So most likely,
1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.
2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"
As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.
https://www.justice.gov/opa/press-release/file/1470186/downl...
Why anyone with a significant amount of crypto assets isn't going to insane extremes in terms of secrecy and durability is beyond me.
It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.
Granted I've never seen it used in production personally, not / seen it on a granular level.
Sure, they could have destroyed them, losing the money but maybe not getting arrested?
This way the police or anybody else cannot get your private key.
https://learn.hashicorp.com/tutorials/vault/rekeying-and-rot...
> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.
"Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”
and suggesting AEC and chain hopping is futile is an effective propaganda tool. I mean its possible something major changed, but I think your thoughts are closer to reality.
If true, this is interesting, because apparently fake identity accounts on exchanges are cheap ( partially 'thanks' to all the breaches over the years ).
edit: added '' to thanks
Also, with mixers such as tornado_cash, laundering money is ,sadly, pretty trivial.
...why not? Police coordinate raids all the time.
Search warrants are given on reasonable doubt. When it comes to cryptocurrencies, the feds have reasonable doubt on everyone. So it is always possible for them to get a search warrant.
I emphasized private keys, bec without them, no matter how much doubt the feds had, they couldn't prove anything.
they were done-in by I am assuming to be a weak password, enough entropy would have made it uncrackable
You can do that by owning crypto. No need to use it.
> Self-sovereignty
Majority people use centralized exchanges, which regularly control transactions.
> Ease of use/trade/leverage/exchange
Fiat banking is much easier to use than crypto. It's also faster. Now everyone uses 1-tap payments. Crypto transactions are more complicated than that. They also take longer. Also are bad for the environment (not as bad as media portrays, but bad nonetheless)
A USB is tiny, and you can shrink it's footprint with USB-C. You can also buy USB keys with tamper-proof housings that will blow a fuse if opened to be physically compromised. Coupled with strong post-quantum crypto, that key is relatively secure, even if physically discovered.
That's just the technical bit. You can also split the key in half and transfer the other half somewhere, which creates legal protection. You could also create a housing for the key so it's not easily discoverable.
If all that sounds a bit extra, circle back to that the perpetrator has 4.5 Billion worth of something.
As to your 2nd point, I agree. Another mistake was uploading private keys to google drive.
The difference is that laundering provides you with an explanation for wealth and/or income. Example of laundering: buy a business (with clean or borrowed money), have fictional customers "spend" their cash money at your business every day, then report your income and pay taxes. Now if anybody asks about where you got your money, you have a seemingly legit explanation.
Mixing does none of that. So mixing may be trivial, but laundering is not.
edit: now that I think about it, is that why NFTs are so popular? Are people pretending to have gotten capital gains, while in reality they're buying these things from themselves? That would explain a lot.
They could have used bitwarden (or a password manager) and they would be good to go.
Also the best pursuers needs 6 years (2022 - 2016) to catch them. Plenty of time for the perps to take a lot of measures.
Isn't that impractical? Also how were the police supposed to know that he used this system?
Then you can convert those crypto (in new account) into fiat money.
Everyone will know you are lying, but they will never be able to prove it.
Encrypting it with a good password that you remember and then printing the encrypted keys comes to mind.
I think you mean reasonable suspicion & probable cause.
Reasonable doubt is the threshold prosecutors must appear to exceed for a successful finding of guilt with a jury (elimination of reasonable doubt).
We would first go through the process with 'dummy' keys to check everyone was happy with the process and what we were going to do (ie. which commands, what software, what exactly will be signed). We would then do it again with the real thing. And then we'd power off the computer till next time it needed to be used.
"Clunky" would be a good way to describe it... But it's hard to make it better without relying on a bunch of software we don't have the resources to audit.
But if someone who knew how crypto works wanted to commit a crime, they can. That's scary.
$25,000 bounty seems pretty small, considering.
So is it possible for 1 seed to generate all of them? Doesn't that break information theory (Shannon's compression limit)?
Not necessarily. If they can spend stolen $, presumably that may be enough to persuade a jury they own it.
From that seed you can generate for all practical purposes an infinite number of private keys for any and all purposes in existence. Using cryptographic one way functions such as a hash or PRNG.
Example: truncate_as_needed ( sha512 (seed | 2022 | wallet_title | priv #123) ) = private key #123
Proving this is hard by design, but a good example of that would be how they used the Hansa market as a honeypot by running the market themselves for months.
