledger that eventually has to hit a fiat off ramp with KYC/AML requirements? Nah. Everyone has quality opsec until they don't, and the record of your criminal activity is immutable and highly durable.
You can just sell the bitcoin for monero, then sell the monero for btc.
also, as time goes on, the proportion of btc that are "dirty" approaches 1, so these chainalysis strategies become less effective, assuming you aren't stupid enough to do some criminal act then cash out at a kyc exchange the next day from the same wallet
But are there any exchanges that swap btc for monero or eth that don’t have KYC requirements? Seems like it’d need to be off-chain somewhat, unlike uniswap.
As far as I understand buyer and seller still have exchange information for the transaction to happen. The moment the buyer tries to use the stolen bitcoin he will have the police knocking on his door to find out where he got them from. The seller basically ends up completely at the mercy of the buyers security, with the added bonus that bisq doesn't enforce a completed transaction, so the buyer might just disappear once the goods changed hands without ever paying.
There are plenty that'd swap bitcoin (BTC) for litecoin (LTC) without KYC despite the fact that LTC can now do private transactions via MWEB. As networks integrate private Tx support, breaking the visible chain is going to be getting easier and easier.
Not unless those actors running those non-KYC exchanges are well hidden away from US extradition. Anybody who doesn't have KYC requirements in this space are risking serious prison time. People don't know it yet but the guys running Tether are going to go away for a long time. What they are doing is far worse than Liberty Reserve and Arthur still has 16 year left in his sentencing.
Morgan and Ilya appear to be the original hackers as well so on top of the money laundering sentencing which is around 10~20 years, they now have to deal with the hacking charge which appears to be a separate trial.
Morgan and Ilya aren't the only ones involved and the rest of the guys will eventually appear on DOJ website.
"also, as time goes on, the proportion of btc that are "dirty" approaches 1"
I don't follow what you're saying here. Nothing stops something from being dirty multiple times, does it? So nobody might care that it could be traced back to something sketchy 5 years ago, if more immediately it's traced back to last month's crime.
Suppose he deposited it into AlphaBay and then withdrew from AlphaBay, and FBI didn't seize AlphaBay's logs. Where is the criminal immutable durable record now? There is no proof of connection between incoming and outgoing coins. Same principle with mixers.
> Seems like he could have done more to distance himself.
Bitcoin's public ledger makes transactions into prosecution futures.
This is why it's such a poor choice for revolutionaries and funding the marginalized. You leave a permanent indelible public record in posterity that will in the course of time be de-anonymized, automatically, and traced back to you.
Is it illegal to sell your artwork at an auction, and a criminal happens to be the one to buy it? I honestly don't know.
is the onus on an artist or on an "auction house" to vet buyers. If post sale it turns out the money was fraudulent, does the artist need to pay it back?
In crypto terms. You the artist simply put a NFT up for auction at OpenSea. You the scammer happened to purchase the artwork on OpenSea. However KYC is not well enforced, enabling for money laundering between the two wallets.
I mean art and other not easily evaluated assets are used for drug trafficking and money laundering.
Auction houses are known to be on the trick -- that is passively mainly/ they don't care and work to "pump" the prices of artwork. But of course law enforcement agencies know about it too.
It shouldn't be illegal: people should be free to buy what they want. But let's not hide behind our noses.
More simply, they might get away with it because, by and large, they're not actually laundering illegal funds, but merely using the exact same tricks to obscure all sorts of socially disreputable but not actually illegal stuff. Of course, there's a real gray area since arguably a lot of disreputable stuff should also be illegal. But by the same token, some people might genuinely want more privacy depending on their circumstances.
> If post sale it turns out the money was fraudulent, does the artist need to pay it back?
Maybe? IIRC, if you unknowingly buy stolen property, and they trace it to you, I think you have to surrender it to its rightful owner (without compensation from the police).
I don't think that works with money, though. I can't imagine someone who sold a house to Bernie Madoff would have to give up the proceeds of the sale years later when he is found out to have been running a Ponzi scheme.
It's not illegal if it's a coincidence, however, that may reasonably be probable cause for investigation, and if the investigation finds out that it's not that the criminal "just happened" to buy it but that you colluded to do that, that's a felony.
It may depend on the particular country, and jurisdictions on the internet are gray areas... That said, in the US if you are paid with stolen money and then informed of that fact then you are knowingly in possession of stolen money and would have to return it. If you no longer had the money (used it to pay bills, live your life, etc) then it probably gets more complicated.
In a closely related scenario, if you sell a kilogram of gold to a buyer who pays in counterfeited US currency, then the secret service will seize the $50,000 and you will not be compensated.
Doing business with criminals can bite you, even if you were not participating in a criminal enterprise.
I don’t think thats quite the whole story though. The feds would have no obligation to make you whole but you would almost certainly have a civil cause of action vs the buyer for the full amount, if you could ever collect. So don’t do business with people who can disappear or avoid court judgements.
> is the onus on an artist or on an "auction house" to vet buyers. If post sale it turns out the money was fraudulent, does the artist need to pay it back?
No. Normally you have to return items that were stolen from someone even if you purchased them without knowing they were stolen. But money is an exception. See:
> Is it illegal to sell your artwork at an auction, and a criminal happens to be the one to buy it? I honestly don't know.
Law on receiving stolen goods is vague, complex, and jurisdiction-dependent. But in some cases, if the money you get paid is "the same" money that was stolen (something that's actually much easier to show with Bitcoin, where every input to every transaction is another transaction's output), and you know about the crime, yes. See People ex Rel. Briggs v. Hanley.
I get what you're doing here, but that's way too many steps. just because bitcoins ledger is open & transparent doesn't mean there aren't a million other privacy focused coins you could swap into leaving the trail cold.
You can walk in the river instead of trying to cover your tracks.
To be fair there are some cc* that try to address this. Apparently signal was forced to choose the relatively unknown MobileCoin exactly to avoid this problem.
I mean, for a recent example of how this works in practice: Polygon got whacked for like 650MM last August, but all the fiat and even stablecoin exchanges blacklisted the addresses and the guy got like 5MM “bug bounty” or whatever.
There might be prestige in some circles for taking down some dumbass Solidity coder, and some people seem to be getting some money out still (e.g. Wormhole).
But overall I’m short Trail of Bits consulting rate.
Ps not condoning the theft but I just find it strange that people with the skills to steal this much get caught using bog standard cloud storage. You'd think they could afford something better ;) Something along the lines of "you don't take notes on a criminal f** conspiracy" :)
Why couldn't they just use a brain wallet on an offline device with no internal storage.
Keep a hand written copy of the generated passphrase laminated in some plastic in some fake plaster rock under a tree in a wood or something.
> I just find it strange that people with the skills
people in Tech will yak-shave choosing the "correct" cypher. Then get pwned by an implementation detail like a bug in enigmail.
1) Hacking, 2) opsec and 3) tradecraft are totally different skills. The most dangerous people (to themselves) are the ones who cover only one of 3. The more advanced among them _know_ they lack in the other areas, but think they can compensate going even deeper on whatever they already know.
People are sometimes too busy to deal with the many details of 'perfect' opsec. In other circumstances, they hire a professional to handle it for them, but that is more difficult for criminals.
Anakata (guy who founded the pirate bay) hacked a bank and he is definitely some kind of genius. His idea for getting money out of the bank was to enlist a teenage thug to go to the ATM and withdraw money, which he had sent to the guy's account. Smart people do stupid shit all the time.
That's extremely subjective to your definition of useful. Investing in the best con artist isn't exactly a bad deal so long as you aren't the last mark.
Depends on the nature of the con. Not everything's Ponzi. Some scams are advance fee, snake oil, getting the mark's payment details, identity theft, or something else that makes a loss for every mark.
This is just unreal. this guy was living a double life of being the greatest criminal ever. So among our community was a $4 billion hacker, just nonchalantly posting.
I don't think he will be commenting anytime soon again if this really is him
reading a bit about him and the hack (which at some point was for example blamed on those Israeli brothers with connections to IDF hacking unit) i kind of not sure that he is the hacker ( and note that he is charged with laundering not hacking) - he in my view better fits the profile of the "investor"/"fencer" whose involvement would be to launder.
Sidenote: one of the reasons i don't touch crypto is possible laundering charge/suspicion if the tokens happens to had passed through unsavory hands/situation (which may be even unknown at the time) or God forbid 2-3 transactions after me the tokens get involved in terrorism/etc. - imagine as a minimum for example the "FBI background check" hell your GC/etc. will be stuck forever ...
> Sidenote: one of the reasons i don't touch crypto is possible laundering charge/suspicion if the tokens happens to had passed through unsavory hands/situation
A page recently posted here ([1], citing [2]) claimed that there's a market for freshly mined Bitcoin (i.e. with no history), with people paying as much as 20% markup for it to avoid such risks.
It still doesn't protect from possible future tainting of those tokens and thus suspicion of your participation. It may be even more suspicious as you would be the one who bought clean coins supposedly in order to minimize attention to whatever future crime the tokens may be involved.
>As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law.
There's some irony his most recent post on this timeline being "there is a sea change happening in how governments treat cryptocurrency" too. That's certainly true for him.
I don't understand why he wouldn't move to somewhere that doesn't have an extradition policy with the US. If you go down that path, it seems like you should probably be willing to abandon your life. It's the same with Ross Ulbricht, seems like it would be terrifying living with that sword of damocles hanging over your head absolutely constantly.
If he goes somewhere which doesn't have extradition, FED's will just call him and tell him they will go public that he has $4B bitcoin and ALL criminals will be hunting them after that.
I'm not certain I understand. There are billionaires in the world already. How do they protect themselves from criminals?
Granted, their billions aren't in cash. However, once he fled the country he could immediately start converting his position to other assets that aren't so easily stolen. He'd also be able to afford to hide himself, pay taxes and bribes, and pay for some security.
Most billionaires aren't in the countries that lack extradition treaties. The few that are can be assumed to be paying steeply for protection, in both senses of the word.
Humans notoriously overestimate their competence and underestimate dangers they face. Combine that with a federal investigation that's going to be slow because 1) it's complex and 2) the feds will happily investigate you for years if it increases their chance of a conviction, and you've got a recipe for people who think they got away with it right up until the moment of arrest.
I think it's more underestimating the attention span of governments/law enforcement.
When someone steals your bike, the cops could spend weeks investigating, interviewing witnesses, searching Craiglist, Facebook Marketplace, staking out the neighborhood for anyone riding the stolen bike, etc.
But they don't, because it's a bike. But steal $3.6 billion, you'll hold their attention for a bit!
Yea, listening to enough stories on Darknet Diaries about how people get caught it’s pretty crazy. Honestly makes working in the groups that catch people like this sound very interesting.
The work of preparing to leave the country is necessarily public in a way that doing crypto stuff might not be. I suspect they were worried that preparing to leave the country would tip their hand - and they could have been caught earlier if they tried it. It just turns out they were caught anyway.
Yea, maybe bring your cat or dog but literally pack like you're going on vacation. If they arrest you before leaving the country then you were screwed already.
Americans don't need to apply for a Visa to visit most of the world. They just get one automatically on arrival.
They could have just bought a Vanuatu passport with bitcoin (~$150k), then travelled there for a holiday. Leave the US with the US passport and arrive in Van with the Van passport. CHange their name in Vanuatu, then move to a 3rd country to settle permanently with a new name. Maybe change it one more time and gain citizenship in that third country, and that'd be enough to disappear for regular people.
The spooks will still find you, but without extradition powers...
...they'll wait until you get drunk (i.e. roofied) at a bar, then kidnap and torture you until you give them all your money. The "red" budget is even more fun than the black budget. Choosing to defy the state is choosing to defend oneself forever against the creepy-crawlies the state pays to notice such defiance.
That requires that you did something that you are very sure the country you end up in won't just prosecute you for themselves. If your crime is massively embarrassing to the US govt you go to Russia, or heinous sexual assault of a 13yo, France. But I think most of the usual culprits in this case would just prosecute you.
We disagree it was heinous and believe it's prescribed, thank you. Polanski is a French citizen and will not be given to the US, but if an american is demanded, we ll give him back on the double.
It s what they seem not to explain in movies: we protect our brothers in citizenship against exaggerated foreign conviction, but not foreigners.
No justification for rape, we do not believe the americans are rational and contextualized his crime, and are only perceiving Polanski with an emotional lense, decades after the fact.
I dont care myself, just telling you why we ll never give him as a country. We simply feel different emotions (here doubt in France vs horror in the US). No need to ad hominem me in isolation as if I supported rape. I just know the media portray him as a victim of a 120 years-sentence justice system.
If he raped someone yday, like our ex-future-president DSK did in NYC, by all means, keep him, and we d give him back if he fled. But that also turned out a puritain whitch hunt in the end so it's hard to trust americans with our citizens.
I wish people would stop saying 'non extradition country' like that's a real thing.
Brokep moved to Cambodia for that reason. They still got him anyway. If the powers want you, they can find away to get you. The only options I can imagine are publicly embarrassing the US government to the delight of Vladimir Putin or making a very large donation to the Cuban government.
If they were so concerned, the much better and easier decision would be not to commit the crime in the first place. People who rob others and commit serious crimes have a problem with risk and self-control.
To degrade signal to noise, such people need to pay you and others willing to relocate to such jurisdictions. You know, to make it less obvious who is evading extradition.
I wonder what the penalty is for accepting money to uproot your life because you have nothing to hide. Well, _had_ nothing to hide.
Shoulda just changed it to Monero, transferred it to an anon account and then had that account buy dumb NFTs off himself. That seems to be how it's done these days.
Well, then you need to move to Russia or Venesuela or Iran or such.
Goodbuy to the luxurious live you enjoy in SV. Part of being a financial criminal is to post about "hustle culture" on linkedin and doing LSD with VC buddies or something
People with a lot of money live luxuriously in Russia. Not sure about the other countries. Just gotta be sure you didn't hijack any of Putin's bitcoins tho ...
that money was never real, they never had a chance of spending even 0.1% of it. lol does anyone really think they could have accessed and spent that much money, in any way?
“The only other significant deposit to the account was an approximately $11,000 U.S. Small Business Administration Paycheck Protection Program (PPP) loan advance provided in response to the COVID-19 crisis,” the complaint states.
I think you are tad exaggerating here. not the dumbest but not certainly anything close to being competent. leaving keys in a cloud storage and not using OTC crypto exchanges outside US.
It's unbelievable stupid to use mixers on a public ledger because its all traceable and immutable. The really smart "criminals" DO NOT live in the US, especially NEW YORK out of all places, they DO NOT leave stupid social media posts or spend time chasing the vapid social media fame, they DO NOT use mixers because they are all points of surveillance.
I won't detail how one could've gotten away with this loot but there is an obvious hint here, blockchain is simply a means of temporary storage to move dirty money. Tether is largely considered a pipeline for illicit funds from China to move out to the West. They absolutely do not do any of the transactions on the blockchain, it is all done through highly organized criminal networks involving banks, shells, casinos.
That's the standard for our criminal justice system, not for us as individuals. It sounds from the release that the justice department has a boatload of compelling evidence against them.
He's saying that the law presumes innocence until proven guilty. They don't throw you in jail or take your money until the legal process reaches a judgement, and this is pretty normal and uncontroversial.
But you don't have to keep going for drinks with a person who's just been arrested and let out on bail, you can make up your own opinion as you feel. You can say bad things about him before the judge does, you can deny them business opportunities, your kids don't have to play with his kids.
Disagree. You can make your opinion and you can take your precautions. But unless you were not directly harmed you should not “say bad things about them”, as you put it, just because they are a suspect in a case.
>Disagree. You can make your opinion and you can take your precautions. But unless you were not directly harmed you should not “say bad things about them”, as you put it, just because they are a suspect in a case.
I'm not sure I understand what you mean. Regardless of whether you "were not directly harmed" I don't see why someone should or shouldn't “say bad things about them."
Why shouldn't I express my opinion? Or are we in "If you don't have anything nice to say, don't say anything at all" territory?
I may be misunderstanding your point. If so, please do correct me. If not, I don't see why I (or anyone else) shouldn't express their opinion WRT anything.
What value that opinion may have can certainly be debated, but why should someone not express their opinion?
But you are not going by any other evidence than what the prosecution is showing here. Unless you have an insider perspective or were close enough to those involved, you don't really have anything to go by in judging their guilt than what the prosecution wants to show (and they will obviously be extremely biaised, that's the point!). So by de facto believing the prosecution, you aren't really doing anything else than assuming guilt.
You can obviously do that, but it makes little sense to do so when the system has been built around not taking what the prosecution says at face value or as a source of truth. The job of the prosecution is not to show the facts, it's to prosecute. Yes you don't have to go by the standards of the judicial system & presume innocence here, but why then use the prosecution's case when it only makes sense in the context of how our judicial system works?
Actually they are happy to take your money before the legal process reaches a judgement. If you aren't familiar with the process of civil forfeiture you might want to look into it.
I think the commentor is stating that you and I have no reason to presume innocence until proven guilty. We can make up our own opinion. However, the judicial system has to assume innocence so the defendant can get a fair trial.
But not so much that they let them go. Quite often there is a very fast hearing within 1-2 weeks where a Judge decides to lock them up for 2 years without parole awaiting trial, because it's pretty damn clear they're probably guilty - enough initial evidence not to let them back out into society at least.
Yeah, because if you happen to look at the evidence, the fact is that he took a gun across state lines, to "protect people's property" at a protest, and he ended up killing people, it would be pretty easy to come to the conclusion that he's guilty of at least manslaughter. Of course, he was charged with murder, and that's harder to prove. The fact that he was found not guilty doesn't mean he's innocent. It means he's not guilty of the crime they were prosecuting him for.
He's not someone I'd hire for anything, he's not someone I'd want my friends and family around. He's not someone I'd want attending any protest I was attending. He's not a good person, and he's a clear and present danger to society. These are the decisions that I, as an individual, am free to make because I'm not the government, and I don't have to abide by "innocent until proven guilty" for how I personally judge people.
> the fact is that he took a gun across state lines
This is the part that was unproven and goes against sworn testimony in the court. Supposedly, the gun was stored at his friend's house in Kenosha. There was no evidence he took the gun across state lines.
So, you're proving the above poster's point because you're assuming he took the gun across state lines even though there was no evidence shown to show that was the case.
Is this supposed to be a gotcha? It doesn't change anything from what I said. I didn't say I think he's guilty of transporting a weapon. I said I think he's guilty of manslaughter.
A minor taking a gun like that across state lines would have been a crime which you stated he committed by looking at a video. In reality, he didn't commit the crime of trafficking the firearm across state lines as a minor. You even stated "if you look at the evidence, the fact is that he took a gun across state lines..." which is not backed by the evidence, you just jumped to a conclusion that it was a fact and even worse repeated that it was a fact despite zero evidence and against sworn testimony in the case.
> 2OEH8eoCRo0:
> My experience was that people did not look at the evidence- they jumped to a conclusion.
You didn't look at the evidence, you jumped to a conclusion which is not based in fact, and broadcasted that you did this in your message. Thus proving 2OHEH8eoCRo0's point: people assume things about the case without looking at the facts.
> I didn't say I think he's guilty of transporting a weapon
You 100% did claim this when you said "the fact is that he took a gun across state lines".
In this case, "guilty" is the word that can take on different forms, unless you're saying that a video of Rittenhouse shooting someone is not showing him shooting someone. He still took a life, whether or not that was felonious, excusable, justifiable, or praiseworthy, to use Ambrose Bierce's quip.
Grand juries indict in >99% of cases. It's just a rubber-stamp. The grand jury only hears the prosecutor's side. They can say pretty much anything. Please find me a case where a prosecutor or LEO was charged with perjury for lying to a grand jury.
I've been indicted twice and both times the grand jury transcripts were just lies.
In fact, I got someone released after 16 months in jail on a burglary charge because their grand jury was lies. The story the cop told was a complete fabrication.
There's a reason why the criminal justice system operates like that though. The system has been designed like that because it turned that it is a very good idea not to go on witch hunts or to assume guilt if you want a functional society. I'm not defending the person involved here, but it's important to remember that the presumption of innocence isn't just an abstract legal concept instead of a very important part of the social contract.
Surely the important distinction here is that the state has the power to imprison or execute people. In our day to day lives, we frequently make decisions based on things not proved to that standard, such as in job interviews or on dates. Presumption of innocence is very much an abstract legal contrivance, though it's insightful to see in what cases people suddenly decide it needs to be applied outside that realm.
Do you think it is wrong for a person to believe OJ was guilty of the murder he was accused of? If a person decides to keep their distance from their new neighbour OJ and not treat them with neighbourly kindness and open arms because of that murder, would you admonish them for treating OJ differently for something he was never found guilty of in the court of law?
No, because in the case of OJ we have more than just what the prosecution (in this case, the DoJ) accused him of doing. My point isn't that you can't make your own judgment or that only court decisions are valid source sources of truth. What I'm saying here is that any opinion/analysis we can make at this stage are basically entirely based on the prosecution, since we don't have any other facts to go by.
Unless you already knew the people involved or we have some third party sources, we are basically just believing the side that only has 1 goal; showing how guilty the people they prosecute are. How could that mean anything else but assuming guilt?
(And honestly I think that personal feelings towards a person are very often good enough to make a personal judgment on guilt, but we don't even have that here! I'd bet most of us never heard of them before today)
It's not wrong for a person to believe anything and act accordingly. It's not even wrong to argue that we should not describe the accused as innocent (as long as you acknowledge what the official approach suggests before ignoring it). We are all morally free to treat OJ however we like (and everyone else is morally able to judge us for it).
What is wrong is for media organizations (which can be as small as independent reporters) to break expected traditions w/o acknowledging it. It suggests that this case is different (and again, it might be different) implicitly, which isn't ethical. You should either work within the prevailing assumptions of the system, or explicitly defy them in a principled maner.
> he presumption of innocence isn't just an abstract legal concept instead of a very important part of the social contract.
I don't think this is in practice true, as a matter of fact rather than an ideal. People don't, in general, behave the same with other people who are currently being prosecuted for a crime.
This certainly doesn't mean (most) people support vigilantism or witch hunts, or even that you assume guilt. However it seems clear the vast majority of people are fine with the idea that you might be "careful" with someone who is suspected of a crime, especially one being actively prosecuted. To the degree that many will claim they have a right to know this is happening, i.e. they will argue that news should be carried on this (although perhaps no editorializing). This absolutely is not the same as presumption of innocence.
Sometimes this is very unfair, obviously. But "the social contract" as it is practised seems to be pretty ok with that.
I could literally watch someone pick up a gun and shoot someone. Technically they're still innocent until a court of law says they're guilty. But as an individual I don't need to wait to think they're guilty.
The question is where do you draw the line as an individual.
Non-lawyers often seem to misunderstand this phrase. "Innocent until proven guilty" is a statement defining the fact that in criminal cases, the burden of proof rests with the government. They have to present evidence proving your guilt beyond a reasonable doubt; you don't have to present any evidence proving your innocence beyond a reasonable doubt.
That's all it means. Obviously judges are not supposed to come into a case assuming you are guilty, but you can say that about any type of case. The phrase certainly doesn't mean we have to pretend that you are perfectly innocent up until the point of verdict.
The reason is that the criminal justice system imposes heavy penalties for those convicted and therefore they have to be extra careful. My words have no real effect so I can convict anyone I like.
The federal government has a ridiculously high conviction rate: 99.96% [1]. They basically only bring the case if they have everything they need to convict.
Why are people so eager to confess their guilt instead of challenging the government to prove their guilt beyond a reasonable doubt to the satisfaction of a unanimous jury?
The answer is simple and stark: They’re being coerced.
This is a pretty silly argument. I'm not opining on whether or not prosecutions are coercive; I'm certain they are. But a lower conviction rate would be a bad thing: it would mean the DOJ was bringing more cases they weren't certain they would win, and even exoneration comes with immense costs to the accused.
I wasn't replying to a claim that a high conviction rate is a good thing (or better than a lower one).
I was replying to a claim that a high conviction rate somehow suggests we should dispense with the idea that, as a society, we should not presume guilt.
grumple, who I replied to, seemed to me to be suggesting that because the federal government has a high conviction rate, we should assume the accused are guilty.
I'm suggesting that because there is compelling evidence that many guilty verdicts are obtained through coercion, we should not make that assumption.
Nobody is suggesting we presume guilt. The suggestion is that we're not required to defer opinions about guilt until after a jury trial, which is sensible.
The argument around plea bargains is pretty simple. You have someone over a barrel: "Take the deal and go to prison for two or five years, or take a risk on a trial where you'll be put away for life. And btw, our conviction rate is 99.96%."
You'd be crazy not to take the deal, even if you're innocent. Thus, the conviction rate doesn't actually tell us much about how strong the federal cases actually are.
That's not the structure of most plea bargains ("2 years vs. life") but more importantly, you don't have enough information in that hypothetical to determine how fair the system is, because you're not accounting for how liberally federal prosecutors bring cases. If they tend only to bring cases when they have overwhelming evidence --- which is the rap on federal prosecutors (not so much state) --- then you get the same outcome simply by dint of most people in plea negotiations being guilty. A good reason not to take a case to trial is your knowledge that you'll be destroyed at trial.
>A good reason not to take a case to trial is your knowledge that you'll be destroyed at trial.
Another good reason not to take a case to trial is potentially spending years in pre-trial detention, destroying your life -- losing your house, your kids, your job and anything else that requires your presence outside of a detention facility.
Which is why so many cases end up as plea bargains -- get sentenced to "time served" for a lesser offense and then try to pick up the pieces of your shattered life, or fight (assuming you have the money/resources to do so) and potentially never get the chance to pick up those pieces.
So yes, the system is quite coercive.
Let's say for the sake of argument that the DoJ (or state prosecutors) determine (by whatever means) that tptacek has committed criminal acts.
You are arrested, arraigned and bail is either denied or set high enough that you can't afford to pay.
How long could you sit in jail before you lose your job, your house, possibly your spouse and your kids and anything else important to you?
It could be years before a trial. And given that most folks can't afford an unexpected $500 expense, sitting in jail waiting to be tried isn't all that unusual.
Given those circumstances, how long could you sit in jail awaiting trial before your life is a complete shambles? Given the make up of folks here on HN, I'd expect that you may well be able to last longer than most.
High bail and pre-trial detention are absolutely used as cudgels that attempt to force even the innocent to accept plea agreements. Especially when indictments tend to include a lot of overcharging -- another cudgel to force a plea agreement.
Which is why I don't believe that plea agreements should be used at all. But that's a much larger discussion and beyond the scope of this comment.
'In 2011, Swartz was arrested by Massachusetts Institute of Technology (MIT) police on state breaking-and-entering charges, after connecting a computer to the MIT network in an unmarked and unlocked closet, and setting it to download academic journal articles systematically from JSTOR using a guest user account issued to him by MIT.[13][14] Federal prosecutors, led by Carmen Ortiz, later charged him with two counts of wire fraud and eleven violations of the Computer Fraud and Abuse Act,[15] carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution, and supervised release.[16] Swartz declined a plea bargain under which he would have served six months in federal prison.[17] Two days after the prosecution rejected a counter-offer by Swartz, he was found dead by suicide in his Brooklyn apartment.[18][19] In 2013, Swartz was inducted posthumously into the Internet Hall of Fame.[20]'
Yeah, Swartz's liability has been wildly misreported. He faced nothing resembling 35 years, as the prosecutors themselves acknowledged during the dispute. His own lawyer believed he was unlikely to face custodial time even if convicted given the guidelines for the charges. This has been discussed ad nauseam on HN and I'll spare you a repeat of it; the search bar will avail.
But that's exactly the coercion, laid plain. It /doesn't matter/ that the prosecutors don't believe they'll get the full sentence. They want to paint as dire a picture as possible to get the defendant to take the plea.
No, I don't think you're following what I'm saying. The prosecutors were explicit about the sentence they were actually seeking, and that sentence was itself far outside what the guidelines suggest he would have gotten. The DOJ did not in fact threaten Swartz with 35 years in prison.
Even your local circuit court probably has a 95%+ conviction rate. If you're innocent of a charge that carries 20 years and your attorney says you have 50/50 shot at trial of winning, or you can plea guilty and take probation what do you do?
Most people take it, and now they have a record. Any future fuck ups (guilty or not) and you're looking at real jail time.
For non-high profile investigations (investigations that were not in the media before charges), announcing charges typically has a large body of evidence and a lot of confidence in the accusation.
Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
High profile cases with public pressure change the equation a bit and can cause charges to be brought on people who normally would not. I suspect this is a way to pass the buck to the courts when the person eventually gets off due to lack of evidence.
>Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
It's a bit of a nitpick, but the Justice Department (DoJ) hasn't proven anything.
The defendants in question have been charged (and arrested?), but no trial (or plea bargain) has been held. As such, presumably the DoJ has what they believe is sufficient evidence to convict the defendants on the charges brought against them.
However, until a trial (or a plea agreement) is concluded, the DoJ hasn't "proven" anything. Rather, they brought charges against some folks. That's not "proven beyond a reasonable doubt," that's making accusations and bringing the case into the court system.
What the DoJ believes (and/or believes it can prove) is not proof in and of itself.
> I mean that they have proven it to themselves, I don't mean it in a legal sense.
A fair point. And it's likely you're correct.
Although using the term 'prove' has specific legal meaning that many (myself included) folks would associate with the use of that term.
As I said, there's what you believe and what you can prove. Believing you can prove something may be well founded, but at least in the US nothing is actually "proven" until it has been adjudicated -- and even then contrary decisions (e.g., in an appeal) can "un-prove" stuff.
> Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
No, if following general DoJ policy, they believe that the evidence is sufficient that they will be able to prove the charges beyond a reasonable doubt, but that's not the same as them already having proven that.
> High profile cases with public pressure change the equation a bit and can cause charges to be brought on people who normally would not.
Usually, I think the opposite is the case: generally, the DoJ is more careful in high-profile cases, not more cavalier.
> Usually, I think the opposite is the case: generally, the DoJ is more careful in high-profile cases, not more cavalier.
I'm not sure Rittenhouse would have been charged at all and, based on how the trial went and how weak the evidence was, he should have, at best, been charged with something much more minor. But that's just one example.
I somewhat agree with you, they are more careful but I think they are more careful in their own process. To make sure their ducks are all in a row. But, when it comes to actually pressing charges or agreeing to plea deals, I think they are much more likely to overcharge or not negotiate so that the case is no longer on their desk and they can say "I did my part".
To use the Rittenhouse example, I think the public expectations of charges impacted the charges because the ones bringing charges are often elected officials (or appointed by them) so there's an incentive to not look at what can be proven with the evidence and instead charge with what the public thinks is "right". The incentive for an elected official is to appease the public with charges, convictions be damned because that's someone else's problem. That's how Rittenhouse's case played out too. Outside of conservative media, there was a lot of attention paid to the judge and the lawyers not being able to prove their case rather than floating the idea that maybe a lesser charge and a conviction was the right thing to do.
On the other hand, I think you saw the same course of events with the George Floyd case but with a different result. The investigation was drawn out and meticulous and charges were brought. That resulted in a conviction but the implication I'm making is that those charges would have been brought regardless of evidence because of the public nature of the case.
In the Rittenhouse case, both prosecution and defence agree that Rittenhouse was a person who had a gun in his arms and fired it, resulting in death. The thing the prosecution needed to prove is that in doing so, he committed a crime. Prior to the trial, it was not necessary to express agnosticism about whether he had a firearm, fired it, or firing it resulted in anyone's death, even if there was some sense in which he was "innocent until proven guilty" of the conduct being criminal.
In this case, there is essentially no room for dispute that stealing $71 million, engaging in a vast money laundering conspiracy is in fact illegal. If these people actually had these accounts and actually used this money in this manner, there is no chance they will not be found guilty. The affidavit is not compatible with a set of the same basic facts leading to a different legal conclusion.
So the question is whether or not you think there's any possibility that the feds cavalierly misidentified the people in possession of these accounts. That seems pretty unlikely, given the affidavit suggests withdrawing small amounts of the stolen money to use Uber under their actual names, buy stuff on PlayStation under their actual names, etc; and that the private keys were taken from a cloud storage account actually belonging to the guy; and that the woman contacted various exchanges and talked about the actual company she actually owns, and the guy actually has a documented record of talking extensively about cryptocurrency including on this site using his actual name.
It is, of course, possible that the entire affidavit is a lie, made up whole cloth and all of this evidence is totally fake and the accused were minding their own business working on their gourmet cupcake business in Kansas City, and they don't understand anything about no crypto-whatsit. But I don't think that's a scenario that really requires much investigation, and it instead is a level of solipsism on par with "we can't actually know if gravity will cause us to fall" or "what if this is a simulation".
What I'm saying is that not all uncertainty is equal, either in kind or in probability, and so it makes more sense to be honest about that than equivocate across very dissimilar cases.
> I'm not sure Rittenhouse would have been charged at all and, based on how the trial went and how weak the evidence was, he should have, at best, been charged with something much more minor. But that's just one example
...of a case the US DoJ wasn't involved in prosecuting, because it was prosecuted by a completely separate sovereignty.
Not sure how that's an example of DoJ prosecutorial decision-making.
(And that's even before considering if comparison of actual events in one case to the speakers own stated opinion of how a counterfactual hypothetical would turn out, rather than contrasting real events, is really good evidence of a comparative behavior difference.)
There is what appears to be a rather amusing side-effect of this principle:
“The arrests today show that we will take a firm stand against those who allegedly try to use virtual currencies for criminal purposes.” - Assistant Attorney General Kenneth A. Polite Jr. [My emphasis.]
There's no reason for the Justice Dept. not to take a firm stand against those who try to use virtual currencies for criminal purposes, or say that they are doing so - and, in fact, that would be rather better than taking a firm stand against those who have merely been accused of doing so. I guess that 'allegedly' was inserted here in order to forestall a claim that this statement deprived the defendants in this case of due process, if or when it comes to trial.
>I guess that 'allegedly' was inserted here in order to forestall a claim that this statement deprived the defendants in this case of due process, if or when it comes to trial.
Actually, the 'allegedly' bit was inserted because the defendants in this case are alleged to have committed some criminal act(s). They have not been proven (whether via a trial or a plea agreement) to have done so.
The defendants may well be "guilty," or they may not. That's what the legal process (as flawed as it may be) is constituted to determine.
Forming an opinion at to whether or not anyone has committed an illegal act(s) is perfectly normal and reasonable. However, unless you're a member of a jury in a trial, your opinion generally won't affect the outcome.
All that said, defendants are "alleged" to have committed criminal act(s) until the case has been adjudicated, whether that be by trial or plea agreement.
I se I have not made my point clear here. The quoted statement is not referring to these defendants in particular, it is referring to those who try to use virtual currencies for criminal purposes in general - yet the language appropriate for referring to specific defendants creeps in here, presumably out of concern that some people cannot tell the difference.
When a crime has been committed, it was not allegedly done by a person or persons unknown, it was actually done by whoever they were. One of the jobs of the justice department is to catch criminals, not alleged criminals.
The person you are responding to does not seem to have taken a position on the guilt or innocence of these individuals and has only noted an affiliation.
People are still free to have opinions on the case. The purpose of this legal principle is to put the burden of proof on the prosecution, i.e the government can't simply blame you for a crime and force you to dig up evidence of innocence.
People can disagree even if you're found innocent at trial... just look at OJ's case. The government isn't going to prosecute him again, but "OJ did it" is gonna dog him for the rest of his life.
Makes you wonder if he left because he realized he could hack $70m in Bitcoin, or he hacked $70m in Bitcoin because he had left and had nothing else to do (the hack happened in August and he left in May).
If Reddit.com/r/worldnews can have Ghislaine Maxwell (of the epstein case) as a moderator (u/maxwellhill) -- then Ycombinator gets its own billionaire criminal.
Heh... He has some comments on "Feds reveal the search warrant used to seize Mt. Gox account " in 2013:
As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law.
--
This was inevitable. People can wax rhapsodic about the decentralized nature of Bitcoin, but once the feds freeze a few million dollars of a major exchange's assets, as they have done with every single anonymous digital currency since the beginning of time (e-gold,1mdc,Liberty Dollar) and launch a criminal investigation, the currency will be severely destabilized.
Within the next year I expect to see a cottage industry emerge where the true believers cash out frozen bitcoin accounts for pennies on the dollar.
That's wild, I think we were Facebook friends for awhile after I interviewed and hung out over there on a few occasions.
I was doing an onsite with Ilya and the folks at MixRank (in 2012) and talking with the team, and I mentioned something about cryptography and some basic codes that I learned as a child in gifted class. They had no idea what I was talking about - not the codes but "gifted class". I was telling them it was pretty common in public school systems - once a week or a few hours a day where you took advanced topics in another classroom with other kids that had tested into the program. They had no idea.
I started asking the founders if they went to public school. They never had. And then they were curious and started asking the other employees. Not a single one had ever set foot in a public school for elementary, middle, or high school. Then one guy in the back piped up - "you know, I think $devname went to Berkeley."
> On a LinkedIn page that appears to belong to Morgan, however, she is listed as a partner at Demandpath, a “boutique micro-fund investing” firm. A LinkedIn profile seemingly belonging to Lichtenstein also places him at Demandpath. Prior to that, he’s described on Crunchbase as a founder of the advertising research startup MixRank, which was incubated at Y Combinator and raised more than $1.5 million in funding from Mark Cuban and other venture capitalists. (Lichtenstein is nowhere to be found on MixRank’s website.) Neither Demandpath nor MixRank responded to BuzzFeed News’ request for comment.
> Cuban told BuzzFeed News his last email exchange with Lichtenstein was in 2012. “I also found an email saying he left MixRank 6 years ago. That’s the extent of what I know about the guy,” Cuban said.
> Y Combinator did not respond to BuzzFeed News’ request for comment.
"As I build a sales team for my latest software startup, Endpass"
Endpass "Bringing you the delightful and secure Ethereum wallet that's easy enough for grandma to use."
Wait, so did Feds nab them for running Ethereum wallet startup and claim $3B in client wallets as theirs? Or did the pair start Ethereum wallet company to wash stolen coints?
I met Heather many years ago. It's a weird feeling to see a name you recognize in an announcement like this. We've lost touch long since so I have no comment.
There was value, the person expressed it’s a strange feeling seeing a name you recognise in an article like this. Other people may find that enough to relate to.
lol, man, just let the guy talk. We're just here hanging out. He probably thought it was neat that he knew someone who was attached to something this crazy. This is how a lot of humans operate.
She presents herself here: https://www.youtube.com/watch?v=mWq7JgRknTM , I suppose you know what kind of person she is right ? The kind that use pipes as in "Economist | MBA | Serial Entrepreneur | Rapper "in their linkedin profiles but do nothing at all once hired :)
To be fair though, you could have your cat just randomly jump all over your keyboard and Kitty would get herself published in Forbes. They're not known for their high bar.
> “After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein,” the press release said. “Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”
So most likely,
1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.
2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"
Well you don't want to lose those keys ... there is a bit of a conundrum there (granted you don't have to do it the way they did either).
As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.
This plan doesn't really scale to the 2000 wallets mentioned in the OP. But maybe that scenario only comes up when you're looking to launder billions of dollars worth of BTC?
I'm not invested in crypto or really at all interested in it. That said, my mentor seems pretty excited about it and is pretty heavily invested as of the past few months. I advised him to do something like https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing and distribute it across a wide number of storage mechanisms, physical, digital, and custodial. For instance, in google drive, in drop box, in a bank safety deposit box, engraved in a gold bar buried in your yard, in your house safe, etc.
Why anyone with a significant amount of crypto assets isn't going to insane extremes in terms of secrecy and durability is beyond me.
I don't understand the math but I think I have seen that style of secret management where any 3 of say 10 secrets can access something but no 2 or any 1 secret can do it.
It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.
Granted I've never seen it used in production personally, not / seen it on a granular level.
> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.
I have used it. It works. Tooling is still pretty poor. Every use, we ended up bringing the necessary people into a room, booting up an offline laptop from a sha-summed live USB, QR code scanning each of our secrets, combining them, then using the key to sign whatever we needed to sign, photographing the signature as a QR code. We use software from 2008 because an OS stack contains code from tens of thousands of developers, and we felt old software was less likely to have an active 'steal these keys and exfiltrate them via open wifi' malware.
