Author

Topic: [2022-09-13] Man arrested for laundering millions from malicious Electrum update (Read 436 times)

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Thanks, I didn't read that far down. I'll post a link.

On the other hand imagine the hacker's face (considering it's not him) when he found out that he sent some tainted BTC to a guy to mix, the guy got flagged and caught and the received BTC is now tainted again.
Ignoring the "taint", there's one thing I find hard to believe: if a hacker is smart enough to spread a compromised version of Electrum, why does he need a third party to exchange Bitcoin for Monero and back to Bitcoin? Even if the third party wouldn't get caught, he would know all involved Bitcoin addresses. Why take that risk after going through all the effort to steal tens of millions of dollars?

apparently the guy is the thief and not a middleman in charge to mix the bitcoins.
That's not how I read it.
legendary
Activity: 2212
Merit: 7064
The text says "The expected profit that the man made from money laundering was seized in cryptocurrency"
To me, there is no €uro somewhere.
Maybe, but there is no way someone could find his location because IP addresses used by Bisq are hidden with Tor, and they could also seized both cryptocurrencies and fiat money.
I understand how he exchanges coins back and forward, but the key in this story of finding his location must be some insider information.

The police would have seized all the cash found and the cryptos. So finally, there is cash involved in money laundering.
I'm not saying the sources I quote are more reliable than the police of course. But if it's accurate, apparently the guy is the thief and not a middleman in charge to mix the bitcoins.
It's obvious like I said before, there is no other way to find his real location.
Everyone should watch out trading with dex exchanges and Bisq, especially if doing trading with fiat currencies and larger amounts.
 
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
I found a bit different story about the news in the original post.

 The police would have seized all the cash found and the cryptos. So finally, there is cash involved in money laundering.
I'm not saying the sources I quote are more reliable than the police of course. But if it's accurate, apparently the guy is the thief and not a middleman in charge to mix the bitcoins.


Quote
BTC THIEF ARRESTED IN THE NETHERLANDS
His identity has not yet been revealed, but the man was arrested last week by Dutch authorities.

Released on Tuesday, but still a suspect, the 39-year-old man would have laundered stolen bitcoins in large quantities. Arrested in the province of Utrecht, in Veenendaal, the crook was seized at his home during a search.

The police would have seized all the cash found (presumably related to laundering) and the cryptocurrencies they could find.

The laundered bitcoins are believed to have been stolen via a fake Electrum wallet. Known for its ease of use, Electrum is very attractive to beginners who want to hold their bitcoins on a wallet that can be used on a computer. It is therefore relatively "easy" to create a fake wallet and have it downloaded to victims.


The total amount of bitcoins stolen and laundered, has not been disclosed, but the suspect would have gone through Monero to ensure anonymization of his transactions, and then would have transformed back into Bitcoin part of his XMR.

The protocol used by Monero allows for confidentiality in the exchanges and above all a rather effective anonymity.

The investigators have not yet given any information on the method used to trace the suspect, we will certainly learn more in the coming days.
https://journalducoin-com.translate.goog/bitcoin/bitcoin-prison-btc-voles/?_x_tr_sl=fr&_x_tr_tl=en&_x_tr_hl=fr&_x_tr_pto=wapp

Quote
According to police, the suspect had laundered tens of millions of euros and tried to cover his tracks with the help of the private coin Monero (XMR) and the decentralized exchange Bisq. Police were able to identify the man through his Bitcoin transactions
https://cryptobenelux.com/2022/09/15/verdachte-van-bitcoin-scam-gearresteerd-door-nederlandse-politie/
copper member
Activity: 786
Merit: 710
Defend Bitcoin and its PoW: bitcoincleanup.com
You mean this?

Most likely yes. They disabled the pop-up feature after this incident so this must be it

I was hoping for a topic in which I'm allowed to reply.

The discussion topic is still writable. Though the last reply is over 3.5 years old  Tongue


I don't know if that makes sense, but I thought that maybe there is some service where you send Bitcoin (which the suspect obviously stole through the software) and receives Monero to a specified address in return.

It said he used Bisq

The whole text is a bit weird because why would they only seize the expected profit? In such a situation, wouldn't authorities seize whatever they can at first? On the one hand they say investigation of data carriers is ongoing, on the other hand they say expected profit is seized. How can they calculate "expected profit" (which is weird anyway as I said above) while the investigation is still ongoing.