The entire investigation around Alphabay and how they got to the owner is a bit shady, too, and there have been tons of rumors of the entire official case being based on ad-hoc parallel construction.
Edit: I checked and unless I mixed some zeroes somewhere it looks like the current bitcoin hash rate of 200 million TH/s can crack 92 bits within a year. log (200,000,000,000,000,000,000*3600*24*365) / log 2 = 92.35
https://www.europol.europa.eu/media-press/newsroom/news/800-...
At least, that’s how I think about it.
It does sound like a lot of work. I think I'd go with the $5 wrench option.
So claiming it was from mining didn't work in this particular instance.
They don't need to prove you are lying in all instances, it's enough to prove you are lying in one instance. They will get you for that one instance where you didn't launder it properly if they are after you.
Speculation for IDOs usually requires directly interacting with the contract with your wallet. Likewise new tokens are found on DEXes which requires taking custody of the token.
Borrowing against crypto, leveraging it, going delta neutral, buying options are all available on chain, typically with better yields, and with a higher variety of tokens.
Shortly after he committed suicide I pulled up the French language technical board where he had linked an alias to a real email address. Which mirrors the same mistake as the Silk Road operator.
When you dig deeper into these cases it’s clear that they aren’t properly washing the money. There’s no placement or layering. They go straight to laundering on a public ledger and cash out under their own names.
The simplest explanation is usually the correct one.
To me that indicates they have been able to turn off alphabay for a long time, considering how easily and well timed they did it. That also means they have had tons of time to build the case. Of course you can argue that the simplest explanation is the best one but considering law enforcement literally operated the biggest DNM for months, completely under the radar I'm not sure why "they found an email he used for a few weeks 4 years ago" would be more simple.
You can read what DeSnake, another admin of the website had to say about the takedown. He's extremely security conscious (he hasn't been caught yet afaik which is another can of worms) and he's adamant that it was not a simple bust. Actually, the whole thing was kind of a mess, with some mods getting arrested (even without making obvious mistakes like Alex did ). You can read up on the confusion here: https://www.darkowl.com/blog-content/alphabay-marketplace-re...
If I had to guess, some mod/admin informed on him (maybe even snake!) hence why they had access to an early email. But who knows? Now in cases like the silk road I'd agree that it was simply trash OPSEC but the Alphabay/Hansa takedown was so sophisticated that anything is possible
It's great for us non criminals, but it's one more utility of crypto going down the drain. What is it good for, if not even crime.
There's also a lot of time for law enforcement to try and find these threads as well, meaning the perpetrator could well be living in paranoia for as long as the statute of limitations lasts.
People that are capable of getting away with life-changing money type crimes would often be better off being entrepreneurs at the edges of existing regulation. Hello cryptocurrency...
https://www.bloomberg.com/opinion/articles/2022-01-19/washin...
> This is called “money laundering,” and the essential component of money laundering is generating fake taxable income. If you take $13,800 out of your (legitimate, previously taxed) bank account, and you use it to buy cryptocurrency in a wallet that you tell your accountant and the IRS about, and you then use that cryptocurrency to buy a Meebit, and then you take $50 million out of your sack of illegal money, and you use it to buy cryptocurrency in a wallet that you don’t tell your accountant about, and then you use that cryptocurrency to buy the Meebit from your declared wallet, and then you take the $50 million of cryptocurrency out of the declared wallet and put it back in your (legitimate) bank account, and then you write the IRS a check for $20 million saying “ah I’ve been selling NFTs, what fun I have had, but I have to pay the IRS my fair share,” then … I am obviously not going to give you advice on crime but it’s possible you’ve got something there? Like, nobody has any idea what a Meebit is worth, so this string of outlandish numbers is somewhat plausible? It’s possible that some number of NFT wash trades have a purpose other than pumping up volume on NFT platforms?
If you had such capabilities, the moment it is known you have it would immediately neutralize any value you derive from that capability.
What is the logical course of action?
Deny. Deny. Deny.
Disavowing, deception, secrecy of such capability is what gives them the edge.
Again, there is no proof that Satoshi Nakamoto was some good hearted criminal/spook.
The true professionals in this industry only use crypto as a reference in their private ledger stored far far out of reach to any Western government.
It's funny that these successful professionals are also the most paranoid and least trusting of crypto (they are convinced Bitcoin was created by the US Government itself).
Any evidence on this?