We would first go through the process with 'dummy' keys to check everyone was happy with the process and what we were going to do (ie. which commands, what software, what exactly will be signed). We would then do it again with the real thing. And then we'd power off the computer till next time it needed to be used.
"Clunky" would be a good way to describe it... But it's hard to make it better without relying on a bunch of software we don't have the resources to audit.
There's a lot of evidence in the statement_of_facts however it's unclear how much of it can only be reconstructed with the private keys. Interested parties should really look to what was known to grant the search warrant.
They don't usually give details of how they caught them, because the next bad-actor will read that to know their tactics.
Search warrants are given on reasonable doubt. When it comes to cryptocurrencies, the feds have reasonable doubt on everyone. So it is always possible for them to get a search warrant.
I emphasized private keys, bec without them, no matter how much doubt the feds had, they couldn't prove anything.
A good guess is that "laundering" billions of dollars is inherently a non-trivial problem, and perhaps not feasible at all without cooperation from shady real-world actors outside the whole cryptocurrency ecosystem. This is actually good news for small-scale users who just want to keep their microtransactions reasonably private - the usual mechanisms might actually work well enough for that case.
I agree. But if not for privacy, why use crypto at all? Even bank accounts are reasonably private, if you are not doing anything considered suspicious by society.
Also, with mixers such as tornado_cash, laundering money is ,sadly, pretty trivial.
You can do that by owning crypto. No need to use it.
> Self-sovereignty
Majority people use centralized exchanges, which regularly control transactions.
> Ease of use/trade/leverage/exchange
Fiat banking is much easier to use than crypto. It's also faster. Now everyone uses 1-tap payments. Crypto transactions are more complicated than that. They also take longer. Also are bad for the environment (not as bad as media portrays, but bad nonetheless)
Even the apps built off of the "blockchain" rarely touch the blockchain. Companies aren't looking up NFTs on the chain, they're just hitting OpenSea APIs.
Speculation for IDOs usually requires directly interacting with the contract with your wallet. Likewise new tokens are found on DEXes which requires taking custody of the token.
Borrowing against crypto, leveraging it, going delta neutral, buying options are all available on chain, typically with better yields, and with a higher variety of tokens.
The difference is that laundering provides you with an explanation for wealth and/or income. Example of laundering: buy a business (with clean or borrowed money), have fictional customers "spend" their cash money at your business every day, then report your income and pay taxes. Now if anybody asks about where you got your money, you have a seemingly legit explanation.
Mixing does none of that. So mixing may be trivial, but laundering is not.
edit: now that I think about it, is that why NFTs are so popular? Are people pretending to have gotten capital gains, while in reality they're buying these things from themselves? That would explain a lot.
tornado.cash puts your crypto in a completely fresh account (using smart contracts). You can claim that you earned this crypto mining it back in 2010. You can definitely come up with a decent excuse for this.
Then you can convert those crypto (in new account) into fiat money.
Everyone will know you are lying, but they will never be able to prove it.
If you read the indictment, they claimed they had bitcoin from mining in 2011, the exchange asked for further proof, and they just abandoned the bitcoin (~$150k). The exchange surely notified the authorities, because who abandons $150k of legit bitcoin?
So claiming it was from mining didn't work in this particular instance.
They don't need to prove you are lying in all instances, it's enough to prove you are lying in one instance. They will get you for that one instance where you didn't launder it properly if they are after you.
Regarding NFTs, that's how the high art market works. It's for money laundering. "I just sold this Picasso, that's where this money came from Mr Taxman"
I love how you're just realizing that NFTs are a pure money-laundering scheme. Just wash trade your bored ape and "sell" it to your alter ego and bam! Legitimate income for the cost of some ETH gas.
> This is called “money laundering,” and the essential component of money laundering is generating fake taxable income. If you take $13,800 out of your (legitimate, previously taxed) bank account, and you use it to buy cryptocurrency in a wallet that you tell your accountant and the IRS about, and you then use that cryptocurrency to buy a Meebit, and then you take $50 million out of your sack of illegal money, and you use it to buy cryptocurrency in a wallet that you don’t tell your accountant about, and then you use that cryptocurrency to buy the Meebit from your declared wallet, and then you take the $50 million of cryptocurrency out of the declared wallet and put it back in your (legitimate) bank account, and then you write the IRS a check for $20 million saying “ah I’ve been selling NFTs, what fun I have had, but I have to pay the IRS my fair share,” then … I am obviously not going to give you advice on crime but it’s possible you’ve got something there? Like, nobody has any idea what a Meebit is worth, so this string of outlandish numbers is somewhat plausible? It’s possible that some number of NFT wash trades have a purpose other than pumping up volume on NFT platforms?
If the Sinaloa cartel can just walk into an HSBC bank with literally blood stained cash then it would've been okay for everybody else.
The true professionals in this industry only use crypto as a reference in their private ledger stored far far out of reach to any Western government.
It's funny that these successful professionals are also the most paranoid and least trusting of crypto (they are convinced Bitcoin was created by the US Government itself).
There are very few exchanges left which don't require KYC and even then the real final step is cashing to some kind of bank account. I don't think crypto->fiat privacy is possible beyond a certain level of wealth.
OFAC has broadened enforcement to the point that pretty much any financial transaction across the world has a US nexus. Moving that much stolen crypto without the feds noticing? No chance.
vitalik (ethereum founder) used an interesting system. He split the key in 2. Wrote both on paper. Gave 1 paper to family and kept the other. Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time
This way the police or anybody else cannot get your private key.
No, but if you don't have your half memorized and they take it from you, the other half is useless. This is more useful if you want to leave your crypto to your family if you die, provided that you make it easy for them to find your half if you're not around.
You really think the government would have trouble doing a handful of raids at once? They have enough officers to do a thousand raids at once. The FBI and Interpol did just that recently, coordinated across more than a dozen countries:
The police wouldn't have to raid the family members, they'd likely give up what they know immediately, to avoid become accessories to whatever crime the police were alleging.
Have a google for BIP-32, about Hierchical Deterministic Wallets. A secret key is nothing but a number, so it's not too hard to generate more numbers from that seed. If you have the seed and the parameters for the child numbers, you have all the private keys you want.
You use a 2048 word dictionary (a random choice in that wordlist represents [log 2048 =] 11 bits of entropy) then you generate a random string of 132 bits to be your cryptographic seed which is a sequence of 12 words from the wordlist which you memorize.
From that seed you can generate for all practical purposes an infinite number of private keys for any and all purposes in existence. Using cryptographic one way functions such as a hash or PRNG.
Just to clarify: the statement is not that you could encode those existing 2000 private keys with one short seed (you cannot, indeed), but rather that you could easily and safely generate 2000 distinct private keys from one relatively short seed.
You only need to remember a big random number (can be a long phrase from a book you like), and a rule that generates keys, e.g. (keyid, seed) -> hash(keyid + seed). Needless to say, you never write the seed phrase down. At most you keep a vague pointer to the author of that book.
Keys are conspicuously easy to hide. My PGP master key that I've been using for some time is hidden on two devices which would be difficult to identify much less locate and are encrypted as well.
Even with the fervor of the federal government they'd be easy to hide.
A USB is tiny, and you can shrink it's footprint with USB-C. You can also buy USB keys with tamper-proof housings that will blow a fuse if opened to be physically compromised. Coupled with strong post-quantum crypto, that key is relatively secure, even if physically discovered.
That's just the technical bit. You can also split the key in half and transfer the other half somewhere, which creates legal protection. You could also create a housing for the key so it's not easily discoverable.
If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.
You are pushing it. 1000 words is 10 bits of entropy per randomly chosen word. 70 bits of entropy is probably crackable by a government agency.
Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35
While I do partially agree that some of it may be grandstanding. The whole:
"Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”
and suggesting AEC and chain hopping is futile is an effective propaganda tool. I mean its possible something major changed, but I think your thoughts are closer to reality.
If true, this is interesting, because apparently fake identity accounts on exchanges are cheap ( partially 'thanks' to all the breaches over the years ).
Sorry, yes. I used the term propaganda, but I briefly forgot its negative connotation. In this particular instance, I meant it more along the lines of 'shock and awe' your adversaries. I am hardly cheering on an alleged hacker/thief/launderer. The point stands, but thank you for pointing the perception issue out.
At the same time this crime shows the weakness of crypto: with an ever appreciating linked asset with no ability to truly "gap" transfers, you can always trace where the money goes, even with a mixer (you just then need to track many more targets, but eventually the money re-concentrate somewhere you can see), transfering just once with someone who knows your name instantly gives you traceback ability to all the transaction (can't fund a wallet without tracing back to the first ever source of fund on chain), and the fact it appreciate is the greatest enemy of money laundering: where a Mexican kingpin would understand that there's value in losing 40% of their money rather than have it stashed in USD bills in a warehouse, crypto is tempting to keep, this guy couldn't realistically forfeit a large majority of the fund by for instance randomly giving it to 5000 honest wallets with 1 being his for instance.
It's great for us non criminals, but it's one more utility of crypto going down the drain. What is it good for, if not even crime.
The (alleged) criminal only has to make one mistake to get caught, if the pursuers are good. Steal enough money and the best pursuers will be assigned to catch the perp.
I don’t think Bitwarden would be helpful. You still need to protect your master password and the company is still subject to the will of law enforcement.
good point. If they had tried to use a bridge to convert their bad bitcoin with good ethereum, would they have been denied service since everyone knew that these btc were bad?
As to your 2nd point, I agree. Another mistake was uploading private keys to google drive.
lol using a mixer means that the feds don't know which account contains the bad funds. So they don't find the identity of the perp. So no possibility of beating the perp.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Not necessarily. If they can spend stolen $, presumably that may be enough to persuade a jury they own it.
I agee. Also, intimidation tactics can work here - e.g. telling them they might go to prison for life bec justice wants to make an example out of them.
You have to keep in mind that a lot of those highlighted "trivial" series of mistakes can be just the result of parallel construction, and what evidence really "did them in" can be completely different from what's stated by the prosecution. It is very easy to find tons of small mistakes once you already know what you have to look for thanks to an undisclosed huge exploit/honeypot/technically-illegal-seizures that you can use.
Proving this is hard by design, but a good example of that would be how they used the Hansa market as a honeypot by running the market themselves for months.
The entire investigation around Alphabay and how they got to the owner is a bit shady, too, and there have been tons of rumors of the entire official case being based on ad-hoc parallel construction.
Shortly after he committed suicide I pulled up the French language technical board where he had linked an alias to a real email address. Which mirrors the same mistake as the Silk Road operator.
When you dig deeper into these cases it’s clear that they aren’t properly washing the money. There’s no placement or layering. They go straight to laundering on a public ledger and cash out under their own names.
The simplest explanation is usually the correct one.
I think my comment was not really clear. Yes, the apparent mistake Alex made was glaring and obvious, but the entire operation was very weird. They shut down alphabay right before turning off The Hansa, which they had been operating for months at that point. It was the coup de grace, basically trying to get as many people to sign in to the Hansa before it also goes off.
To me that indicates they have been able to turn off alphabay for a long time, considering how easily and well timed they did it. That also means they have had tons of time to build the case. Of course you can argue that the simplest explanation is the best one but considering law enforcement literally operated the biggest DNM for months, completely under the radar I'm not sure why "they found an email he used for a few weeks 4 years ago" would be more simple.
You can read what DeSnake, another admin of the website had to say about the takedown. He's extremely security conscious (he hasn't been caught yet afaik which is another can of worms) and he's adamant that it was not a simple bust. Actually, the whole thing was kind of a mess, with some mods getting arrested (even without making obvious mistakes like Alex did ). You can read up on the confusion here:
https://www.darkowl.com/blog-content/alphabay-marketplace-re...
If I had to guess, some mod/admin informed on him (maybe even snake!) hence why they had access to an early email. But who knows? Now in cases like the silk road I'd agree that it was simply trash OPSEC but the Alphabay/Hansa takedown was so sophisticated that anything is possible
> You have to keep in mind that a lot of those highlighted "trivial" series of mistakes can be just the result of parallel construction, and what evidence really "did them in" can be completely different from what's stated by the prosecution.
If you had such capabilities, the moment it is known you have it would immediately neutralize any value you derive from that capability.
What is the logical course of action?
Deny. Deny. Deny.
Disavowing, deception, secrecy of such capability is what gives them the edge.
Again, there is no proof that Satoshi Nakamoto was some good hearted criminal/spook.
Even I encrypt my keys before uploading them to the cloud, and I don't give them a descriptive name, and I have less than $2000 worth of cryptocurrencies, and it wasn't stolen.
There's an unbalanced relationship there, however, in that the criminal only has to be an idiot (or even just "not smart enough") once, to ruin an entire chain of previously smart actions. Law enforcement may only need one thread to unravel an otherwise finely crafted crime.
There's also a lot of time for law enforcement to try and find these threads as well, meaning the perpetrator could well be living in paranoia for as long as the statute of limitations lasts.
People that are capable of getting away with life-changing money type crimes would often be better off being entrepreneurs at the edges of existing regulation. Hello cryptocurrency...
> One overlooked detail in the Razzlekahn arrest. Almost all the money went through AlphaBay, using it as a mixer. The feds were able to see through this because they seized AlphaBay. Its amazing how, even years after, darknet market seizures pay dividends to the feds.
Funny you would say that, because if you read the indictment, these people did actually deposit Monero on one exchange:
> VCE 4 Account 2 was entirely funded by approximately 13,200 XMR via approximately 21 transactions that took place between in or around November 2017 and March 2019.
> Another account at VCE 4 (“VCE 4 Account 3”) was created on or about November 20, 2017, and was registered in the name of another Russian national and under another Russian email address. VCE 4 Account 3 was entirely funded by approximately 6,870 XMR, via approximately 10 transactions that took place between in or around November 2017 and April 2019.
> The XMR deposited into VCE 4 Account 2 and VCE 4 Account 3 was all converted to BTC and then withdrawn, consistent with chain hopping. The same method was used to liquidate the funds from the VCE 1 accounts as described above.
But the accounts 1 and 2 on VCE 4 (the ones funded by Monero) weren't registered in either Morgan's or Lichtenstein's name. They were created with fake credentials.
The feds were able to link them to the couple because bitcoins were moved from VCE 4 to other accounts that also had received bitcoins which were traceable to their alphabay accounts.
If they had funneled everything through monero I can't say that they wouldn't have got caught like this.
No the moment after they moved to monero it should've been untraceable. The discrepancy you are seeing is that the USG definitely has tools to trace any of these "anonymous" coins. It's highly likely that these are honeypots.
Nobody knows who Satoshi was, everybody just assumes he isn't the feds themselves. Such scenario would be so catastrophic to organizations that rely on its advertised anonymity and it would be the best investment ever since you could just keep denying you have this capability, always coming up with a cover story (keys in cloud, we traced their keys, they were dumb etc).
This would keep criminals guessing, the economic value of laundering with crypto is too great to give it up but at the end of the day, they can only operate under uncertainty.
Shouldn't all true crypto believers hate this news?
It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
Seems like a win to me. The government had to physically go to their house and arrest them to get to their funds, whereas normally all they had to do was call up their bank and had their money frozen. Not to mention, this threat could have been easily mitigated by keeping your funds in a multsig wallet, with the keys distributed in multiple redundant locations.
The classic libertarian adage is that a government powerful enough to give you everything you want is powerful enough to take everything you have.
Some corollary would apply here. (it's not that anyone particularly loves letting criminals off the hook, it's granting that ability is a slippery slope)
To secretly monitor a single individual's communications, law enforcement should have to get probable cause, present their case to a judge and obtain a court order.
Dragnet surveillance of all communications all the time is a Very Bad Thing.
Financial surveillance and seizure is currently at the Very Bad Thing stage and bitcoin helps move us back toward a better balance between the rights of the individual and the interests of the state.
> Not to mention, this threat could have been easily mitigated by keeping your funds in a multsig wallet, with the keys distributed in multiple redundant locations.
And if you're released from prison and recover your Bitcoin, you will be arrested again for contempt of court or a similar charge.
Is it practical to convert literal billions of dollars between currencies? And even if you did, wouldn't liquidating it so you can actually spend it on things in the real world prove to be almost impossible? Billions of dollars worth of currency is more than I'd expect most privacy coins to deal with over the course of months.
Laundering within the constraints of a public ledger isn't feasible for long periods of time or large amounts of money - the only way to win that game is to be so small nobody cares.
They could have possibly gotten cash from cartels at a steep discount, but that story would probably have ended with a richer cartel and two dead nerds.
I always wonder how many people won this long con by being so small nobody cares. The DoJ document states they already succeeded in taking the funds cross chain and through some privacy enhancing alternative assets. For every idiot dumping millions in a bank account there's got to be someone else living a "modest" but luxurious life looking like a small guy nobody cares about, cashing out a few hundred to a thousand at a time somewhere where that kind of money is big enough to get a nice day to day living but small enough to not be worth organized crime taking much notice.
On the flip side, most of us could already live quiet, comfortable lives in Thailand or Cambodia on our normal software engineering income.
Maybe these guys are thinking if you're going to be a criminal, you had better make the juice worth the squeeze. Live large, party extravagantly, and probably just rent everything from hotel rooms to yachts so there's less for the authorities to eventually impound when it catches up to you.
If you read the original DOJ filing, they actually did that. They used :
> anonymity-enhanced virtual currency (AEC), in a practice known as “chain hopping”; and using U.S.-based business accounts to legitimize their banking activity.
Their problem was that they "closed" the money circle by sending it to real bank accounts. That's how they caught their trace. It seems that laundering billions of dollars is not as easy as they thought haha.
Someone was saying they could have moved to South America and laundered $1000 at a time, but you'd think that the US government could've easily tracked that down as well.. "Hmm, it appears someone is living off this stolen 3 billion dollars in South America"
How would you trace $1000 to a larger source after it passes through a privacy coin? The only way to do that is either with some side channel information, or by monitoring the person selling the funds. In a cash economy in the third world the odds of that look pretty poor. I think what happened is large deposit in bank account caused some to start asking questions.
Because they stole bitcoin. Good luck finding a non institutional buyer for tainted bitcoins when you're dealing in billions usd. Everyone shuffling bits at that level is going to play by the rules and cover their ass. Even large criminal exchanges will avoid stolen bitcoin in any sort of volume because it means instant scrutiny.
As a crypto unbeliever I hate this too. Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers. Do we have this concept for other things? yes. But I'd rather like to contract the space of property rather than expand it.
> It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers. Do we have this concept for other things?
Intellectual property has been a thing for a long, long time. You don't literally need to have a physical thing somewhere for laws to apply.
Thank you. My yes (which was left off of the quote for some reason) includes intellectual property. I, like many people, are aware of the concept of intangible property. Dollars in my bank account are another example of intangible property.
I'm curious why you included a statement about IP existing for a long time. Is there something about the duration of existence that makes something important? Descriptive statements are notoriously difficult to transform into normative statements.
In the context of crypto-as-property constructivism, I'm neither an absolute institutional nor a communal conferralist. Presently, it appears like there is much more communal conferralism constructing crypto as property, I'd like to avoid institutionalization. In practice, this would not look like prohibition, rather the avoidance of extending existing property laws to encompass crypto assets. ie: courts and lawmakers saying, "No we're not going to get involved." Unfortunately, any future crisis where crypto can be blamed is a convenient way to extend to crypto the legal construction of it's status as property.
Since you brought up prohibition, I'll take the bait. We already have prohibitive socio-legal constructions which few people use to form the basis of "prohibition has never worked, so we should not prohibit it." Some examples that are socially and legally prohibited are: murder, rape, incest, slavery, torture, buying and selling of children. I'm unsure if you believe that the prohibition of these acts has also never worked as intended and should be left unprohibited.
Literally none of your examples of prohibition are those against an inanimate object. Crypto prohibition is completely incomparable to selling children (which by the way, they may not call it 'selling' but adoptions typically require tens of thousands of 'buying' in, so there is sort of a buying and selling of children at least in the US.)
I would be convinced if you could cite prohibition against inanimate data that maintains the 4th amendment protections in US while simultaneously thwarting those determined to share and manipulate that data. It might, might, work somewhere in someplace like Singapore where the population has widespread support for execution of those found with contraband and few constitutional protections.
Prohibition has doubtful effect in US on even universally hated and criminally suppressed content like CP.
I'm saying it [criteria from my previous statement] would convince me to change my mind, was that not the question you asked?
Allow me to rewrite since it wasn't understand I was replying to your question:
I would be convinced to change my mind if you could cite prohibition against inanimate data that maintains the 4th amendment protections in US while simultaneously thwarting those determined to share and manipulate that data.
What is your current belief and what new belief would you have if supplied with that evidence. We never really spelled out exactly what the claim was.
My understanding so far is that "I currently believe prohibition of inanimate objects has no effect. If supplied with this evidence, then I would believe prohibition of inanimate objects would have an effect."
edit: also under what criteria would be used to judge whether a prohibition "maintains the 4th amendment protections in US"? Any specific relevant cases? If I go hunting for evidence, I want to make sure the goalposts are not moved.
My current belief is that attempting prohibition against inanimate data (sharing and manipulating) while maintaining the 4th amendment protections in US and simultaneously thwarting those determined to share and manipulate that data, will be minimally effective and will not significantly impact the ability of those determined to violate the prohibition.
My new belief is immaterial to whether I have changed my mind, other than it must be different somehow (otherwise the mind wasn't changed). Changing your mind just means it changed, so the only requirement is the belief is different. Without evidence, I can't possibly predict what my new belief would be. Therefore I refuse to box in what my new belief would be, and I think it would be ignorant of me to make such a presupposition.
Bear in mind 'change your mind' was a notion introduced by you not me, I can't possibly speak for what you meant there when you brought this phrase into the conversation.
>I currently believe prohibition of inanimate objects has no effect. If supplied with this evidence, then I would believe prohibition of inanimate objects would have an effect."
That's actually not my belief. Clearly there is an effect, and the criteria I think crypto meets is much stricter than merely an inanimate object but rather it drills down to just being sharing and manipulating data. You can memorize a seed phrase that resides entirely in your mind, and other than chemical storage in your brain there is no physical manifestation to seize at a national or individual level that would effectively destroy that wealth.
I think prohibition on inanimate objects has an effect, just not usually the intended effect.
The only data that can even comparably be viewed as a candidate for what prohibition of (strictest case) crypto data can look like I think again is CP. It is universally detested, the criminal penalties can be devastating, fellow prisoners may straight up kill you, and the community will virtually always back the jailing for as long as anyone cares to jail the people engaged in sharing it. I think that puts a decent ceiling for what is possible to impose on crypto, because the public will to impose prohibition on crypto surely can't be as high as it is for the prohibition of sharing data of the abuse of children. Given that even this effort has been essentially futile, I'm not seeing much of a prayer of crypto prohibition being effective at thwarting anyone but the undetermined.
There may be prisoners this moment mining some crypto on their phone, smuggled up someone's ass into prison. If they're not, they trivially could be. That's how hard it is to get rid of.
>also under what criteria would be used to judge whether a prohibition "maintains the 4th amendment protections in US"
The criteria would be not to violate the 4th amendment.
>If I go hunting for evidence, I want to make sure the goalposts are not moved.
That's really up to you, you don't owe me anything and I don't owe you anything either.
6000 years ago, one could have ownership over the right to buy a still unborn goat at a certain price in the future. It's amusing to see these modern philosophies of trying to go back to a noble savage past that never was.
Likewise it's fascinating to me to see today an assumed, "expansion of property and its financialization are natural progressions of human societies." This factoid is itself baked into the fabric of our current society and presents itself as assumed knowledge. In reality no such natural progression exists any more than people believe that the universe is just, or that nature is cruel.
> Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers.
9/10ths of law is property ownership. I find hilarious that anyone would want less of this concept, not more. My interpretation is that crypto enthusiasts want the "trust of the crowds" not a centralized government. Which doesn't mean the trust system becomes contracted per se, but rather under a different set of rules (i.e. purely direct democracy vs centralized republic).
It's simply that people who begin thought experiments with one island, two people, and three cows tend to reach absolutely unhinged conclusions about how the society should work. Not wanting to live in a world governed by those systems is why I intent to frame them as such. Before we get to the part where some responder concludes, "you should go live in the woods then", I'd rather they did.
Another way of putting it is this. Expansions in the legal concept of property are consequently expansions in the dominion of the state.
I don't follow. The state recognizes I own something, therefore the state power has been expanded? I'd argue the opposite. Virtually everything else I own, the state doesn't really recognize is fully mine, but rather they think they own a piece of the profits on. Currently the state thinks they own part of others' crypto (tax on profits payable in fiat only though!), so to relinquish that ownership is a step up. The state legitimation of crypto as being owned by me means they've ceded power of private property to private entities, rather than it being public or unrecognized property. Since the state recognizes it's all mine, I don't owe the government any of it and as full owner I can unmolested exercise control of my private property without interference by government.
When the government steps in, it's not usually to say _you_ own it but rather _they_ own part of it. If you own it of course you owe them nothing of it. Government finally getting their greedy hands out of private property would be a huge step up.
This is even more obvious when I present it this way. Yesterday there's a cow in my yard. The next day my neighbor says he recognizes the cow as my cow. The neighbor has ceded over power of the cow, now recognizing I have full control of the cow and they're removing any claim of power they had. It's a contraction or break even of, not expansion, of my neighbor's power.
Ownership means you have full control over your crypto. Paying taxes on it means you don't have ownership, but rather partial ownership. If the state is conferring you full ownership, it would appear their power is decreasing. If the state is taxing crypto, then they're taking away ownership status and instead attributing some of it to themselves -- THEN it's an expansion of power.
> It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers
> Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers.
Isn't this exactly how your access to digital content is mediated? A bunch of servers somewhere says that this user identifier is allowed to access this content.
I might be missing something with this analogy. Is there a legal component to accessing digital content that re-enforces its concept of being property? /gen
There are general similarities in computers mechanically enforcing access that applies to crypto-assets and digital content. I'm specifically interested in how the legal system confers additional properties or re-enforces these properties in digital assets that legitimize the properties institutionally.
I think you have to get with the times a little. Crypto is an asset (some coins a security) and has been recognized as such under the law for several years, and it's taxable.
Crypto is on the balance sheet of individuals, businesses, financial institutes and even at least one nation (El Salvador). There's crypto index funds and ETFs trading on wallstreet.
And here you are philosophizing about whether crypto can really be owned? You're a decade too late.
Human society is rapidly moving more and more "things" in the electronic realm. By necessity of technology (we're on HN for goodness sake!) the realm of property absolutely must expand into electronic representations.
Ironically, Bitcoin enables ownership to be established (at least as far as knowing the private keys = proof of ownership), in addition to the transaction path the electronic bits and bytes took in order to reach its current place of ownership.
Technically they were charged with conspiring to launder money, completely unrelated to any mention of theft or hacking.
From TFA: "Court papers filed against the couple did not accuse them of the hack itself; officials declined to say if the pair are suspected of stealing the money."
Interesting point, but if the government considered whoever had control of the coins the rightful owner and not stolen, would it be laundering then? It doesn't sound like a problem of taxes.
Laundering is any process to legitimize illicit income. It does not matter who owns the coins or other assets in question. What matters is if the coins represent any vehicle of fund transfer that originate from any form of criminal enterprise or other unreported financial activity.
I was replying under some comment thread about the the government "not legitimizing" bitcoin, and thus not considering "bitcoin theft" to be actual theft.
which is why they weren't charged with actual money laundering. they only got them with conspiracy which is a super weak charge.
a money laundering charge requires an illicit origin, which means it can only be a tacked on charge after charging or proving someone was involved in the illegal activity.
the government just doesn't know, they just find everything this couple did to be super suspicious. they clearly had control of an excessive amount of cryptocurrency that they were reintegrating into the economy. the government doesn't seem to know if they were actually involved in the heist, or how, or to what extent.
simply obfuscating money isn't illegal. obfuscating an illicit origin is. lets see if the government can get to the bottom of this "conspiracy to obfuscate money of an illicit origin".
All it says is that they don't yet have strong evidence to expect a conviction on hacking charges. And it's quite likely that some other people were involved in the hack itself - perhaps after this arrest, they will get some new information that will allow them to charge someone for the hack itself, for example, out of a plea deal when one of the gang turns against the others.
Obvious no-true-scotsman. Believing that the goal of crypto is to circumvent laws regarding possession and theft is at most a fringe belief. The fact that this is at the top of HN demonstrates how devoid of merit crypto discussion here is.
Circumventing property law has absolutely been a selling point of crypto, front and center, since its inception. The real no-true-Scotsman is saying, "Those who want an extra-governmental system of property aren't the real crypto fans." Yes, they are.
In reality, crypto's true purpose is a moving target, so it can never be criticized because that's not what crypto is really about.
And it's official, Godwin's Law [0] has reached crypto. The purpose of Bitcoin is of course to support the Nazi cause. What other purpose could it possibly have? /s
Hint: Millions of people use Bitcoin as a:
- store of value to protect purchasing power over time
- inflation hedge to protect savings from the ravages of inflation
- a hedge to protect against corrupt governments manipulating currency
- protection from negative real interest rates
- censorship-resistant payments
- anonymous payments with instant finality (Lightning)
Money is a tool like any other. Cash, gold, NFTs, Bitcoin, and credit cards can be used for good or evil, lawful or unlawful purposes. The technology isn't inherently moral or immoral. It is just a tool.
The "it's really for nazis" argument is particularly weak. The critics must be getting desperate.
This is the first time you hear "Bitcoin is for nazis"? You're lucky, I guess. It's a pretty common accusation because many Bitcoin advocates are also far-right and/or extreme libertarian.
Anyway, I'm not saying that. Eichmann is simply a reductio ad absurdum example of the problems with the "it's just a tool / technology has no moral" position.
Lots of tools that are useful for marginalized groups are also useful for marginalized groups that want to spread hate. Same goes for the internet. It was hard in the beginning on internet mainstream (late 90s/early 00s) to find any community that didn't have a bunch of racists and fascists in it as well.
The flipside viewpoint is that cryptocurrency bypasses censorability by large corporates; cryptocurrency embodies the freedoms that appear to be espoused so loudly and delightedy by "the US"^.
Guns = good
Cryptocurrency = bad
Opinions I agree with = good
Opinions I disagree with = bad
Me getting mine = good
Someone else getting theirs = bad</i>
Censorship is the battleground issue for the 2020's.
^Apologies for the lumping of 300 million people into a single sentence description, it's for the sake of trying to make a point of the entanglement of "the US" and "freedom" - which isn't a bad thing.
I know too many people who aim to become millionaires off of btc and then move to countries without cap gains tax. I feel their sentiments are held by a large constituent.
That's such a sad view, especially to hold in a generally curious place like HN. Another example is narcotics, yes we know that most narcotics usage is bad, but does that mean all usage of narcotics is bad? Obviously not, and we take those articles as they come, and discuss the angles each article has independently, in most cases at least. But somehow cryptocurrencies are so emotional for most people, that they hold such a black/white view of it.
We can, and should discuss subjects without "tainting" them with general, over-discussed points when we can, especially if we want to keep HN curious and not turn into a echo-chamber.
It might take time, but the fact that the government can't print free bitcoins as it does with fiat to pay off its usurious debt and devalue everyone's hard work is a compelling basis.
But won't you just hoard all of your earnings if it isn't inflated away by 2+% every year? I've been told spending would grind to a halt. Also without holding your wealth in cash in a bank, how would banks use your money as a reserve for lending out to their favored clients?
Not necessarily. Secondly, banks and money lending are immoral and predatory. Usury is prohibited in the three major religions (Islam, Judaism, and Christianity), so we're better off without this dangerous practice. It goes hand in hand with fiat money by the way, the government is taking loans from the Fed, which is why it keeps needing to print more and more money to fuel it. The sooner we get rid of money lending as a business, the better.
On a side note, Islam requires a 2.5% Zakat from money hoarded in your account, to be donated to charity, so there's your solution against hoarding :) We don't need the government to fake print money to prevent people from hoarding. Better that money go into charity to truly have a more equitable society, as opposed to the fake and useless proposals we keep seeing and pitting parties against each other.
The Zakat is an interesting concept, but I don't see much functional difference from inflating the currency by 2.5% and then giving the newly created currency to the poor. Presumably some system is needed to enforce Zakat, that same mechanism of force could be used to inflate currency.
Since inflation is a centralized operation and Zakat is decentralized, I would wage enforcement of inflation is much easier than enforcement of Zakat.
According to https://www.usgovernmentspending.com/welfare_spending_analys..., in FY2021 welfare (not including Social Security or Medicare, which are for retirees, but including Medicaid) was $2,418B across federal, state, and local, about 76.6%. Neither Zakat or US welfare spending includes discretionary charity.
Overall, US welfare spending seems to be on the same order as, albeit a little less than, a Zakat imposed on all US wealth. Also, I'm not sure if this welfare figure includes EITC, which is the logical way that additional cash benefits should be distributed (since it avoids welfare cliffs).
Different types of wealth have different Zakat values, and not all wealth is subject to Zakat (e.g. the value of your home does not count towards Zakat). For example, currency, including fiat, gold, silver and other precious metals, is at 2.5% annually. Livestock has a different calculation, and so does produce.
Bitcoin and ETH combined are over 1T USD, much more than the figure you quoted. That's 25B annually, imagine how many lives that can change. Not to mention gold, which is at 11T, so 250B annually. Insane money that can revamp the entire planet.
It's strictly superior to have a system based on Zakat than the insane income taxes that we have today.
> Neither Zakat or US welfare spending includes discretionary charity.
Zakat is the bare minimum required for Muslims to pay per year. Islam heavily encourages discretionary charity, called Sadaqah. Both approaches are complementary.
> Different types of wealth have different Zakat values, and not all wealth is subject to Zakat (e.g. the value of your home does not count towards Zakat).
Of course. I did not want to get into such complications. This was more of a Fermi estimate to compare the amount a Zakat would raise in the US.
> It's strictly superior to have a system based on Zakat than the insane income taxes that we have today.
Maybe - remember that the US government pays for more besides bare welfare for the needy. Also the Islamic Zakat pays for more than welfare - also administration of Zakat (reasonable, but should be kept as low as possible) and Islamic missionary efforts (I don't think the US should redirect its welfare to "spreading liberty and democracy").
Even in Islam, there were more taxes than Zakat[1] - at the very least, a tax on harvests (corporate income or business reciepts tax) and a land tax - because Islamic governments also have other responsibilities besides charity. It would stand to reason that the federal and state governments would also continue to collect other taxes to support other government responsibilities. Also remember that inflation (certainly that intentionally engineered by the central bank) is effectively a wealth tax.
Which missionary efforts? If you mean paying Zakat to those whose hearts are inclined toward Islam that's something different.
> a tax on harvests
I mentioned this in my previous post. Livestock and produce have different Zakat calculations than the 2.5% of money held for a year.
If you're referring to Ushr, that's imposed on non-Muslim nations that taxed Muslims, so a tit-for-tat treatment, and it's not part of Islam per-se, but a socio-political decision.
> certainly that intentionally engineered by the central bank
Exactly what we don't want. We don't want a select few people to determine the tax rate for the entire population, affecting mainly people at the lower socioeconomic levels in society.
I'm going to assume you're from one of the countries mentioned below? It's my understanding most countries with Muslim majority do not centrally enforce Zakat.
>Today, in most Muslim-majority countries, zakat contributions are voluntary, while in Libya, Malaysia, Pakistan, Saudi Arabia, Sudan, and Yemen, zakat is mandated and collected by the state (as of 2015).[16][17]
[wikipedia ^]
>How so? Could you elaborate?
By compelling people to hold wealth denominated in currency, and then inflate that currency using central bank or treasury.
> It's very different because when the government inflates the currency, we all know whose pockets it ends up going into :)
No disagreement here. But government can also misappropriate Zakat. I am actually not in favor of most forms of planned inflation nor a compulsory Zakat precisely in part because I predict massive fraud on the minority of those holding the power to distribute it.
> I'm going to assume you're from one of the countries mentioned below? It's my understanding most countries with Muslim majority do not centrally enforce Zakat.
Today, many Muslim countries are not in a good shape unfortunately, and that's due to several reasons beyond the scope here. I'm referring to how things are required by Islam, and how things were done historically when Islam was actually implemented. Today Islam is not applied 100% unfortunately, which is a main cause of weakness for Muslim nations. They're either in property due to occupation, current or historic, or have to bow down to the West's whims, so that they are not overturned or invaded.
> By compelling people to hold wealth denominated in currency, and then inflate that currency using central bank or treasury.
I meant how would inflation happen in case of Zakat being enforced? They're orthogonal things unless I'm misunderstanding you.
> But government can also misappropriate Zakat
There is a set category of people whom are deserving of Zakat clearly outlined in the Quran. So, if Islam is properly applied, there would not be any meddling. It has been historically documented that in Iraq during Ummayad rule, there were no more poor people left to accept Zakat. Quite amazing.
You've said If Islam is properly applied, there would not be any meddling and Zakat would be applied appropriately. I guess you have more faith than I do that a human vested with these large sums will apply it appropriately. Humans can be greedy, corrupt, and clumsy and may not practice the word of the Quran accurately. They could simply make bad mistakes, without any bad will. Having centralized access to large sums of alms could result in Zakat going to benefit other powerful parties as well. Since it is collected by government, it would be hard for those paying it to stop payment in protest if someone did start meddling. Note this is also a problem with secular welfare systems, I am not saying it is a problem only with centralized Zakat.
>It has been historically documented that in Iraq during Ummayad rule, there were no more poor people left to accept Zakat.
Umayyad had a variety of religions of persons overseen by their caliphate. Was Zakat distributed to poor Christians in the Caliphate? Or did Zakat only go to Muslims? This is important to know, because supporting only minority of the poor who practice Islam could mean Zakat may have not solved poverty for the entire populace. I'd also be interested in seeing the citation that poverty didn't exist under this caliphate.
In America we have the problem that lots of administrators and bureaucrats siphon off much of the money in the welfare system into their salaries as well as issues with the money going into the hands it is intended to go to. Also since the money is taken by force, there's not a lot of control by those who contribute the money over making sure it is used appropriately.
I will note I find it both fascinating and worthy of respect that many cultures have come up with their own ways of helping the poor.
Personally I would be much more on board with a decentralized type of Zakat where individuals can pick what charity to go to, in order to protect from centralized failures of government.
>I meant how would inflation happen in case of Zakat being enforced? They're orthogonal things unless I'm misunderstanding you.
If I wanted to enforce Zakat via inflation, I would mandate people to hold their money in bank, as debt, or fiat denominated bonds, and then I would inflate the money supply by 2.5% by mailing out 2.5% of the current supply to the poor per year, or something approximating that. But that would also be an imperfect system.
> I guess you have more faith than I do that a human vested with these large sums will apply it appropriately.
I agree that humans can be greedy, etc. But that's why we have a judicial system. When you look at history, the Islamic scholars took their faith extremely seriously. Their accounts and biographies are not something you'd find in Western texts, but those exceptional people truly did exist. And because of them, we had things like the Islamic Golden Age.
The governments today have way more money on their hands don't they? Especially with the insane taxation rates we see. You allude to this point when you mention secular welfare systems. But history shows otherwise when Islam was applied.
> Umayyad had a variety of religions of persons overseen by their caliphate
Islam was the dominant religion, and the majority of the population were Muslims. The non-Muslims had to pay Jizya (limited to able men, i.e. not women, children, old men, or religious priests).
One of the categories of people who are eligible to receive Zakat, are those whose hearts are inclined toward Islam. Other than that, I don't think non-Muslims receive it. That being said, poor and needy non-Muslims are definitely eligible for charity (Sadaqah), and it is the responsibility of a functioning government to ensure that its population is well taken care of. Islam guarantees the rights of non-Muslims, and is very strict about it.
> I'd also be interested in seeing the citation that poverty didn't exist under this caliphate.
I didn't claim that no poverty existed in the entire Caliphate. As you know, the Caliphate spanned several regions and districts. I mentioned the Iraqi district, but I came across this question[1], which mentions that the mayors of the Libiyan and Tunisian regions wrote to Umar ibn AbdulAziz that they could not find a needy person to give them Zakat, so he responded to give it to the poor among the Jews and Christians. They replied that still no one took it, and they were no needy among them, so Umar replied to leave it in the market for anyone to take as they need. When still no one took it, Umar ordered to purchase slaves and free them.
I'll have to validate the authenticity of this specific account, but the notion that during Umar's rule, in certain districts there were no poor people left to accept Zakat is established.