It is a bit vague but my understanding is that he finished allegedly mixing the coins and they seized some BTC,XMR, etc.  he had in his wallet under the supposition that it was his cut from the deal. It does sound weird AF !

On the other hand imagine the hacker's face (considering it's not him) when he found out that he sent some tainted BTC to a guy to mix, the guy got flagged and caught and the received BTC is now tainted again.

hero member
Activity: 1708
Merit: 553
Play Bitcoin PVP Prediction Game
did the guy use a Monero mixer
Please read up on Monero. TL;DR: it's a privacy coin.

I do understand the basics and that the receiver doesn't know the sender's address, but the sender (that goes without saying) does of course know the receiver's address. Bottom line is pretty much that mixing Monero doesn't make sense.

I don't know if that makes sense, but I thought that maybe there is some service where you send Bitcoin (which the suspect obviously stole through the software) and receives Monero to a specified address in return. That way the suspect could at least end up with Monero without getting shot in an OTC deal (Bitcoin for Monero) on the streets (given the sum is so high). The whole text is a bit weird because why would they only seize the expected profit? In such a situation, wouldn't authorities seize whatever they can at first? On the one hand they say investigation of data carriers is ongoing, on the other hand they say expected profit is seized. How can they calculate "expected profit" (which is weird anyway as I said above) while the investigation is still ongoing.

And if they are talking about tens of million of Euros, it doesn't sound common either to let someone go after two days while the data carrier investigation is still ongoing. I can imagine that whoever wrote the text might have exaggerated a good bit.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Are there any information saying how exactly they caught him?
I haven't seen any. Usually, they don't want to teach criminals how to avoid getting caught.

I couldn't find back the topic about the malicious Electrum "update popup", so I choose Press.
You mean this?
I was hoping for a topic in which I'm allowed to reply.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino

Are there any information saying how exactly they caught him?
He used Electrum, Bisq and Monero, so it must have been when he sold crypto for fiat currency, and that makes me think Dutch police are also using Bisq exchange themselves.
They probably sell cash for crypto and examine all large transactions.


The hacker ripped off people who use electrum
The hacker redirected (at least once) to another wallet (there is nothing about if it was Electrum)
the bitcoins were transferred to a Bisq wallet
The wallet exchanged BTC for monero and vice versa

There is no bank transaction involved. If it was the case, the police would have announced they sized the money or the bank account.
The text says "The expected profit that the man made from money laundering was seized in cryptocurrency"
To me, there is no €uro somewhere.

The guy was supposed to mix bitcoins using monero and he got stopped here.
legendary
Activity: 1512
Merit: 7340
Farewell, Leo
I couldn't find back the topic about the malicious Electrum "update popup", so I choose Press.
You mean this?
legendary
Activity: 2212
Merit: 7064
If this guy "only" laundered the money, I expect he earned "only" a few percent of the tens of millions of euros. I guess the real malware makers are still far from getting caught.
Are there any information saying how exactly they caught him?
He used Electrum, Bisq and Monero, so it must have been when he sold crypto for fiat currency, and that makes me think Dutch police are also using Bisq exchange themselves.
They probably sell cash for crypto and examine all large transactions.

That's a foolish way to mix coins that does not provide you with any security. Monero's blockchain is completely independent from Bitcoin's, and what makes people feel safe that the exchange(s) that are cooperating with chain analysis companies are not going to unscramble their moving factory floors of transaction histories?
They probably found all transaction information on computers and devices seized from him.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
did the guy use a Monero mixer
Please read up on Monero. TL;DR: it's a privacy coin.
hero member
Activity: 1708
Merit: 553
Play Bitcoin PVP Prediction Game
Wouldn't it be pretty smart by authorities to offer mixing services themselves?
That doesn't help when someone uses Monero to hide their transactions.
[/quote]

Now one question is where those Bitcoin have been exchanged for Monero and did the guy use a Monero mixer or a Bitcoin mixer before that? Generally, when you use a mixer you need to specify a receiving address. If somehow they uncovered his identity / detected his location, raiding his house and finding data revealing addresses that were used with a mixing service, that would be an important proof against that person. I don't know enough about the case, but the idea that authorities build infrastructure and networks to gather data is quite likely in my opinion. I just don't know whether most of it would be allowed to be used at court.

legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
bestmixer: the Netherlands
a guy, who used bestmixer, arrested with gold, money, and jewelry: the Netherlands
tornado cash: the Netherlands
this news: the Netherlands
LoyceV: the Netherlands Shocked

that's why it's not good to do bad things with cryptocurrencies in the Netherlands.
I can think of more reasons not to do bad things Wink

Wouldn't it be pretty smart by authorities to offer mixing services themselves?
That doesn't help when someone uses Monero to hide their transactions.
hero member
Activity: 1708
Merit: 553
Play Bitcoin PVP Prediction Game
- the guy is himself the hacker

It's highly likely that he's the one behind it all, although I wouldn't be surprised if real hackers hired someone like this person to launder their money, and he's not the only one involved in this operation. It makes sense if you take into account that real hackers would stay in the shadows that way, and even if they catch one accountant, others will continue to launder money.

off-topic but
bestmixer: the Netherlands
a guy, who used bestmixer, arrested with gold, money, and jewelry: the Netherlands
tornado cash: the Netherlands
this news: the Netherlands

I have only one logical explanation for that, and that is that there are people in that country who understand very well how the whole thing works and that's why it's not good to do bad things with cryptocurrencies in the Netherlands.

That was my first thought as well when I came across this topic. The fact that they were able to trace that guy back and to also identify the actual loophole, the malicious electrum software update, does at least show that authorities are making progress and resources are invested significantly into improving their quantitative as well as qualitative capacities.

However, especially when we are talking about cryptocurrencies, I wonder if endeavors by authorities are so nationally limited, or whether it is more likely that they are building cross-border task forces as well. So given that all these incidents had to do with suspects from the Netherlands might not necessarily mean that the Netherland's authorities are better educated and equipped, but that there might have been a network actively communicating on how to exploit issues in a criminal way when it comes to crypto and that authorities succeeded in getting closer to them and are taking them out step by step.

Whatever the exact context might be, one would expect someone laundering tens of millions to be extra cautious.

Wouldn't it be pretty smart by authorities to offer mixing services themselves? Maybe not officially, but reasons for a house raid could probably always be found after you have the info you need to identify an individual using the service. Who knows, I would think that might already be the case. Establish a mixing service, provide services reliably, then take out one criminal after another until the crypto world gets suspicious and stops using the service. But I assume even that could be a hidden fact for quite some time if done the right way despite having to present evidence at court.

https://www.justice.gov/usao-or/pr/alleged-russian-cryptocurrency-money-launderer-extradited-netherlands-united-states

That guy was also caught in the Netherlands. Trial starts on October 4th 2022.
legendary
Activity: 3234
Merit: 5637
Blackjack.fun-Free Raffle-Join&Win $50🎲
- the guy is himself the hacker

It's highly likely that he's the one behind it all, although I wouldn't be surprised if real hackers hired someone like this person to launder their money, and he's not the only one involved in this operation. It makes sense if you take into account that real hackers would stay in the shadows that way, and even if they catch one accountant, others will continue to launder money.

off-topic but
bestmixer: the Netherlands
a guy, who used bestmixer, arrested with gold, money, and jewelry: the Netherlands
tornado cash: the Netherlands
this news: the Netherlands

I have only one logical explanation for that, and that is that there are people in that country who understand very well how the whole thing works and that's why it's not good to do bad things with cryptocurrencies in the Netherlands.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino


- the guy knows the hacker
- the guy is himself the hacker
- the person is fragile socially or financially and accepted. A bit like drug dealers who never have any stock at home. They keep it in people's homes in exchange for a little money.

I bet 10€ the guy is the hacker. On why from Veenendaal, no idea, nowadays with the internet there are no borders.

off-topic but
bestmixer: the Netherlands
a guy, who used bestmixer, arrested with gold, money, and jewelry: the Netherlands
tornado cash: the Netherlands
this news: the Netherlands
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
I have the tendency to believe they use the term money laundering simply because they have nothing (yet) to back up a hack accusation.
Good point. And why would the hacker trust this guy from Veenendaal with tens of millions of euro's worth of stolen Bitcoin? Even if it was done in smaller batches, I'm curious how this guy got to this "position". It would make more sense if he personally knows the hackers.
copper member
Activity: 2940
Merit: 4101
Top Crypto Casino
Why a hacker would use a person to exchange BTC>Monero>BTC on Bisq. Notice that not any euro is involved.
If it was about doing this on Binance & co., maybe but with Bisq. If it was to cash out on a bank account, ok, but not any cent of euro.

