zlacker

[return to "Feds arrest couple, seize $3.6B in hacked Bitcoin funds"]
1. danso+T4[view] [source] 2022-02-08 17:10:48
>>mikeyo+(OP)
The statement of facts is linked to from the press release, and describes generally how the Feds were able to trace the stolen funds (they found a file listing private keys, after gaining access to the suspect's cloud storage) https://www.justice.gov/opa/press-release/file/1470186/downl...

> The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys.

> ...The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to LICHTENSTEIN’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts

> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products. In 2021, agents obtained a copy of the contents of the cloud storage account pursuant to a search warrant. Upon reviewing the contents of the account, agents confirmed that the account was used by LICHTENSTEIN. However, a significant portion of the files were encrypted

◧◩
2. colinm+h5[view] [source] 2022-02-08 17:12:09
>>danso+T4
$4 billion has got to buy an awful lot of compute time, but still, how did they decrypt the file?
◧◩◪
3. raverb+P5[view] [source] 2022-02-08 17:14:10
>>colinm+h5
A fancy (or even basic) dictionary attack has a very high chance of working.
◧◩◪◨
4. 14+x8[view] [source] 2022-02-08 17:24:25
>>raverb+P5
Random example but my passwords look something like chOf$Tyl83fhn@54R. I keep them written down because they are hard to remember. My threat model is no one. Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.
◧◩◪◨⬒
5. gruez+Le[view] [source] 2022-02-08 17:47:32
>>14+x8
>Seems so amateur to use a simple password that could be brute forced. Especially with so much on the line.

There's selection bias going on because only dumb criminals get caught, so you only hear about the dumb opsec practices of those criminals. Conversely, you'll never hear about the opsec practices of that professional crew with perfect opsec that hacked an exchange/difi contract and disappeared into thin air.

◧◩◪◨⬒⬓
6. not2b+0k[view] [source] 2022-02-08 18:06:51
>>gruez+Le
Until the least bright member of the crew makes a mistake, gets caught, and turns in the rest. Being perfect is difficult to maintain forever, though it's possible in principle. It might require the thief to live like a grad student even though he has billions of dollars/euros worth of stolen wealth; being flashy attracts attention and if nothing else, the tax authorities.
[go to top]