> If I wanted to enforce Zakat via inflation, I would mandate people to hold their money in bank
Ah I see. It's prohibited in Islam to hold someone's money against their will, so there goes that :)
>The governments today have way more money on their hands don't they? Especially with the insane taxation rates we see. You allude to this point when you mention secular welfare systems. But history shows otherwise when Islam was applied.
Yes and I think the level of money and trust the government holds is a source of massive failure. I think those practicing Islam should be free to distribute their Zakat directly to poor or their select organizations that aid poor, rather than being forced to give it to a central authority. Otherwise one central authority has a monopoly on distribution of Zakat, which can lead to many inefficiencies and failures.
>One of the categories of people who are eligible to receive Zakat, are those whose hearts are inclined toward Islam. Other than that, I don't think non-Muslims receive it. That being said, poor and needy non-Muslims are definitely eligible for charity (Sadaqah), and it is the responsibility of a functioning government to ensure that its population is well taken care of. Islam guarantees the rights of non-Muslims, and is very strict about it.
Again I think it's wonderful that people are offered this kind of charity. I'm a little skeptical that the system under the caliphate could have prevented all poverty or that the poverty that remained wasn't solved by collecting Jizya from non-muslims and then distributing Zakat only to those whose hearts are inclined toward Islam. I admit I do not understand much of the history of Muslim Caliphates or nations, so I'm unable to really ascertain where islamqa.info gets its source from, but I doubt we have very good record of income distributions under this caliphate. But hey, I don't have any proof that there were poor, so maybe it's true.
I do thank you for digging up your source in this matter, and it is interesting to note some points on records of history.
> Ah I see. It's prohibited in Islam to hold someone's money against their will, so there goes that :)
A reasonable prohibition, one I extend to involuntary taxes and forced centrally collected charity.
Thank you for your viewpoint here, as it's one I rarely see living in the west.
Narcotic may be whatever you want, but the debate has to be honest and transparent, not shady and criminal: if you want to legalize heroin, make a case to the people, get it approved with safeguards, say like Portugal or France to some extent (Methadone), and make sure it won't profit people who also do other things with the proceeds of sales.
The problem with Narcotic is simple: people lose freedom when getting into addiction, then with hard narcotics they also lose the ability to make important life choices, minors and generally disfavored people are targeted by addictive substance sales people, production is rarely done well (because most fields should be used for food, if they are used for more profitable narcotic purpose legally or due to lax enforcement, ALL FIELDS become opium fields like in Afghanistan, which can cause food safety issues etc.
You can't just talk as if narcotic consumers are innocent party goers. Many are absolute victims and we must talk about it without crypto entering the debate. Crypto is just a weak way to try to hide the source of completely illegal funding for narcotics without going through the painful discussion with the population that we may have to sacrifice a lot of victims for the sake of spending less on narcotic enforcement.
Keeping the government from "seizing" assets is a big crypto goal, and avoiding taxes is included in that for a subset of users (which is "theft" if you agree with them). What to do with actual theft is kind of swept under the rug until it actually happens to a cryptobro, at which point they are very much in favor of a central authority getting their bitcoins or ugly monkey jpegs back.
Bitcoin is about separating money and state, but having a government is still very important.
I'm much more worried about non crypto believers hating crypto believers for getting rich while their life is getting harder because of the inflation central banks are imposing on most people.
I have the somewhat contradictory wishes, that good people should be able to hide from crooked cops, but crooked people should not be able to hide from good cops. Making it somewhat difficult, but not impossible to catch criminals seems to strike a balance.
What is a "true crypto believer" anyways? As a matter of practicality, everyone that interacts with financial assets of any sort are bound to laws imposed by some government. Equating "whoever has the keys" to ownership feels more or less equivalent to saying "finders keepers" is a valid justification for taking possession of a physical leather wallet. Or "We broke up, but I fed the dog, so it's mine". Or whatever.
A person can believe whatever they want, but when push comes to shove, it's a country's court of law that ultimately determines who legally owns what.
> A person can believe whatever they want, but when push comes to shove, it's a country's court of law that ultimately determines who legally owns what.
I think you've answered your own question - a true crypto believer does not agree with that. If the smart contract says the Ethereum is mine because you wrote it poorly and I called the transfer money function in the right way ("exploited it"), a true believer would say "yep, it's yours."
But that's not the way real contracts work. Contracts are an agreement between parties. If there is later a disagreement about what was agreed to, a judge sorts it out.
I think Ethereum is silly too. But you have to realize that their argument is "we'll make our own contracts, and what the computer says is the absolute truth - no judges or kings."
In that world, there is no such thing as stealing. If the crypto transfered, it was allowed to transfer by the contract.
The part that "true believers" are meant to hate is that now, someone on one side of the contract is grasping back to Money 1.0 concepts of conceptual ownership and meeting-of-the-minds type contracts. This enforcement action shows that the government thinks of Ethereum et al in this way too. And therefore the crypto paradise dream is dead.
> If there is later a disagreement about what was agreed to, a judge sorts it out.
Only because human language leaves a lot of room for interpretation. Computer output doesn't, or at the very least not nearly to the same extent. If your smart contract is itself legal (you are legally allowed to formalize those terms), and produced an output as a function of it's actual internal operation (and not a random, accidental bit flip) then it should stand even in front of a judge.
> Only because human language leaves a lot of room for interpretation
Technically no. Many things have intrinsic physical value that cannot be tracked via digital contracts. If I go to amazon and buy a book, but they ship the wrong book due to clerical error, then there's a clear cut violation of expectations with no room for conflicting interpretations.
In the crypto world, NFTs are frequently criticized for this very issue, and it doesn't even leave the digital boundaries: you can prove to have ownership of a token through the blockchain, but whether that token is actually tied to legal ownership of an asset is anyone's guess (case in point, there are various cases of people selling fraudulent NFTs for art they do not own).
Technically language is very interpretable but in some very simple cases it can be mitigated to the point where it's not a realistic issue. Even your book example isn't simple enough to be completely iron clad in all cases. You can receive a book that matches the criteria you provided (say title) but it's not really the book you were thinking of [0].
For more complex things like contracts and laws you have a lot of reasonably vague points that are up for interpretation. Courts reinterpret laws an contracts all the time, it's (part of) their job. Math is nowhere near as interpretable.
I don't know what a smart contract is, but seems to me that if you can convicingly argue that the function output is inconsistent with what the parties agreed to, it would not stand.
There are contract disputes all the time over what a word or phrase means, and what a judge will look at is which interpretation best aligns with the broad strokes of what the parties were agreeing to. Nobody agrees to a contract that contains "I get to void the entire agreement at my discretion, keep the proceeds, and leave you with nothing"
> if you can convicingly argue that the function output is inconsistent with what the parties agreed to
Talking about (smart) contracts in general, if both parties agree that there was an error they can resolve it without any court. The problem is when only one party disagrees.
Imagine you have a contract with the bank and agree to pay 10% interest on a loan. Later on you try to claim you just weren't paying attention and thought it's 1.0%. That's a hell of a case to prove in front of a judge. And if that were the case the concept of contract would be worthless, invalidated by simply claiming "I didn't mean that".
A smart-contract should be easily reproducible. If that piece of code consistently returns the same result under the specified conditions then it's valid even if the result was because of a mistake the author made while preparing it.
> and produced an output as a function of it's actual internal operation (and not a random, accidental bit flip) then it should stand even in front of a judge.
Honest questions to people who are familiar with SmartContracts/Ethereum - how do disputes and adjudicating work in this example then?
how has anything changed in this sense? The owners of bitcoins are always whoever has the crypto keys, that isn't an imperative it's just a fact, now the fed has the keys.
> It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
I really don't understand these arguments.
The law still applies whether or not you use cryptocurrency. Using cryptocurrency doesn't free someone from the consequences of their actions.
What if they acquired the Bitcoin without using illegal means
Probably not possible in this case, but in DeFi where everything is ruled by smart contracts, what would make executing behavior allowed by those contracts illegal.
Laws of USA and pretty much every other country reject the notion that "everything is ruled by smart contracts" and assert that legally, as far as their jurisdiction reaches, their law is the deciding factor. Contracts have their basis in contract law. You certainly can write a paper contract which "allows" some illegal behavior, and executing such a contract would be illegal, no matter what the contract says. The same applies for a "smart" contract.
If we have the government to weigh in on which transactions are legitimate or not, why do we need a distributed ledger? Cryptocurrencies are trustless, but if we can trust the government to rule on ownership fairly why do we need a trustless system?
Isn't crypto plagued with the same problems? Sure fiat isn't perfect but it doesn't look like crypto is solving any of those problems, as exemplified here.
To say crypto isn't being inflated by behind the scenes players or right in your face players for a matter of fact is wishful thinking. Look at how bitfinex and tether operate. Artificially pumping the price of bitcoin by purchasing with newly printed tether that many sources point to isn't actually backed by money as they claim. Same goes for many of these stable coins. The crypto industry is controlled by a powerful cartel of wealthy figures who use bought influencers and pay for play media outlets. BTC and others are the easiest way for new entities to scam the proletariat. This is no revolution of the common citizen. When a select few own the majority of btc how can one surmise that it is invented for all. For example, one btc maximalist I know claims a 100 million dollar btc is on the way. So we will have a couple thousand btc trillionaires, what a utopian vision.
no. this is quite bullish for bitcoin. they're showing that bitcoin can't be used for criminal activity, whatever the government decides that should be (usually in favor of the general public). this helps to legitimize bitcoin. Protecting consumers of bitcoin is bullish for bitcoin. helping to prevent fraud in bitcoin is also bullish for bitcoin. All these things increase confidence in bitcoin as a legitimate way of storing wealth.
It sounds like all the good things for bitcoin here are coming from the power of the central authority to provide confidence, legitimacy, protection, and legal recourse.
So why on earth is that a good thing for an asset which is all about the power of decentralized systems?
Human society, for a number of years now, has been governed by central authorities that define the rules in which society has to live. Bitcoin cannot and does not take part in dictating how society is to function, Bitcoin is put forward as an alternative currency that cannot be quantitavely eased / printed and gifted to society's largest entities as reward for criminal behaviours that endangered the very society that the central authorities are meant to be acting in protection of.
Central authority is a basic requirement of society. Bitcoin is an alternative currency. Recognition by the central authority of society is a legitimisation of Bitcoin in its position as an alternative currency.
I don't (sort of I do actually) understand Bitcoin being seen as a replacement for all centralisation / government. Bitcoin has never attempted to make legislation. Currency only (and that's shrunk to 'store of value').
People get way too hung up on the concept of "hard" currency. It really takes some study of economic and financial history to understand that currency is just a means to an end, and that hoping for some immutable piece of value in your personal vault isn't what powers our world. Money is far more abstract than anything in the crypto world, and that's why it's not a good long-term bet.
I'd encourage you to read an excellent primer on the subject: The Ascent of Money by Niall Ferguson. Money is a social construct, not anything tangible. You can create money from leaves you rake in your yard, and organize your neighborhood around how many leaves you have. You can all agree that the giant stone at the bottom of the bay belongs to the unfortunate sailor who lost it, and therefore he's still wealthy even though he can't get his giant stone back (true story). You can agree that the people who are oldest in society deserve the most access to credit, and give them services accordingly.
Basic point here is that wealth is derived from society creating connections and performing services for each other, not from holding currency. Currency is simply the oil in the machinery which helps facilitate these connections. It has no intrinsic value, and the easier it flows, the faster the engine can run. That's why the Fed conducts QE and money printing - it's about the economy, not the currency. Inflation is a side-effect but it's often preferable to loss of real assets and jobs and lives.
You're describing credit, not currency. You can access credit to fund daily transactions without touching the principle of your investments. That's what a credit card does.
the power of "decentralized system" in this case is merely from the fact that more of it can't be created. When we're talking about the big movers, the institutional investors and the big money, they didn't run to bitcoin because it was cool tech, or cool to be decentralized. they're investing in bitcoin not because of bitcoin. they're investing in bitcoin because central governments have defaulted on their obligation of having a stable currency. You can't hold fiat currencies when they're loosing value at 6% to 12% or more per year, it's just too costly.
Bonds and cash are no longer viable investment asset classes. So all that leaves is Equities, Gold, real estate and bitcoin. It's all about TINA -> there is no alternative.
The cryptographic keys were stored on a cloud storage device. Law enforcement agencies gained access to these keys while executing a search warrant and used them move the funds. So by this logic, the government is now the rightful owner of these funds.
“True crypto believers” seems like a loaded phrase these days because I feel like most crypto believers are riding it’s wave to legitimacy. And things like this push it further towards that goal.
I don’t see how anyone could really still believe in the original ideals behind Bitcoin. They made something but not what they wanted.
Most crypto believers, believe in crypto because they have money invested on it and want to get rich. If you remove that variable of getting rich, very very few remain.
I'm confused. The government got the money back with perfectly legitimate transaction(s) which they signed with those very private keys. If the rule is "whoever has the private keys is the owner", the the government was playing by the rules.
What crypto believers should really hate is the fact that with a warrant, the government can potentially get at your private keys. That'd be an interesting problem for crypto to try to solve
I'll put myself at least partially in the "true crypto believers" group, but I think this is good news. Stolen X is 'bad', bringing the people who stole X to justice is good.
This is where I may only be a 'partial' member: My feeling is that Bitcoin (not all cryptocurrencies) was about removing Fed/Gov control of the currency. It takes no position against law enforcement of direct currency theft - outside of what could be construed as the theft of currency value by quantitative easing / gifting bailout money to banks, etc.
Bitcoin, specifically, has always had a public ledger too, so start-to-finish transaction tracking is part and parcel.
> which would be "whoever has the cryptographic keys".
This is still true, no? Now the government has the keys, so they own it. It's clear that you can't be sloppy with your keys, because "whoever has the cryptographic keys".
I'm sitting here trying to understand their mindset.
They had to know what kind of scrutiny would be on those coins forever.
At the time of the theft, the coins are worth $100M+ and they can't touch them. Even worse, anything they do with them will be monitored, researched, dug into, and everything else from law enforcement, amateur detectives, and every major tech+crime group.
Fast forward to now and the coins are worth 50x that.. and now they try to move them? And all the keys are in cloud storage? But it had to be frustrating to be sitting on something so valuable without any way to use it. They had to be stressed and anxious about it.
A life of crime is stupid. A life of crime for something this high profile is far beyond stupid.
I was wondering about this. I would think the most obvious path would be to find some other criminals (now you've got new risks) who don't care about the provenance of the coins, will pay cash for some coins at a discount, and you somehow launder that cash....
Could at least get a couple bucks from it, possibly.
There are "local bitcoin trading" groups that do exactly this - convert bitcoin to cash at a discount. But obviously you can't do this for billions of dollars and you expose yourself to personal monitoring and capture.
I am genuinely surprised it has not happened already ( or maybe it did, but it did not make news ). If NK hackers wanted to get someone in trouble, connecting someone to one of the wallets listed by OFAC would be relatively effortless.
They already knew that address though, they were waiting for them to convert the BTC to USD to find the person tied to the address. Still dangerous because the person you sent them to might give the feds your name.
That wouldn't work, the same way it wouldn't work to park a stolen Ferrari or a bag of cash in front of your house to accuse you of something. The situation would be cleared up pretty quickly.
How or why is that? Why would it be easy to cash in or sale 4 billion dollar worth of crypto in Russia? Russia probably doesn't extradite a person to Americans (not sure about non citizens) but there are plenty of sharks who would want to get their hands on these coins if that came to public anyway.
They have not extradited Snowden. If it is politically favorable they would grant residency. There are other few other countries who who do the same, but only one or two like Russia could withstand U.S. pressure if they harbor such a high profile figure.
Of course Putin will take all the money anyway, so what is the point ? Getting the mob for support never ends well.
Also to note one of them is a dual Russian citizen so it more complex than the hypothetical
I thought maybe they could go to a country without any extradition treaty And has no diplomatic relationship with the U.S. Then cut a deal with the government.
It's a slim picking...
Iran
North Korea
Syria
Bhutan
Taiwan
Azerbaijan
Palestine
Georgia
Cyprus
Western Sahara
Even Russia has too much to lose. Maybe if it were $360 Billion, they might consider it.
> Iran North Korea Syria Bhutan Taiwan Azerbaijan Palestine Georgia Cyprus Western Sahara
At least in half of those countries, once they found you really in control of $3.6B crypto, they would torture you until you give it all, then dispose off your body.
Ilya Lichtenstein (YC S11) is the co-founder of YC-backed MixRank. Heather Morgan, his wife, is apparently a serial entrepreneur, investor, and "contributor" to Forbes.
Heather R. Morgan is an international economist, serial entrepreneur, and investor in B2B software companies. She is an expert in persuasion, social engineering, and game theory.
They certainly thought an awful lot of themselves - it's fascinating to dig into their public facing digital trail. If they played by the rules they'd have been living large as part of the .001% of the world.
They bought themselves a giant lead brick and chained themselves to it. It'd be sad if it weren't so stereotypically comical.
How about the 2010s! A VC firm had a tradition of making all their portfolio companies participate in an annual rap and dance. I think I had to participate in an Gangnam style rendition. Probably not that hard to find, with that information.
For those unfamiliar with Forbes as a platform, forms allows for independent unpaind (by Forbes) writers to submit content on their platform. If you see a scummy crowdfunding campaign or shady start up claiming "as featured in Forbes,etc etc" that's how they do it.
The hack occurred 5.5 years ago. The Federal statute of limitations on Grand Theft/Larceny is 5 years. Is this why they are charged with Conspiracy to Commit Money Laundring and not charged with the actual theft?
Lichtenstein and Morgan are charged with conspiracy to commit money laundering
If so, this means that (outside tax obligations) they may have gotten away with it essentially by sitting on the money doing nothing for 5 years and then openly transferred it to themselves. Since they took actions that were meant to launder the money, they opened themselves up to the money laundering charges on their own.
This is similar to many financial regulations where you can have completely legally obtained money but if you deposit $9,000 followed by depositing $1,000 thereby avoiding a CTR notification to the government required for a $10,000 deposit, you're guilty of "structuring" your deposits.
It's definitely not that easy... They would be sued in Civil Court for the entire amount, the Feds have a variety of options for 10-year statutes that could be implicated when they transfer the funds to a bank (wire fraud, mail fraud, bank fraud) and they would have to pay taxes on the funds lest they are implicated in tax fraud. It's hard work being a criminal.
So government was moving bitcoins not hackers. Like I said in that thread it is easier to launder cash than bitcoins because bitcoins are on chain forever and cold cash can be laundered in numerous ways.
> The Justice Department announced Tuesday it had seized more than $3.6 billion in bitcoin allegedly stolen as part of a 2016 hack of Bitfinex, saying authorities have also arrested and charged a husband and wife in New York for allegedly trying to launder the cryptocurrency fortune.
> Officials said Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, were arrested on charges of conspiring to launder money. They are accused of trying to launder 119,754 bitcoin that were stolen after a hacker breached Bitfinex, a cryptocurrency exchange, and initiated more than 2,000 unauthorized transactions. Prosecutors said the bitcoin was sent to a digital wallet controlled by Lichtenstein.
From the actual charging statement (https://www.justice.gov/opa/press-release/file/1470186/downl...), the Feds have more details and fascinating traces through the various methods which the accused laundered the funds. Raises the question of whether they would've attracted so much attention if it were "only" a $70M hack instead of the multibillion dollar one due to BTC appreciation.
> In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet. At the time of the breach, 119,754 BTC was valued at approximately $71 million. Due to the increase in the value6 of BTC since the breach, the stolen funds are valued at over $4.5 billion as of February 2022.
Sometimes I wonder what the chances are that certain (highly privileged) staff at Google (or other similar data storage or e-mail companies) could run a query across Google Drive looking for a specific public key. Much like a malware scanner, just looking for "a key", just to see if there is an account matching. Unofficially, of course. A rogue employee perhaps. And, what if, in such a case, the employee (in the best of cases) reports the person anonymously, or in other cases, takes off with the private key if also found.
Or does anyone know if the data is so encrypted that nobody at Google can override? I would highly doubt that, looking at US law enforcement pressure. And I am sure there's a million and one barriers and access requests blocking raw queries, but technically...
Of course, a hefty hefty conspiracy-laden thought, but I just found myself curious if that would even remotely be an option.
Yep, I definitely recall numerous incidents of people putting a private key onto a dropbox file, never sharing it with anyone, have 2FA on their accounts (with no unauthorized activity), and then seeing funds disappear.
I haven't work for google, but other cloud provider I worked has very strict production access policy. You cannot just access prod, or run script. Even in cases that you must access prod, it needs special temporary access. (Just in Time Tokens), which is audited, and linked to a case. Few people in management line have to approve the access, and it expires once used. I would say the chance that some random engineer does this is very very low. Unless Google actually does something like that as a product for law enforcment. I have heard few cases of these scripts for things like child abuse images. I have never seen one though in action.
The I/O cost would be more than any loot you find !.
Jokes apart, it is not easy even for Google in-house teams such a query scanning all their drive folders would be very, very expensive computationally.
Most files are stored as binary blobs, i.e. bin formats like PDF etc with some level of compression. Retrieval costs and file read costs for even most common formats can be expensive and slow
Why would a Russian national with so much BTC to launder, who hasn't touched it in 6 years suddenly perform the action from New York City of all places from within the USA.
I don't know why people assume that Russia is a lawless land where you can just cash out billions of dollars worth of stolen cryptocurrency.
Even if that were the case, maybe they rationally decided that the risk of pissing off United States federal authorities was better than pissing off Russian authorities and organized crime.
For example Mt. Gox hack was also most probably hack not an inside job because that guy Mark Karpelès was so incompetent running the exchange no wonder it got hacked every now and then.
"The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
the file was encrypted, but the fbi hacked it after already having gained access to the account (via warrent).
Which is to say, this isn't how they actually got cought, it's just how the nail will go in the coffin (and thankfully for those impacted, some funds recovered).
FWIW, if you ever find yourself in this position of owning a large amount of stolen crypto, I believe the best way to wash it would be to "robin hood it out" to a bunch of random wallets. You just happen to own 10-20% of the wallets, but the feds now have to try and track thousands of different people over years to try and identify the true thief, and there will always be plausible deniability.
This should all be taken with a big grain of salt. The official story be just parallel construction to give cover to say zero day hacks or other covert espionage etc.
seems like the FBI was investigating for another unspecified reason, got the warrant for access to his cloud accounts, encountered encrypted files, and spent the next few months brute forcing or attacking the encrypted files until January 2022. they had marginal success with that effort but fortunately the files they got open were the jackpot with private keys and all sorts of damning things.
this is a strange one, because the IRS agent is the one that made the call.
so FBI, DOJ and IRS are involved.
The IRS agent actually suggested wire fraud and CFAA along with money laundering and defrauding the US (an IRS thing about revenue its owed), which makes sense, but DOJ has only moved on "conspiracy to commit money laundering" and "defraud the US".
This is really surprising, given that the Bitfinex hack was quite complex (unless they had inside knowledge). There are several ways to hold crypto for an amount as large (hardware wallet, brain wallet, pre-signed transactions, etc...)
>According to court documents, Lichtenstein and Morgan allegedly conspired to launder the proceeds of 119,754 bitcoin that were stolen from Bitfinex’s platform after a hacker breached Bitfinex’s systems and initiated more than 2,000 unauthorized transactions. Those unauthorized transactions sent the stolen bitcoin to a digital wallet under Lichtenstein’s control. Over the last five years, approximately 25,000 of those stolen bitcoin were transferred out of Lichtenstein’s wallet via a complicated money laundering process that ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan.
Sounds like they were very much involved in the hack... or someone hacked Bitfinex and gifted them the coins?
Yeah -- It reads like they didn't have the evidence to prove they hacked Bitfinex, but plenty of evidence they're the only ones that moved the hacked funds. Hence the lack of CFAA or other charges in favor of money laundering ConFraudUS.
Probably stupid question: Why not just exchange it to zcash or monero or some other coin that hides transaction details? Then you can send it to a new wallet; theoretically 100% untraceably.
with atomic swaps that make use of taproot, that wouldn't be distinguishable from, say, opening a lightning channel, but still, there's not enough liquidity there (and this is very recent stuff anyway)
They did that apparently, it is mentioned in the article. There are still ways to trace it. For example, if they do it in a short timeframe or in just two transactions you can match the amounts. Not many people send 100k$ in zCash around.
Ben, it appears you've become emotionally invested in my comments. While I appreciate the attention it does signal that you're going off the deep end judging by you replying to all of my posts in and out of this thread within the same hour.
Feels aside, I get the impression that your knowledge of monero, zero knowledge proofs, and anonymized transaction outputs is lacking.
By virtue of the way that monero burns and creates unlinkable transaction outputs with concealed amounts, you cannot discern the amount of any transaction or output unless you're a key party to the transaction. As always the sender is also concealed. Tumblers would be a different and weaker concept all together.
The equation group admits this themselves, and it is proven time and time again every time monero is seized or analyzed.
I do hope you eventually get out of your feelings and get your proverbial shit together, because idolizing your detractors is no way to live. I assure you my ramblings are nowhere near as interesting as the conversations you'll have with your therapist about them.
Also lmao, nobody in this space uses banks, stop it.
What possesses someone who just stole billions to stay in New York while trying to launder their money? Staying and pretending it didn't happen, I get. Pulling a Marsalek, I get. But staying? While continuing to try and access that wealth?
Is it arrogance? Stupidity? Misplaced faith in the anonymity of crypto?
Reminds me of Ross Ulbricht getting busted for running Silk Road. If you're running the largest black market for drugs in human history, why in the world would you stay in San Francisco???
"CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol."
It never ceases to amaze me how incompetent some high profile criminals are. Encrypting a file is simply too difficult apparently. The entire purpose of crypto is that the exclusive holder of a private key cannot have funds seized. A 15 year old kid probably has better opsec with their crypto wallets than these people. Astonishing really.
yeah I've never seen a crypto investigation that made me impressed with the government's abilities, nothing that surprised me about the utility of OPSEC best practices, only people with weak links and dumb behaviors that are incompatible with doing something criminal.
You're not serious, right? You clearly haven't seen some of the latest unlicensed money transmitter prosecutions. The resourceful agents over at HSI have come up with an incredibly effective method of stopping crime in the Bitcoin network. It looks something like:
CS1: "I would like to exchange these dollars which I represent to be the proceeds of the sale of controlled substances in violation of the Controlled Substances Act for Bitcoin."
In a hypothetical, if the two did not breach Bitfinex servers (unauthorized access to others systems) but instead managed to "guess" the private key to the Bitfinex wallet and transfer the funds, would this also be a crime?
In the scenario outlined there would be no unauthorized access to any systems, whether owned by Bitfinex or anyone else, so I really don't see how the CFAA could possibly apply here. As for the cryptocurrency network itself, the protocol is that anyone who has the private key is authorized to spend the corresponding funds—how the key was obtained is irrelevant.
Of course, correctly guessing a 256-bit random private key is exceedingly unlikely, though if they key is based on a lower-entropy password (a "brain wallet") then the odds of a correct guess improve dramatically.
CFA would likely consider a bitcoin wallet a "system". You weren't authorized to access funds in that wallet.
And even if it weren't that's no different than guessing someone's bank account number and paying for purchases that way. Its still someone else's money and its still stealing.
> CFA would likely consider a bitcoin wallet a "system". You weren't authorized to access funds in that wallet.
We don't have to guess. The CFAA refers to unauthorized access to computers, not "systems". The Bitcoin network is not a computer, and someone posting a transaction signed with some key, however that key was obtained, is using the network as intended and not accessing either the Bitcoin network as a whole or the individual computers comprising the Bitcoin network in an unauthorized manner.
> And even if it weren't that's no different than guessing someone's bank account number and paying for purchases that way.
It is different, because in that scenario you're claiming to be the designated account owner, a specific legal person authorized by contract to direct the bank to pay money from that account—not just someone who knows the account number. You generally have to sign a statement to that effect in addition to providing the account details. If you aren't the account holder then you're committing fraud. (Though practically speaking it's really a bit ridiculous that merely knowing the account number—something printed on every check and hardly a closely-held secret—is considered sufficient to set up a direct debit.)
By design, Bitcoin doesn't care about your real-world identity; it only cares about whether you know the private key.
> Its still someone else's money and its still stealing.
Wrong on both counts. Bitcoins are an abstract concept, much like points in a game. They are governed by voluntary consensus among Bitcoin users according to a particular specialized system of rules, and not your private property. In short, they're "yours" only as long as the network says they're "yours". If other Bitcoin users stop recognizing those bitcoins as "yours" for whatever reason—a blockchain fork, a change in the consensus rules, someone else guessing your private key and spending them—you have no legal recourse. There are no physical goods involved which you could sue to have returned to you, and no legally-binding contracts between you and any other participants in the Bitcoin network which you could claim were breached by the change.
If a bank accidentally leaves a sack of cash on the sidewalk and you take it, it is not yours. Plus they didn't declare any of the money and instead laundered it through a bunch of sham companies and fraudulent users on crypto exchanges.
Even if the bank accidentally put the money in your bank account and it’s reasonable to believe that it’s not yours, you can be held liable if you spend it or withhold it from the bank.
If bitcoin has legal ownership, then the means by which you stole it doesn't seem relevant.
Are you essentially asking if bitcoin has ownership?
I would assume that using someone else's credentials (wallet private key) without permission to make changes to a system (the bitcoin blockchain) is in itself illegal, yes.
I can't see how they can get away from it not being theft. No durable argument could be made in court they thought it was there to take, there is no way they didn't know it was someone else's property.
Regardless, I don't think ignorance would be a valid legal defense, despite whether someone recognizes random sequences of bits as personal property or not.
Just saying in the article that's what they're being legally charged for, and that already comes with hefty maximum sentences.
They are clearly associated with the hack, but that can be tacked on after further investigation and cross-examination. The money laundering is an easier opening target.
Knowing the key doesn't immediately mean that your access is authorized. This isn't equivalent to finding a $20 bill on the ground so there's not really any corollary to stumbling across it.
Page 15 of statement_of_facts
The only other significant deposit to the account was an approximately $11,000 U.S. Small Business Administration Paycheck Protection Program (PPP)
loan advance provided in response to the COVID-19 crisis.
> While it is possible that SalesFolk received virtual
currency, based on my experience, companies that do offer virtual currency as a
payment method or in conjunction with another service often advertise it to attract more business.
Disagree here. I know many institutional funds that accept crypto for investment, solely because the third party fund administrator allows it, who only updated to account for that because so many funds and limited partners wanted that.
You would have no idea how much is happening behind the scenes, with the merchant services pushes being just a small tip of an iceberg with its own success or failures.
I was going to disagree, but it turns out you’re right. Home Depot and a few other companies do accept crypto and they are not trying to meme about it.
> "The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
That makes sense, and of course storing them in cloud storage was a bad idea. However they could have only obtained the warrant /after/ they pretty much knew Lichtenstein was the culprit.
How did they determine Lichtenstein was the person who had the bitcoins?
I ask this every so often during threads regarding stolen cryptocurrency:
Is there any solution yet to preventing stolen cryptocurrency funds from being spent? Isn't the only solution to have a central database and require laws to require every transaction to be pre-checked to see if it's stolen funds or not?
And not only that, the centralized system will have to be constantly keeping track of wallet mixing to see where funds are being redirected to, attempted to being washed to?
I'm not waving it away, this isn't a discussion about the legal system.
If someone steals steal a fiver from your back pocket then there's no magical wand that the police can wave that teleports the cash back into your hand. They need to come and get it from the kitchen table or wherever the thief has put it assuming they haven't spent it.
Most cryptocurrencies are explicitly designed to act as digital cash in this way. The system is structured such that a coin is fully under the control of the owner of the private key, there is no third party involved to effect some sort of return like a bank can.
If the coins are sitting in an exchange or some other custodian i.e. not exclusively under the control of the owner of a private key then you can effect this change by leaning on the exchange (in a legal sense).
Possession is probably a better word than ownership, sure.
In the same way that if someone takes your cash into their possession, they might not have legal ownership, but now they have to somehow be involved in its' future transfer (even if that's like, handcuffing them and forcing them to hand it over).
In a cryptographic system you need the key in order to do things. Whether you think it's good or bad to apply that principle to the concept of money is orthogonal to the ground reality of how it actually works.
The original Bitcoin whitepaper explicitly refers to itself as a peer to peer electronic cash system (https://bitcoin.org/bitcoin.pdf). It's the 7th word in. It's designed to operate in a cash-like manner as opposed to a referential (credit-like? not sure what the term is for this) as in a bank ledger or similar.
> Possession is probably a better word than ownership, sure.
I want to stress that I don't consider this a minor difference.
> In the same way that if someone takes your cash into their possession, they might not have legal ownership, but now they have to somehow be involved in its' future transfer
Yes. Cash can be stolen by a pickpocket. But two things make this not a difference in degree, but in kind:
1. You can't pickpocket $70M
2. A pickpocket can quickly hand the $100 in your pocket to an accomplice, but not to an accomplice in Bolivia.
If you want to move millions or billions in cash then you have to fill out paperwork exactly because that's how money laundering happens. Cash isn't actually easy to move, nor anonymous, at scale.
$70M is 700kg in $100s. And any legit business you show up with $1M in cash will report it, because they have to and/or because they don't want to be tried as an accomplice to money laundering.
I've had friends receive huge sums in cash, and they have reported it exactly for this reason. Enforcement against financial crime is actually built in.
I think the comparison to cash therefore is completely inappropriate, to the point where I question if it's even said in good faith.
> In a cryptographic system you need the key in order to do things. Whether you think it's good or bad to apply that principle to the concept of money is orthogonal to the ground reality of how it actually works.
In my opinion it's not "money" that's being replaced with math, but "intentions". It's not about replacing fiscal policy with math so much as replacing laws against theft and money laundering.
The definition for the features of cryptocurrencies tend to be the exact description of money laundering and tax evasion.
So if the goal is "I want to commit all the financial crimes" then yes, for those purposes cryptocurrencies have found their use cases.
> Most cryptocurrencies are designed such that the concept of "returning" stolen funds is not really meaningful.
Which is why these things are not features, but bugs, in cryptocurrencies. The core design principles of cryptocurrencies are actually bugs, if you think about it.
>The core design principles of cryptocurrencies are actually bugs, if you think about it.
It's a system designed around a different set of trade-offs. Calling a bug doesn't really make sense. For instance, using full disk encryption means that you lose all your data if you forget your keys. That's not an issue if you use icloud (which presumably has an account recovery process). Based on this, can you say that the "core design principles of full disk encryption are actually bugs"?
No, you're using words that I don't think are meaningful in the context of what a cryptocurrency is.
Assuming you can't physically track down a thief and seize control, the technical best case you can achieve with Bitcoin is to blacklist specific transaction outputs e.g. you can choose not to accept them. You can't prevent others from accepting them, but you could for example as a governmental body add them to a global blacklist of sorts and legally forbid exchanges from accepting transactions which have at some historical point interacted with those blacklisted transaction outputs.
With the use of Lightning or coinjoin or various other privacy preserving protocols you're going to end up in a situation in which you have to taint the entire coinbase (e.g. all coins) eventually; the ultimate endgame of doing that would be to "ban Bitcoin" on exchanges.
With something like Monero or ZCash there's no serial number to track in the first place so you have no ability to blacklist anything; your only option is to refuse to accept those currencies at all.
These are possible legal avenues you can go down. But _returning_ the funds is mathematically impossible without somehow gaining access to the private keys that control them.
The fact that there is no "solution" here is an explicit goal of most of the cryptocurrencies that I'm aware of. It's certainly the reason that I'm interested in the space; it's non-custodial, as cash is.
If someone steals your car, takes it abroad and you don't know where it is, it's gone. There is no solution. Goodbye car. So it goes. If I could add a mechanism that drove it back to me, I wouldn't want it for a host of reasons.
This works with the smart contracts with USDC, it's just that there's an authority which has permission to update the state to deny transfers from a specific address.
This is because USDC is a centralized stablecoin (as is USDT). There are decentralized stablecoins such as UST and MIM (and I believe DAI as well).
Correct, though on second thought, given how slow many DAOs are to operate, the perpetrators would already be in some other uncontrollable currency by the time people voted to blacklist certain wallets.
A DAO could have a privileged user (voted in by the DAO of course) who has the ability to blocklist specific addresses that aren't explicitly on an allow-list. Then the DAO vote could add accounts to the allow-list.
Doing so would mean the token could be transacted, except by users who are on the blocklist and not on the allow-list. And this would prevent a privileged user from abusing the power to add accounts to the block-list. Getting unblocked at the speed of DAO is less of a concern, as long as blocked account-holders can still vote with their tokens.
What does "stolen cryptocurrency" actually mean? For example, if one person says it was stolen from them, and the holder says they legitimately acquired it, then how is any solution supposed to decide who is correct?
For fiat currency, there's usually a court system that can be used to determine ownership. Though often they explicitly exclude cash from that - if somebody legitimately acquires bank notes that were previously stolen, they can keep them and they are valid as legal tender.
For cryptocurrency, which jursidiction's justice system is going to determine whether something has a "stolen" marker or not? What if that's not recognised by a different jurisdiction, or someone else comes to the opposite conclusion?
> For cryptocurrency, which jursidiction's justice system is going to determine whether something has a "stolen" marker or not?
It's the same decision process as the normal justice system. Broadly speaking, you can analyze it as follows (for civil complaints):
1. Is there a clause in the contract that says "disputes follow XYZ jurisdiction"? Then that's the jurisdiction. (And adding such a clause is Contracts 101 material).
2. If not, then you can usually get jurisdiction based on where the offense actually happened, or where the defendant lives. The analysis can get complicated, but it's not going to meaningfully change for cryptocurrency.
3. There's also a potential for extraterritorial jurisdiction in some cases.
> What if that's not recognised by a different jurisdiction, or someone else comes to the opposite conclusion?
Well, jurisdiction really comes down to a) can you get a court to agree that it has jurisdiction, and b) can you get other people to agree to the court's orders for relief.
That decision process would lead to different people coming up with different results. For example, it's not possible for me to look for a clause in your contract with a third party. I don't even having any way of knowing if the contract you might show me is the one that applied to a cryptocurrency transaction. So if you claim that your cryptocurrency was stolen in that transaction, and your favored court agrees it has jurisdiction and concurs, I still have no way of verifying any of that.
Your decision process might work for you, but it's not meaningful for establishing consensus in a cryptocurrency.
There is no solution because you would end up punishing innocent people. E.g. if a thief buys a car with their proceeds then it's not fair to punish the car dealership by confiscating the originally-stolen coins. This was decided in Scotland in 1749, cf. https://en.wikipedia.org/wiki/Crawfurd_v_The_Royal_Bank
How exactly are you punishing innocent people? What's happening is you're rewarding thieves.
Your example doesn't fit what I am saying either. With a digital currency you can do a pre-sale trick, so you'll see the funds were stolen - and you then don't sell them the car in the first place.
> With a digital currency you can do a pre-sale trick, so you'll see the funds were stolen - and you then don't sell them the car in the first place.
It's a race against time. As soon as the coins are sent to a new address you can't know whether goods or services were exchanged in this process and you are thus punishing a well-intentioned seller as opposed to the thief.
Isn't there a log to immediately know what wallet coins just came to to the new address? E.g. you could check the history of the new address, to see where the coins came from, before approving the transaction by first verifying it didn't come from known stolen funds?
Isn't that the prime value of blockchain - the immutable chain/record of transactions?
That Scottish decision, while still the basis for bona fide acquisition of money in the UK and US, does not yet appear to apply for cryptocurrencies.
Your Wikipedia link cites a 2019 paper published in the Georgetown Technical Law Review whose analysis (https://georgetownlawtechreview.org/wp-content/uploads/2019/...) on page 415-6 says that 2016 US v 50.44 Bitcoins (https://casetext.com/case/united-states-v-5044-bitcoins) determined "cryptocurrencies do not meet the UCC's definition of money" and thus bona fide acquisition is not sufficient to prevent the crypto from being legally seized from the possessor and returned to the original owner.
To be clear, I'm arguing that the same reasoning behind the Scottish decision is why cryptocurrencies don't have a built-in features that prevent stolen cryptocurrency funds from being spent: because it would make the currency non-fungible.
Some organisations already have such systems in place. Take for example this Redditor who lost hundreds of thousands of dollars because someone some time in the past pushed his coins through a mixer.
what do you think about tornado.cash? It's apparently a very effective mixer. I wonder what law enforcement can do if someone ends up using tornado_cash.
There is absolutely no way of knowing if the money is good or bad. If you consider every mixed_cash as bad, you would be forced to assume that the entire cryptocurrency is bad bec of how the money flows.
I don't understand all technicalities of cryptocurrencies, however you make it illegal to mix with known stolen cryptocurrencies - and then it won't get mixed; else yes, it's a problem if your ethics make you okay with rewarding criminal behaviour by allowing stolen money to be spent.
Sure, but what does that mean? Will they return it to Bitfinex to distribute? Will they try to distribute it themselves? How will the accounting for who owns it work given Bitfinex's complex (and probably illegal under US law) token scheme that they implemented to cover up the hack? Will they return amounts calculated based on the value stolen in 2016, or the value of the coins now, a 60x difference? Will they sell the coins and transfer dollars to claimants, or transfer the coins directly?
That's just nitpicking. If Bitfinex is acting as a custodian, the property will be returned to the owners. Whether that return happens via Bitfinex or via the feds looking at Bitfinex's books doesn't really change much. The point is that the feds can't destroy property just because they don't like who it was stolen from.
The feds have no problem seizing and liquidating property. They do it all the time. They even recruit local law enforcement to do it for them. See "equitable sharing"
That's if the property was purchased using money obtained from selling illegal goods or services. If the property doesn't belong to the criminal, it's an entirely different situation.
I'd actually really like if they used this opportunity to drive the Bitcoin price straight into the ground, thereby ruining that market for all those speculative investors.
Maybe that'd allow for something of a reboot of the ecosystem having eliminated the scum that usually starts to invade any remotely financially exploitable system after a while.
According to the article it’s up to a judge on how the funds are dispersed. It seems to lean towards the bitcoin being returned to their rightful owners.
It worked out well for the owners assuming it is returned.
> charged with conspiracy to commit money laundering, and conspiracy to defraud the United States
Do you think there are more charges to come?
If they think they actually laundered money through businesses, why didn't they charge them with multiple counts of money laundering and multiple counts of wire fraud and a violation of the CFAA?
I’m actually wondering if there are serious doubts here. Especially due to the weaker charges levied, and watching the cringy @realrazzlekhan tiktok page where everyone also has their doubts about these people’s competence.
Darknet markets sell IDs, the DOJ also says the hackers used fake IDs to reintegrate the money. This fairly welloff couple (lives in Manhattan condo, owns bengal cat and jewelry) could easily just be one of the IDs. Both the husband and wife are early crypto proponents but that might just be circumstantial to both the DOJ and the hacker who got their IDs.
Watching this one. Its like they got just enough of data for a charge to get the subpoenas and warrants, but not enough to go for the bigger more damning charges.
They definitely had custody of the funds and felt obligated to try and launder it
It seems like the government needs to figure out if they were the only ones with custody, which is proving a negative with private keys, but the government seems to feel like it’s needs a greater proof of the actual heist of bitfinex so they can pin the rest on this couple.
Still reading though, this is just what I’ve parsed so far.
The IRS-CI agent had requested CFAA and Wire Fraud charges.
I think pretty damning are accounts tied to their personal identities and emails to exchanges where they lied about the source of funds. How can they explain that away? Their email addresses were hacked? Funds moved to their personal bank accounts and used for expenses was unintentional? It seems like a big stretch.
okay I finished reading it, it is pretty damning and the report does say that it is just one agent investigating certain specific criminal charges that "doesn't reflect all of the investigations of the government"
Ilya had trouble figuring out how to launder it
Still the outstanding question is whether he is the only one with the encrypted files, or if he was a service provider. not that its a real question to me, its something the government has to prove for stronger charges like the CFAA to be levied and stick.
There is certainly the potential for an argument that they didn't do the hack, that someone else was more involved, that they were small players in this, etc. but it's highly likely they were involved in some way.
there is speculation spreading that they bought the bitcoin at a discount at the time, circumventing the trustlessness by taking the private keys (and hoping the seller doesn't use another copy to move the funds later). this would have been just a few million dollars in 2016.
inspirational in the direction of ideas on this case, and I know people that would trade a private key directly.
would help explain the amateurish laundering.
could be an interesting defense. could explain why they didn't run or do anything when their ISP notified them of the US government snooping back in November.
Does this mean users who lost everything on bitfinex will be contacted and could possibly recover their coins? Can you imagine waking up to realize you are rich because the feds seized the coins and are returning to you.
Will this make bitcoin plummet? I figure that all these stolen stashes of BTC lowered the supply on the market and with these new available coins it will plummet somewhat.
I really don't get why they didn't encrypt their data. It's very easy nowadays and doesn't even degrade performance much (depends on algorithm used though). Especially when you place highly critical data in a cloud. Maybe they fell for the saying "Bitcoin is anonymous" - which it isn't, rather quiet the opposite.
I was thinking, we know the feds have seized bitcoin and auctioned (laundered) them off later on. Cash often gets seized too.
What happens if a criminal tries to burn cash and is mostly successful in doing so? Do the feds go to the BEP with a claim to get the money reprinted; or, like burned bitcoin, is it gone forever?
Talk about famous last words, 3 month ago before this hammer came down, wow! Wonder if it crossed his mind if this also applied to his own crypto deals
So, hypothetically, if these guys were to completely cash out these coins somehow, and then pay tax to the IRS, would they be immune from tax fraud and IRS involvement? I know similar things happen with stolen property and illegal drugs (Sullivan v. United States).
they wouldn’t know who to hold accountable either. The point is that nobody would.
In my model the only liability would occur from the normal day to day business operation that you earn the successfully laundered proceeds from. like one of your actual clients sue you because you breached the SLA because you forgot you’re actually running a legitimate business.
So Bitfinex is worth at least $3.6bn or is it all customers BTCs?
Were people made whole back then? Is it some MtGox thing where people who lost money back then will now have it? In BTC? Or in USD at the worth of BTC back then? Or in USD at today's BTC valuation?
Great to see this; once again reminds me to stay away from BS friends in insurance, etc, that talks about "tech" but smells con-artist and pretentious in general, even if you two used to grow up together
Can't trust them if they are lost in the money game
What i love most about this is that if these clowns didn't stupidly store their keys in a decrypt-able file in cloud storage, then ~.01% of BTC could have been lost forever.
We are just 10,000 hacks away from bitcoin being gone forever! A boy can dream.
> “digital currency heists executed through complex money laundering schemes could undermine confidence in cryptocurrency,” said U.S. Attorney Matthew M. Graves
Well now you US prosecutors aren't reading hacker news!
So uh, does this money get returned to Bitfinex now? Is this a huge windfall for them? They've fully redeemed their BFX tokens for whatever that's worth.
After this hack, Bitfinex account holders took a haircut (30% or so) and were given tokens representing the remainder of their dollar-denominated account balances. Those tokens were paid in full in 2017ish.
Later, the UK, Portugal, and Poland seized $1B or so of Bitfinex customer funds due to the funds being delivered by Crypto Capital Corp who was found to be engaged in money laundering. Bitfinex issued LEO tokens to make up for that asset seizure, and have a clause that if the 2016 stolen bitcoins were recovered, they'd be used to retire the LEO tokens. That's why LEO has greatly increased in value recently. https://cryptowat.ch/charts/BITFINEX:LEO-USD?period=1d
Serious question though, we live in a time when a mere mortal is able to carry out an enormous financial crime, whose knock-on effects could be enormous to millions of people directly and indirectly. How do you put a relevant sentence on that? Even whole-life in prison doesn't really make up for the number of people who might be affected by it.
note, I didn't read the article, it was just the headline that made me ask the question so possibly slightly off-topic.
"When she's not reverse-engineering black markets to think of better ways to combat fraud and cybercrime, she enjoys rapping and designing streetwear fashion."
"I deeply, deeply regret to inform you that this is the rap video of the woman who was just arrested as part of an alleged husband-wife scheme that laundered some $3.6 billion in crypto."
I have been writing an imaginary Coen brothers in my head over the last couple of years based on absurd current events. This is definitely being added.
I'm thinking of tying them both in as friends of Lady Gaga, tasked with trying to pay the ransom to the people who kidnapped her dog in crypto. In the process, they accidentally stole too much.
> “Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.
How is this not a total death blow for bitcoin? If the justice department can do it, anyone can. It's a public ledger. So you effectively must treat every transaction you ever make on the blockchain as totally public and tied directly to you.
It took them 6 years to catch these perps. And these perps were extremely sloppy (storing keys in cloud, weak encryption)
Justice must give the perception that they are doing enough. They can't really say that it's really hard to catch people committing crimes in cryptocurrencies.
This goes to show that the only use case for NFTs is to launder money, and it's not exactly a great way of doing it. I hope they get a long prison sentence.
"Between the 2016 hack and the present, LICHTENSTEIN and MORGAN further
engaged in a diverse array of virtual currency transactions, including transacting in numerous
altcoins, liquidating BTC through a BTC ATM,23 and purchasing non-fungible tokens (NFTs)."
25 years max for stealing billions? God bless America.
> Lichtenstein and Morgan are charged with conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and conspiracy to defraud the United States, which carries a maximum sentence of five years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Given that folks have been given longer punishments for stealing less, yes. Granted, ianal and I acknowledge that things come into play like repeat offenses, etc.
Are they being charged for stealing? I thought the concept of crypto is to be you own bank, So as long as you have the private key, you are now technically the owner.
What if two people generate the same private key. Who is the owner ?
they haven't actually been charged with hacking, just the laundering. the complaint could be amended after investigation and the potential sentence would go up.
I don't understand why you are being so aggressive. This is a post about news on laundering crypto. I am aware of a technology that seems to cater to that use case.
I would assume that it's because your comment reads like an advertisement, since it name-drops (and links to) a specific mixer rather than just saying "It seems that a coin mixer could have been used..." Is there anything novel about this particular mixer? If not, why link to this one specifically?
That was my first question as well. But for someone who stores private keys of coins worth billions of dollars on google drive, I don't think using a mixer was a big concern.
They couldn't even bother to use strong encryption on the file of private keys. Crypto 101: never store private keys online.
Another possibility is Ironfish(https://ironfish.network/), but I don't know how much liquidity there exists in either of these. I don't think you could launder/hide $4bn through either of these. Perhaps slowly over a long period of time.
Ironfish is just a testnet so there is zero liquidity there because it isn't even launched.
Tornado cash has about $700mm right now deposited in it, with the vast majority of that being in the 100 ETH deposit pool.
They absolutely could have done it over time. They could have bridged the Bitcoin using the RenVM protocol to receive renBTC, done a combination of selling the renBTC and let arbitrageurs provide the liquidity as the couple would have had to sell a little below market. They could then deposit the ETH in Tornado.cash. Simultaneously to speed things up, they could have deposited the renBTC into an onchain staking protocol to borrow against it, using the borrowed proceeds as their liquidity, and possibly even just forgetting about the collateral and letting the protocol take it eventually.
Even though they would be a large part of the Tornado.cash pool, it would actually only be "for now" because there are several other heists of large seizes that are turned away from Tornado.cash because it is too small. So liquidity begets liquidity. I would content that even if they had become 60% of the pool, boosting its size to $1.5bn, that it would have attracted many more deposits, I could see Tornado.cash being a $3bn pool by now, given the size of heists that I know of.
Tornado.cash of course is not good enough to reintegrate back into the economy, under your name. So then they could have employed the reintegration.
With clean money they earned from salary, they could have created a random token on the Ethereum network, lets call it SHIBA INU (SHIB), made sure to keep a bunch of the tokens for themselves, and then withdrawn tornado cash notes to 100,000 addresses which programmatically bought SHIB, and pumped the token 52885982.4% and just been a lucky trader that cashes out with long term capital gains they pay. They would have had many more billions doing that.
Its too bad that people could try to throw a "conspiracy to commit" charge at me too, the moment I use Tornado Cash or launch an erc20 token now, but its more important to me that my speech isn't chilled so that you all can have a better discussion about it.
An excellent overview of how the crypto ecosystem glues together. Also a shame that understanding and explaining how these technologies can be (and probably are!) used together leads to accusations of criminal past or intentions.
I have a question: is it possible to write scripts to do the above automatically? Or does it have to be a manual process?
Few people understand the ecosystem thoroughly (I admit that I do not), so few people can implement the manual process properly. One mistake equals 0 privacy.
Also, would they be allowed to use renVM since everyone knew that these accounts contained bad bitcoin?
It is possible to write scripts to do this automatically, and randomized activity.
There is a push for more and more permissionless bridges. All the bridge builders and their communities shy away from that obvious discussion because they do host and earn basis points from any crypto that passes over the bridge, even if it is obviously from a heist. It would put a bridge, especially that bridge, in a tough spot if these hackers did too much too soon, the hackers would have needed to be watching bridge technology and from this indictment it just looks like they werent.
They could have used something like wbtc, to bridge the bitcoin to Ethereum and then swap to eth to run it through tornado. But wbtc is a custodial wrapping service that would require kyc. There are other wrapping services that don't, but they have nowhere near that much liquidity on Ethereum to execute the trade to eth needed to run it through tornado.
The other problem is that tornado has limited liquidity itself. At the moment there is about $500M USD worth of eth in tornado. You would do yourself no good to dump a large multiple of that into the pool all at once.
Good points! Thorchain (a non-custodial service) claims 1.9B total swap volume. So, while not viable today for billions of dollars, the Bitcoin -> Thorchain -> Tornado Cash pathway seems to be viable for smaller amounts. Which doesn't necessarily bode well for recovering stolen bitcoin (and other crypto) in the future.
A thief still has to figure out how to convert crypto to fiat. But I am assuming that there are jurisdictions where this is possible without KYC.
I was thinking that there are probably thresholds that trigger alarms when large amounts of crypto are converted to fiat. If crypto is coming from a clean address, there is not evidence of illegal activity. But there is still the question of where those funds originated. So I am not sure if government entities can seize those assets...
I'm not well versed in BTC, so my prices may be wrong. But this is webscale in a way I haven't thought of before.
It is alleged they stole 119754 BTC, which in 2016 was < $1000USD. Which would have been < $100,000,000. Today, it is worth 5bln. (not that 100mm is nothing.... but it is a lot less).
Could you imagine stealing something that most people thought was a toy. Suddenly
it became so valuable that the government could justify who-knows-how-much resources to catch you?
The statement of facts is linked to from the press release, and describes generally how the Feds were able to trace the stolen funds (they found a file listing private keys, after gaining access to the suspect's cloud storage) https://www.justice.gov/opa/press-release/file/1470186/downl...
> The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys.
> ...The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to LICHTENSTEIN’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts
> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products. In 2021, agents obtained a copy of the contents of the cloud storage account pursuant to a search warrant. Upon reviewing the contents of the account, agents confirmed that the account was used by LICHTENSTEIN. However, a significant portion of the files were encrypted
$4 billion has got to buy an awful lot of compute time, but still, how did they decrypt the file?
A fancy (or even basic) dictionary attack has a very high chance of working.
$4B should buy a very, very fancy dictionary.
Should be able to get rainbow table with fucking octarine for that money…
I LoL so hard at this one... A fellow Discworld fan!
Random example but my passwords look something like chOf$Tyl83fhn@54R. I keep them written down because they are hard to remember. My threat model is no one. Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.
>Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.
There's selection bias going on because only dumb criminals get caught, so you only hear about the dumb opsec practices of those criminals. Conversely, you'll never hear about the opsec practices of that professional crew with perfect opsec that hacked an exchange/difi contract and disappeared into thin air.
Until the least bright member of the crew makes a mistake, gets caught, and turns in the rest. Being perfect is difficult to maintain forever, though it's possible in principle. It might require the thief to live like a grad student even though he has billions of dollars/euros worth of stolen wealth; being flashy attracts attention and if nothing else, the tax authorities.
If a person is that financially rich but still has to live like a grad student, it seems like the only point of that wealth is to rebel against the legal system. Even if one isn't caught, there's still a loss of freedom to avoid getting caught.
I haven't studied criminology, but I alternatively suppose someone who does that just doesn't think that far ahead. This likely also explains why the vast majority of people with these capabilities choose to live a life in accordance to their country's laws.
There's money laundering; have a front business and gradually mix in a bit of the illegal money and pretend it came from the business. That's how mobsters do it.
That's right; your comment brings to mind this scene where the character Saul Goodman explains money laundering in Breaking Bad (this clip is supposedly shown as part of university lectures): https://www.youtube.com/watch?v=RhsUHDJ0BFM
Minor conspiracy theory:
Or, the TLA involved have some sort of crack or acceleration procedure; the TLA say "the criminals were dumb" because the people involved can't combat that without admitting guilt, and who'd believe them. The real reason is the TLA used illegal access and tools that we wouldn't be happy they're using against the civilian population? Oh, and the people using the tools are guilty by association so they're inhibited from whistleblowing.
Or the one that stole $3.9B worth, went to great lengths to put $3.6B where it could get tracked down, but linked to somebody else. Then they took $200M and made it even harder to track down, but linked to somebody else. Then they kept $100M with insane opsec knowing that the incentive to recover it had been reduced by 90+%.
https://www.useapassphrase.com/
"Lorem ipsum dolor sit amet"
"Approximate Crack Time: 61,103,576,810,655,170 centuries"
Yeah, sure:)
Well, that one isn't in Have I Been Pwned's password database, so it may in fact be somewhat secure.
> I keep them written down because they are hard to remember.
With the Feds involved, that would be sufficient to crack the data.
You wrote them down - where do you store them? Seems like bad opsec if you are at risk of search and seizure...
It doesn't unless you chose something stupid like "correct horse battery staple" or "word + word + number". 7 words chosen from 1000 word dictionary password encrypted AES 256 cannot be cracked with existing technology, 8 words impossible with future tech.
Is there any "standard" 1000-word dictionary?
There is for example this https://www.kaggle.com/wjburns/common-password-list-rockyout...
But you can refer to https://hashcat.net/hashcat/
You wouldn't want to use that one.
bitcoin developers have taken a crack at it: https://github.com/bitcoin/bips/blob/master/bip-0039/bip-003...
Not 1000, but the EFF diceware long word list has my vote.
https://www.eff.org/files/2016/07/18/eff_large_wordlist.txt
This depends on the key derivation function used. PBKDF2 or BCrypt with strong enough difficulty factor makes even fairly short passwords difficult to crack. On the other hand, a straight SHA-256 hash method can be broken insanely quick with fairly long passwords.
>fairly long passwords
how long are we talking?
I never really did the math before but I whacked something together real quick in Excel. At $0.30/THash BTC we can come up with some cost expectations for password lengths. Here I will use a 74 possible character password using 26 upper and lower case letters, 10 numbers and 12 symbols. Totally random of course. Using (Possible Chars ^ Password Length) as the number of combinations and guessing we will find our answer at about %50 of our guesses. (See! Super rough)
With SHA-256 it takes about $21 to crack a 6 character password.
$1500 to crack 7 characters.
$108,330 to crack 8 characters.
$7.8 million to crack 9 characters.
$561 million to crack 10 characters.
$40 billion to crack 11 characters.
$3 trillion to crack 12 characters.
$200 trillion to crack 13 characters.
Edit Note: BTC is kinda expensive per hash right now. Usually this would all be cheaper. Past 14 characters it could be 1 cent and still outrun the usual US budget for a couple years.
Yeah, but at the end of the day these keys have to be used by human beings so the passwords were likely something practically sized and easy to use.
Especially since in general the likeliest failure mode would be the user forgetting the password to their millions of dollars worth of Bitcoin keys, followed by someone attacking the password.
That depends entirely on the hash function being used.
With a bad choice like SHA256, a 7 word passphrase could be cracked in as little as a few months with a single ASIC. The US government probably has a bunch of them already, so I think that an 8 word passphrase is already within reach for current tech.
Of course, with a real key derivation function like Argon2id, things would look much better.
>how did they decrypt the file?
keyloggers for example.
Here is the most likely approach: https://xkcd.com/538/
One route would probably be to start with a warrant to search their house in hopes of finding some passwords written down somewhere
Under what premise are they getting the warrant?
This absolutely sounds like parallel construction.
I assume they’d get it on roughly the same basis as the warrant they got for the cloud storage.
I’m also curious what here looks like parallel construction to you - I thought the statement of facts was surprisingly mundane, but perhaps I missed some red flags?
Is it me or should he have literally just gotten a hardware wallet, transferred everything to that account, then burned the old key?
Of course that txn would show up on-chain, but if you don't have possession of the private key for the first account, and no digital device has ever "seen" the hardware account then he would've been fine.
This is assuming the key piece of evidence was his private key, and he wouldn't have been prosecuted without it.
Additionally, putting your key in cloud storage sounds like the dumbest thing ever... Just memorize your seed phrase and write it down. Its 4bn for christ sake.
Yeah, a hardware wallet is good, although for a billion dollars, 100 hardware wallets would be better. Could even go so far as to split a private key into seven horcruxes using Shamir's Secret Sharing and bury them in locations around the world.
Memorizing a seed phrase leaves you vulnerable to a $5 wrench attack, I wouldn't recommend it.
> Memorizing a seed phrase leaves you vulnerable to a $5 wrench attack, I wouldn't recommend it.
Of course the problem is the attacker may not know what method you used and resort to the $5 wrench attack anyway :)
Not stealing $3.6B might be an even safer bet.
still: physical threat + seed phrase cracked > physical threat
The famous Bitcoin family reportedly spread their hardware wallets across the globe.
https://www.cnbc.com/2021/08/11/bitcoin-family-hides-bitcoin...
The article suggests each location contains 100% of the key, not using Shamir’s Secret Sharing.
> Taihuttu is trying to put a crypto cold wallet on every continent so it’s easier to access his holdings.
I hope it’s at least encrypted with an additional passphrase, otherwise it’s only as strong as the weakest bank’s security.
Wow.
> Taihuttu has two hiding spots in Europe, another two in Asia, one in South America, and a sixth in Australia.
> We aren’t talking buried treasure – none of the sites are below ground or on a remote island – but the family told CNBC the crypto stashes are hidden in different ways and in a variety of locations, ranging from rental apartments and friends’ homes to self-storage sites.
I hope this is all a decoy or else it’s the worst opsec I’ve seen since about five hours ago.
I would not want to be a friend to the sort of idiots who would say stuff like this. Having a target painted on my back as a decoy somehow makes it even worse.
Or the Winklevoss twins who store their codes in separate banks across the country.
Reminds me of the man who was sent to jail for refusing to reveal his keys. think this happens alot.
https://arstechnica.com/tech-policy/2020/02/man-who-refused-...
You don’t need splitting the private key. Bitcoin has multisig setup. For example, you can setup your wallet such that 6 out of 10 private keys need to sign in order to transfer funds. Spread that 10 private keys out. Or 3 out of 10. Or 2 out of 5. Any n out of m.
You're right, gathering multisigs would be much safer than gathering SSS shares because you wouldn't be carrying around bits of the private key.
Any single SSS share does not disclose any additional information about the private key (i.e. it is not like splitting the key itself into parts).
And SSS also allows n out of m.
For the attacker, the problem isn't about protecting the crypto but to launder.
If gov got to you, it probably doesn't matter how well you got it protected.
You're still memorizing the seven locations around the world. It's the same thing with extra steps.
> Just memorize your seed phrase and write it down.
The article mentions he had many wallets.
With a hardware wallet there is still a paper trail that you bought the device. So the feds will be looking for them.
Printing the paper wallets, putting them in a $1 glass jar with a silica packet and burying in your back yard would have been 100 times smarter.
There is zero link between a hardware wallet's private key and the original account that purchased the wallet.
There really is no such thing as a "hardware wallet."
Private key was uploaded to cloud storage that Feds had access to with a search warrant.
> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products.
Reads suspiciously like Gmail. Oh no. You stored your keys weakly encrypted on Google Drive?!
Or Microsoft, but yes, indeed...
Or Apple...
It wasn't necessarily weakly encrypted. The key may have been compromised, which I find more likely.
Thermorectal cryptanalysis, for sure (relevant xkcd mentions pipe wrench, though)
I doubt it was weakly encrypted. But FBI has non-brute force decryption methods at their disposal.
A little thin on details. I wonder if they tracked down IP addresses at the exchanges.
There was a reward offered by Bitfinex. It's possible someone simply dropped a dime on these guys and after that everything fell into place.
> they found a file listing private keys, after gaining access to the suspect's cloud storage
That's backwards. It's how they wrapped it all up. The real trail is pretty clearly AlphaBay 2016/2017 transactions (under gov control around that timeframe), to KYC-flagged accounts at an exchange, with a web of accounts with real info linked together past there.
If he instead started to draw NFTs, and sell it from his KYC account to his dirty wallet, could he still be convicted? What if only one out of every 100 NFTs his dirty wallet purchased was from his KYC account?
Or what if he decided to create his own crypto-currency and it just so happened that his dirty wallet was an early investor of ETH to his fund.
Seems like he could have done more to distance himself.
There wasn't a big NFT market until very recently.
> Seems like he could have done more to distance himself.
On a value system with an inherently public ledger that eventually has to hit a fiat off ramp with KYC/AML requirements? Nah. Everyone has quality opsec until they don't, and the record of your criminal activity is immutable and highly durable.
You can just sell the bitcoin for monero, then sell the monero for btc.
also, as time goes on, the proportion of btc that are "dirty" approaches 1, so these chainalysis strategies become less effective, assuming you aren't stupid enough to do some criminal act then cash out at a kyc exchange the next day from the same wallet
But are there any exchanges that swap btc for monero or eth that don’t have KYC requirements? Seems like it’d need to be off-chain somewhat, unlike uniswap.
There are atomic swaps between BTC and XMR at least (see https://unstoppableswap.net/) but for centralized exchanges check kycnot.me
There are decentralised exchanges like bisq: https://bisq.wiki/Main_Page
Presumably, this would do the trick.
As far as I understand buyer and seller still have exchange information for the transaction to happen. The moment the buyer tries to use the stolen bitcoin he will have the police knocking on his door to find out where he got them from. The seller basically ends up completely at the mercy of the buyers security, with the added bonus that bisq doesn't enforce a completed transaction, so the buyer might just disappear once the goods changed hands without ever paying.
There are plenty that'd swap bitcoin (BTC) for litecoin (LTC) without KYC despite the fact that LTC can now do private transactions via MWEB. As networks integrate private Tx support, breaking the visible chain is going to be getting easier and easier.
fixedfloat.com does exactly that.
Not unless those actors running those non-KYC exchanges are well hidden away from US extradition. Anybody who doesn't have KYC requirements in this space are risking serious prison time. People don't know it yet but the guys running Tether are going to go away for a long time. What they are doing is far worse than Liberty Reserve and Arthur still has 16 year left in his sentencing.
Morgan and Ilya appear to be the original hackers as well so on top of the money laundering sentencing which is around 10~20 years, they now have to deal with the hacking charge which appears to be a separate trial.
Morgan and Ilya aren't the only ones involved and the rest of the guys will eventually appear on DOJ website.
"also, as time goes on, the proportion of btc that are "dirty" approaches 1"
I don't follow what you're saying here. Nothing stops something from being dirty multiple times, does it? So nobody might care that it could be traced back to something sketchy 5 years ago, if more immediately it's traced back to last month's crime.
Suppose he deposited it into AlphaBay and then withdrew from AlphaBay, and FBI didn't seize AlphaBay's logs. Where is the criminal immutable durable record now? There is no proof of connection between incoming and outgoing coins. Same principle with mixers.
> Seems like he could have done more to distance himself.
Bitcoin's public ledger makes transactions into prosecution futures.
This is why it's such a poor choice for revolutionaries and funding the marginalized. You leave a permanent indelible public record in posterity that will in the course of time be de-anonymized, automatically, and traced back to you.
Is it illegal to sell your artwork at an auction, and a criminal happens to be the one to buy it? I honestly don't know.
is the onus on an artist or on an "auction house" to vet buyers. If post sale it turns out the money was fraudulent, does the artist need to pay it back?
In crypto terms. You the artist simply put a NFT up for auction at OpenSea. You the scammer happened to purchase the artwork on OpenSea. However KYC is not well enforced, enabling for money laundering between the two wallets.
I mean art and other not easily evaluated assets are used for drug trafficking and money laundering.
Auction houses are known to be on the trick -- that is passively mainly/ they don't care and work to "pump" the prices of artwork. But of course law enforcement agencies know about it too.
It shouldn't be illegal: people should be free to buy what they want. But let's not hide behind our noses.
This only work because they hire the right lawyers, who dinner with the right persons across all law enforcement branches.
More simply, they might get away with it because, by and large, they're not actually laundering illegal funds, but merely using the exact same tricks to obscure all sorts of socially disreputable but not actually illegal stuff. Of course, there's a real gray area since arguably a lot of disreputable stuff should also be illegal. But by the same token, some people might genuinely want more privacy depending on their circumstances.
Maybe not, but they certainly use art to dodge taxes, which could be framed as fraud, if they were not well covered legally.
> If post sale it turns out the money was fraudulent, does the artist need to pay it back?
Maybe? IIRC, if you unknowingly buy stolen property, and they trace it to you, I think you have to surrender it to its rightful owner (without compensation from the police).
I don't think that works with money, though. I can't imagine someone who sold a house to Bernie Madoff would have to give up the proceeds of the sale years later when he is found out to have been running a Ponzi scheme.
They actually did claw back a bunch of the disbursements from Madoff towards the end.
https://www.wilsonelser.com/files/repository/PHLY_Article_Cl...
It's not illegal if it's a coincidence, however, that may reasonably be probable cause for investigation, and if the investigation finds out that it's not that the criminal "just happened" to buy it but that you colluded to do that, that's a felony.
It may depend on the particular country, and jurisdictions on the internet are gray areas... That said, in the US if you are paid with stolen money and then informed of that fact then you are knowingly in possession of stolen money and would have to return it. If you no longer had the money (used it to pay bills, live your life, etc) then it probably gets more complicated.
In a closely related scenario, if you sell a kilogram of gold to a buyer who pays in counterfeited US currency, then the secret service will seize the $50,000 and you will not be compensated.
Doing business with criminals can bite you, even if you were not participating in a criminal enterprise.
I don’t think thats quite the whole story though. The feds would have no obligation to make you whole but you would almost certainly have a civil cause of action vs the buyer for the full amount, if you could ever collect. So don’t do business with people who can disappear or avoid court judgements.
> is the onus on an artist or on an "auction house" to vet buyers. If post sale it turns out the money was fraudulent, does the artist need to pay it back?
No. Normally you have to return items that were stolen from someone even if you purchased them without knowing they were stolen. But money is an exception. See:
https://en.wikipedia.org/wiki/Nemo_dat_quod_non_habet
(I don’t know whether Bitcoin would be treated as money for these purposes…)
> Is it illegal to sell your artwork at an auction, and a criminal happens to be the one to buy it? I honestly don't know.
Law on receiving stolen goods is vague, complex, and jurisdiction-dependent. But in some cases, if the money you get paid is "the same" money that was stolen (something that's actually much easier to show with Bitcoin, where every input to every transaction is another transaction's output), and you know about the crime, yes. See People ex Rel. Briggs v. Hanley.
Melania Trump recently did this to her NFT.
https://www.reddit.com/r/CryptoCurrency/comments/sohojt/mela...
To be fair is more of Solana pretending to sell celebrity NFTs by buying them with its own funds.
I get what you're doing here, but that's way too many steps. just because bitcoins ledger is open & transparent doesn't mean there aren't a million other privacy focused coins you could swap into leaving the trail cold.
You can walk in the river instead of trying to cover your tracks.
Yeah somehow those crypto expert on social media don't even think about it, when they shout bitcoin will fix this.
To be fair there are some cc* that try to address this. Apparently signal was forced to choose the relatively unknown MobileCoin exactly to avoid this problem.
*cryptocurrency is too long
> cc*
That’s “credit card”. We’ve already lost “crypto”(graphy), let’s avoid deliberately giving away other common shorthands.
But you could exchange the bitcoin for moneor and then back to bitcoin, and that would make things harder for investigators, right?
That will only add a charge of 'money laundering' to the list.
Start a PAC for the decriminalization of money laundering, accept donations at a Bitcoin address, pay yourself a million a year to run it.
I'm not sure giving advice to strangers on the internet on how to commit a successful robbery is a good idea.
I mean, for a recent example of how this works in practice: Polygon got whacked for like 650MM last August, but all the fiat and even stablecoin exchanges blacklisted the addresses and the guy got like 5MM “bug bounty” or whatever.
There might be prestige in some circles for taking down some dumbass Solidity coder, and some people seem to be getting some money out still (e.g. Wormhole).
But overall I’m short Trail of Bits consulting rate.
Yeah, if you hack a contract you need to get the funds into Tornado.Cash immediately.
Or you can short Polygon, and make money from the price falling upon disclosure of bug
Wow. Such hacking prowess. Such bad opsec. Weird.
Ps not condoning the theft but I just find it strange that people with the skills to steal this much get caught using bog standard cloud storage. You'd think they could afford something better ;) Something along the lines of "you don't take notes on a criminal f** conspiracy" :)
The article mentioned they were not thought to have conducted the hack itself.
Ah ok sorry I checked the comments only. Should have read TFA sorry :)
That's just author's speculation. Most probably he did conduct the hack himself, because he had private keys to all the original withdrawal addresses.
Honestly don’t know why people don’t AES/GPG encrypt the keys and send a message to alt.anonymous.messages.
That’s 30+ years of storage for free.
maybe he backed up to icloud by accident
This. It's harder than you may think to leave zero cloud trail of your activity and storage.
I bet he just got opted into iCloud Drive documents and desktop folders.
Why couldn't they just use a brain wallet on an offline device with no internal storage. Keep a hand written copy of the generated passphrase laminated in some plastic in some fake plaster rock under a tree in a wood or something.
Take it easy Andy Dufrense
The idea is this would survive a search and potential jail term.
> I just find it strange that people with the skills
people in Tech will yak-shave choosing the "correct" cypher. Then get pwned by an implementation detail like a bug in enigmail.
1) Hacking, 2) opsec and 3) tradecraft are totally different skills. The most dangerous people (to themselves) are the ones who cover only one of 3. The more advanced among them _know_ they lack in the other areas, but think they can compensate going even deeper on whatever they already know.
People are sometimes too busy to deal with the many details of 'perfect' opsec. In other circumstances, they hire a professional to handle it for them, but that is more difficult for criminals.
Anakata (guy who founded the pirate bay) hacked a bank and he is definitely some kind of genius. His idea for getting money out of the bank was to enlist a teenage thug to go to the ATM and withdraw money, which he had sent to the guy's account. Smart people do stupid shit all the time.
But the report does not state that they actually did it, only laundered it. it may have been someone else
We only know about the ones that get caught.
fwiw, it appears one of the named here is a YC Alum: https://news.ycombinator.com/user?id=il https://www.linkedin.com/in/unrealdutch/
That's a nice username I guess.
Thin red line between scamming and hustling.
Well, yes. If you can socially engineer customer support staff, you can do the same to venture capitalists.
Then it seems pure luck that some conniving sociopath at the top can lead a company to produce useful goods.
That's extremely subjective to your definition of useful. Investing in the best con artist isn't exactly a bad deal so long as you aren't the last mark.
Depends on the nature of the con. Not everything's Ponzi. Some scams are advance fee, snake oil, getting the mark's payment details, identity theft, or something else that makes a loss for every mark.
> Also, angel investor in promising startups and crypto technologies.
Should have just become a limited partner in one of the Silicon Valley PE funds, next to the Oligarchs
This is just unreal. this guy was living a double life of being the greatest criminal ever. So among our community was a $4 billion hacker, just nonchalantly posting.
I don't think he will be commenting anytime soon again if this really is him
https://news.ycombinator.com/threads?id=il
like your neighbor being a serial killer or something
He was just a million-dollar hacker, but the power of HODL boosted his illicit fortune to the billion-dollar range.
reading a bit about him and the hack (which at some point was for example blamed on those Israeli brothers with connections to IDF hacking unit) i kind of not sure that he is the hacker ( and note that he is charged with laundering not hacking) - he in my view better fits the profile of the "investor"/"fencer" whose involvement would be to launder.
Sidenote: one of the reasons i don't touch crypto is possible laundering charge/suspicion if the tokens happens to had passed through unsavory hands/situation (which may be even unknown at the time) or God forbid 2-3 transactions after me the tokens get involved in terrorism/etc. - imagine as a minimum for example the "FBI background check" hell your GC/etc. will be stuck forever ...
> Sidenote: one of the reasons i don't touch crypto is possible laundering charge/suspicion if the tokens happens to had passed through unsavory hands/situation
A page recently posted here ([1], citing [2]) claimed that there's a market for freshly mined Bitcoin (i.e. with no history), with people paying as much as 20% markup for it to avoid such risks.
I didn't make any attempt to verify this claim.
[1] https://sethforprivacy.com/posts/fungibility-graveyard/
[2] https://news.bitcoin.com/industry-execs-freshly-minted-virgi...
It still doesn't protect from possible future tainting of those tokens and thus suspicion of your participation. It may be even more suspicious as you would be the one who bought clean coins supposedly in order to minimize attention to whatever future crime the tokens may be involved.
or actually it is money launderers looking for tokens with no previous history they can use to evade some % of future scrutiny
So you get 1.2 btc from unknown origin for 1 fresh btc. looks like the simplest laundering scheme.
His theoretical fortune, on paper. Even if the coins were legit you can't just cash out those kinds of amounts.
I'm really amused that he is currently listed as a mentor for 500 Startups. I wonder how good his advice has been?
Don't get caught.
Fake it until you're too big to shut down and then pay the fine?
I noticed both on twitter and his HN posts, there's a big gap between 2015 and 2019.
Always keep posting to avoid suspicion.
il on May 15, 2013
>As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law.
https://news.ycombinator.com/item?id=5714963
Did he change his mind?
Sounds like he knew this all along but didn't care
There's some irony his most recent post on this timeline being "there is a sea change happening in how governments treat cryptocurrency" too. That's certainly true for him.
I don't understand why he wouldn't move to somewhere that doesn't have an extradition policy with the US. If you go down that path, it seems like you should probably be willing to abandon your life. It's the same with Ross Ulbricht, seems like it would be terrifying living with that sword of damocles hanging over your head absolutely constantly.
If he goes somewhere which doesn't have extradition, FED's will just call him and tell him they will go public that he has $4B bitcoin and ALL criminals will be hunting them after that.
You pay them off?
$4Bn can buy some pretty good fake identities.
I'm not certain I understand. There are billionaires in the world already. How do they protect themselves from criminals?
Granted, their billions aren't in cash. However, once he fled the country he could immediately start converting his position to other assets that aren't so easily stolen. He'd also be able to afford to hide himself, pay taxes and bribes, and pay for some security.
Most billionaires aren't in the countries that lack extradition treaties. The few that are can be assumed to be paying steeply for protection, in both senses of the word.
Humans notoriously overestimate their competence and underestimate dangers they face. Combine that with a federal investigation that's going to be slow because 1) it's complex and 2) the feds will happily investigate you for years if it increases their chance of a conviction, and you've got a recipe for people who think they got away with it right up until the moment of arrest.
and underestimate the competence of governments/law enforcement.
I think it's more underestimating the attention span of governments/law enforcement.
When someone steals your bike, the cops could spend weeks investigating, interviewing witnesses, searching Craiglist, Facebook Marketplace, staking out the neighborhood for anyone riding the stolen bike, etc.
But they don't, because it's a bike. But steal $3.6 billion, you'll hold their attention for a bit!
Yea, listening to enough stories on Darknet Diaries about how people get caught it’s pretty crazy. Honestly makes working in the groups that catch people like this sound very interesting.
I imagine it's very very very boring for a while, with relatively brief moments of satisfaction.
Sounds like the usual $DAYJOB for basically everybody here
The work of preparing to leave the country is necessarily public in a way that doing crypto stuff might not be. I suspect they were worried that preparing to leave the country would tip their hand - and they could have been caught earlier if they tried it. It just turns out they were caught anyway.
Hmm what work is that? Getting a visa? With that much cash I'd leave first (on a tourist visa) and figure the rest out later..
Yea, maybe bring your cat or dog but literally pack like you're going on vacation. If they arrest you before leaving the country then you were screwed already.