I have the tendency to believe they use the term money laundering simply because they have nothing (yet) to back up a hack accusation.
Since the investigation is still ongoing we will probably hear more if there is something new.
But if you go to a justice court to claim a person is a hacker but have no proof. You know no judge will hear you.

Quote
It's a good Dutch police tradition to quickly let criminals go. This guy was held for 2 nights!

No big deal if the justice is also fast. It makes slots open for the signature police campaign to fill the cages at the police station, and so more gangsters in jail. Cheesy

legendary
Activity: 2254
Merit: 2406
Playgram - The Telegram Casino
With the recent attention mixers have been getting from government, I hope news like this would not turn attention to decentralized, P2P platforms like bisq, increasing censoring.
So that's it? They didn't even seize whatever small commission he got?
He did get a slap on the wrist and data carriers found in his him we're seized. There is no guarantee this contains the entire stolen amounts.
legendary
Activity: 3668
Merit: 6382
Looking for campaign manager? Contact icopress!
Exchanges can't know where the Monero comes from, so if you sell 1 Bitcoin for Monero on Exchange A and 28 days later sell 10 Monero for Bitcoin on exchange B, they can't link them together (assuming you use different Bitcoin addresses and not your home IP address, of course).

Indeed. But they will just track the bitcoins (especially the first 1) and that alone can give plenty of information.

I guess the real malware makers are still far from getting caught.

It's a start. From what I see they are (or have been) making mistakes, so it's not all the hope lost.
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
So that's it? They didn't even seize whatever small commission he got?
It says they seized his (expected) profit.

Quote
That's a foolish way to mix coins that does not provide you with any security. Monero's blockchain is completely independent from Bitcoin's, and what makes people feel safe that the exchange(s) that are cooperating with chain analysis companies are not going to unscramble their moving factory floors of transaction histories?
Exchanges can't know where the Monero comes from, so if you sell 1 Bitcoin for Monero on Exchange A and 28 days later sell 10 Monero for Bitcoin on exchange B, they can't link them together (assuming you use different Bitcoin addresses and not your home IP address, of course).
legendary
Activity: 1568
Merit: 6660
bitcoincleanup.com / bitmixlist.org
So that's it? They didn't even seize whatever small commission he got?

Investigation showed that the man converted bitcoin into the privacy coin monero [vice versa], which makes the trail of transactions more difficult to track. His service was provided via the anonymous online network Bisq. It is suspected that the man earned a lot from laundering in this way.

That's a foolish way to mix coins that does not provide you with any security. Monero's blockchain is completely independent from Bitcoin's, and what makes people feel safe that the exchange(s) that are cooperating with chain analysis companies are not going to unscramble their moving factory floors of transaction histories?
legendary
Activity: 3290
Merit: 16489
Thick-Skinned Gang Leader and Golden Feather 2021
Quote from: politie.nl
Man arrested on suspicion of money laundering of cryptocurrency worth tens of millions of euros

In the early morning of September 6th 2022, the Dutch police arrested a 39-year-old man from the village of Veenendaal on charges of money laundering of cryptocurrency worth tens of millions of euros. The police identified the man after tracing bitcoin transactions. The funds were  stolen by making use of  a malicious software update purporting to be from  the open source Electrum wallet.

Investigation showed that the man converted bitcoin into the privacy coin monero [vice versa], which makes the trail of transactions more difficult to track. His service was provided via the anonymous online network Bisq. It is suspected that the man earned a lot from laundering in this way.

When the man was arrested, his home was searched and several data carriers were seized. The police investigation into  the data carriers and the virtual currencies held by the man is ongoing. The expected profit that the man made from money laundering was seized in cryptocurrency by the police. The man was released on Thursday 8th of September and remains a suspect.

The investigation is being carried out by the Dutch Police Cybercrimeteam of the Central Netherlands in collaboration with the Cybercrimeteam of the Eastern Netherlands.
If this guy "only" laundered the money, I expect he earned "only" a few percent of the tens of millions of euros. I guess the real malware makers are still far from getting caught.

It's a good Dutch police tradition to quickly let criminals go. This guy was held for 2 nights!



I couldn't find back the topic about the malicious Electrum "update popup", so I choose Press.
Jump to: