zlacker

[return to "Feds arrest couple, seize $3.6B in hacked Bitcoin funds"]
1. Alexan+Ub[view] [source] 2022-02-08 17:35:40
>>mikeyo+(OP)
> “After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein,” the press release said. “Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”

So most likely,

1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.

2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.

3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?

Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"

◧◩
2. tsimio+zf[view] [source] 2022-02-08 17:50:28
>>Alexan+Ub
Well, the police had a search warrant, so the police could have found them if they had had them in their possession anyway.

Sure, they could have destroyed them, losing the money but maybe not getting arrested?

◧◩◪
3. kodah+Jg[view] [source] 2022-02-08 17:54:11
>>tsimio+zf
Keys are conspicuously easy to hide. My PGP master key that I've been using for some time is hidden on two devices which would be difficult to identify much less locate and are encrypted as well.
◧◩◪◨
4. paulpa+Yj[view] [source] 2022-02-08 18:06:46
>>kodah+Jg
strong passwords. aes256 with even just 7 word password chosen from a 1000-word dictionary cannot be cracked with existing tech
◧◩◪◨⬒
5. akomtu+Lt[view] [source] 2022-02-08 18:47:27
>>paulpa+Yj
TBH, with 4B at stake, I wouldnt blindly rely on AES. I'd use it as the 1st step, and then additionally encrypt its output with a custom AES-like algorithm (change tge s-box, change the number of rounds, maybe upgrade it to 512 bits). Even if my homebrew algo is weak, there's still standard AES behind it.
◧◩◪◨⬒⬓
6. boring+WN[view] [source] 2022-02-08 20:09:40
>>akomtu+Lt
Why mess with AES when you can just use another strong algorithm or two? e.g. AES+SERPENT+Twofish, with three separate unrelated keys of course.
[go to top]