Americans don't need to apply for a Visa to visit most of the world. They just get one automatically on arrival.
They could have just bought a Vanuatu passport with bitcoin (~$150k), then travelled there for a holiday. Leave the US with the US passport and arrive in Van with the Van passport. CHange their name in Vanuatu, then move to a 3rd country to settle permanently with a new name. Maybe change it one more time and gain citizenship in that third country, and that'd be enough to disappear for regular people.
The spooks will still find you, but without extradition powers...
Once the spooks find you you'd need to be very careful to avoid flights in or near the airspace of countries friendly to the US.
Do the spooks care one way or the other about non-terrorists and non-nation state criminals?
...they'll wait until you get drunk (i.e. roofied) at a bar, then kidnap and torture you until you give them all your money. The "red" budget is even more fun than the black budget. Choosing to defy the state is choosing to defend oneself forever against the creepy-crawlies the state pays to notice such defiance.
That requires that you did something that you are very sure the country you end up in won't just prosecute you for themselves. If your crime is massively embarrassing to the US govt you go to Russia, or heinous sexual assault of a 13yo, France. But I think most of the usual culprits in this case would just prosecute you.
We disagree it was heinous and believe it's prescribed, thank you. Polanski is a French citizen and will not be given to the US, but if an american is demanded, we ll give him back on the double.
It s what they seem not to explain in movies: we protect our brothers in citizenship against exaggerated foreign conviction, but not foreigners.
What do you mean by "prescribed" here?
He means that the statute of limitations (a.k.a. prescriptive period) has run out.
Wow, justification for rape right here. He was 43 when it happened.
https://idlewords.com/2010/05/an_annotated_letter_from_roman...
A link in there has expired. Archived here:
https://web.archive.org/web/20100130223615/http://www.thesmo...
No justification for rape, we do not believe the americans are rational and contextualized his crime, and are only perceiving Polanski with an emotional lense, decades after the fact.
I dont care myself, just telling you why we ll never give him as a country. We simply feel different emotions (here doubt in France vs horror in the US). No need to ad hominem me in isolation as if I supported rape. I just know the media portray him as a victim of a 120 years-sentence justice system.
If he raped someone yday, like our ex-future-president DSK did in NYC, by all means, keep him, and we d give him back if he fled. But that also turned out a puritain whitch hunt in the end so it's hard to trust americans with our citizens.
I wish people would stop saying 'non extradition country' like that's a real thing.
Brokep moved to Cambodia for that reason. They still got him anyway. If the powers want you, they can find away to get you. The only options I can imagine are publicly embarrassing the US government to the delight of Vladimir Putin or making a very large donation to the Cuban government.
You can still be extradited, it's just not automatic.
I find it especially baffling considering he has Russian citizenship.
He probably didn't think he'd get caught. I mean it's not a large proportion of crypto thieves/fraudsters who are. Less than 1%?
If they were so concerned, the much better and easier decision would be not to commit the crime in the first place. People who rob others and commit serious crimes have a problem with risk and self-control.
To degrade signal to noise, such people need to pay you and others willing to relocate to such jurisdictions. You know, to make it less obvious who is evading extradition.
I wonder what the penalty is for accepting money to uproot your life because you have nothing to hide. Well, _had_ nothing to hide.
$4B that you can't spend in the US (or any country that will allow for extradition) isn't nearly as good as $4B that you can.
It would have been tough, but I'm sure they could have survived.
Shoulda just changed it to Monero, transferred it to an anon account and then had that account buy dumb NFTs off himself. That seems to be how it's done these days.
Well, then you need to move to Russia or Venesuela or Iran or such.
Goodbuy to the luxurious live you enjoy in SV. Part of being a financial criminal is to post about "hustle culture" on linkedin and doing LSD with VC buddies or something
People with a lot of money live luxuriously in Russia. Not sure about the other countries. Just gotta be sure you didn't hijack any of Putin's bitcoins tho ...
omg - murder really?
That last comment is pretty prophetic:
"Like it or hate it, there is a sea change happening in how governments treat cryptocurrency. "
Wonder how he feels about that sea change now.
Meh. Governments have long arrested cryptocurrency criminals. This is hardly a sea change.
It is for him
> greatest
Assuming their guilt: "worst", or "most shameful" are the terms I would use. An embarassment to any community they were in.
Honestly, it would surprise me more if you told me that there are no high profile crackers/cybercriminals in this website.
that money was never real, they never had a chance of spending even 0.1% of it. lol does anyone really think they could have accessed and spent that much money, in any way?
they did take a small yet real PPP money :)
https://www.thedailybeast.com/heather-morgan-rapping-tech-ce...
“The only other significant deposit to the account was an approximately $11,000 U.S. Small Business Administration Paycheck Protection Program (PPP) loan advance provided in response to the COVID-19 crisis,” the complaint states.
A hacker? On Hacker News? Well, I would never.
> greatest criminal ever
well they caught him, so not that great, eh
Well, there is a persistent rumour that Ghislaine Maxwell was a mod on some large subreddits, and had a top ten amount of karma on there.
> being the greatest criminal ever
I think you are tad exaggerating here. not the dumbest but not certainly anything close to being competent. leaving keys in a cloud storage and not using OTC crypto exchanges outside US.
It's unbelievable stupid to use mixers on a public ledger because its all traceable and immutable. The really smart "criminals" DO NOT live in the US, especially NEW YORK out of all places, they DO NOT leave stupid social media posts or spend time chasing the vapid social media fame, they DO NOT use mixers because they are all points of surveillance.
I won't detail how one could've gotten away with this loot but there is an obvious hint here, blockchain is simply a means of temporary storage to move dirty money. Tether is largely considered a pipeline for illicit funds from China to move out to the West. They absolutely do not do any of the transactions on the blockchain, it is all done through highly organized criminal networks involving banks, shells, casinos.
Let's be fair to these individuals and not presume guilt.
In the US, it's "innocent until proven guilty".
Media is so quick to assume the person is guilty just because of an allegation.
That's the standard for our criminal justice system, not for us as individuals. It sounds from the release that the justice department has a boatload of compelling evidence against them.
> "It sounds from the release that the justice department has a boatload of compelling evidence against them."
You'd hope that before someone is arrested, the prosecutor has ample evidence to prove guilt.
I don't understand your point.
These individuals have not been proven guilty yet. Why are you editorializing their presumed guilt in this matter.
Note: I have no affiliation with these individuals nor case.
He's saying that the law presumes innocence until proven guilty. They don't throw you in jail or take your money until the legal process reaches a judgement, and this is pretty normal and uncontroversial.
But you don't have to keep going for drinks with a person who's just been arrested and let out on bail, you can make up your own opinion as you feel. You can say bad things about him before the judge does, you can deny them business opportunities, your kids don't have to play with his kids.
Disagree. You can make your opinion and you can take your precautions. But unless you were not directly harmed you should not “say bad things about them”, as you put it, just because they are a suspect in a case.
>Disagree. You can make your opinion and you can take your precautions. But unless you were not directly harmed you should not “say bad things about them”, as you put it, just because they are a suspect in a case.
I'm not sure I understand what you mean. Regardless of whether you "were not directly harmed" I don't see why someone should or shouldn't “say bad things about them."
Why shouldn't I express my opinion? Or are we in "If you don't have anything nice to say, don't say anything at all" territory?
I may be misunderstanding your point. If so, please do correct me. If not, I don't see why I (or anyone else) shouldn't express their opinion WRT anything.
What value that opinion may have can certainly be debated, but why should someone not express their opinion?
> You can say bad things about him before the judge does
Yup, I don’t understand how people is not used yet to public trials at social networks
But you are not going by any other evidence than what the prosecution is showing here. Unless you have an insider perspective or were close enough to those involved, you don't really have anything to go by in judging their guilt than what the prosecution wants to show (and they will obviously be extremely biaised, that's the point!). So by de facto believing the prosecution, you aren't really doing anything else than assuming guilt.
You can obviously do that, but it makes little sense to do so when the system has been built around not taking what the prosecution says at face value or as a source of truth. The job of the prosecution is not to show the facts, it's to prosecute. Yes you don't have to go by the standards of the judicial system & presume innocence here, but why then use the prosecution's case when it only makes sense in the context of how our judicial system works?
> But you are not going by any other evidence than what the prosecution is showing here.
I haven't mentioned either the prosecution or the defense.
The defense makes noises too, and you are welcome to make your own mix of whatever you like.
But to repeat the point, you are under no obligation, it is the official system that is.
And plenty of innocent people have had their lives ruined because of exactly this behavior.
Actually they are happy to take your money before the legal process reaches a judgement. If you aren't familiar with the process of civil forfeiture you might want to look into it.
I think the commentor is stating that you and I have no reason to presume innocence until proven guilty. We can make up our own opinion. However, the judicial system has to assume innocence so the defendant can get a fair trial.
But not so much that they let them go. Quite often there is a very fast hearing within 1-2 weeks where a Judge decides to lock them up for 2 years without parole awaiting trial, because it's pretty damn clear they're probably guilty - enough initial evidence not to let them back out into society at least.
It's pretty normal for people to look at the evidence and be able to decide if someone was guilty or not.
If someone is on video shooting someone, it is a bit silly to say "Why are you editorializing their presumed guilt in this matter."
Kyle Rittenhouse would like a word with you.
My experience was that people did not look at the evidence- they jumped to a conclusion.
Yeah, because if you happen to look at the evidence, the fact is that he took a gun across state lines, to "protect people's property" at a protest, and he ended up killing people, it would be pretty easy to come to the conclusion that he's guilty of at least manslaughter. Of course, he was charged with murder, and that's harder to prove. The fact that he was found not guilty doesn't mean he's innocent. It means he's not guilty of the crime they were prosecuting him for.
He's not someone I'd hire for anything, he's not someone I'd want my friends and family around. He's not someone I'd want attending any protest I was attending. He's not a good person, and he's a clear and present danger to society. These are the decisions that I, as an individual, am free to make because I'm not the government, and I don't have to abide by "innocent until proven guilty" for how I personally judge people.
You just proved the parent's point.
I don't see how. I've seen the evidence. Is it murder? No. Should it be manslaughter? Absolutely. Is he a piece of shit? Also, absolutely.
> the fact is that he took a gun across state lines
This is the part that was unproven and goes against sworn testimony in the court. Supposedly, the gun was stored at his friend's house in Kenosha. There was no evidence he took the gun across state lines.
So, you're proving the above poster's point because you're assuming he took the gun across state lines even though there was no evidence shown to show that was the case.
Is this supposed to be a gotcha? It doesn't change anything from what I said. I didn't say I think he's guilty of transporting a weapon. I said I think he's guilty of manslaughter.
A minor taking a gun like that across state lines would have been a crime which you stated he committed by looking at a video. In reality, he didn't commit the crime of trafficking the firearm across state lines as a minor. You even stated "if you look at the evidence, the fact is that he took a gun across state lines..." which is not backed by the evidence, you just jumped to a conclusion that it was a fact and even worse repeated that it was a fact despite zero evidence and against sworn testimony in the case.
> 2OEH8eoCRo0:
> My experience was that people did not look at the evidence- they jumped to a conclusion.
You didn't look at the evidence, you jumped to a conclusion which is not based in fact, and broadcasted that you did this in your message. Thus proving 2OHEH8eoCRo0's point: people assume things about the case without looking at the facts.
> I didn't say I think he's guilty of transporting a weapon
You 100% did claim this when you said "the fact is that he took a gun across state lines".
In this case, "guilty" is the word that can take on different forms, unless you're saying that a video of Rittenhouse shooting someone is not showing him shooting someone. He still took a life, whether or not that was felonious, excusable, justifiable, or praiseworthy, to use Ambrose Bierce's quip.
Grand juries indict in >99% of cases. It's just a rubber-stamp. The grand jury only hears the prosecutor's side. They can say pretty much anything. Please find me a case where a prosecutor or LEO was charged with perjury for lying to a grand jury.
I've been indicted twice and both times the grand jury transcripts were just lies.
In fact, I got someone released after 16 months in jail on a burglary charge because their grand jury was lies. The story the cop told was a complete fabrication.
There's a reason why the criminal justice system operates like that though. The system has been designed like that because it turned that it is a very good idea not to go on witch hunts or to assume guilt if you want a functional society. I'm not defending the person involved here, but it's important to remember that the presumption of innocence isn't just an abstract legal concept instead of a very important part of the social contract.
Surely the important distinction here is that the state has the power to imprison or execute people. In our day to day lives, we frequently make decisions based on things not proved to that standard, such as in job interviews or on dates. Presumption of innocence is very much an abstract legal contrivance, though it's insightful to see in what cases people suddenly decide it needs to be applied outside that realm.
ask Lindy Chamberlain
Do you think it is wrong for a person to believe OJ was guilty of the murder he was accused of? If a person decides to keep their distance from their new neighbour OJ and not treat them with neighbourly kindness and open arms because of that murder, would you admonish them for treating OJ differently for something he was never found guilty of in the court of law?
No, because in the case of OJ we have more than just what the prosecution (in this case, the DoJ) accused him of doing. My point isn't that you can't make your own judgment or that only court decisions are valid source sources of truth. What I'm saying here is that any opinion/analysis we can make at this stage are basically entirely based on the prosecution, since we don't have any other facts to go by.
Unless you already knew the people involved or we have some third party sources, we are basically just believing the side that only has 1 goal; showing how guilty the people they prosecute are. How could that mean anything else but assuming guilt?
(And honestly I think that personal feelings towards a person are very often good enough to make a personal judgment on guilt, but we don't even have that here! I'd bet most of us never heard of them before today)
It's not wrong for a person to believe anything and act accordingly. It's not even wrong to argue that we should not describe the accused as innocent (as long as you acknowledge what the official approach suggests before ignoring it). We are all morally free to treat OJ however we like (and everyone else is morally able to judge us for it).
What is wrong is for media organizations (which can be as small as independent reporters) to break expected traditions w/o acknowledging it. It suggests that this case is different (and again, it might be different) implicitly, which isn't ethical. You should either work within the prevailing assumptions of the system, or explicitly defy them in a principled maner.
This is why I like the Scottish "not proven" acquittal verdict as an intermediate third option between "not guilty" and "guilty."
https://en.wikipedia.org/wiki/Not_proven
> he presumption of innocence isn't just an abstract legal concept instead of a very important part of the social contract.
I don't think this is in practice true, as a matter of fact rather than an ideal. People don't, in general, behave the same with other people who are currently being prosecuted for a crime.
This certainly doesn't mean (most) people support vigilantism or witch hunts, or even that you assume guilt. However it seems clear the vast majority of people are fine with the idea that you might be "careful" with someone who is suspected of a crime, especially one being actively prosecuted. To the degree that many will claim they have a right to know this is happening, i.e. they will argue that news should be carried on this (although perhaps no editorializing). This absolutely is not the same as presumption of innocence.
Sometimes this is very unfair, obviously. But "the social contract" as it is practised seems to be pretty ok with that.
I could literally watch someone pick up a gun and shoot someone. Technically they're still innocent until a court of law says they're guilty. But as an individual I don't need to wait to think they're guilty.
The question is where do you draw the line as an individual.
Non-lawyers often seem to misunderstand this phrase. "Innocent until proven guilty" is a statement defining the fact that in criminal cases, the burden of proof rests with the government. They have to present evidence proving your guilt beyond a reasonable doubt; you don't have to present any evidence proving your innocence beyond a reasonable doubt.
That's all it means. Obviously judges are not supposed to come into a case assuming you are guilty, but you can say that about any type of case. The phrase certainly doesn't mean we have to pretend that you are perfectly innocent up until the point of verdict.
The reason is that the criminal justice system imposes heavy penalties for those convicted and therefore they have to be extra careful. My words have no real effect so I can convict anyone I like.
check out the affidavit accompanying the criminal complaint: https://www.justice.gov/opa/press-release/file/1470186/downl...
yes, they're legally presumed innocent but they have a LOT of 'splaining to do.
feds seldom lose, 98+% conviction rate
Federal lawyers are expensive, especially if the defendant is innocent. Being accused is already a punishment.
The federal government has a ridiculously high conviction rate: 99.96% [1]. They basically only bring the case if they have everything they need to convict.
1. https://www.bhlawfirm.com/blog/2021/05/the-federal-convictio....
What portion of those convictions are plea bargains?
This article says 97%: https://www.nbcnews.com/think/opinion/prisons-are-packed-bec...
Why are people so eager to confess their guilt instead of challenging the government to prove their guilt beyond a reasonable doubt to the satisfaction of a unanimous jury?
The answer is simple and stark: They’re being coerced.
This is a pretty silly argument. I'm not opining on whether or not prosecutions are coercive; I'm certain they are. But a lower conviction rate would be a bad thing: it would mean the DOJ was bringing more cases they weren't certain they would win, and even exoneration comes with immense costs to the accused.
I wasn't replying to a claim that a high conviction rate is a good thing (or better than a lower one).
I was replying to a claim that a high conviction rate somehow suggests we should dispense with the idea that, as a society, we should not presume guilt.
grumple, who I replied to, seemed to me to be suggesting that because the federal government has a high conviction rate, we should assume the accused are guilty.
I'm suggesting that because there is compelling evidence that many guilty verdicts are obtained through coercion, we should not make that assumption.
Nobody is suggesting we presume guilt. The suggestion is that we're not required to defer opinions about guilt until after a jury trial, which is sensible.
The argument around plea bargains is pretty simple. You have someone over a barrel: "Take the deal and go to prison for two or five years, or take a risk on a trial where you'll be put away for life. And btw, our conviction rate is 99.96%."
You'd be crazy not to take the deal, even if you're innocent. Thus, the conviction rate doesn't actually tell us much about how strong the federal cases actually are.
That's not the structure of most plea bargains ("2 years vs. life") but more importantly, you don't have enough information in that hypothetical to determine how fair the system is, because you're not accounting for how liberally federal prosecutors bring cases. If they tend only to bring cases when they have overwhelming evidence --- which is the rap on federal prosecutors (not so much state) --- then you get the same outcome simply by dint of most people in plea negotiations being guilty. A good reason not to take a case to trial is your knowledge that you'll be destroyed at trial.
>A good reason not to take a case to trial is your knowledge that you'll be destroyed at trial.
Another good reason not to take a case to trial is potentially spending years in pre-trial detention, destroying your life -- losing your house, your kids, your job and anything else that requires your presence outside of a detention facility.
Which is why so many cases end up as plea bargains -- get sentenced to "time served" for a lesser offense and then try to pick up the pieces of your shattered life, or fight (assuming you have the money/resources to do so) and potentially never get the chance to pick up those pieces.
So yes, the system is quite coercive.
Let's say for the sake of argument that the DoJ (or state prosecutors) determine (by whatever means) that tptacek has committed criminal acts.
You are arrested, arraigned and bail is either denied or set high enough that you can't afford to pay.
How long could you sit in jail before you lose your job, your house, possibly your spouse and your kids and anything else important to you?
It could be years before a trial. And given that most folks can't afford an unexpected $500 expense, sitting in jail waiting to be tried isn't all that unusual.
Given those circumstances, how long could you sit in jail awaiting trial before your life is a complete shambles? Given the make up of folks here on HN, I'd expect that you may well be able to last longer than most.
High bail and pre-trial detention are absolutely used as cudgels that attempt to force even the innocent to accept plea agreements. Especially when indictments tend to include a lot of overcharging -- another cudgel to force a plea agreement.
Which is why I don't believe that plea agreements should be used at all. But that's a much larger discussion and beyond the scope of this comment.
'In 2011, Swartz was arrested by Massachusetts Institute of Technology (MIT) police on state breaking-and-entering charges, after connecting a computer to the MIT network in an unmarked and unlocked closet, and setting it to download academic journal articles systematically from JSTOR using a guest user account issued to him by MIT.[13][14] Federal prosecutors, led by Carmen Ortiz, later charged him with two counts of wire fraud and eleven violations of the Computer Fraud and Abuse Act,[15] carrying a cumulative maximum penalty of $1 million in fines, 35 years in prison, asset forfeiture, restitution, and supervised release.[16] Swartz declined a plea bargain under which he would have served six months in federal prison.[17] Two days after the prosecution rejected a counter-offer by Swartz, he was found dead by suicide in his Brooklyn apartment.[18][19] In 2013, Swartz was inducted posthumously into the Internet Hall of Fame.[20]'
https://en.wikipedia.org/wiki/Aaron_Swartz
Yeah, Swartz's liability has been wildly misreported. He faced nothing resembling 35 years, as the prosecutors themselves acknowledged during the dispute. His own lawyer believed he was unlikely to face custodial time even if convicted given the guidelines for the charges. This has been discussed ad nauseam on HN and I'll spare you a repeat of it; the search bar will avail.
But that's exactly the coercion, laid plain. It /doesn't matter/ that the prosecutors don't believe they'll get the full sentence. They want to paint as dire a picture as possible to get the defendant to take the plea.
No, I don't think you're following what I'm saying. The prosecutors were explicit about the sentence they were actually seeking, and that sentence was itself far outside what the guidelines suggest he would have gotten. The DOJ did not in fact threaten Swartz with 35 years in prison.
> five years..or life. You'd be crazy not to take the deal, even if you're innocent.
To boot, mounting a good defence against the state doesn't cheap. Competent defence attorneys charge quite some money.
In this instance however, it's safe to assume the accused can afford a good legal team/firm.
Even your local circuit court probably has a 95%+ conviction rate. If you're innocent of a charge that carries 20 years and your attorney says you have 50/50 shot at trial of winning, or you can plea guilty and take probation what do you do?
Most people take it, and now they have a record. Any future fuck ups (guilty or not) and you're looking at real jail time.
For non-high profile investigations (investigations that were not in the media before charges), announcing charges typically has a large body of evidence and a lot of confidence in the accusation.
Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
High profile cases with public pressure change the equation a bit and can cause charges to be brought on people who normally would not. I suspect this is a way to pass the buck to the courts when the person eventually gets off due to lack of evidence.
>Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
It's a bit of a nitpick, but the Justice Department (DoJ) hasn't proven anything.
The defendants in question have been charged (and arrested?), but no trial (or plea bargain) has been held. As such, presumably the DoJ has what they believe is sufficient evidence to convict the defendants on the charges brought against them.
However, until a trial (or a plea agreement) is concluded, the DoJ hasn't "proven" anything. Rather, they brought charges against some folks. That's not "proven beyond a reasonable doubt," that's making accusations and bringing the case into the court system.
What the DoJ believes (and/or believes it can prove) is not proof in and of itself.
I mean that they have proven it to themselves, I don't mean it in a legal sense.
> I mean that they have proven it to themselves, I don't mean it in a legal sense.
A fair point. And it's likely you're correct.
Although using the term 'prove' has specific legal meaning that many (myself included) folks would associate with the use of that term.
As I said, there's what you believe and what you can prove. Believing you can prove something may be well founded, but at least in the US nothing is actually "proven" until it has been adjudicated -- and even then contrary decisions (e.g., in an appeal) can "un-prove" stuff.
The whole quote from me was, "...they believe they've proven".
Perhaps a better phrasing would be "believe they can prove".
> Of course innocent until proven guilty applies but the justice department knows that and still brought charges. At the very least, they believe they've proven beyond a reasonable doubt his guilt.
No, if following general DoJ policy, they believe that the evidence is sufficient that they will be able to prove the charges beyond a reasonable doubt, but that's not the same as them already having proven that.
> High profile cases with public pressure change the equation a bit and can cause charges to be brought on people who normally would not.
Usually, I think the opposite is the case: generally, the DoJ is more careful in high-profile cases, not more cavalier.
> Usually, I think the opposite is the case: generally, the DoJ is more careful in high-profile cases, not more cavalier.
I'm not sure Rittenhouse would have been charged at all and, based on how the trial went and how weak the evidence was, he should have, at best, been charged with something much more minor. But that's just one example.
I somewhat agree with you, they are more careful but I think they are more careful in their own process. To make sure their ducks are all in a row. But, when it comes to actually pressing charges or agreeing to plea deals, I think they are much more likely to overcharge or not negotiate so that the case is no longer on their desk and they can say "I did my part".
To use the Rittenhouse example, I think the public expectations of charges impacted the charges because the ones bringing charges are often elected officials (or appointed by them) so there's an incentive to not look at what can be proven with the evidence and instead charge with what the public thinks is "right". The incentive for an elected official is to appease the public with charges, convictions be damned because that's someone else's problem. That's how Rittenhouse's case played out too. Outside of conservative media, there was a lot of attention paid to the judge and the lawyers not being able to prove their case rather than floating the idea that maybe a lesser charge and a conviction was the right thing to do.
On the other hand, I think you saw the same course of events with the George Floyd case but with a different result. The investigation was drawn out and meticulous and charges were brought. That resulted in a conviction but the implication I'm making is that those charges would have been brought regardless of evidence because of the public nature of the case.
This highlights two very different sets of cases.
In the Rittenhouse case, both prosecution and defence agree that Rittenhouse was a person who had a gun in his arms and fired it, resulting in death. The thing the prosecution needed to prove is that in doing so, he committed a crime. Prior to the trial, it was not necessary to express agnosticism about whether he had a firearm, fired it, or firing it resulted in anyone's death, even if there was some sense in which he was "innocent until proven guilty" of the conduct being criminal.
In this case, there is essentially no room for dispute that stealing $71 million, engaging in a vast money laundering conspiracy is in fact illegal. If these people actually had these accounts and actually used this money in this manner, there is no chance they will not be found guilty. The affidavit is not compatible with a set of the same basic facts leading to a different legal conclusion.
So the question is whether or not you think there's any possibility that the feds cavalierly misidentified the people in possession of these accounts. That seems pretty unlikely, given the affidavit suggests withdrawing small amounts of the stolen money to use Uber under their actual names, buy stuff on PlayStation under their actual names, etc; and that the private keys were taken from a cloud storage account actually belonging to the guy; and that the woman contacted various exchanges and talked about the actual company she actually owns, and the guy actually has a documented record of talking extensively about cryptocurrency including on this site using his actual name.
It is, of course, possible that the entire affidavit is a lie, made up whole cloth and all of this evidence is totally fake and the accused were minding their own business working on their gourmet cupcake business in Kansas City, and they don't understand anything about no crypto-whatsit. But I don't think that's a scenario that really requires much investigation, and it instead is a level of solipsism on par with "we can't actually know if gravity will cause us to fall" or "what if this is a simulation".
What I'm saying is that not all uncertainty is equal, either in kind or in probability, and so it makes more sense to be honest about that than equivocate across very dissimilar cases.
> I'm not sure Rittenhouse would have been charged at all and, based on how the trial went and how weak the evidence was, he should have, at best, been charged with something much more minor. But that's just one example
...of a case the US DoJ wasn't involved in prosecuting, because it was prosecuted by a completely separate sovereignty.
Not sure how that's an example of DoJ prosecutorial decision-making.
(And that's even before considering if comparison of actual events in one case to the speakers own stated opinion of how a counterfactual hypothetical would turn out, rather than contrasting real events, is really good evidence of a comparative behavior difference.)
There is what appears to be a rather amusing side-effect of this principle:
“The arrests today show that we will take a firm stand against those who allegedly try to use virtual currencies for criminal purposes.” - Assistant Attorney General Kenneth A. Polite Jr. [My emphasis.]
There's no reason for the Justice Dept. not to take a firm stand against those who try to use virtual currencies for criminal purposes, or say that they are doing so - and, in fact, that would be rather better than taking a firm stand against those who have merely been accused of doing so. I guess that 'allegedly' was inserted here in order to forestall a claim that this statement deprived the defendants in this case of due process, if or when it comes to trial.
>I guess that 'allegedly' was inserted here in order to forestall a claim that this statement deprived the defendants in this case of due process, if or when it comes to trial.
Actually, the 'allegedly' bit was inserted because the defendants in this case are alleged to have committed some criminal act(s). They have not been proven (whether via a trial or a plea agreement) to have done so.
The defendants may well be "guilty," or they may not. That's what the legal process (as flawed as it may be) is constituted to determine.
Forming an opinion at to whether or not anyone has committed an illegal act(s) is perfectly normal and reasonable. However, unless you're a member of a jury in a trial, your opinion generally won't affect the outcome.
All that said, defendants are "alleged" to have committed criminal act(s) until the case has been adjudicated, whether that be by trial or plea agreement.
N.B.: IANAL.
I se I have not made my point clear here. The quoted statement is not referring to these defendants in particular, it is referring to those who try to use virtual currencies for criminal purposes in general - yet the language appropriate for referring to specific defendants creeps in here, presumably out of concern that some people cannot tell the difference.
When a crime has been committed, it was not allegedly done by a person or persons unknown, it was actually done by whoever they were. One of the jobs of the justice department is to catch criminals, not alleged criminals.
Heather Morgan admitted to the hack on TikTok
https://twitter.com/BillSPACman/status/1491131214014869505
Edit: whoops. That video is fake. It's from
https://www.tiktok.com/@realrazzlekhan/video/690851478968159...
The person you are responding to does not seem to have taken a position on the guilt or innocence of these individuals and has only noted an affiliation.
People are still free to have opinions on the case. The purpose of this legal principle is to put the burden of proof on the prosecution, i.e the government can't simply blame you for a crime and force you to dig up evidence of innocence.
People can disagree even if you're found innocent at trial... just look at OJ's case. The government isn't going to prosecute him again, but "OJ did it" is gonna dog him for the rest of his life.
It's the feds not some southern yokel state attorney. We're just going with the odds. No one here is saying throw them in prison without a trial.
Interesting that the hack occurred in 2016, and in the same year he left MixRank.
Makes you wonder if he left because he realized he could hack $70m in Bitcoin, or he hacked $70m in Bitcoin because he had left and had nothing else to do (the hack happened in August and he left in May).
Grifters go grift to grift
"Founder of Endpass - a blockchain startup solving problems in decentralized identity and authentication"
I love how the LinkedIn profile says “Interested in blockchain technology”. Ya don’t say…
If Reddit.com/r/worldnews can have Ghislaine Maxwell (of the epstein case) as a moderator (u/maxwellhill) -- then Ycombinator gets its own billionaire criminal.
Did you mean to say Ghislaine?
100% that is what I meant to say. thanks.
Andreessen roasting this guy all morning is making my day: https://twitter.com/pmarca/status/1491150099518398466
Replies to his tweet are just top notch.
“your memes do have out-of-touch-dad-trying-to-be-cool energy tho”
Wow, twitter went full pinterest now and refuses to let me read tweets without an account ...
Heh... He has some comments on "Feds reveal the search warrant used to seize Mt. Gox account " in 2013:
As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law. --
This was inevitable. People can wax rhapsodic about the decentralized nature of Bitcoin, but once the feds freeze a few million dollars of a major exchange's assets, as they have done with every single anonymous digital currency since the beginning of time (e-gold,1mdc,Liberty Dollar) and launch a criminal investigation, the currency will be severely destabilized. Within the next year I expect to see a cottage industry emerge where the true believers cash out frozen bitcoin accounts for pennies on the dollar.
and a few other:
https://news.ycombinator.com/threads?id=il&next=5714990
>As the anarchists and idealists on HN will soon learn
I don't know to whom this actually refers. I don't remember anything about enabling money laundering in Satoshi's white paper.
Motte, meet bailey.
That's wild, I think we were Facebook friends for awhile after I interviewed and hung out over there on a few occasions.
I was doing an onsite with Ilya and the folks at MixRank (in 2012) and talking with the team, and I mentioned something about cryptography and some basic codes that I learned as a child in gifted class. They had no idea what I was talking about - not the codes but "gifted class". I was telling them it was pretty common in public school systems - once a week or a few hours a day where you took advanced topics in another classroom with other kids that had tested into the program. They had no idea.
I started asking the founders if they went to public school. They never had. And then they were curious and started asking the other employees. Not a single one had ever set foot in a public school for elementary, middle, or high school. Then one guy in the back piped up - "you know, I think $devname went to Berkeley."
Very interesting. Was this common in YC, do you know, or was MixRank unusual?
Ilya went to Wisconsin.
It would be ironic if the "cloud storage account" the feds accessed was Dropbox. "YC company helped indict YC founder"
They wrote that cloud storage is of the same provider as their email. So I guess Google.
Maybe. Apple has iCloud. Microsoft has Azure, OneCloud, Sharepoint, hosted Exchange, O365. Cloudflare has R2 and has at least a beta of email routing.
Crazy, I remember meeting him before our interview.
From the last comment, on 2021-11-04:
> Like it or hate it, there is a sea change happening in how governments treat cryptocurrency.
> On a LinkedIn page that appears to belong to Morgan, however, she is listed as a partner at Demandpath, a “boutique micro-fund investing” firm. A LinkedIn profile seemingly belonging to Lichtenstein also places him at Demandpath. Prior to that, he’s described on Crunchbase as a founder of the advertising research startup MixRank, which was incubated at Y Combinator and raised more than $1.5 million in funding from Mark Cuban and other venture capitalists. (Lichtenstein is nowhere to be found on MixRank’s website.) Neither Demandpath nor MixRank responded to BuzzFeed News’ request for comment.
> Cuban told BuzzFeed News his last email exchange with Lichtenstein was in 2012. “I also found an email saying he left MixRank 6 years ago. That’s the extent of what I know about the guy,” Cuban said.
> Y Combinator did not respond to BuzzFeed News’ request for comment.
— https://www.buzzfeednews.com/article/sarahemerson/crypto-lau...
And don't ask me how I found it, but that's her: https://news.ycombinator.com/user?id=rogueeconomist
"Today Ilya Lichtenstein is the co-founder of the Y Combinator backed Mix Rank,"
One of the first Google results for the names returns 'Get your first $1 million in enterprise sales with zero marketing spend' https://www.youtube.com/watch?v=DuIr5IFQ9Xg
Heather R Morgan
Serial entrepreneur SaaS Investor Razzlekhan = Surrealist Artist, Rapper & Fashion Designer with synesthesia Also Forbes writer
https://www.inc.com/heather-r-morgan/dont-hire-a-salesperson...
"As I build a sales team for my latest software startup, Endpass"
Endpass "Bringing you the delightful and secure Ethereum wallet that's easy enough for grandma to use."
Wait, so did Feds nab them for running Ethereum wallet startup and claim $3B in client wallets as theirs? Or did the pair start Ethereum wallet company to wash stolen coints?
Did Mix Rank take bitcon?
Were they married at the time of this interview?
I met Heather many years ago. It's a weird feeling to see a name you recognize in an announcement like this. We've lost touch long since so I have no comment.
> We've lost touch long since so I have no comment
But felt it was important enough to state that you know her? I'm not sure what your comment is supposed to be.
jeez man, not every comment has to be a profound statement. I thought it was pretty interesting.
It's good to add some value with your comment though. You can talk about how she was as a person or some other interesting anecdote
There was value, the person expressed it’s a strange feeling seeing a name you recognise in an article like this. Other people may find that enough to relate to.
Just curious, what did you think was pretty interesting about it? The fact that one human knew another? The fact that someone on HN knew this person?
Not trying to troll, is there something here I'm missing?
lol, man, just let the guy talk. We're just here hanging out. He probably thought it was neat that he knew someone who was attached to something this crazy. This is how a lot of humans operate.
Am I talking to a bot?
The prototypical HN comment.
No they nabbed them for using stolen funds to create startups in the first place. They had no products (https://web.archive.org/web/20220113181658/https://endpass.c...)
She presents herself here: https://www.youtube.com/watch?v=mWq7JgRknTM , I suppose you know what kind of person she is right ? The kind that use pipes as in "Economist | MBA | Serial Entrepreneur | Rapper "in their linkedin profiles but do nothing at all once hired :)
She was more truthful 7 years ago: https://youtu.be/NQAA2LlabUg?t=84 where she listed her main skill as copy writing.
To be fair though, you could have your cat just randomly jump all over your keyboard and Kitty would get herself published in Forbes. They're not known for their high bar.
> “After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein,” the press release said. “Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”
So most likely,
1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.
2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"
Well you don't want to lose those keys ... there is a bit of a conundrum there (granted you don't have to do it the way they did either).
As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.
Crypto 101: never store private keys online.
Crypto 102: weep for the coins you lost when your cousin spilled soda on the hard drive containing the offline-only copy of your private keys
It's funny! But really there are loads of ways to store your keys physically that are human readable.
Yeah, and then they could be fairly trivially memorized, even.
This plan doesn't really scale to the 2000 wallets mentioned in the OP. But maybe that scenario only comes up when you're looking to launder billions of dollars worth of BTC?
And can be easily seized by the government with a search warrant.
I'm not invested in crypto or really at all interested in it. That said, my mentor seems pretty excited about it and is pretty heavily invested as of the past few months. I advised him to do something like https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing and distribute it across a wide number of storage mechanisms, physical, digital, and custodial. For instance, in google drive, in drop box, in a bank safety deposit box, engraved in a gold bar buried in your yard, in your house safe, etc.
Why anyone with a significant amount of crypto assets isn't going to insane extremes in terms of secrecy and durability is beyond me.
I don't understand the math but I think I have seen that style of secret management where any 3 of say 10 secrets can access something but no 2 or any 1 secret can do it.
It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.
Granted I've never seen it used in production personally, not / seen it on a granular level.
Hashicorp Vault uses it.
https://learn.hashicorp.com/tutorials/vault/rekeying-and-rot...
> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.
I have used it. It works. Tooling is still pretty poor. Every use, we ended up bringing the necessary people into a room, booting up an offline laptop from a sha-summed live USB, QR code scanning each of our secrets, combining them, then using the key to sign whatever we needed to sign, photographing the signature as a QR code. We use software from 2008 because an OS stack contains code from tens of thousands of developers, and we felt old software was less likely to have an active 'steal these keys and exfiltrate them via open wifi' malware.
We would first go through the process with 'dummy' keys to check everyone was happy with the process and what we were going to do (ie. which commands, what software, what exactly will be signed). We would then do it again with the real thing. And then we'd power off the computer till next time it needed to be used.
"Clunky" would be a good way to describe it... But it's hard to make it better without relying on a bunch of software we don't have the resources to audit.
Yeah it seems very much like an elegant solution whose usage would be a bit of its own kind of beast to deal with.
This is already done by Trezor: https://trezor.io/shamir/
For Bitcoin specifically, multi-signature wallets are far superior to SSS: https://en.bitcoin.it/wiki/Multi-signature
There's a lot of evidence in the statement_of_facts however it's unclear how much of it can only be reconstructed with the private keys. Interested parties should really look to what was known to grant the search warrant.
https://www.justice.gov/opa/press-release/file/1470186/downl...
They don't usually give details of how they caught them, because the next bad-actor will read that to know their tactics.
Search warrants are given on reasonable doubt. When it comes to cryptocurrencies, the feds have reasonable doubt on everyone. So it is always possible for them to get a search warrant.
I emphasized private keys, bec without them, no matter how much doubt the feds had, they couldn't prove anything.
> reasonable doubt
I think you mean reasonable suspicion & probable cause.
Reasonable doubt is the threshold prosecutors must appear to exceed for a successful finding of guilt with a jury (elimination of reasonable doubt).
You are right. I meant "reasonable suspicion & probable cause". My bad. Got confused between the 2.
> When it comes to cryptocurrencies, the feds have reasonable doubt on everyone. So it is always possible for them to get a search warrant.
Any evidence on this?
A good guess is that "laundering" billions of dollars is inherently a non-trivial problem, and perhaps not feasible at all without cooperation from shady real-world actors outside the whole cryptocurrency ecosystem. This is actually good news for small-scale users who just want to keep their microtransactions reasonably private - the usual mechanisms might actually work well enough for that case.
I agree. But if not for privacy, why use crypto at all? Even bank accounts are reasonably private, if you are not doing anything considered suspicious by society.
Also, with mixers such as tornado_cash, laundering money is ,sadly, pretty trivial.
Speculation, self-sovereignty, ease of use/trade/leverage/exchange
> Speculation
You can do that by owning crypto. No need to use it.
> Self-sovereignty
Majority people use centralized exchanges, which regularly control transactions.
> Ease of use/trade/leverage/exchange
Fiat banking is much easier to use than crypto. It's also faster. Now everyone uses 1-tap payments. Crypto transactions are more complicated than that. They also take longer. Also are bad for the environment (not as bad as media portrays, but bad nonetheless)
Even the apps built off of the "blockchain" rarely touch the blockchain. Companies aren't looking up NFTs on the chain, they're just hitting OpenSea APIs.
