zlacker

[return to "Feds arrest couple, seize $3.6B in hacked Bitcoin funds"]
1. Alexan+Ub[view] [source] 2022-02-08 17:35:40
>>mikeyo+(OP)
> “After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein,” the press release said. “Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”

So most likely,

1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.

2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.

3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?

Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"

◧◩
2. duxup+oc[view] [source] 2022-02-08 17:37:52
>>Alexan+Ub
Well you don't want to lose those keys ... there is a bit of a conundrum there (granted you don't have to do it the way they did either).

As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.

◧◩◪
3. rjbwor+ae[view] [source] 2022-02-08 17:45:05
>>duxup+oc
I'm not invested in crypto or really at all interested in it. That said, my mentor seems pretty excited about it and is pretty heavily invested as of the past few months. I advised him to do something like https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing and distribute it across a wide number of storage mechanisms, physical, digital, and custodial. For instance, in google drive, in drop box, in a bank safety deposit box, engraved in a gold bar buried in your yard, in your house safe, etc.

Why anyone with a significant amount of crypto assets isn't going to insane extremes in terms of secrecy and durability is beyond me.

◧◩◪◨
4. duxup+wf[view] [source] 2022-02-08 17:50:17
>>rjbwor+ae
I don't understand the math but I think I have seen that style of secret management where any 3 of say 10 secrets can access something but no 2 or any 1 secret can do it.

It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.

Granted I've never seen it used in production personally, not / seen it on a granular level.

◧◩◪◨⬒
5. shagie+Gg[view] [source] 2022-02-08 17:54:09
>>duxup+wf
Hashicorp Vault uses it.

https://learn.hashicorp.com/tutorials/vault/rekeying-and-rot...

> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.

[go to top]