I've been keeping my eye out for the inevitable attack that leverages that fact. The aftershocks would be epic.
A few counterpoints,
Speculation for IDOs usually requires directly interacting with the contract with your wallet. Likewise new tokens are found on DEXes which requires taking custody of the token.
Borrowing against crypto, leveraging it, going delta neutral, buying options are all available on chain, typically with better yields, and with a higher variety of tokens.
Mixing is not laundering.
The difference is that laundering provides you with an explanation for wealth and/or income. Example of laundering: buy a business (with clean or borrowed money), have fictional customers "spend" their cash money at your business every day, then report your income and pay taxes. Now if anybody asks about where you got your money, you have a seemingly legit explanation.
Mixing does none of that. So mixing may be trivial, but laundering is not.
edit: now that I think about it, is that why NFTs are so popular? Are people pretending to have gotten capital gains, while in reality they're buying these things from themselves? That would explain a lot.
tornado.cash puts your crypto in a completely fresh account (using smart contracts). You can claim that you earned this crypto mining it back in 2010. You can definitely come up with a decent excuse for this.
Then you can convert those crypto (in new account) into fiat money.
Everyone will know you are lying, but they will never be able to prove it.
That sounds impossible, wouldn't people be able to see that the account didn't have those coins in 2010?
It's very common to use more than one account, and send money between them for various reasons.
I think the point is that it technically isn't illegal to mine coins, later mix them, and then sell them. It is very suspicious though.
you would need to show crypto addresses from 2010 and prove that you still have access to them
If you read the indictment, they claimed they had bitcoin from mining in 2011, the exchange asked for further proof, and they just abandoned the bitcoin (~$150k). The exchange surely notified the authorities, because who abandons $150k of legit bitcoin?
So claiming it was from mining didn't work in this particular instance.
They don't need to prove you are lying in all instances, it's enough to prove you are lying in one instance. They will get you for that one instance where you didn't launder it properly if they are after you.
I'm surprised the exchange notified the authorities. Are they forced by law?
Regarding NFTs, that's how the high art market works. It's for money laundering. "I just sold this Picasso, that's where this money came from Mr Taxman"
I love how you're just realizing that NFTs are a pure money-laundering scheme. Just wash trade your bored ape and "sell" it to your alter ego and bam! Legitimate income for the cost of some ETH gas.
Wrt NFT: yes. Just like the art business is great for laundering, so is the art+crypto combo of NFT’s.
At least, that’s how I think about it.
Regarding NFTs and money laundering, see the inimitable Matt Levine here (second story, Oh by the way):
https://www.bloomberg.com/opinion/articles/2022-01-19/washin...
> This is called “money laundering,” and the essential component of money laundering is generating fake taxable income. If you take $13,800 out of your (legitimate, previously taxed) bank account, and you use it to buy cryptocurrency in a wallet that you tell your accountant and the IRS about, and you then use that cryptocurrency to buy a Meebit, and then you take $50 million out of your sack of illegal money, and you use it to buy cryptocurrency in a wallet that you don’t tell your accountant about, and then you use that cryptocurrency to buy the Meebit from your declared wallet, and then you take the $50 million of cryptocurrency out of the declared wallet and put it back in your (legitimate) bank account, and then you write the IRS a check for $20 million saying “ah I’ve been selling NFTs, what fun I have had, but I have to pay the IRS my fair share,” then … I am obviously not going to give you advice on crime but it’s possible you’ve got something there? Like, nobody has any idea what a Meebit is worth, so this string of outlandish numbers is somewhat plausible? It’s possible that some number of NFT wash trades have a purpose other than pumping up volume on NFT platforms?
with that amount one would be wise to get in touch with HSBC, they provide laundering services (but don't market it to the general public)
If the Sinaloa cartel can just walk into an HSBC bank with literally blood stained cash then it would've been okay for everybody else.
The true professionals in this industry only use crypto as a reference in their private ledger stored far far out of reach to any Western government.
It's funny that these successful professionals are also the most paranoid and least trusting of crypto (they are convinced Bitcoin was created by the US Government itself).
They mention chain hopping and privacy chains. Maybe they slipped up using ZEC and made some of their transactions public?
Could be. But even if some of the transactions became public, it should be fine as long as the end transactions (crypto -> fiat) is private, right?
There are very few exchanges left which don't require KYC and even then the real final step is cashing to some kind of bank account. I don't think crypto->fiat privacy is possible beyond a certain level of wealth.
OFAC has broadened enforcement to the point that pretty much any financial transaction across the world has a US nexus. Moving that much stolen crypto without the feds noticing? No chance.
where do mention?
Well, the police had a search warrant, so the police could have found them if they had had them in their possession anyway.
Sure, they could have destroyed them, losing the money but maybe not getting arrested?
vitalik (ethereum founder) used an interesting system. He split the key in 2. Wrote both on paper. Gave 1 paper to family and kept the other. Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time
This way the police or anybody else cannot get your private key.
No, but if you don't have your half memorized and they take it from you, the other half is useless. This is more useful if you want to leave your crypto to your family if you die, provided that you make it easy for them to find your half if you're not around.
Excellent point! I never considered this.
> Even if the police raid him (hypothetically), they cannot raid the houses of his family and friends at the same time
...why not? Police coordinate raids all the time.
How many raids? 1 on him, 5 on family, 20 on friends?
Isn't that impractical? Also how were the police supposed to know that he used this system?
I mean, he announced it publicly. The police would know from his popular blog.
You really think the government would have trouble doing a handful of raids at once? They have enough officers to do a thousand raids at once. The FBI and Interpol did just that recently, coordinated across more than a dozen countries:
https://www.europol.europa.eu/media-press/newsroom/news/800-...
The probability of Russian police coordinating a raid with the NYC police is 0.00%
or you end up with a useless half key or your trusted accomplice helps in the investigation
The police don't know that you split the key. But I get what you mean. I am sure there are better ways to hide private keys.
Encrypting it with a good password that you remember and then printing the encrypted keys comes to mind.
Wait but didn't Vitalik announce he split it on his blog or Twitter?
The police wouldn't have to raid the family members, they'd likely give up what they know immediately, to avoid become accessories to whatever crime the police were alleging.
When a few billion is at stake, you think they'd make the effort to memorize the keys. Or at least encrypt them.
The file the feds found had 2,000 addresses - so there's a non-trivial amount of 12 word phrases to remember.
you would only need to memorize one seed to spawn infinite key pairs
can you elaborate? I find this very interesting. We can't choose which private key we get.
So is it possible for 1 seed to generate all of them? Doesn't that break information theory (Shannon's compression limit)?
First you create the seed, then you create the keys. Not the other way around.
Have a google for BIP-32, about Hierchical Deterministic Wallets. A secret key is nothing but a number, so it's not too hard to generate more numbers from that seed. If you have the seed and the parameters for the child numbers, you have all the private keys you want.
You use a 2048 word dictionary (a random choice in that wordlist represents [log 2048 =] 11 bits of entropy) then you generate a random string of 132 bits to be your cryptographic seed which is a sequence of 12 words from the wordlist which you memorize.
From that seed you can generate for all practical purposes an infinite number of private keys for any and all purposes in existence. Using cryptographic one way functions such as a hash or PRNG.
Example: truncate_as_needed ( sha512 (seed | 2022 | wallet_title | priv #123) ) = private key #123
Just to clarify: the statement is not that you could encode those existing 2000 private keys with one short seed (you cannot, indeed), but rather that you could easily and safely generate 2000 distinct private keys from one relatively short seed.
You only need to remember a big random number (can be a long phrase from a book you like), and a rule that generates keys, e.g. (keyid, seed) -> hash(keyid + seed). Needless to say, you never write the seed phrase down. At most you keep a vague pointer to the author of that book.
When a few billion is at stake, I would definitely not trust my memory for a chance to lose access.
What makes you think it was not encrypted? Of course it was.
Keys are conspicuously easy to hide. My PGP master key that I've been using for some time is hidden on two devices which would be difficult to identify much less locate and are encrypted as well.
They're easy to hide as long as the federal government isn't trying to tie you to 4.5 billion worth of something.
Even with the fervor of the federal government they'd be easy to hide.
A USB is tiny, and you can shrink it's footprint with USB-C. You can also buy USB keys with tamper-proof housings that will blow a fuse if opened to be physically compromised. Coupled with strong post-quantum crypto, that key is relatively secure, even if physically discovered.
That's just the technical bit. You can also split the key in half and transfer the other half somewhere, which creates legal protection. You could also create a housing for the key so it's not easily discoverable.
If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.
> If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.
It does sound like a lot of work. I think I'd go with the $5 wrench option.
strong passwords. aes256 with even just 7 word password chosen from a 1000-word dictionary cannot be cracked with existing tech
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.
Why mess with AES when you can just use another strong algorithm or two? e.g. AES+SERPENT+Twofish, with three separate unrelated keys of course.
You are pushing it. 1000 words is 10 bits of entropy per randomly chosen word. 70 bits of entropy is probably crackable by a government agency.
Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35
While I do partially agree that some of it may be grandstanding. The whole:
"Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”
and suggesting AEC and chain hopping is futile is an effective propaganda tool. I mean its possible something major changed, but I think your thoughts are closer to reality.
If true, this is interesting, because apparently fake identity accounts on exchanges are cheap ( partially 'thanks' to all the breaches over the years ).
edit: added '' to thanks
I agree. Propaganda is very effective here. And it's actually good - it deters potential criminals.
But if someone who knew how crypto works wanted to commit a crime, they can. That's scary.
Sorry, yes. I used the term propaganda, but I briefly forgot its negative connotation. In this particular instance, I meant it more along the lines of 'shock and awe' your adversaries. I am hardly cheering on an alleged hacker/thief/launderer. The point stands, but thank you for pointing the perception issue out.
...any system appropriate for shluffing around value by definition comes with being able to trace things with enough attention to detail.
At the same time this crime shows the weakness of crypto: with an ever appreciating linked asset with no ability to truly "gap" transfers, you can always trace where the money goes, even with a mixer (you just then need to track many more targets, but eventually the money re-concentrate somewhere you can see), transfering just once with someone who knows your name instantly gives you traceback ability to all the transaction (can't fund a wallet without tracing back to the first ever source of fund on chain), and the fact it appreciate is the greatest enemy of money laundering: where a Mexican kingpin would understand that there's value in losing 40% of their money rather than have it stashed in USD bills in a warehouse, crypto is tempting to keep, this guy couldn't realistically forfeit a large majority of the fund by for instance randomly giving it to 5000 honest wallets with 1 being his for instance.
It's great for us non criminals, but it's one more utility of crypto going down the drain. What is it good for, if not even crime.
The (alleged) criminal only has to make one mistake to get caught, if the pursuers are good. Steal enough money and the best pursuers will be assigned to catch the perp.
Agreed. But the (alleged) criminal kept private keys on cloud AND used weak encryption. These are extremely silly mistakes.
They could have used bitwarden (or a password manager) and they would be good to go.
Also the best pursuers needs 6 years (2022 - 2016) to catch them. Plenty of time for the perps to take a lot of measures.
I don’t think Bitwarden would be helpful. You still need to protect your master password and the company is still subject to the will of law enforcement.
John Ruffo who stole $300 million still at large after 20 years
https://en.m.wikipedia.org/wiki/John_Ruffo
$25,000 bounty seems pretty small, considering.
might be dead by now?
Tornado only works for eth. they would need a bridge.
they were done-in by I am assuming to be a weak password, enough entropy would have made it uncrackable
good point. If they had tried to use a bridge to convert their bad bitcoin with good ethereum, would they have been denied service since everyone knew that these btc were bad?
As to your 2nd point, I agree. Another mistake was uploading private keys to google drive.
I would guess a keylogger
This would have happened: https://xkcd.com/538/
lol using a mixer means that the feds don't know which account contains the bad funds. So they don't find the identity of the perp. So no possibility of beating the perp.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Not necessarily. If they can spend stolen $, presumably that may be enough to persuade a jury they own it.
I agee. Also, intimidation tactics can work here - e.g. telling them they might go to prison for life bec justice wants to make an example out of them.
You have to keep in mind that a lot of those highlighted "trivial" series of mistakes can be just the result of parallel construction, and what evidence really "did them in" can be completely different from what's stated by the prosecution. It is very easy to find tons of small mistakes once you already know what you have to look for thanks to an undisclosed huge exploit/honeypot/technically-illegal-seizures that you can use.
Proving this is hard by design, but a good example of that would be how they used the Hansa market as a honeypot by running the market themselves for months.
The entire investigation around Alphabay and how they got to the owner is a bit shady, too, and there have been tons of rumors of the entire official case being based on ad-hoc parallel construction.
Tracking down Alex Cazes wasn’t shady at all.
Shortly after he committed suicide I pulled up the French language technical board where he had linked an alias to a real email address. Which mirrors the same mistake as the Silk Road operator.
When you dig deeper into these cases it’s clear that they aren’t properly washing the money. There’s no placement or layering. They go straight to laundering on a public ledger and cash out under their own names.
The simplest explanation is usually the correct one.
I think my comment was not really clear. Yes, the apparent mistake Alex made was glaring and obvious, but the entire operation was very weird. They shut down alphabay right before turning off The Hansa, which they had been operating for months at that point. It was the coup de grace, basically trying to get as many people to sign in to the Hansa before it also goes off.
To me that indicates they have been able to turn off alphabay for a long time, considering how easily and well timed they did it. That also means they have had tons of time to build the case. Of course you can argue that the simplest explanation is the best one but considering law enforcement literally operated the biggest DNM for months, completely under the radar I'm not sure why "they found an email he used for a few weeks 4 years ago" would be more simple.
You can read what DeSnake, another admin of the website had to say about the takedown. He's extremely security conscious (he hasn't been caught yet afaik which is another can of worms) and he's adamant that it was not a simple bust. Actually, the whole thing was kind of a mess, with some mods getting arrested (even without making obvious mistakes like Alex did ). You can read up on the confusion here: https://www.darkowl.com/blog-content/alphabay-marketplace-re...
If I had to guess, some mod/admin informed on him (maybe even snake!) hence why they had access to an early email. But who knows? Now in cases like the silk road I'd agree that it was simply trash OPSEC but the Alphabay/Hansa takedown was so sophisticated that anything is possible
> You have to keep in mind that a lot of those highlighted "trivial" series of mistakes can be just the result of parallel construction, and what evidence really "did them in" can be completely different from what's stated by the prosecution.
If you had such capabilities, the moment it is known you have it would immediately neutralize any value you derive from that capability.
What is the logical course of action?
Deny. Deny. Deny.
Disavowing, deception, secrecy of such capability is what gives them the edge.
Again, there is no proof that Satoshi Nakamoto was some good hearted criminal/spook.
Even I encrypt my keys before uploading them to the cloud, and I don't give them a descriptive name, and I have less than $2000 worth of cryptocurrencies, and it wasn't stolen.
There's an unbalanced relationship there, however, in that the criminal only has to be an idiot (or even just "not smart enough") once, to ruin an entire chain of previously smart actions. Law enforcement may only need one thread to unravel an otherwise finely crafted crime.
There's also a lot of time for law enforcement to try and find these threads as well, meaning the perpetrator could well be living in paranoia for as long as the statute of limitations lasts.
People that are capable of getting away with life-changing money type crimes would often be better off being entrepreneurs at the edges of existing regulation. Hello cryptocurrency...
> One overlooked detail in the Razzlekahn arrest. Almost all the money went through AlphaBay, using it as a mixer. The feds were able to see through this because they seized AlphaBay. Its amazing how, even years after, darknet market seizures pay dividends to the feds.
Another fascinating detail.
Source: https://twitter.com/ncweaver/status/1491118233973571585
Why do they call it Razzlekahn?
I was just watching her tiktok account, pure cringe.
Razzle looks like a female version of the male rapper Rahzel, who is also from New York.
https://en.m.wikipedia.org/wiki/Rahzel
And Khan is from Genghis Khan, as mentioned here:
https://www.lyrics.com/sub-artist/Razzlekhan/28366
But this is all just a guess.
Another reason why Monero is better. With Monero, it wouldn't have mattered that AlphaBay was hacked.
Funny you would say that, because if you read the indictment, these people did actually deposit Monero on one exchange:
> VCE 4 Account 2 was entirely funded by approximately 13,200 XMR via approximately 21 transactions that took place between in or around November 2017 and March 2019.
> Another account at VCE 4 (“VCE 4 Account 3”) was created on or about November 20, 2017, and was registered in the name of another Russian national and under another Russian email address. VCE 4 Account 3 was entirely funded by approximately 6,870 XMR, via approximately 10 transactions that took place between in or around November 2017 and April 2019.
> The XMR deposited into VCE 4 Account 2 and VCE 4 Account 3 was all converted to BTC and then withdrawn, consistent with chain hopping. The same method was used to liquidate the funds from the VCE 1 accounts as described above.
But the accounts 1 and 2 on VCE 4 (the ones funded by Monero) weren't registered in either Morgan's or Lichtenstein's name. They were created with fake credentials.
The feds were able to link them to the couple because bitcoins were moved from VCE 4 to other accounts that also had received bitcoins which were traceable to their alphabay accounts.
If they had funneled everything through monero I can't say that they wouldn't have got caught like this.
There isn't $3.6B worth of Monero, though.
https://coinmarketcap.com/currencies/monero/
No the moment after they moved to monero it should've been untraceable. The discrepancy you are seeing is that the USG definitely has tools to trace any of these "anonymous" coins. It's highly likely that these are honeypots.
Nobody knows who Satoshi was, everybody just assumes he isn't the feds themselves. Such scenario would be so catastrophic to organizations that rely on its advertised anonymity and it would be the best investment ever since you could just keep denying you have this capability, always coming up with a cover story (keys in cloud, we traced their keys, they were dumb etc).
This would keep criminals guessing, the economic value of laundering with crypto is too great to give it up but at the end of the day, they can only operate under uncertainty.
Could you realistically get 3.6 billion USD through Monero?
no
Shouldn't all true crypto believers hate this news?
It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
Seems like a win to me. The government had to physically go to their house and arrest them to get to their funds, whereas normally all they had to do was call up their bank and had their money frozen. Not to mention, this threat could have been easily mitigated by keeping your funds in a multsig wallet, with the keys distributed in multiple redundant locations.
Also crypto people have a problem with central banks manipulating currency by printing more etc.
Having stolen coins recovered seems like an OK thing.
The classic libertarian adage is that a government powerful enough to give you everything you want is powerful enough to take everything you have.
Some corollary would apply here. (it's not that anyone particularly loves letting criminals off the hook, it's granting that ability is a slippery slope)
It's similar to privacy and surveillance.
To secretly monitor a single individual's communications, law enforcement should have to get probable cause, present their case to a judge and obtain a court order.
Dragnet surveillance of all communications all the time is a Very Bad Thing.
Financial surveillance and seizure is currently at the Very Bad Thing stage and bitcoin helps move us back toward a better balance between the rights of the individual and the interests of the state.
> Not to mention, this threat could have been easily mitigated by keeping your funds in a multsig wallet, with the keys distributed in multiple redundant locations.
And if you're released from prison and recover your Bitcoin, you will be arrested again for contempt of court or a similar charge.
Why anyone would use BTC and not some privacy coin for this kind of scenario escapes me.
Is it practical to convert literal billions of dollars between currencies? And even if you did, wouldn't liquidating it so you can actually spend it on things in the real world prove to be almost impossible? Billions of dollars worth of currency is more than I'd expect most privacy coins to deal with over the course of months.
But in this case, accessing the billions in BTC was impossible too, so for all intents and purposes, that number wasn't real, since it wasn't usable.
The question is perhaps what is the most one can use and how to do it. Privacy coins probably play a part in this equation.
You maybe could slowly, and methodically convert it out of the privacy coin into a spendable form when needed.
Laundering within the constraints of a public ledger isn't feasible for long periods of time or large amounts of money - the only way to win that game is to be so small nobody cares.
They could have possibly gotten cash from cartels at a steep discount, but that story would probably have ended with a richer cartel and two dead nerds.
I always wonder how many people won this long con by being so small nobody cares. The DoJ document states they already succeeded in taking the funds cross chain and through some privacy enhancing alternative assets. For every idiot dumping millions in a bank account there's got to be someone else living a "modest" but luxurious life looking like a small guy nobody cares about, cashing out a few hundred to a thousand at a time somewhere where that kind of money is big enough to get a nice day to day living but small enough to not be worth organized crime taking much notice.
On the flip side, most of us could already live quiet, comfortable lives in Thailand or Cambodia on our normal software engineering income.
Maybe these guys are thinking if you're going to be a criminal, you had better make the juice worth the squeeze. Live large, party extravagantly, and probably just rent everything from hotel rooms to yachts so there's less for the authorities to eventually impound when it catches up to you.
If you read the original DOJ filing, they actually did that. They used :
> anonymity-enhanced virtual currency (AEC), in a practice known as “chain hopping”; and using U.S.-based business accounts to legitimize their banking activity.
Their problem was that they "closed" the money circle by sending it to real bank accounts. That's how they caught their trace. It seems that laundering billions of dollars is not as easy as they thought haha.
Someone was saying they could have moved to South America and laundered $1000 at a time, but you'd think that the US government could've easily tracked that down as well.. "Hmm, it appears someone is living off this stolen 3 billion dollars in South America"
How would you trace $1000 to a larger source after it passes through a privacy coin? The only way to do that is either with some side channel information, or by monitoring the person selling the funds. In a cash economy in the third world the odds of that look pretty poor. I think what happened is large deposit in bank account caused some to start asking questions.
Because they stole bitcoin. Good luck finding a non institutional buyer for tainted bitcoins when you're dealing in billions usd. Everyone shuffling bits at that level is going to play by the rules and cover their ass. Even large criminal exchanges will avoid stolen bitcoin in any sort of volume because it means instant scrutiny.
Even large criminal exchanges outside of US jurisdiction? (ie, Russia, China, etc.)
> The government had to physically go to their house and arrest them to get to their funds
Would be the same with cash
As a crypto unbeliever I hate this too. Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers. Do we have this concept for other things? yes. But I'd rather like to contract the space of property rather than expand it.
> It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers. Do we have this concept for other things?
Intellectual property has been a thing for a long, long time. You don't literally need to have a physical thing somewhere for laws to apply.
Thank you. My yes (which was left off of the quote for some reason) includes intellectual property. I, like many people, are aware of the concept of intangible property. Dollars in my bank account are another example of intangible property.
I'm curious why you included a statement about IP existing for a long time. Is there something about the duration of existence that makes something important? Descriptive statements are notoriously difficult to transform into normative statements.
> Legal enforcement legitimizes crypto as property
People standing ready to buy legitimizes crypto as property. I don't love crypto. But prohibition has never worked as intended.
In the context of crypto-as-property constructivism, I'm neither an absolute institutional nor a communal conferralist. Presently, it appears like there is much more communal conferralism constructing crypto as property, I'd like to avoid institutionalization. In practice, this would not look like prohibition, rather the avoidance of extending existing property laws to encompass crypto assets. ie: courts and lawmakers saying, "No we're not going to get involved." Unfortunately, any future crisis where crypto can be blamed is a convenient way to extend to crypto the legal construction of it's status as property.
Since you brought up prohibition, I'll take the bait. We already have prohibitive socio-legal constructions which few people use to form the basis of "prohibition has never worked, so we should not prohibit it." Some examples that are socially and legally prohibited are: murder, rape, incest, slavery, torture, buying and selling of children. I'm unsure if you believe that the prohibition of these acts has also never worked as intended and should be left unprohibited.
Literally none of your examples of prohibition are those against an inanimate object. Crypto prohibition is completely incomparable to selling children (which by the way, they may not call it 'selling' but adoptions typically require tens of thousands of 'buying' in, so there is sort of a buying and selling of children at least in the US.)
Would evidence of a prohibition against an inanimate object change your mind?
I would be convinced if you could cite prohibition against inanimate data that maintains the 4th amendment protections in US while simultaneously thwarting those determined to share and manipulate that data. It might, might, work somewhere in someplace like Singapore where the population has widespread support for execution of those found with contraband and few constitutional protections.
Prohibition has doubtful effect in US on even universally hated and criminally suppressed content like CP.
And what would this evidence convince you of?
I'm saying it [criteria from my previous statement] would convince me to change my mind, was that not the question you asked?
Allow me to rewrite since it wasn't understand I was replying to your question:
I would be convinced to change my mind if you could cite prohibition against inanimate data that maintains the 4th amendment protections in US while simultaneously thwarting those determined to share and manipulate that data.
What is your current belief and what new belief would you have if supplied with that evidence. We never really spelled out exactly what the claim was.
My understanding so far is that "I currently believe prohibition of inanimate objects has no effect. If supplied with this evidence, then I would believe prohibition of inanimate objects would have an effect."
edit: also under what criteria would be used to judge whether a prohibition "maintains the 4th amendment protections in US"? Any specific relevant cases? If I go hunting for evidence, I want to make sure the goalposts are not moved.
>What is your current belief
My current belief is that attempting prohibition against inanimate data (sharing and manipulating) while maintaining the 4th amendment protections in US and simultaneously thwarting those determined to share and manipulate that data, will be minimally effective and will not significantly impact the ability of those determined to violate the prohibition.
My new belief is immaterial to whether I have changed my mind, other than it must be different somehow (otherwise the mind wasn't changed). Changing your mind just means it changed, so the only requirement is the belief is different. Without evidence, I can't possibly predict what my new belief would be. Therefore I refuse to box in what my new belief would be, and I think it would be ignorant of me to make such a presupposition.
Bear in mind 'change your mind' was a notion introduced by you not me, I can't possibly speak for what you meant there when you brought this phrase into the conversation.
>I currently believe prohibition of inanimate objects has no effect. If supplied with this evidence, then I would believe prohibition of inanimate objects would have an effect."
That's actually not my belief. Clearly there is an effect, and the criteria I think crypto meets is much stricter than merely an inanimate object but rather it drills down to just being sharing and manipulating data. You can memorize a seed phrase that resides entirely in your mind, and other than chemical storage in your brain there is no physical manifestation to seize at a national or individual level that would effectively destroy that wealth.
I think prohibition on inanimate objects has an effect, just not usually the intended effect.
The only data that can even comparably be viewed as a candidate for what prohibition of (strictest case) crypto data can look like I think again is CP. It is universally detested, the criminal penalties can be devastating, fellow prisoners may straight up kill you, and the community will virtually always back the jailing for as long as anyone cares to jail the people engaged in sharing it. I think that puts a decent ceiling for what is possible to impose on crypto, because the public will to impose prohibition on crypto surely can't be as high as it is for the prohibition of sharing data of the abuse of children. Given that even this effort has been essentially futile, I'm not seeing much of a prayer of crypto prohibition being effective at thwarting anyone but the undetermined.
There may be prisoners this moment mining some crypto on their phone, smuggled up someone's ass into prison. If they're not, they trivially could be. That's how hard it is to get rid of.
>also under what criteria would be used to judge whether a prohibition "maintains the 4th amendment protections in US"
The criteria would be not to violate the 4th amendment.
>If I go hunting for evidence, I want to make sure the goalposts are not moved.
That's really up to you, you don't owe me anything and I don't owe you anything either.
6000 years ago, one could have ownership over the right to buy a still unborn goat at a certain price in the future. It's amusing to see these modern philosophies of trying to go back to a noble savage past that never was.
Likewise it's fascinating to me to see today an assumed, "expansion of property and its financialization are natural progressions of human societies." This factoid is itself baked into the fabric of our current society and presents itself as assumed knowledge. In reality no such natural progression exists any more than people believe that the universe is just, or that nature is cruel.
> Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers.
9/10ths of law is property ownership. I find hilarious that anyone would want less of this concept, not more. My interpretation is that crypto enthusiasts want the "trust of the crowds" not a centralized government. Which doesn't mean the trust system becomes contracted per se, but rather under a different set of rules (i.e. purely direct democracy vs centralized republic).
It's simply that people who begin thought experiments with one island, two people, and three cows tend to reach absolutely unhinged conclusions about how the society should work. Not wanting to live in a world governed by those systems is why I intent to frame them as such. Before we get to the part where some responder concludes, "you should go live in the woods then", I'd rather they did.
Another way of putting it is this. Expansions in the legal concept of property are consequently expansions in the dominion of the state.
> consequently expansions in the dominion of the state.
So your concerns are about restriction of liberties? or society moving away from small government?
Are you a supporter of cryptocurrencies?
I'm saying that state legitimation of crypto conferring ownership status is an expansion of state power. State power should not be expanded.
I don't follow. The state recognizes I own something, therefore the state power has been expanded? I'd argue the opposite. Virtually everything else I own, the state doesn't really recognize is fully mine, but rather they think they own a piece of the profits on. Currently the state thinks they own part of others' crypto (tax on profits payable in fiat only though!), so to relinquish that ownership is a step up. The state legitimation of crypto as being owned by me means they've ceded power of private property to private entities, rather than it being public or unrecognized property. Since the state recognizes it's all mine, I don't owe the government any of it and as full owner I can unmolested exercise control of my private property without interference by government.
When the government steps in, it's not usually to say _you_ own it but rather _they_ own part of it. If you own it of course you owe them nothing of it. Government finally getting their greedy hands out of private property would be a huge step up.
This is even more obvious when I present it this way. Yesterday there's a cow in my yard. The next day my neighbor says he recognizes the cow as my cow. The neighbor has ceded over power of the cow, now recognizing I have full control of the cow and they're removing any claim of power they had. It's a contraction or break even of, not expansion, of my neighbor's power.
Ownership means you have full control over your crypto. Paying taxes on it means you don't have ownership, but rather partial ownership. If the state is conferring you full ownership, it would appear their power is decreasing. If the state is taxing crypto, then they're taking away ownership status and instead attributing some of it to themselves -- THEN it's an expansion of power.
> It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers
Do Visa and Mastercard count?
> Legal enforcement legitimizes crypto as property. It expands the definition of property by institutionally conferring the status of "owned" to a functional configuration of bits distributed over thousands of computers.
Isn't this exactly how your access to digital content is mediated? A bunch of servers somewhere says that this user identifier is allowed to access this content.
I might be missing something with this analogy. Is there a legal component to accessing digital content that re-enforces its concept of being property? /gen
There are general similarities in computers mechanically enforcing access that applies to crypto-assets and digital content. I'm specifically interested in how the legal system confers additional properties or re-enforces these properties in digital assets that legitimize the properties institutionally.
I think you have to get with the times a little. Crypto is an asset (some coins a security) and has been recognized as such under the law for several years, and it's taxable.
Crypto is on the balance sheet of individuals, businesses, financial institutes and even at least one nation (El Salvador). There's crypto index funds and ETFs trading on wallstreet.
And here you are philosophizing about whether crypto can really be owned? You're a decade too late.
Human society is rapidly moving more and more "things" in the electronic realm. By necessity of technology (we're on HN for goodness sake!) the realm of property absolutely must expand into electronic representations.
Ironically, Bitcoin enables ownership to be established (at least as far as knowing the private keys = proof of ownership), in addition to the transaction path the electronic bits and bytes took in order to reach its current place of ownership.
What is a necessity of technology?
What I mean is "what's been made necessary as a result of the technology that drives much of the functioning of society".
Not really. BTC has never been anonymous. Monero is better for privacy
Bitcoin never claimed it was going to put a magical fence around your house stopping armed agents.
properly it claimed to put a fence around you after armed agents have stolen from you to make sure you have no recourse
Technically they were charged with conspiring to launder money, completely unrelated to any mention of theft or hacking.
From TFA: "Court papers filed against the couple did not accuse them of the hack itself; officials declined to say if the pair are suspected of stealing the money."
Interesting point, but if the government considered whoever had control of the coins the rightful owner and not stolen, would it be laundering then? It doesn't sound like a problem of taxes.
Laundering is any process to legitimize illicit income. It does not matter who owns the coins or other assets in question. What matters is if the coins represent any vehicle of fund transfer that originate from any form of criminal enterprise or other unreported financial activity.
So they could have reported the stolen coins it as income, paid taxes, and they'd be in the clear?
How are you arriving to this conclusion? Paying taxes on illicit income does not make the income non-illicit. It just makes you easier to catch.
I was replying under some comment thread about the the government "not legitimizing" bitcoin, and thus not considering "bitcoin theft" to be actual theft.
And thus the only crime here being tax evasion.
which is why they weren't charged with actual money laundering. they only got them with conspiracy which is a super weak charge.
a money laundering charge requires an illicit origin, which means it can only be a tacked on charge after charging or proving someone was involved in the illegal activity.
the government just doesn't know, they just find everything this couple did to be super suspicious. they clearly had control of an excessive amount of cryptocurrency that they were reintegrating into the economy. the government doesn't seem to know if they were actually involved in the heist, or how, or to what extent.
simply obfuscating money isn't illegal. obfuscating an illicit origin is. lets see if the government can get to the bottom of this "conspiracy to obfuscate money of an illicit origin".
All it says is that they don't yet have strong evidence to expect a conviction on hacking charges. And it's quite likely that some other people were involved in the hack itself - perhaps after this arrest, they will get some new information that will allow them to charge someone for the hack itself, for example, out of a plea deal when one of the gang turns against the others.
Obvious no-true-scotsman. Believing that the goal of crypto is to circumvent laws regarding possession and theft is at most a fringe belief. The fact that this is at the top of HN demonstrates how devoid of merit crypto discussion here is.
Circumventing property law has absolutely been a selling point of crypto, front and center, since its inception. The real no-true-Scotsman is saying, "Those who want an extra-governmental system of property aren't the real crypto fans." Yes, they are.
In reality, crypto's true purpose is a moving target, so it can never be criticized because that's not what crypto is really about.
> In reality, crypto's true purpose is a moving target, so it can never be criticized because that's not what crypto is really about.
Bitcoin is a tool. Like hammer or a shotgun. You can use it whatever way you want. There is no centrally defined "purpose".
This is the Adolf Eichmann defense. Trains are just tools, and he was making them run on time.
Any infrastructure has a purpose. It’s fair to ask why Bitcoin exists and whose project it is.
And it's official, Godwin's Law [0] has reached crypto. The purpose of Bitcoin is of course to support the Nazi cause. What other purpose could it possibly have? /s
Hint: Millions of people use Bitcoin as a:
- store of value to protect purchasing power over time
- inflation hedge to protect savings from the ravages of inflation
- a hedge to protect against corrupt governments manipulating currency
- protection from negative real interest rates
- censorship-resistant payments
- anonymous payments with instant finality (Lightning)
Money is a tool like any other. Cash, gold, NFTs, Bitcoin, and credit cards can be used for good or evil, lawful or unlawful purposes. The technology isn't inherently moral or immoral. It is just a tool.
The "it's really for nazis" argument is particularly weak. The critics must be getting desperate.
[0] https://en.wikipedia.org/wiki/Godwin%27s_law
This is the first time you hear "Bitcoin is for nazis"? You're lucky, I guess. It's a pretty common accusation because many Bitcoin advocates are also far-right and/or extreme libertarian.
Anyway, I'm not saying that. Eichmann is simply a reductio ad absurdum example of the problems with the "it's just a tool / technology has no moral" position.
Crypto is also a white supremacy tool: https://www.economist.com/united-states/2022/02/05/the-charm...
Lots of tools that are useful for marginalized groups are also useful for marginalized groups that want to spread hate. Same goes for the internet. It was hard in the beginning on internet mainstream (late 90s/early 00s) to find any community that didn't have a bunch of racists and fascists in it as well.
Yeah, that's why Bitcoin grows fastest in Africa.
The flipside viewpoint is that cryptocurrency bypasses censorability by large corporates; cryptocurrency embodies the freedoms that appear to be espoused so loudly and delightedy by "the US"^.
Guns = good
Cryptocurrency = bad
Opinions I agree with = good
Opinions I disagree with = bad
Me getting mine = good
Someone else getting theirs = bad</i>
Censorship is the battleground issue for the 2020's.
^Apologies for the lumping of 300 million people into a single sentence description, it's for the sake of trying to make a point of the entanglement of "the US" and "freedom" - which isn't a bad thing.
I know too many people who aim to become millionaires off of btc and then move to countries without cap gains tax. I feel their sentiments are held by a large constituent.
It's where bitcoin gets most of its actual utility though. It doesn't have much use otherwise.
There isn’t a worthy discussion left to be had about crypto that isn’t discussing its role in fraud.
That's such a sad view, especially to hold in a generally curious place like HN. Another example is narcotics, yes we know that most narcotics usage is bad, but does that mean all usage of narcotics is bad? Obviously not, and we take those articles as they come, and discuss the angles each article has independently, in most cases at least. But somehow cryptocurrencies are so emotional for most people, that they hold such a black/white view of it.
We can, and should discuss subjects without "tainting" them with general, over-discussed points when we can, especially if we want to keep HN curious and not turn into a echo-chamber.
We’ve spent years watching hundreds of obvious grifts and silly ideas. There has yet to be a single compelling, obvious use for this technology.
At some point we need to stop wasting oxygen on obvious garbage.
If this domain received 1/1000th as much attention and electricity I would be with you. But until then we could do with far less waste.
Hedging against inflation due to manipulation by the government is a very compelling reason.
That is one of the goofiest reasons I’ve heard when I look at the volatility of crypto.
Definitely not a compelling reason.
It might take time, but the fact that the government can't print free bitcoins as it does with fiat to pay off its usurious debt and devalue everyone's hard work is a compelling basis.
But won't you just hoard all of your earnings if it isn't inflated away by 2+% every year? I've been told spending would grind to a halt. Also without holding your wealth in cash in a bank, how would banks use your money as a reserve for lending out to their favored clients?
Not necessarily. Secondly, banks and money lending are immoral and predatory. Usury is prohibited in the three major religions (Islam, Judaism, and Christianity), so we're better off without this dangerous practice. It goes hand in hand with fiat money by the way, the government is taking loans from the Fed, which is why it keeps needing to print more and more money to fuel it. The sooner we get rid of money lending as a business, the better.
On a side note, Islam requires a 2.5% Zakat from money hoarded in your account, to be donated to charity, so there's your solution against hoarding :) We don't need the government to fake print money to prevent people from hoarding. Better that money go into charity to truly have a more equitable society, as opposed to the fake and useless proposals we keep seeing and pitting parties against each other.
The Zakat is an interesting concept, but I don't see much functional difference from inflating the currency by 2.5% and then giving the newly created currency to the poor. Presumably some system is needed to enforce Zakat, that same mechanism of force could be used to inflate currency.
Since inflation is a centralized operation and Zakat is decentralized, I would wage enforcement of inflation is much easier than enforcement of Zakat.
According to https://en.m.wikipedia.org/wiki/List_of_countries_by_total_w..., the total wealth of the US in 2021 (which is what I'm supposing would be subject to the inflation Zakat) was $126,340B, 2.5% of which is $3,158B.
According to https://www.usgovernmentspending.com/welfare_spending_analys..., in FY2021 welfare (not including Social Security or Medicare, which are for retirees, but including Medicaid) was $2,418B across federal, state, and local, about 76.6%. Neither Zakat or US welfare spending includes discretionary charity.
Overall, US welfare spending seems to be on the same order as, albeit a little less than, a Zakat imposed on all US wealth. Also, I'm not sure if this welfare figure includes EITC, which is the logical way that additional cash benefits should be distributed (since it avoids welfare cliffs).
Very interesting, and thank you for the information!
Different types of wealth have different Zakat values, and not all wealth is subject to Zakat (e.g. the value of your home does not count towards Zakat). For example, currency, including fiat, gold, silver and other precious metals, is at 2.5% annually. Livestock has a different calculation, and so does produce.
Bitcoin and ETH combined are over 1T USD, much more than the figure you quoted. That's 25B annually, imagine how many lives that can change. Not to mention gold, which is at 11T, so 250B annually. Insane money that can revamp the entire planet.
It's strictly superior to have a system based on Zakat than the insane income taxes that we have today.
> Neither Zakat or US welfare spending includes discretionary charity.
Zakat is the bare minimum required for Muslims to pay per year. Islam heavily encourages discretionary charity, called Sadaqah. Both approaches are complementary.
> Different types of wealth have different Zakat values, and not all wealth is subject to Zakat (e.g. the value of your home does not count towards Zakat).
Of course. I did not want to get into such complications. This was more of a Fermi estimate to compare the amount a Zakat would raise in the US.
> It's strictly superior to have a system based on Zakat than the insane income taxes that we have today.
Maybe - remember that the US government pays for more besides bare welfare for the needy. Also the Islamic Zakat pays for more than welfare - also administration of Zakat (reasonable, but should be kept as low as possible) and Islamic missionary efforts (I don't think the US should redirect its welfare to "spreading liberty and democracy").
Even in Islam, there were more taxes than Zakat[1] - at the very least, a tax on harvests (corporate income or business reciepts tax) and a land tax - because Islamic governments also have other responsibilities besides charity. It would stand to reason that the federal and state governments would also continue to collect other taxes to support other government responsibilities. Also remember that inflation (certainly that intentionally engineered by the central bank) is effectively a wealth tax.
[1] https://en.wikipedia.org/wiki/Islamic_taxes
> and Islamic missionary efforts
Which missionary efforts? If you mean paying Zakat to those whose hearts are inclined toward Islam that's something different.
> a tax on harvests
I mentioned this in my previous post. Livestock and produce have different Zakat calculations than the 2.5% of money held for a year.
If you're referring to Ushr, that's imposed on non-Muslim nations that taxed Muslims, so a tit-for-tat treatment, and it's not part of Islam per-se, but a socio-political decision.
> certainly that intentionally engineered by the central bank
Exactly what we don't want. We don't want a select few people to determine the tax rate for the entire population, affecting mainly people at the lower socioeconomic levels in society.
> Since inflation is a centralized operation and Zakat is decentralized
Zakat is centralized by the government.
> that same mechanism of force could be used to inflate currency.
How so? Could you elaborate?
> but I don't see much functional difference from inflating the currency by 2.5% and then giving the newly created currency to the poor
It's very different because when the government inflates the currency, we all know whose pockets it ends up going into :)
>Zakat is centralized by the government.
I'm going to assume you're from one of the countries mentioned below? It's my understanding most countries with Muslim majority do not centrally enforce Zakat.
>Today, in most Muslim-majority countries, zakat contributions are voluntary, while in Libya, Malaysia, Pakistan, Saudi Arabia, Sudan, and Yemen, zakat is mandated and collected by the state (as of 2015).[16][17]
[wikipedia ^]
>How so? Could you elaborate?
By compelling people to hold wealth denominated in currency, and then inflate that currency using central bank or treasury.
> It's very different because when the government inflates the currency, we all know whose pockets it ends up going into :)
No disagreement here. But government can also misappropriate Zakat. I am actually not in favor of most forms of planned inflation nor a compulsory Zakat precisely in part because I predict massive fraud on the minority of those holding the power to distribute it.
> I'm going to assume you're from one of the countries mentioned below? It's my understanding most countries with Muslim majority do not centrally enforce Zakat.
Today, many Muslim countries are not in a good shape unfortunately, and that's due to several reasons beyond the scope here. I'm referring to how things are required by Islam, and how things were done historically when Islam was actually implemented. Today Islam is not applied 100% unfortunately, which is a main cause of weakness for Muslim nations. They're either in property due to occupation, current or historic, or have to bow down to the West's whims, so that they are not overturned or invaded.
> By compelling people to hold wealth denominated in currency, and then inflate that currency using central bank or treasury.
I meant how would inflation happen in case of Zakat being enforced? They're orthogonal things unless I'm misunderstanding you.
> But government can also misappropriate Zakat
There is a set category of people whom are deserving of Zakat clearly outlined in the Quran. So, if Islam is properly applied, there would not be any meddling. It has been historically documented that in Iraq during Ummayad rule, there were no more poor people left to accept Zakat. Quite amazing.
You've said If Islam is properly applied, there would not be any meddling and Zakat would be applied appropriately. I guess you have more faith than I do that a human vested with these large sums will apply it appropriately. Humans can be greedy, corrupt, and clumsy and may not practice the word of the Quran accurately. They could simply make bad mistakes, without any bad will. Having centralized access to large sums of alms could result in Zakat going to benefit other powerful parties as well. Since it is collected by government, it would be hard for those paying it to stop payment in protest if someone did start meddling. Note this is also a problem with secular welfare systems, I am not saying it is a problem only with centralized Zakat.
>It has been historically documented that in Iraq during Ummayad rule, there were no more poor people left to accept Zakat.
Umayyad had a variety of religions of persons overseen by their caliphate. Was Zakat distributed to poor Christians in the Caliphate? Or did Zakat only go to Muslims? This is important to know, because supporting only minority of the poor who practice Islam could mean Zakat may have not solved poverty for the entire populace. I'd also be interested in seeing the citation that poverty didn't exist under this caliphate.
In America we have the problem that lots of administrators and bureaucrats siphon off much of the money in the welfare system into their salaries as well as issues with the money going into the hands it is intended to go to. Also since the money is taken by force, there's not a lot of control by those who contribute the money over making sure it is used appropriately.
I will note I find it both fascinating and worthy of respect that many cultures have come up with their own ways of helping the poor.
Personally I would be much more on board with a decentralized type of Zakat where individuals can pick what charity to go to, in order to protect from centralized failures of government.
>I meant how would inflation happen in case of Zakat being enforced? They're orthogonal things unless I'm misunderstanding you.
If I wanted to enforce Zakat via inflation, I would mandate people to hold their money in bank, as debt, or fiat denominated bonds, and then I would inflate the money supply by 2.5% by mailing out 2.5% of the current supply to the poor per year, or something approximating that. But that would also be an imperfect system.
> I guess you have more faith than I do that a human vested with these large sums will apply it appropriately.
I agree that humans can be greedy, etc. But that's why we have a judicial system. When you look at history, the Islamic scholars took their faith extremely seriously. Their accounts and biographies are not something you'd find in Western texts, but those exceptional people truly did exist. And because of them, we had things like the Islamic Golden Age.
The governments today have way more money on their hands don't they? Especially with the insane taxation rates we see. You allude to this point when you mention secular welfare systems. But history shows otherwise when Islam was applied.
> Umayyad had a variety of religions of persons overseen by their caliphate
Islam was the dominant religion, and the majority of the population were Muslims. The non-Muslims had to pay Jizya (limited to able men, i.e. not women, children, old men, or religious priests).
One of the categories of people who are eligible to receive Zakat, are those whose hearts are inclined toward Islam. Other than that, I don't think non-Muslims receive it. That being said, poor and needy non-Muslims are definitely eligible for charity (Sadaqah), and it is the responsibility of a functioning government to ensure that its population is well taken care of. Islam guarantees the rights of non-Muslims, and is very strict about it.
> I'd also be interested in seeing the citation that poverty didn't exist under this caliphate.
I didn't claim that no poverty existed in the entire Caliphate. As you know, the Caliphate spanned several regions and districts. I mentioned the Iraqi district, but I came across this question[1], which mentions that the mayors of the Libiyan and Tunisian regions wrote to Umar ibn AbdulAziz that they could not find a needy person to give them Zakat, so he responded to give it to the poor among the Jews and Christians. They replied that still no one took it, and they were no needy among them, so Umar replied to leave it in the market for anyone to take as they need. When still no one took it, Umar ordered to purchase slaves and free them.
I'll have to validate the authenticity of this specific account, but the notion that during Umar's rule, in certain districts there were no poor people left to accept Zakat is established.
> If I wanted to enforce Zakat via inflation, I would mandate people to hold their money in bank
Ah I see. It's prohibited in Islam to hold someone's money against their will, so there goes that :)
[1] https://islamqa.info/ar/answers/182393/%D8%AD%D9%83%D9%85-%D...
>The governments today have way more money on their hands don't they? Especially with the insane taxation rates we see. You allude to this point when you mention secular welfare systems. But history shows otherwise when Islam was applied.
Yes and I think the level of money and trust the government holds is a source of massive failure. I think those practicing Islam should be free to distribute their Zakat directly to poor or their select organizations that aid poor, rather than being forced to give it to a central authority. Otherwise one central authority has a monopoly on distribution of Zakat, which can lead to many inefficiencies and failures.
>One of the categories of people who are eligible to receive Zakat, are those whose hearts are inclined toward Islam. Other than that, I don't think non-Muslims receive it. That being said, poor and needy non-Muslims are definitely eligible for charity (Sadaqah), and it is the responsibility of a functioning government to ensure that its population is well taken care of. Islam guarantees the rights of non-Muslims, and is very strict about it.
Again I think it's wonderful that people are offered this kind of charity. I'm a little skeptical that the system under the caliphate could have prevented all poverty or that the poverty that remained wasn't solved by collecting Jizya from non-muslims and then distributing Zakat only to those whose hearts are inclined toward Islam. I admit I do not understand much of the history of Muslim Caliphates or nations, so I'm unable to really ascertain where islamqa.info gets its source from, but I doubt we have very good record of income distributions under this caliphate. But hey, I don't have any proof that there were poor, so maybe it's true.
I do thank you for digging up your source in this matter, and it is interesting to note some points on records of history.
> Ah I see. It's prohibited in Islam to hold someone's money against their will, so there goes that :)
A reasonable prohibition, one I extend to involuntary taxes and forced centrally collected charity.
Thank you for your viewpoint here, as it's one I rarely see living in the west.
You're most welcome.
Fraud is a compelling, obvious use for this technology. Other forms of crime too, from selling drugs, to extracting ransomware payments.
Narcotic may be whatever you want, but the debate has to be honest and transparent, not shady and criminal: if you want to legalize heroin, make a case to the people, get it approved with safeguards, say like Portugal or France to some extent (Methadone), and make sure it won't profit people who also do other things with the proceeds of sales.
The problem with Narcotic is simple: people lose freedom when getting into addiction, then with hard narcotics they also lose the ability to make important life choices, minors and generally disfavored people are targeted by addictive substance sales people, production is rarely done well (because most fields should be used for food, if they are used for more profitable narcotic purpose legally or due to lax enforcement, ALL FIELDS become opium fields like in Afghanistan, which can cause food safety issues etc.
You can't just talk as if narcotic consumers are innocent party goers. Many are absolute victims and we must talk about it without crypto entering the debate. Crypto is just a weak way to try to hide the source of completely illegal funding for narcotics without going through the painful discussion with the population that we may have to sacrifice a lot of victims for the sake of spending less on narcotic enforcement.
Not OP but I think the true Scotsman isn't that laws don't apply, it's that the ledger is infallible and authoritative.
Is the ledger wrong in this case? Does the entity holding the key have access to the coins?
Keeping the government from "seizing" assets is a big crypto goal, and avoiding taxes is included in that for a subset of users (which is "theft" if you agree with them). What to do with actual theft is kind of swept under the rug until it actually happens to a cryptobro, at which point they are very much in favor of a central authority getting their bitcoins or ugly monkey jpegs back.
All crypto uses that I hear about regularly seem to contradict that:
1. Chinese people using Bitcoin to move money outside of China, thereby bypassing government regulations.
2. People building private marketplaces (even if it isn't drugs), thereby avoiding paying taxes.
3. People doing blackmail and extortion directly and using crypto to try to avoid having the money tracked back to them.
4. People stealing electricity and then laundering that stolen energy by converting it into crypto which is then sold for money.
Really, name me any big crypto-based operation that actually pays sales taxes in all regions in which they operate.
Bitcoin is about separating money and state, but having a government is still very important.
I'm much more worried about non crypto believers hating crypto believers for getting rich while their life is getting harder because of the inflation central banks are imposing on most people.
I have the somewhat contradictory wishes, that good people should be able to hide from crooked cops, but crooked people should not be able to hide from good cops. Making it somewhat difficult, but not impossible to catch criminals seems to strike a balance.
What is a "true crypto believer" anyways? As a matter of practicality, everyone that interacts with financial assets of any sort are bound to laws imposed by some government. Equating "whoever has the keys" to ownership feels more or less equivalent to saying "finders keepers" is a valid justification for taking possession of a physical leather wallet. Or "We broke up, but I fed the dog, so it's mine". Or whatever.
A person can believe whatever they want, but when push comes to shove, it's a country's court of law that ultimately determines who legally owns what.
> A person can believe whatever they want, but when push comes to shove, it's a country's court of law that ultimately determines who legally owns what.
I think you've answered your own question - a true crypto believer does not agree with that. If the smart contract says the Ethereum is mine because you wrote it poorly and I called the transfer money function in the right way ("exploited it"), a true believer would say "yep, it's yours."
But that's not the way real contracts work. Contracts are an agreement between parties. If there is later a disagreement about what was agreed to, a judge sorts it out.
I think Ethereum is silly too. But you have to realize that their argument is "we'll make our own contracts, and what the computer says is the absolute truth - no judges or kings."
In that world, there is no such thing as stealing. If the crypto transfered, it was allowed to transfer by the contract.
The part that "true believers" are meant to hate is that now, someone on one side of the contract is grasping back to Money 1.0 concepts of conceptual ownership and meeting-of-the-minds type contracts. This enforcement action shows that the government thinks of Ethereum et al in this way too. And therefore the crypto paradise dream is dead.
> If there is later a disagreement about what was agreed to, a judge sorts it out.
Only because human language leaves a lot of room for interpretation. Computer output doesn't, or at the very least not nearly to the same extent. If your smart contract is itself legal (you are legally allowed to formalize those terms), and produced an output as a function of it's actual internal operation (and not a random, accidental bit flip) then it should stand even in front of a judge.
> Only because human language leaves a lot of room for interpretation
Technically no. Many things have intrinsic physical value that cannot be tracked via digital contracts. If I go to amazon and buy a book, but they ship the wrong book due to clerical error, then there's a clear cut violation of expectations with no room for conflicting interpretations.
In the crypto world, NFTs are frequently criticized for this very issue, and it doesn't even leave the digital boundaries: you can prove to have ownership of a token through the blockchain, but whether that token is actually tied to legal ownership of an asset is anyone's guess (case in point, there are various cases of people selling fraudulent NFTs for art they do not own).
> Technically no
Technically language is very interpretable but in some very simple cases it can be mitigated to the point where it's not a realistic issue. Even your book example isn't simple enough to be completely iron clad in all cases. You can receive a book that matches the criteria you provided (say title) but it's not really the book you were thinking of [0].
For more complex things like contracts and laws you have a lot of reasonably vague points that are up for interpretation. Courts reinterpret laws an contracts all the time, it's (part of) their job. Math is nowhere near as interpretable.
[0] https://www.flavorwire.com/376237/the-doubles-10-pairs-of-gr...
I don't know what a smart contract is, but seems to me that if you can convicingly argue that the function output is inconsistent with what the parties agreed to, it would not stand.
There are contract disputes all the time over what a word or phrase means, and what a judge will look at is which interpretation best aligns with the broad strokes of what the parties were agreeing to. Nobody agrees to a contract that contains "I get to void the entire agreement at my discretion, keep the proceeds, and leave you with nothing"
> if you can convicingly argue that the function output is inconsistent with what the parties agreed to
Talking about (smart) contracts in general, if both parties agree that there was an error they can resolve it without any court. The problem is when only one party disagrees.
Imagine you have a contract with the bank and agree to pay 10% interest on a loan. Later on you try to claim you just weren't paying attention and thought it's 1.0%. That's a hell of a case to prove in front of a judge. And if that were the case the concept of contract would be worthless, invalidated by simply claiming "I didn't mean that".
A smart-contract should be easily reproducible. If that piece of code consistently returns the same result under the specified conditions then it's valid even if the result was because of a mistake the author made while preparing it.
> and produced an output as a function of it's actual internal operation (and not a random, accidental bit flip) then it should stand even in front of a judge.
Honest questions to people who are familiar with SmartContracts/Ethereum - how do disputes and adjudicating work in this example then?
how has anything changed in this sense? The owners of bitcoins are always whoever has the crypto keys, that isn't an imperative it's just a fact, now the fed has the keys.
> It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
I really don't understand these arguments.
The law still applies whether or not you use cryptocurrency. Using cryptocurrency doesn't free someone from the consequences of their actions.
Illegal acts are still illegal acts.
What makes hacking illegal?
What if they acquired the Bitcoin without using illegal means
Probably not possible in this case, but in DeFi where everything is ruled by smart contracts, what would make executing behavior allowed by those contracts illegal.
US Law makes hacking illegal
Whatever a judge decides is illegal is illegal.
> What makes hacking illegal?
https://www.law.cornell.edu/uscode/text/18/1030
Laws of USA and pretty much every other country reject the notion that "everything is ruled by smart contracts" and assert that legally, as far as their jurisdiction reaches, their law is the deciding factor. Contracts have their basis in contract law. You certainly can write a paper contract which "allows" some illegal behavior, and executing such a contract would be illegal, no matter what the contract says. The same applies for a "smart" contract.
If we have the government to weigh in on which transactions are legitimate or not, why do we need a distributed ledger? Cryptocurrencies are trustless, but if we can trust the government to rule on ownership fairly why do we need a trustless system?
>why do we need a distributed ledger?
well the most obvious answer to that question is, we don't.
Why do we need fiat currency where self-interested parties inflate the currency & pay themselves?
Isn't crypto plagued with the same problems? Sure fiat isn't perfect but it doesn't look like crypto is solving any of those problems, as exemplified here.
To say crypto isn't being inflated by behind the scenes players or right in your face players for a matter of fact is wishful thinking. Look at how bitfinex and tether operate. Artificially pumping the price of bitcoin by purchasing with newly printed tether that many sources point to isn't actually backed by money as they claim. Same goes for many of these stable coins. The crypto industry is controlled by a powerful cartel of wealthy figures who use bought influencers and pay for play media outlets. BTC and others are the easiest way for new entities to scam the proletariat. This is no revolution of the common citizen. When a select few own the majority of btc how can one surmise that it is invented for all. For example, one btc maximalist I know claims a 100 million dollar btc is on the way. So we will have a couple thousand btc trillionaires, what a utopian vision.
And it's obviously a wrong answer.
You can trust the current government (maybe), but certainly not future ones, in which case we do need a distributed, trustless system.
no. this is quite bullish for bitcoin. they're showing that bitcoin can't be used for criminal activity, whatever the government decides that should be (usually in favor of the general public). this helps to legitimize bitcoin. Protecting consumers of bitcoin is bullish for bitcoin. helping to prevent fraud in bitcoin is also bullish for bitcoin. All these things increase confidence in bitcoin as a legitimate way of storing wealth.
It sounds like all the good things for bitcoin here are coming from the power of the central authority to provide confidence, legitimacy, protection, and legal recourse.
So why on earth is that a good thing for an asset which is all about the power of decentralized systems?
You nailed it!
That feels like it's an easy answer:
Human society, for a number of years now, has been governed by central authorities that define the rules in which society has to live. Bitcoin cannot and does not take part in dictating how society is to function, Bitcoin is put forward as an alternative currency that cannot be quantitavely eased / printed and gifted to society's largest entities as reward for criminal behaviours that endangered the very society that the central authorities are meant to be acting in protection of.
Central authority is a basic requirement of society. Bitcoin is an alternative currency. Recognition by the central authority of society is a legitimisation of Bitcoin in its position as an alternative currency.
I don't (sort of I do actually) understand Bitcoin being seen as a replacement for all centralisation / government. Bitcoin has never attempted to make legislation. Currency only (and that's shrunk to 'store of value').
DAO's on the other hand... maybe.
People get way too hung up on the concept of "hard" currency. It really takes some study of economic and financial history to understand that currency is just a means to an end, and that hoping for some immutable piece of value in your personal vault isn't what powers our world. Money is far more abstract than anything in the crypto world, and that's why it's not a good long-term bet.
I'd encourage you to read an excellent primer on the subject: The Ascent of Money by Niall Ferguson. Money is a social construct, not anything tangible. You can create money from leaves you rake in your yard, and organize your neighborhood around how many leaves you have. You can all agree that the giant stone at the bottom of the bay belongs to the unfortunate sailor who lost it, and therefore he's still wealthy even though he can't get his giant stone back (true story). You can agree that the people who are oldest in society deserve the most access to credit, and give them services accordingly.
Basic point here is that wealth is derived from society creating connections and performing services for each other, not from holding currency. Currency is simply the oil in the machinery which helps facilitate these connections. It has no intrinsic value, and the easier it flows, the faster the engine can run. That's why the Fed conducts QE and money printing - it's about the economy, not the currency. Inflation is a side-effect but it's often preferable to loss of real assets and jobs and lives.
>> currency is simply the oil in the machinery Oil is pretty darn valuable.
The need for currency oil is real! imagine if you had to sell a house, everytime you needed to get some liquidity.
You're describing credit, not currency. You can access credit to fund daily transactions without touching the principle of your investments. That's what a credit card does.
the power of "decentralized system" in this case is merely from the fact that more of it can't be created. When we're talking about the big movers, the institutional investors and the big money, they didn't run to bitcoin because it was cool tech, or cool to be decentralized. they're investing in bitcoin not because of bitcoin. they're investing in bitcoin because central governments have defaulted on their obligation of having a stable currency. You can't hold fiat currencies when they're loosing value at 6% to 12% or more per year, it's just too costly.
Bonds and cash are no longer viable investment asset classes. So all that leaves is Equities, Gold, real estate and bitcoin. It's all about TINA -> there is no alternative.
The cryptographic keys were stored on a cloud storage device. Law enforcement agencies gained access to these keys while executing a search warrant and used them move the funds. So by this logic, the government is now the rightful owner of these funds.
Correct. This is why crypto, at least in its current form, must fail. In the crypto world possession is 10/10ths of the law.
Is the same not true for physical cash, gold, or bearer bonds?
Except for when someone hacks your NFT away and the community still considers it yours.
True crypto believers look at the court case to see what parts of the system need to be made more resilient, if any.
Here its poor OPSEC, no improvement is necessary.
Plus the first money line on the IRS 1040 this year asks if you made any crypto transaction. IRS found a golden goose.
“True crypto believers” seems like a loaded phrase these days because I feel like most crypto believers are riding it’s wave to legitimacy. And things like this push it further towards that goal.
I don’t see how anyone could really still believe in the original ideals behind Bitcoin. They made something but not what they wanted.
Most crypto believers, believe in crypto because they have money invested on it and want to get rich. If you remove that variable of getting rich, very very few remain.
I mostly agree. But those very very few are the ones who made Bitcoin what it is and they are very influential.
That was the early in the pumping phase when they had to build a cult around it
I'm confused. The government got the money back with perfectly legitimate transaction(s) which they signed with those very private keys. If the rule is "whoever has the private keys is the owner", the the government was playing by the rules.
What crypto believers should really hate is the fact that with a warrant, the government can potentially get at your private keys. That'd be an interesting problem for crypto to try to solve
>>which would be "whoever has the cryptographic keys".
So, crypto believers should be just fine with this.
They used to have the keys. Now the US Govt has the keys. The one who has the keys has the power. All is good
The ledger says whomever holds the keys owns the coins. The government now holds the keys. How is this something against the crypto ethos?
I'll put myself at least partially in the "true crypto believers" group, but I think this is good news. Stolen X is 'bad', bringing the people who stole X to justice is good.
This is where I may only be a 'partial' member: My feeling is that Bitcoin (not all cryptocurrencies) was about removing Fed/Gov control of the currency. It takes no position against law enforcement of direct currency theft - outside of what could be construed as the theft of currency value by quantitative easing / gifting bailout money to banks, etc.
Bitcoin, specifically, has always had a public ledger too, so start-to-finish transaction tracking is part and parcel.
"Shouldn't all true crypto believers hate this news?"
I for one am very sad about this news but much more sad about the reaction of "crypto OGs"
Should the anti-cryto haters hate this news. It means a big point of it being a haven for criminals is now moot.
> which would be "whoever has the cryptographic keys".
This is still true, no? Now the government has the keys, so they own it. It's clear that you can't be sloppy with your keys, because "whoever has the cryptographic keys".
If they used a brainwallet (https://en.bitcoin.it/wiki/Brainwallet), the gov wouldn't have taken those keys.
I'm sitting here trying to understand their mindset.
They had to know what kind of scrutiny would be on those coins forever.
At the time of the theft, the coins are worth $100M+ and they can't touch them. Even worse, anything they do with them will be monitored, researched, dug into, and everything else from law enforcement, amateur detectives, and every major tech+crime group.
Fast forward to now and the coins are worth 50x that.. and now they try to move them? And all the keys are in cloud storage? But it had to be frustrating to be sitting on something so valuable without any way to use it. They had to be stressed and anxious about it.
A life of crime is stupid. A life of crime for something this high profile is far beyond stupid.
I was wondering about this. I would think the most obvious path would be to find some other criminals (now you've got new risks) who don't care about the provenance of the coins, will pay cash for some coins at a discount, and you somehow launder that cash....
Could at least get a couple bucks from it, possibly.
There are "local bitcoin trading" groups that do exactly this - convert bitcoin to cash at a discount. But obviously you can't do this for billions of dollars and you expose yourself to personal monitoring and capture.
I'd bet there's a non-zero chance your exchange counterparty at one of these groups is an undercover cop.
On the one hand, the mob would probably be happy to buy them for 10-30% face value. On the other hand, how do you contact a reputable mob boss?
Yeah I think the odds of "how about you give me cash and I not turn you in" are ... possible.
Bitfinex was offering a reward….
More importantly, how do you stop them from contacting you after this transaction.
...If you have to ask...
.
The thing about Craigslist is now you need to meet folks / exchange ... you're only going to make so many of those transactions.
Or weaponize the coins.
Take 10 BTC and give them to 100 groups/people you don't like. Investigators make their lives miserable for a while.
For normal people, that'd be ridiculously expensive but since they didn't pay for the coins and have 100k+ more they can't use, it's "free."
haha right! I would have bridged them to the Ethereum network and sent it to everyone with an ENS registered
Sort of like a Random Robin Hood.
I am genuinely surprised it has not happened already ( or maybe it did, but it did not make news ). If NK hackers wanted to get someone in trouble, connecting someone to one of the wallets listed by OFAC would be relatively effortless.
Wouldn't investigators look at the provenance address for one of those 100 transactions? That seems like a dangerous prank.
They already knew that address though, they were waiting for them to convert the BTC to USD to find the person tied to the address. Still dangerous because the person you sent them to might give the feds your name.
I feel like you'd just be making 100 enemies...
They could easily point and say "dude I don't know who that was, here's those coins FBI".
That wouldn't work, the same way it wouldn't work to park a stolen Ferrari or a bag of cash in front of your house to accuse you of something. The situation would be cleared up pretty quickly.
One trip to Russia would have solved all their problems. Just saying
How or why is that? Why would it be easy to cash in or sale 4 billion dollar worth of crypto in Russia? Russia probably doesn't extradite a person to Americans (not sure about non citizens) but there are plenty of sharks who would want to get their hands on these coins if that came to public anyway.
They have not extradited Snowden. If it is politically favorable they would grant residency. There are other few other countries who who do the same, but only one or two like Russia could withstand U.S. pressure if they harbor such a high profile figure.
Of course Putin will take all the money anyway, so what is the point ? Getting the mob for support never ends well.
Also to note one of them is a dual Russian citizen so it more complex than the hypothetical
You can't have crypto problems if you're dead.
I thought maybe they could go to a country without any extradition treaty And has no diplomatic relationship with the U.S. Then cut a deal with the government.
It's a slim picking...
Iran North Korea Syria Bhutan Taiwan Azerbaijan Palestine Georgia Cyprus Western Sahara
Even Russia has too much to lose. Maybe if it were $360 Billion, they might consider it.
> Iran North Korea Syria Bhutan Taiwan Azerbaijan Palestine Georgia Cyprus Western Sahara
At least in half of those countries, once they found you really in control of $3.6B crypto, they would torture you until you give it all, then dispose off your body.
Ilya Lichtenstein (YC S11) is the co-founder of YC-backed MixRank. Heather Morgan, his wife, is apparently a serial entrepreneur, investor, and "contributor" to Forbes.
Her Forbes bio:
Heather R. Morgan is an international economist, serial entrepreneur, and investor in B2B software companies. She is an expert in persuasion, social engineering, and game theory.
she also ran Endpass "Bringing you the delightful and secure Ethereum wallet that's easy enough for grandma to use."
"The infamous Crocodile of Wall Street" lol.
They certainly thought an awful lot of themselves - it's fascinating to dig into their public facing digital trail. If they played by the rules they'd have been living large as part of the .001% of the world.
They bought themselves a giant lead brick and chained themselves to it. It'd be sad if it weren't so stereotypically comical.
She's also a rapper, and not a very good one: https://www.youtube.com/watch?v=_DIuPPmY9mw
"0FCKs given"
This whole crypto space is just a giant show of "Punk't" isn't it. This can't be real - it is just parodies the whole way down.
Doesn't matter, she's going viral now
Her delivery reminds me of a CEO being forced by their HR department to "do a rap" in the 2000's to "relate" to their employees.
Strong Leslie Knopes in Parks & Rec's vibes!
How about the 2010s! A VC firm had a tradition of making all their portfolio companies participate in an annual rap and dance. I think I had to participate in an Gangnam style rendition. Probably not that hard to find, with that information.
Record companies are just VC firms who make their whole portfolio sing and dance.
One YC place I worked actually had a CEO who freestyle rapped as a hobby.
The Gangnam style half wasn't so bad, actually, and it's fun to imagine which character you were.
I got strong "Just 2 Guyz" vibes from it (which was intentionally funny): https://www.youtube.com/watch?v=Nt2OVAgkHBc
Better than most to be honest
This is absolutely incredible. Wow.
That is truly awful, I couldn't take more than 20 seconds of it. I couldn't say I would do better but I have no delusions about being a rapper either.
>everyone worries too much about what's proper / but not Razz -- no shame -- that don't stop her!
"I have to say a lot of large companies have security holes" XD
https://youtu.be/O9jstO5KpCY?t=552
I had the tab open a few minutes ago, and mid playback it's been made private. Just caught them doing that live.
New link:
https://piped.kavin.rocks/watch?v=_DIuPPmY9mw
PR damage control has started. Video is now private.
> Y Combinator did not respond to BuzzFeed News’ request for comment.
https://www.buzzfeednews.com/article/sarahemerson/crypto-lau...
For those unfamiliar with Forbes as a platform, forms allows for independent unpaind (by Forbes) writers to submit content on their platform. If you see a scummy crowdfunding campaign or shady start up claiming "as featured in Forbes,etc etc" that's how they do it.
The hack occurred 5.5 years ago. The Federal statute of limitations on Grand Theft/Larceny is 5 years. Is this why they are charged with Conspiracy to Commit Money Laundring and not charged with the actual theft?
Lichtenstein and Morgan are charged with conspiracy to commit money laundering
If so, this means that (outside tax obligations) they may have gotten away with it essentially by sitting on the money doing nothing for 5 years and then openly transferred it to themselves. Since they took actions that were meant to launder the money, they opened themselves up to the money laundering charges on their own.
https://www.law.cornell.edu/uscode/text/18/3282
This is similar to many financial regulations where you can have completely legally obtained money but if you deposit $9,000 followed by depositing $1,000 thereby avoiding a CTR notification to the government required for a $10,000 deposit, you're guilty of "structuring" your deposits.
https://www.fincen.gov/sites/default/files/shared/CTRPamphle...
Structured transactions dont have an amount threshold. Former Speaker of the House Hastert got jail for sub-threshold transactions.
It's definitely not that easy... They would be sued in Civil Court for the entire amount, the Feds have a variety of options for 10-year statutes that could be implicated when they transfer the funds to a bank (wire fraud, mail fraud, bank fraud) and they would have to pay taxes on the funds lest they are implicated in tax fraud. It's hard work being a criminal.
>Hackers Move $3.55B Worth of Bitcoin from 2016 Bitfinex Hack
https://news.ycombinator.com/item?id=30162085
So government was moving bitcoins not hackers. Like I said in that thread it is easier to launder cash than bitcoins because bitcoins are on chain forever and cold cash can be laundered in numerous ways.
Thanks for sharing this. Hilarious comments :)
> The Justice Department announced Tuesday it had seized more than $3.6 billion in bitcoin allegedly stolen as part of a 2016 hack of Bitfinex, saying authorities have also arrested and charged a husband and wife in New York for allegedly trying to launder the cryptocurrency fortune.
> Officials said Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, were arrested on charges of conspiring to launder money. They are accused of trying to launder 119,754 bitcoin that were stolen after a hacker breached Bitfinex, a cryptocurrency exchange, and initiated more than 2,000 unauthorized transactions. Prosecutors said the bitcoin was sent to a digital wallet controlled by Lichtenstein.
From the actual charging statement (https://www.justice.gov/opa/press-release/file/1470186/downl...), the Feds have more details and fascinating traces through the various methods which the accused laundered the funds. Raises the question of whether they would've attracted so much attention if it were "only" a $70M hack instead of the multibillion dollar one due to BTC appreciation.
> In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet. At the time of the breach, 119,754 BTC was valued at approximately $71 million. Due to the increase in the value6 of BTC since the breach, the stolen funds are valued at over $4.5 billion as of February 2022.
Sometimes I wonder what the chances are that certain (highly privileged) staff at Google (or other similar data storage or e-mail companies) could run a query across Google Drive looking for a specific public key. Much like a malware scanner, just looking for "a key", just to see if there is an account matching. Unofficially, of course. A rogue employee perhaps. And, what if, in such a case, the employee (in the best of cases) reports the person anonymously, or in other cases, takes off with the private key if also found.
Or does anyone know if the data is so encrypted that nobody at Google can override? I would highly doubt that, looking at US law enforcement pressure. And I am sure there's a million and one barriers and access requests blocking raw queries, but technically...
Of course, a hefty hefty conspiracy-laden thought, but I just found myself curious if that would even remotely be an option.
I think the perp encrypted the file themselves before uploading to Google cloud (or wherever). The encryption was not provided by the platform.
this would be trivial to code and could search for one of the bip 39 dictionary words. github key thieves do this already.
Happened to many on dropbox too
You would never know if it was somebody employed there or at the data center or at the government agency tapping the servers
Yep, I definitely recall numerous incidents of people putting a private key onto a dropbox file, never sharing it with anyone, have 2FA on their accounts (with no unauthorized activity), and then seeing funds disappear.
Google already scans drives for copyright infringement.
I haven't work for google, but other cloud provider I worked has very strict production access policy. You cannot just access prod, or run script. Even in cases that you must access prod, it needs special temporary access. (Just in Time Tokens), which is audited, and linked to a case. Few people in management line have to approve the access, and it expires once used. I would say the chance that some random engineer does this is very very low. Unless Google actually does something like that as a product for law enforcment. I have heard few cases of these scripts for things like child abuse images. I have never seen one though in action.
The I/O cost would be more than any loot you find !.
Jokes apart, it is not easy even for Google in-house teams such a query scanning all their drive folders would be very, very expensive computationally.
Most files are stored as binary blobs, i.e. bin formats like PDF etc with some level of compression. Retrieval costs and file read costs for even most common formats can be expensive and slow
The wife could plead not guilty by reason of insanity:
https://twitter.com/matthewesp/status/1491116443207094272?s=...
have you seen her rap video? https://razzlekhan.com/ She should be arrested purely for subjecting people to its existence.
Why would a Russian national with so much BTC to launder, who hasn't touched it in 6 years suddenly perform the action from New York City of all places from within the USA.
It is explained in the court documents. Please read the PDF.
It really isn’t.
Ilya is a Russian national? (Sorry, I hadn't sees that mentioned yet.)
Yep - dual citizen. Though via his LinkedIn, he went to at least High School and College in the US.
I don't know why people assume that Russia is a lawless land where you can just cash out billions of dollars worth of stolen cryptocurrency.
Even if that were the case, maybe they rationally decided that the risk of pissing off United States federal authorities was better than pissing off Russian authorities and organized crime.
What's shocking to me is that the hack was actually real and not just an inside job by Bitfinex employees
For example Mt. Gox hack was also most probably hack not an inside job because that guy Mark Karpelès was so incompetent running the exchange no wonder it got hacked every now and then.
Here's how the fed caught them:
"The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
what the...
no way they just kept an unencrypted private key on the cloud.
the file was encrypted, but the fbi hacked it after already having gained access to the account (via warrent).
Which is to say, this isn't how they actually got cought, it's just how the nail will go in the coffin (and thankfully for those impacted, some funds recovered).
FWIW, if you ever find yourself in this position of owning a large amount of stolen crypto, I believe the best way to wash it would be to "robin hood it out" to a bunch of random wallets. You just happen to own 10-20% of the wallets, but the feds now have to try and track thousands of different people over years to try and identify the true thief, and there will always be plausible deniability.
Interesting idea. But you’d only need to sample a small number of wallets to see the same person appear twice.
or buy extremely expensive tangible assets (diamonds, gold, bulk quantities of drugs). But billions of dollars worth? Forget it.
This should all be taken with a big grain of salt. The official story be just parallel construction to give cover to say zero day hacks or other covert espionage etc.
Bribing or planting support agents as employees at every cryptocurrency company seems pretty easy.
They likely have proper cooperation without being public about it, like how tech companies engage with Law Enforcement.
seems like the FBI was investigating for another unspecified reason, got the warrant for access to his cloud accounts, encountered encrypted files, and spent the next few months brute forcing or attacking the encrypted files until January 2022. they had marginal success with that effort but fortunately the files they got open were the jackpot with private keys and all sorts of damning things.
this is a strange one, because the IRS agent is the one that made the call.
so FBI, DOJ and IRS are involved.
The IRS agent actually suggested wire fraud and CFAA along with money laundering and defrauding the US (an IRS thing about revenue its owed), which makes sense, but DOJ has only moved on "conspiracy to commit money laundering" and "defraud the US".
This is really surprising, given that the Bitfinex hack was quite complex (unless they had inside knowledge). There are several ways to hold crypto for an amount as large (hardware wallet, brain wallet, pre-signed transactions, etc...)
>According to court documents, Lichtenstein and Morgan allegedly conspired to launder the proceeds of 119,754 bitcoin that were stolen from Bitfinex’s platform after a hacker breached Bitfinex’s systems and initiated more than 2,000 unauthorized transactions. Those unauthorized transactions sent the stolen bitcoin to a digital wallet under Lichtenstein’s control. Over the last five years, approximately 25,000 of those stolen bitcoin were transferred out of Lichtenstein’s wallet via a complicated money laundering process that ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan.
Sounds like they were very much involved in the hack... or someone hacked Bitfinex and gifted them the coins?
Yeah -- It reads like they didn't have the evidence to prove they hacked Bitfinex, but plenty of evidence they're the only ones that moved the hacked funds. Hence the lack of CFAA or other charges in favor of money laundering ConFraudUS.
Probably stupid question: Why not just exchange it to zcash or monero or some other coin that hides transaction details? Then you can send it to a new wallet; theoretically 100% untraceably.
Is this not a valid approach?
One possibility is that almost all exchanges require KYC today.
The transaction from BTC to Monero is traceable.
with atomic swaps that make use of taproot, that wouldn't be distinguishable from, say, opening a lightning channel, but still, there's not enough liquidity there (and this is very recent stuff anyway)
They did that apparently, it is mentioned in the article. There are still ways to trace it. For example, if they do it in a short timeframe or in just two transactions you can match the amounts. Not many people send 100k$ in zCash around.
Amounts are not public with Monero outputs created within the last few years.
Equation Group: “Challenge accepted”.
You really want to bet that a crypto tumbler won’t have a flaw in it?
Most crypto tokens have flaws.
I’m short this comment and the bank who gave the author a mortgage.
Ben, it appears you've become emotionally invested in my comments. While I appreciate the attention it does signal that you're going off the deep end judging by you replying to all of my posts in and out of this thread within the same hour.
Feels aside, I get the impression that your knowledge of monero, zero knowledge proofs, and anonymized transaction outputs is lacking. By virtue of the way that monero burns and creates unlinkable transaction outputs with concealed amounts, you cannot discern the amount of any transaction or output unless you're a key party to the transaction. As always the sender is also concealed. Tumblers would be a different and weaker concept all together.
The equation group admits this themselves, and it is proven time and time again every time monero is seized or analyzed.
I do hope you eventually get out of your feelings and get your proverbial shit together, because idolizing your detractors is no way to live. I assure you my ramblings are nowhere near as interesting as the conversations you'll have with your therapist about them.
Also lmao, nobody in this space uses banks, stop it.
If you read the court PDFs you see that they tried it.
What possesses someone who just stole billions to stay in New York while trying to launder their money? Staying and pretending it didn't happen, I get. Pulling a Marsalek, I get. But staying? While continuing to try and access that wealth?
Is it arrogance? Stupidity? Misplaced faith in the anonymity of crypto?
Reminds me of Ross Ulbricht getting busted for running Silk Road. If you're running the largest black market for drugs in human history, why in the world would you stay in San Francisco???
More people needs to learn about CoinJoins[0].
"CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol."
[0] https://en.bitcoin.it/wiki/CoinJoin
Great idea, now you are not only liable for your own activities, but also for lots of other activities possibly much worse than your own.
This seems to be a pretty nerdy idea of 'how the world works' that could easily spectacularly backfire.
unfortunate username for gmaxwell
Ilya is a good guy, I don't think he's guilty. there's gotta be a misunderstanding
everyone thinks this story is about me
How are you involved in this story?
> editor on rapgenius.com
There is a rapper involved in the case.
http://web.archive.org/web/20220208165810/https://www.washin...
https://archive.is/IcdPK
It never ceases to amaze me how incompetent some high profile criminals are. Encrypting a file is simply too difficult apparently. The entire purpose of crypto is that the exclusive holder of a private key cannot have funds seized. A 15 year old kid probably has better opsec with their crypto wallets than these people. Astonishing really.
yeah I've never seen a crypto investigation that made me impressed with the government's abilities, nothing that surprised me about the utility of OPSEC best practices, only people with weak links and dumb behaviors that are incompatible with doing something criminal.
You're not serious, right? You clearly haven't seen some of the latest unlicensed money transmitter prosecutions. The resourceful agents over at HSI have come up with an incredibly effective method of stopping crime in the Bitcoin network. It looks something like:
CS1: "I would like to exchange these dollars which I represent to be the proceeds of the sale of controlled substances in violation of the Controlled Substances Act for Bitcoin."
Localbitcoins trader: "OK."
4D Quantum Chess right there
In a hypothetical, if the two did not breach Bitfinex servers (unauthorized access to others systems) but instead managed to "guess" the private key to the Bitfinex wallet and transfer the funds, would this also be a crime?
Would this be treated the same way?
Computer Fraud and Abuse Act covers any unauthorized access regardless of how the credentials were obtained or... magically guessed.
Also, grand larceny applies if you guess the code to unlock a car.
It applies even if the car isn't locked... it applies any time you take something you know isn't yours.
In the scenario outlined there would be no unauthorized access to any systems, whether owned by Bitfinex or anyone else, so I really don't see how the CFAA could possibly apply here. As for the cryptocurrency network itself, the protocol is that anyone who has the private key is authorized to spend the corresponding funds—how the key was obtained is irrelevant.
Of course, correctly guessing a 256-bit random private key is exceedingly unlikely, though if they key is based on a lower-entropy password (a "brain wallet") then the odds of a correct guess improve dramatically.
CFA would likely consider a bitcoin wallet a "system". You weren't authorized to access funds in that wallet.
And even if it weren't that's no different than guessing someone's bank account number and paying for purchases that way. Its still someone else's money and its still stealing.
> CFA would likely consider a bitcoin wallet a "system". You weren't authorized to access funds in that wallet.
We don't have to guess. The CFAA refers to unauthorized access to computers, not "systems". The Bitcoin network is not a computer, and someone posting a transaction signed with some key, however that key was obtained, is using the network as intended and not accessing either the Bitcoin network as a whole or the individual computers comprising the Bitcoin network in an unauthorized manner.
> And even if it weren't that's no different than guessing someone's bank account number and paying for purchases that way.
It is different, because in that scenario you're claiming to be the designated account owner, a specific legal person authorized by contract to direct the bank to pay money from that account—not just someone who knows the account number. You generally have to sign a statement to that effect in addition to providing the account details. If you aren't the account holder then you're committing fraud. (Though practically speaking it's really a bit ridiculous that merely knowing the account number—something printed on every check and hardly a closely-held secret—is considered sufficient to set up a direct debit.)
By design, Bitcoin doesn't care about your real-world identity; it only cares about whether you know the private key.
> Its still someone else's money and its still stealing.
Wrong on both counts. Bitcoins are an abstract concept, much like points in a game. They are governed by voluntary consensus among Bitcoin users according to a particular specialized system of rules, and not your private property. In short, they're "yours" only as long as the network says they're "yours". If other Bitcoin users stop recognizing those bitcoins as "yours" for whatever reason—a blockchain fork, a change in the consensus rules, someone else guessing your private key and spending them—you have no legal recourse. There are no physical goods involved which you could sue to have returned to you, and no legally-binding contracts between you and any other participants in the Bitcoin network which you could claim were breached by the change.
I’m so confused how this holds up in a distributed system like Bitcoin.
There is this ownerless software running.
I don’t see it as theft.
If a bank accidentally leaves a sack of cash on the sidewalk and you take it, it is not yours. Plus they didn't declare any of the money and instead laundered it through a bunch of sham companies and fraudulent users on crypto exchanges.
Even if the bank accidentally put the money in your bank account and it’s reasonable to believe that it’s not yours, you can be held liable if you spend it or withhold it from the bank.
If bitcoin has legal ownership, then the means by which you stole it doesn't seem relevant.
Are you essentially asking if bitcoin has ownership?
I would assume that using someone else's credentials (wallet private key) without permission to make changes to a system (the bitcoin blockchain) is in itself illegal, yes.
IANAL.
I can't see how they can get away from it not being theft. No durable argument could be made in court they thought it was there to take, there is no way they didn't know it was someone else's property.
Regardless, I don't think ignorance would be a valid legal defense, despite whether someone recognizes random sequences of bits as personal property or not.
From the article, they aren't necessarily being charged with the hack itself
So they where hired to launder the money? Wouldn't the FBI try to make a deal to catch the people who executed the hack?
Just saying in the article that's what they're being legally charged for, and that already comes with hefty maximum sentences.
They are clearly associated with the hack, but that can be tacked on after further investigation and cross-examination. The money laundering is an easier opening target.
Wouldn't it still be laundering?
Knowing the key doesn't immediately mean that your access is authorized. This isn't equivalent to finding a $20 bill on the ground so there's not really any corollary to stumbling across it.
Yes. If you guess my house key shape, that doesn't give you a right to enter my house, even if you can now unlock the front door.
It is theft whether your door was unlocked or I break your window and then steal your stuff.
Page 15 of statement_of_facts The only other significant deposit to the account was an approximately $11,000 U.S. Small Business Administration Paycheck Protection Program (PPP) loan advance provided in response to the COVID-19 crisis.
So they also applied for PPP.
> While it is possible that SalesFolk received virtual currency, based on my experience, companies that do offer virtual currency as a payment method or in conjunction with another service often advertise it to attract more business.
Disagree here. I know many institutional funds that accept crypto for investment, solely because the third party fund administrator allows it, who only updated to account for that because so many funds and limited partners wanted that.
You would have no idea how much is happening behind the scenes, with the merchant services pushes being just a small tip of an iceberg with its own success or failures.
I was going to disagree, but it turns out you’re right. Home Depot and a few other companies do accept crypto and they are not trying to meme about it.
> Here's how the fed caught them:
> "The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
That makes sense, and of course storing them in cloud storage was a bad idea. However they could have only obtained the warrant /after/ they pretty much knew Lichtenstein was the culprit.
How did they determine Lichtenstein was the person who had the bitcoins?
Given that these clowns were not exactly low profile about their wealth, I imagine their opsec was less than optimal.
That could be true, but it still doesn't really answer the question.
How did the FBI know, hey he's the guy, lets get a warrant
It doesn't matter. They got a Bitcoin Billionaire in a trial. Guilty or not, they already won this round.
I ask this every so often during threads regarding stolen cryptocurrency:
Is there any solution yet to preventing stolen cryptocurrency funds from being spent? Isn't the only solution to have a central database and require laws to require every transaction to be pre-checked to see if it's stolen funds or not?
And not only that, the centralized system will have to be constantly keeping track of wallet mixing to see where funds are being redirected to, attempted to being washed to?
Most cryptocurrencies are designed such that the concept of "returning" stolen funds is not really meaningful.
The best analogue is cash. If you want to return the cash you need to physically find it and move it back.
Sovereign law isn't so easily waved away, unless you are seasteading.
I'm not waving it away, this isn't a discussion about the legal system.
If someone steals steal a fiver from your back pocket then there's no magical wand that the police can wave that teleports the cash back into your hand. They need to come and get it from the kitchen table or wherever the thief has put it assuming they haven't spent it.
Most cryptocurrencies are explicitly designed to act as digital cash in this way. The system is structured such that a coin is fully under the control of the owner of the private key, there is no third party involved to effect some sort of return like a bank can.
If the coins are sitting in an exchange or some other custodian i.e. not exclusively under the control of the owner of a private key then you can effect this change by leaning on the exchange (in a legal sense).
The exchange is the bank, the coins are cash.
Cash is not a good comparison to cryptocurrency at all.
Stealing $70M, or trying to launder $5B in cash, is absolutely not the same thing as doing the same with cryptocurrencies.
$70M or $5B is a serious logistical problem to steal, hide, and launder.
$70M is 700kg in $100s.
> under the control of the owner of the private key,
Not owner, no. Temporary viewer is enough. And that's a huge difference.
Possession is probably a better word than ownership, sure.
In the same way that if someone takes your cash into their possession, they might not have legal ownership, but now they have to somehow be involved in its' future transfer (even if that's like, handcuffing them and forcing them to hand it over).
In a cryptographic system you need the key in order to do things. Whether you think it's good or bad to apply that principle to the concept of money is orthogonal to the ground reality of how it actually works.
The original Bitcoin whitepaper explicitly refers to itself as a peer to peer electronic cash system (https://bitcoin.org/bitcoin.pdf). It's the 7th word in. It's designed to operate in a cash-like manner as opposed to a referential (credit-like? not sure what the term is for this) as in a bank ledger or similar.
> Possession is probably a better word than ownership, sure.
I want to stress that I don't consider this a minor difference.
> In the same way that if someone takes your cash into their possession, they might not have legal ownership, but now they have to somehow be involved in its' future transfer
Yes. Cash can be stolen by a pickpocket. But two things make this not a difference in degree, but in kind:
1. You can't pickpocket $70M 2. A pickpocket can quickly hand the $100 in your pocket to an accomplice, but not to an accomplice in Bolivia.
If you want to move millions or billions in cash then you have to fill out paperwork exactly because that's how money laundering happens. Cash isn't actually easy to move, nor anonymous, at scale.
$70M is 700kg in $100s. And any legit business you show up with $1M in cash will report it, because they have to and/or because they don't want to be tried as an accomplice to money laundering.
I've had friends receive huge sums in cash, and they have reported it exactly for this reason. Enforcement against financial crime is actually built in.
I think the comparison to cash therefore is completely inappropriate, to the point where I question if it's even said in good faith.
> In a cryptographic system you need the key in order to do things. Whether you think it's good or bad to apply that principle to the concept of money is orthogonal to the ground reality of how it actually works.
In my opinion it's not "money" that's being replaced with math, but "intentions". It's not about replacing fiscal policy with math so much as replacing laws against theft and money laundering.
The definition for the features of cryptocurrencies tend to be the exact description of money laundering and tax evasion.
So if the goal is "I want to commit all the financial crimes" then yes, for those purposes cryptocurrencies have found their use cases.
You seem to have descended into some sort of monologue.
I hope that it's cathartic for you; I just wanted to discuss how possession works in cryptocurrencies.
My apologies for using the word ownership instead of possession, lazy language on my part.
> Most cryptocurrencies are designed such that the concept of "returning" stolen funds is not really meaningful.
Which is why these things are not features, but bugs, in cryptocurrencies. The core design principles of cryptocurrencies are actually bugs, if you think about it.
It's not a bug, it's an explicit design decision with trade-offs.
Is it a bug that my fork can't cut like a knife? Different tools, different purposes.
>The core design principles of cryptocurrencies are actually bugs, if you think about it.
It's a system designed around a different set of trade-offs. Calling a bug doesn't really make sense. For instance, using full disk encryption means that you lose all your data if you forget your keys. That's not an issue if you use icloud (which presumably has an account recovery process). Based on this, can you say that the "core design principles of full disk encryption are actually bugs"?
Good point.
It's a bug to the vast majority of people, but that doesn't make it a bug to ultralibertarians.
It's a bug if the goal is actually to have everyone adopt it.
So we pretend to treat it like cash and ignore that we can track and know exactly what digital currency is stolen? That's your proposed solution?
No, you're using words that I don't think are meaningful in the context of what a cryptocurrency is.
Assuming you can't physically track down a thief and seize control, the technical best case you can achieve with Bitcoin is to blacklist specific transaction outputs e.g. you can choose not to accept them. You can't prevent others from accepting them, but you could for example as a governmental body add them to a global blacklist of sorts and legally forbid exchanges from accepting transactions which have at some historical point interacted with those blacklisted transaction outputs.
With the use of Lightning or coinjoin or various other privacy preserving protocols you're going to end up in a situation in which you have to taint the entire coinbase (e.g. all coins) eventually; the ultimate endgame of doing that would be to "ban Bitcoin" on exchanges.
With something like Monero or ZCash there's no serial number to track in the first place so you have no ability to blacklist anything; your only option is to refuse to accept those currencies at all.
These are possible legal avenues you can go down. But _returning_ the funds is mathematically impossible without somehow gaining access to the private keys that control them.
The fact that there is no "solution" here is an explicit goal of most of the cryptocurrencies that I'm aware of. It's certainly the reason that I'm interested in the space; it's non-custodial, as cash is.
If someone steals your car, takes it abroad and you don't know where it is, it's gone. There is no solution. Goodbye car. So it goes. If I could add a mechanism that drove it back to me, I wouldn't want it for a host of reasons.
As I understand it, the Poly Network hacker found it impossible to transfer his stolen Tether due to those coins being frozen at Tether HQ.
With some things, such as the stablecoin USDC, the issuer can prevent specific addresses from transferring them
Which is only possible because it's centralized
A DAO could just as easily decide to do the same, but it'd need to be built into the smart contracts.
This works with the smart contracts with USDC, it's just that there's an authority which has permission to update the state to deny transfers from a specific address.
This is because USDC is a centralized stablecoin (as is USDT). There are decentralized stablecoins such as UST and MIM (and I believe DAI as well).
Correct, though on second thought, given how slow many DAOs are to operate, the perpetrators would already be in some other uncontrollable currency by the time people voted to blacklist certain wallets.
A DAO could have a privileged user (voted in by the DAO of course) who has the ability to blocklist specific addresses that aren't explicitly on an allow-list. Then the DAO vote could add accounts to the allow-list.
Doing so would mean the token could be transacted, except by users who are on the blocklist and not on the allow-list. And this would prevent a privileged user from abusing the power to add accounts to the block-list. Getting unblocked at the speed of DAO is less of a concern, as long as blocked account-holders can still vote with their tokens.
What does "stolen cryptocurrency" actually mean? For example, if one person says it was stolen from them, and the holder says they legitimately acquired it, then how is any solution supposed to decide who is correct?
For fiat currency, there's usually a court system that can be used to determine ownership. Though often they explicitly exclude cash from that - if somebody legitimately acquires bank notes that were previously stolen, they can keep them and they are valid as legal tender.
For cryptocurrency, which jursidiction's justice system is going to determine whether something has a "stolen" marker or not? What if that's not recognised by a different jurisdiction, or someone else comes to the opposite conclusion?
> For cryptocurrency, which jursidiction's justice system is going to determine whether something has a "stolen" marker or not?
It's the same decision process as the normal justice system. Broadly speaking, you can analyze it as follows (for civil complaints):
1. Is there a clause in the contract that says "disputes follow XYZ jurisdiction"? Then that's the jurisdiction. (And adding such a clause is Contracts 101 material).
2. If not, then you can usually get jurisdiction based on where the offense actually happened, or where the defendant lives. The analysis can get complicated, but it's not going to meaningfully change for cryptocurrency.
3. There's also a potential for extraterritorial jurisdiction in some cases.
> What if that's not recognised by a different jurisdiction, or someone else comes to the opposite conclusion?
Well, jurisdiction really comes down to a) can you get a court to agree that it has jurisdiction, and b) can you get other people to agree to the court's orders for relief.
That decision process would lead to different people coming up with different results. For example, it's not possible for me to look for a clause in your contract with a third party. I don't even having any way of knowing if the contract you might show me is the one that applied to a cryptocurrency transaction. So if you claim that your cryptocurrency was stolen in that transaction, and your favored court agrees it has jurisdiction and concurs, I still have no way of verifying any of that.
Your decision process might work for you, but it's not meaningful for establishing consensus in a cryptocurrency.
There is no solution because you would end up punishing innocent people. E.g. if a thief buys a car with their proceeds then it's not fair to punish the car dealership by confiscating the originally-stolen coins. This was decided in Scotland in 1749, cf. https://en.wikipedia.org/wiki/Crawfurd_v_The_Royal_Bank
How exactly are you punishing innocent people? What's happening is you're rewarding thieves.
Your example doesn't fit what I am saying either. With a digital currency you can do a pre-sale trick, so you'll see the funds were stolen - and you then don't sell them the car in the first place.
We can't incentivize theft.
> With a digital currency you can do a pre-sale trick, so you'll see the funds were stolen - and you then don't sell them the car in the first place.
It's a race against time. As soon as the coins are sent to a new address you can't know whether goods or services were exchanged in this process and you are thus punishing a well-intentioned seller as opposed to the thief.
Isn't there a log to immediately know what wallet coins just came to to the new address? E.g. you could check the history of the new address, to see where the coins came from, before approving the transaction by first verifying it didn't come from known stolen funds?
Isn't that the prime value of blockchain - the immutable chain/record of transactions?
That Scottish decision, while still the basis for bona fide acquisition of money in the UK and US, does not yet appear to apply for cryptocurrencies.
Your Wikipedia link cites a 2019 paper published in the Georgetown Technical Law Review whose analysis (https://georgetownlawtechreview.org/wp-content/uploads/2019/...) on page 415-6 says that 2016 US v 50.44 Bitcoins (https://casetext.com/case/united-states-v-5044-bitcoins) determined "cryptocurrencies do not meet the UCC's definition of money" and thus bona fide acquisition is not sufficient to prevent the crypto from being legally seized from the possessor and returned to the original owner.
To be clear, I'm arguing that the same reasoning behind the Scottish decision is why cryptocurrencies don't have a built-in features that prevent stolen cryptocurrency funds from being spent: because it would make the currency non-fungible.
Some organisations already have such systems in place. Take for example this Redditor who lost hundreds of thousands of dollars because someone some time in the past pushed his coins through a mixer.
https://www.reddit.com/r/blockfi/comments/skxiei/blockfi_hor...
Is there a need for an algorithm to efficiently check if a transaction is in a particular list?
I have a fairly good idea on how to make a very efficient algorithm for this. If there is a need for it, I would love to help in any way I can.
what do you think about tornado.cash? It's apparently a very effective mixer. I wonder what law enforcement can do if someone ends up using tornado_cash.
There is absolutely no way of knowing if the money is good or bad. If you consider every mixed_cash as bad, you would be forced to assume that the entire cryptocurrency is bad bec of how the money flows.
> If you consider every mixed_cash as bad, you would be forced to assume that the entire cryptocurrency is bad bec of how the money flows.
That's exactly what's happening, according to this page that was on the HN front page a few days ago: https://news.ycombinator.com/item?id=30224637
Thanks for the link.
Millions of innocent people use cryptocurrencies. Even if you assume a currency is bad, its impractical to think that millions of people are bad.
Do you have a estimate on people using cryptocurrencies on a monthly basis (even in orders of magnitude)
I don't understand all technicalities of cryptocurrencies, however you make it illegal to mix with known stolen cryptocurrencies - and then it won't get mixed; else yes, it's a problem if your ethics make you okay with rewarding criminal behaviour by allowing stolen money to be spent.
So what will happen to the coins? They'll probably be looking for any excuse to avoid giving billions back to Bitfinex. This will be fascinating.
DOJ says they'll be returned to previous owners.
Sure, but what does that mean? Will they return it to Bitfinex to distribute? Will they try to distribute it themselves? How will the accounting for who owns it work given Bitfinex's complex (and probably illegal under US law) token scheme that they implemented to cover up the hack? Will they return amounts calculated based on the value stolen in 2016, or the value of the coins now, a 60x difference? Will they sell the coins and transfer dollars to claimants, or transfer the coins directly?
Should I expect price drop once feds start to sell it? Or they'll just destroy the keys (keeping the money invested forever).
It will probably be returned to Bitfinex if they can access the wallet.
That's assuming the feds don't have unfinished business with Bitfinex. They're not exactly on great terms.
That's just nitpicking. If Bitfinex is acting as a custodian, the property will be returned to the owners. Whether that return happens via Bitfinex or via the feds looking at Bitfinex's books doesn't really change much. The point is that the feds can't destroy property just because they don't like who it was stolen from.
The feds have no problem seizing and liquidating property. They do it all the time. They even recruit local law enforcement to do it for them. See "equitable sharing"
That's if the property was purchased using money obtained from selling illegal goods or services. If the property doesn't belong to the criminal, it's an entirely different situation.
I'd actually really like if they used this opportunity to drive the Bitcoin price straight into the ground, thereby ruining that market for all those speculative investors.
Maybe that'd allow for something of a reboot of the ecosystem having eliminated the scum that usually starts to invade any remotely financially exploitable system after a while.
According to the article it’s up to a judge on how the funds are dispersed. It seems to lean towards the bitcoin being returned to their rightful owners.
It worked out well for the owners assuming it is returned.
Previously seized coins have been sold in off-chain auctions, same mechanism as other seized goods.
Since these have a known rightful owner, though, they may just be returned.
Those were dark money used in crime. These havent been used in crime, yet.
Does bitfinex still have the original owners data?
> charged with conspiracy to commit money laundering, and conspiracy to defraud the United States
Do you think there are more charges to come?
If they think they actually laundered money through businesses, why didn't they charge them with multiple counts of money laundering and multiple counts of wire fraud and a violation of the CFAA?
I’m actually wondering if there are serious doubts here. Especially due to the weaker charges levied, and watching the cringy @realrazzlekhan tiktok page where everyone also has their doubts about these people’s competence.
Darknet markets sell IDs, the DOJ also says the hackers used fake IDs to reintegrate the money. This fairly welloff couple (lives in Manhattan condo, owns bengal cat and jewelry) could easily just be one of the IDs. Both the husband and wife are early crypto proponents but that might just be circumstantial to both the DOJ and the hacker who got their IDs.
Watching this one. Its like they got just enough of data for a charge to get the subpoenas and warrants, but not enough to go for the bigger more damning charges.
If you read the complaint it is pretty clear they were at least heavily involved. Their personal accounts and businesses were tied up into it.
I’m still reading it
They definitely had custody of the funds and felt obligated to try and launder it
It seems like the government needs to figure out if they were the only ones with custody, which is proving a negative with private keys, but the government seems to feel like it’s needs a greater proof of the actual heist of bitfinex so they can pin the rest on this couple.
Still reading though, this is just what I’ve parsed so far.
The IRS-CI agent had requested CFAA and Wire Fraud charges.
I think pretty damning are accounts tied to their personal identities and emails to exchanges where they lied about the source of funds. How can they explain that away? Their email addresses were hacked? Funds moved to their personal bank accounts and used for expenses was unintentional? It seems like a big stretch.
okay I finished reading it, it is pretty damning and the report does say that it is just one agent investigating certain specific criminal charges that "doesn't reflect all of the investigations of the government"
Ilya had trouble figuring out how to launder it
Still the outstanding question is whether he is the only one with the encrypted files, or if he was a service provider. not that its a real question to me, its something the government has to prove for stronger charges like the CFAA to be levied and stick.
There is certainly the potential for an argument that they didn't do the hack, that someone else was more involved, that they were small players in this, etc. but it's highly likely they were involved in some way.
there is speculation spreading that they bought the bitcoin at a discount at the time, circumventing the trustlessness by taking the private keys (and hoping the seller doesn't use another copy to move the funds later). this would have been just a few million dollars in 2016.
inspirational in the direction of ideas on this case, and I know people that would trade a private key directly.
would help explain the amateurish laundering.
could be an interesting defense. could explain why they didn't run or do anything when their ISP notified them of the US government snooping back in November.
And to think ~10 years ago it was subject of a joke to call police because of theft of fictional online goods [1].
[1]: https://www.youtube.com/watch?v=jSyjcib_Fps
Not a a lone Russian hacker, but American citizens..a husband and wife couple. crazy.
the husband is Russian-American
Does this mean users who lost everything on bitfinex will be contacted and could possibly recover their coins? Can you imagine waking up to realize you are rich because the feds seized the coins and are returning to you.
It means the BTC will re-enter market eventually , so not good for longs.
Fascinating way to HODL to the token indeed.
Beautiful. Kudos to the FBI and the US Government for nailing these criminals.
Will this make bitcoin plummet? I figure that all these stolen stashes of BTC lowered the supply on the market and with these new available coins it will plummet somewhat.
I really don't get why they didn't encrypt their data. It's very easy nowadays and doesn't even degrade performance much (depends on algorithm used though). Especially when you place highly critical data in a cloud. Maybe they fell for the saying "Bitcoin is anonymous" - which it isn't, rather quiet the opposite.
I was thinking, we know the feds have seized bitcoin and auctioned (laundered) them off later on. Cash often gets seized too.
What happens if a criminal tries to burn cash and is mostly successful in doing so? Do the feds go to the BEP with a claim to get the money reprinted; or, like burned bitcoin, is it gone forever?
"This is largely symbolic, but it does send a clear message.
Like it or hate it, there is a sea change happening in how governments treat cryptocurrency."
https://news.ycombinator.com/item?id=29111446#29111572
Talk about famous last words, 3 month ago before this hammer came down, wow! Wonder if it crossed his mind if this also applied to his own crypto deals
So, hypothetically, if these guys were to completely cash out these coins somehow, and then pay tax to the IRS, would they be immune from tax fraud and IRS involvement? I know similar things happen with stolen property and illegal drugs (Sullivan v. United States).
Yes if they successfully laundered it and paid taxes they would have no liability.
Probably liability to the Fed, but not local prosecutors for whatever locality Bitfinex was in then?
Are bitcoins recognized as personal property, IP, none, or something of a blend in smaller jurisdictions? I have no idea.
they wouldn’t know who to hold accountable either. The point is that nobody would.
In my model the only liability would occur from the normal day to day business operation that you earn the successfully laundered proceeds from. like one of your actual clients sue you because you breached the SLA because you forgot you’re actually running a legitimate business.
That's 3 times bigger than El Chapo's fortune. And it's still missing 900 millions!
So Bitfinex is worth at least $3.6bn or is it all customers BTCs?
Were people made whole back then? Is it some MtGox thing where people who lost money back then will now have it? In BTC? Or in USD at the worth of BTC back then? Or in USD at today's BTC valuation?
USD at today's BTC valuation. Would be approx $70m at the time of the hack.
Great to see this; once again reminds me to stay away from BS friends in insurance, etc, that talks about "tech" but smells con-artist and pretentious in general, even if you two used to grow up together
Can't trust them if they are lost in the money game
Wow can't wait for this book.
Or the movie. Who should play Lichtenstein?
What i love most about this is that if these clowns didn't stupidly store their keys in a decrypt-able file in cloud storage, then ~.01% of BTC could have been lost forever.
We are just 10,000 hacks away from bitcoin being gone forever! A boy can dream.
Here's a video of the couple, with the dude getting a hair cut from the rapper gf: https://www.youtube.com/watch?v=pDY1bC9eL-A
She says she is Turkish and counts in Turkish. But her name and accent are not Turkish..
Her mom is Turkish.
> “digital currency heists executed through complex money laundering schemes could undermine confidence in cryptocurrency,” said U.S. Attorney Matthew M. Graves
Well now you US prosecutors aren't reading hacker news!
now you ^know
Oh wow. So will this $$ go back to bifinex and make tether solvent?
So uh, does this money get returned to Bitfinex now? Is this a huge windfall for them? They've fully redeemed their BFX tokens for whatever that's worth.
Does anyone know if Bitfinex will get this returned to them (and hopefully repay users) .. or what the next steps in this story might look like?
What users?
Bitfinex had to take a percentage of user's assets away due to the theft.
After this hack, Bitfinex account holders took a haircut (30% or so) and were given tokens representing the remainder of their dollar-denominated account balances. Those tokens were paid in full in 2017ish.
Later, the UK, Portugal, and Poland seized $1B or so of Bitfinex customer funds due to the funds being delivered by Crypto Capital Corp who was found to be engaged in money laundering. Bitfinex issued LEO tokens to make up for that asset seizure, and have a clause that if the 2016 stolen bitcoins were recovered, they'd be used to retire the LEO tokens. That's why LEO has greatly increased in value recently. https://cryptowat.ch/charts/BITFINEX:LEO-USD?period=1d
It's so odd that the story breaks today but LEO started jumping 8 days ago. No insider trading there, I am certain!
IIRC the coins moved about a week ago. Wouldn't surprise me if there was some speculation that they had been seized leading to some speculation.
Are there any cases involving theft of this scale (or even 1/10th of this scale) that have been successfully prosecuted in the U.S.?
The scale was around $70mil at 2016.
Serious question though, we live in a time when a mere mortal is able to carry out an enormous financial crime, whose knock-on effects could be enormous to millions of people directly and indirectly. How do you put a relevant sentence on that? Even whole-life in prison doesn't really make up for the number of people who might be affected by it.
note, I didn't read the article, it was just the headline that made me ask the question so possibly slightly off-topic.
Does anyone know how the BTC were stolen in the first place? Was the vulnerability found?
"How to Social Engineer Your Way Into Anything — Heather R. Morgan | NYC Salon 101 " : https://youtu.be/JmahJCWJ8iM?t=1572
Heather Morgan explaining how you can social engineer yourself out of a bad situation, can't make this shit up.
They could not prove that they are the ones who did the hack, only laundered the money.
So, who did the hack? And why did original hacker transfer funds to Lichtenstein?
The biggest crooks in the world just stole $3.6B & nobody arrested them.
Wake me up if somebody steals this kinda real money from a real bank.
Dupe: https://news.ycombinator.com/item?id=30260987
What happens to the seized bitcoins?
This would seem to strike a blow to the "access equals ownership" camp of the blockchain coin folks.
For those who are blocked by the paywall - https://webreader.app/?url=https://www.washingtonpost.com/na...
should have used monero
"When she's not reverse-engineering black markets to think of better ways to combat fraud and cybercrime, she enjoys rapping and designing streetwear fashion."
My online bio need some levelling-up.
https://www.forbes.com/sites/heathermorgan/?sh=6e246df87f7d
https://www.youtube.com/watch?v=f5s4taHrEWA
"I deeply, deeply regret to inform you that this is the rap video of the woman who was just arrested as part of an alleged husband-wife scheme that laundered some $3.6 billion in crypto."
https://twitter.com/kevincollier/status/1491107221857796097
I have been writing an imaginary Coen brothers in my head over the last couple of years based on absurd current events. This is definitely being added.
I'm thinking of tying them both in as friends of Lady Gaga, tasked with trying to pay the ransom to the people who kidnapped her dog in crypto. In the process, they accidentally stole too much.
This is the type of hack you need to be both smart enough and dumb enough to commit.
Some of the videos coming out from one of the offenders are unbearably cringe.
https://twitter.com/jackdwagner/status/1491141362707996672
https://twitter.com/jackdwagner/status/1491140930090717184
https://twitter.com/rudy_betrayed/status/1491225062984531968
> “Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Kenneth A. Polite Jr. of the Justice Department’s Criminal Division.
How is this not a total death blow for bitcoin? If the justice department can do it, anyone can. It's a public ledger. So you effectively must treat every transaction you ever make on the blockchain as totally public and tied directly to you.
Because there is a weak link in the methods these guys used.
The DOJ always pats itself on the back to pretend to the worldwide audience that there is "no" illicit money in the US financial system.
They don't say "good thing they didn't use X method! that would have hampered our investigation irreparably!" at least not in press releases.
It took them 6 years to catch these perps. And these perps were extremely sloppy (storing keys in cloud, weak encryption)
Justice must give the perception that they are doing enough. They can't really say that it's really hard to catch people committing crimes in cryptocurrencies.
ilya@mixrank.com
This is a great argument for Monero. It is much easier to launder money on a privacy-oriented blockchain.
With so much money involved, I wonder if we can ever really know anything. Enough money, and you can make black == white. E.g. these two were fallguys
Thankfully we have a legal process intended to figure this exact thing out via a process of presenting and considering evidence.
And we don't think money comes into that?
This goes to show that the only use case for NFTs is to launder money, and it's not exactly a great way of doing it. I hope they get a long prison sentence.
Read the article, then please tell me what this has to do with NFTs?
Read the affidavit from the special agent. https://www.justice.gov/opa/press-release/file/1470186/downl...
"Between the 2016 hack and the present, LICHTENSTEIN and MORGAN further engaged in a diverse array of virtual currency transactions, including transacting in numerous altcoins, liquidating BTC through a BTC ATM,23 and purchasing non-fungible tokens (NFTs)."
25 years max for stealing billions? God bless America.
> Lichtenstein and Morgan are charged with conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and conspiracy to defraud the United States, which carries a maximum sentence of five years in prison. A federal district court judge will determine any sentence after considering the U.S. Sentencing Guidelines and other statutory factors.
Are you suggesting that's a light punishment?
Given that folks have been given longer punishments for stealing less, yes. Granted, ianal and I acknowledge that things come into play like repeat offenses, etc.
At the same time, though, folks get lighter sentences for rape and murder. IMO there's nothing 30,40,50+ years can do to a person that 25 can't.
touché
>25 years max for stealing billions?
1. The bitcoins were only worth ~$70 million at the time of theft. saying they stole "billions" is highly misleading
2. I don't get it, aren't we supposed to be getting less "tough on crime", especially for non-violent offenses?
1. Just quoting the amount mentioned in the press release. I guess its highly misleading too?
2. Supposed to be, but we all know that folks are sitting in jail right now for longer periods of time for stealing less.
>2. Supposed to be, but we all know that folks are sitting in jail right now for longer periods of time for stealing less.
Example?
The US sentencing guidelines[1] considers multiple factors other than "value stolen"
https://www.ussc.gov/guidelines/2021-guidelines-manual-annot...
can't say i've ever read the sentencing guidelines. you win.
Are they being charged for stealing? I thought the concept of crypto is to be you own bank, So as long as you have the private key, you are now technically the owner. What if two people generate the same private key. Who is the owner ?
They're charged with money laundering.
I am just guessing here but it's likely that there are multiple counts of these charges.
It's not clear that this is the end of the charges.
maybe 25 after a plea deal
they haven't actually been charged with hacking, just the laundering. the complaint could be amended after investigation and the potential sentence would go up.
It seems that Tornado Cash (https://tornado.cash/) could have been used to launder the funds. I wonder if:
- Laundering happened before Tornado Cash existed, so Tornado Cash was not used
- They used something like Tornado Cash, but the funds were still traceable
As other commenters have noted, they stored the public/private keys on a cloud drive. A coin mixer isn't going to save you from that.
Are you using Tornado Cash to launder money?
Yeah wtf, I'm not sure why he's randomly namedropping it.
I don't understand why you are being so aggressive. This is a post about news on laundering crypto. I am aware of a technology that seems to cater to that use case.
I would assume that it's because your comment reads like an advertisement, since it name-drops (and links to) a specific mixer rather than just saying "It seems that a coin mixer could have been used..." Is there anything novel about this particular mixer? If not, why link to this one specifically?
I am personally not, but don't you think that use case is obvious?
Talking about someone laundering money doesn't mean that they are. You are assuming guilt without any cause.
Talking about mixers (such as tornado_cash) is a worthy discussion on a post about laundering cryptocurrencies.
That was my first question as well. But for someone who stores private keys of coins worth billions of dollars on google drive, I don't think using a mixer was a big concern.
They couldn't even bother to use strong encryption on the file of private keys. Crypto 101: never store private keys online.
Good point!
Another possibility is Ironfish(https://ironfish.network/), but I don't know how much liquidity there exists in either of these. I don't think you could launder/hide $4bn through either of these. Perhaps slowly over a long period of time.
Ironfish is just a testnet so there is zero liquidity there because it isn't even launched.
Tornado cash has about $700mm right now deposited in it, with the vast majority of that being in the 100 ETH deposit pool.
They absolutely could have done it over time. They could have bridged the Bitcoin using the RenVM protocol to receive renBTC, done a combination of selling the renBTC and let arbitrageurs provide the liquidity as the couple would have had to sell a little below market. They could then deposit the ETH in Tornado.cash. Simultaneously to speed things up, they could have deposited the renBTC into an onchain staking protocol to borrow against it, using the borrowed proceeds as their liquidity, and possibly even just forgetting about the collateral and letting the protocol take it eventually.
Even though they would be a large part of the Tornado.cash pool, it would actually only be "for now" because there are several other heists of large seizes that are turned away from Tornado.cash because it is too small. So liquidity begets liquidity. I would content that even if they had become 60% of the pool, boosting its size to $1.5bn, that it would have attracted many more deposits, I could see Tornado.cash being a $3bn pool by now, given the size of heists that I know of.
Tornado.cash of course is not good enough to reintegrate back into the economy, under your name. So then they could have employed the reintegration.
With clean money they earned from salary, they could have created a random token on the Ethereum network, lets call it SHIBA INU (SHIB), made sure to keep a bunch of the tokens for themselves, and then withdrawn tornado cash notes to 100,000 addresses which programmatically bought SHIB, and pumped the token 52885982.4% and just been a lucky trader that cashes out with long term capital gains they pay. They would have had many more billions doing that.
Its too bad that people could try to throw a "conspiracy to commit" charge at me too, the moment I use Tornado Cash or launch an erc20 token now, but its more important to me that my speech isn't chilled so that you all can have a better discussion about it.
An excellent overview of how the crypto ecosystem glues together. Also a shame that understanding and explaining how these technologies can be (and probably are!) used together leads to accusations of criminal past or intentions.
Excellent post!
I have a question: is it possible to write scripts to do the above automatically? Or does it have to be a manual process?
Few people understand the ecosystem thoroughly (I admit that I do not), so few people can implement the manual process properly. One mistake equals 0 privacy.
Also, would they be allowed to use renVM since everyone knew that these accounts contained bad bitcoin?
It is possible to write scripts to do this automatically, and randomized activity.
There is a push for more and more permissionless bridges. All the bridge builders and their communities shy away from that obvious discussion because they do host and earn basis points from any crypto that passes over the bridge, even if it is obviously from a heist. It would put a bridge, especially that bridge, in a tough spot if these hackers did too much too soon, the hackers would have needed to be watching bridge technology and from this indictment it just looks like they werent.
What about network level privacy? i.e. they'd also want to minimize the linkage between broadcast patterns and characteristics of those 100k addresses
Run their own nodes on the respective cryptocurrency networks they use.
So, tornado only takes Eth.
They could have used something like wbtc, to bridge the bitcoin to Ethereum and then swap to eth to run it through tornado. But wbtc is a custodial wrapping service that would require kyc. There are other wrapping services that don't, but they have nowhere near that much liquidity on Ethereum to execute the trade to eth needed to run it through tornado.
The other problem is that tornado has limited liquidity itself. At the moment there is about $500M USD worth of eth in tornado. You would do yourself no good to dump a large multiple of that into the pool all at once.
Good points! Thorchain (a non-custodial service) claims 1.9B total swap volume. So, while not viable today for billions of dollars, the Bitcoin -> Thorchain -> Tornado Cash pathway seems to be viable for smaller amounts. Which doesn't necessarily bode well for recovering stolen bitcoin (and other crypto) in the future.
A thief still has to figure out how to convert crypto to fiat. But I am assuming that there are jurisdictions where this is possible without KYC.
Once you have crypto in a clean account, what's the problem with providing KYC to convert it to fiat through any exchange?
I was thinking that there are probably thresholds that trigger alarms when large amounts of crypto are converted to fiat. If crypto is coming from a clean address, there is not evidence of illegal activity. But there is still the question of where those funds originated. So I am not sure if government entities can seize those assets...
I'm not well versed in BTC, so my prices may be wrong. But this is webscale in a way I haven't thought of before.
It is alleged they stole 119754 BTC, which in 2016 was < $1000USD. Which would have been < $100,000,000. Today, it is worth 5bln. (not that 100mm is nothing.... but it is a lot less).
Could you imagine stealing something that most people thought was a toy. Suddenly it became so valuable that the government could justify who-knows-how-much resources to catch you?