Pages:
Author

Topic: Bitstamp hack. A real life test of anonymity in Bitcoin (Read 2752 times)

legendary
Activity: 1246
Merit: 1000
The bigger challenge comes with the need to explain the money to the taxation authority which is certainly interested in where the money is coming from.

Depends on which jurisdiction the thief stays in.
There are some jurisdictions where personal income tax is 0%.  Grin
sr. member
Activity: 322
Merit: 250
He can mix his coins.
As the decentralized exchange came out, he can easy spend his bitcoin, then change it to other coins. and last change it to bitcoin back.
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
Those are pretty big assumptions. You could also say that if law enforcement found Bitstamps server in the trunk of your car they could prosecute you for theft. Chances are, if Bitstamp was really hacked, the hacker would not have been stupid enough to use an IP from his living room computer or put Bitstamp's server in the trunk of his car.
You are right, they would probably use some kind of IP masking service (like, tor, VPN or hack their way into a SOCKS5 proxy, although the latter may allow you to be tracked to your "real" identity.

The hacker would obviously need to somehow have the private keys of bitstamp's hot wallet in their possession in order to sign and broadcast the transactions that sent their bitcoin to their bitcoin address. If those private keys are still somehow in the hackers possession then they would be implemented in the theft

Yes, believing that a hacker would not at least attempt to hide his identity would be similar to a bank robber not wearing a mask. Even the dumbest bank robber wouldn't do that.
full member
Activity: 209
Merit: 100
Those are pretty big assumptions. You could also say that if law enforcement found Bitstamps server in the trunk of your car they could prosecute you for theft. Chances are, if Bitstamp was really hacked, the hacker would not have been stupid enough to use an IP from his living room computer or put Bitstamp's server in the trunk of his car.
You are right, they would probably use some kind of IP masking service (like, tor, VPN or hack their way into a SOCKS5 proxy, although the latter may allow you to be tracked to your "real" identity.

The hacker would obviously need to somehow have the private keys of bitstamp's hot wallet in their possession in order to sign and broadcast the transactions that sent their bitcoin to their bitcoin address. If those private keys are still somehow in the hackers possession then they would be implemented in the theft
legendary
Activity: 2226
Merit: 1052
they could easily launder those coins :-)

At bitlaunder.com ? Shocked
hero member
Activity: 560
Merit: 500
★777Coin.com★ Fun BTC Casino!
they could easily launder those coins :-)
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
Bitcoin theft is difficult to prosecute. Even if law enforcement tried to buy the coins from you at a localbitcoins deal they couldn't prove you were the thief even if they cared enough to try. Being in possession of the stolen coins does not prove you hacked into Bitstamp. There isn't even any proof that Bitstamp was ever hacked. You could claim they owed you the money and finally sent it to you and it's your word against theirs. You could claim whoever stole the money must have accidentally sent some of it to your address and you didn't know it was stolen. There is simply no way to prove the address holder is the thief after one transfer of the coins. At this point the coins have been transferred. Hope of finding the thief with proof positive is gone forever using just the coins address. They don't even need to be mixed to be usable. I've done lots of fast trades using LBC and no one has ever paused for a minute to look up the source of the coins or even at the description of the address on blockchain.info.
You selling the stolen coins may not be enough to prosecute someone for hacking Bitstamp however it may be enough for probable cause to get warrants to look into you further by law enforcement.

I assume that Bitstamp has some kind of logs of the hack, including the IP address of the computer(s) that were used to connect to their hot wallet. If a connection could be made between the computer(s) that were used to hack Bitstamp and you then it could be proven that you hacked them. This is especially true if law enforcement were able to find Bitstamp's private keys to their hot wallet or some other code to transfer their bitcoin to the address all the stolen coins were sent to
Those are pretty big assumptions. You could also say that if law enforcement found Bitstamps server in the trunk of your car they could prosecute you for theft. Chances are, if Bitstamp was really hacked, the hacker would not have been stupid enough to use an IP from his living room computer or put Bitstamp's server in the trunk of his car.
full member
Activity: 574
Merit: 100
Bitcoin theft is difficult to prosecute. Even if law enforcement tried to buy the coins from you at a localbitcoins deal they couldn't prove you were the thief even if they cared enough to try. Being in possession of the stolen coins does not prove you hacked into Bitstamp. There isn't even any proof that Bitstamp was ever hacked. You could claim they owed you the money and finally sent it to you and it's your word against theirs. You could claim whoever stole the money must have accidentally sent some of it to your address and you didn't know it was stolen. There is simply no way to prove the address holder is the thief after one transfer of the coins. At this point the coins have been transferred. Hope of finding the thief with proof positive is gone forever using just the coins address. They don't even need to be mixed to be usable. I've done lots of fast trades using LBC and no one has ever paused for a minute to look up the source of the coins or even at the description of the address on blockchain.info.
You selling the stolen coins may not be enough to prosecute someone for hacking Bitstamp however it may be enough for probable cause to get warrants to look into you further by law enforcement.

I assume that Bitstamp has some kind of logs of the hack, including the IP address of the computer(s) that were used to connect to their hot wallet. If a connection could be made between the computer(s) that were used to hack Bitstamp and you then it could be proven that you hacked them. This is especially true if law enforcement were able to find Bitstamp's private keys to their hot wallet or some other code to transfer their bitcoin to the address all the stolen coins were sent to
legendary
Activity: 2506
Merit: 1010
There isn't even any proof that Bitstamp was ever hacked.

Exactly.  If we were to start treating these coins different from any others (e.g., by blacklisting them) then that provides an opening for all kinds of abuses (by those who might falsely claim "hack!" in an attempt to get the funds back or drive some other outcome.)
legendary
Activity: 2156
Merit: 1393
You lead and I'll watch you walk away.
Bitcoin theft is difficult to prosecute. Even if law enforcement tried to buy the coins from you at a localbitcoins deal they couldn't prove you were the thief even if they cared enough to try. Being in possession of the stolen coins does not prove you hacked into Bitstamp. There isn't even any proof that Bitstamp was ever hacked. You could claim they owed you the money and finally sent it to you and it's your word against theirs. You could claim whoever stole the money must have accidentally sent some of it to your address and you didn't know it was stolen. There is simply no way to prove the address holder is the thief after one transfer of the coins. At this point the coins have been transferred. Hope of finding the thief with proof positive is gone forever using just the coins address. They don't even need to be mixed to be usable. I've done lots of fast trades using LBC and no one has ever paused for a minute to look up the source of the coins or even at the description of the address on blockchain.info.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
Have the user balances restored?

I had nothing there on hot wallet, so I wouldn't know. For everyone else, did BitStamp restored the stolen coins or everyone's balances are zero now?
sr. member
Activity: 530
Merit: 250
CryptoTalk.Org - Get Paid for every Post!
The hacker just needs time to turn the coins into fiat. In a few years no one really cares anymore. In the meantime he can split the 19k into thousands of smaller amounts, transfer, tumble, gamble, exchange to alt coins.

Does anyone still keep track of the stolen coins from the Sheep Marketplace?
m3
sr. member
Activity: 460
Merit: 250
Like others have said, the hacker would try to tumble the coins, the real question is are the tumblers legit or could they be honeypots?
full member
Activity: 574
Merit: 100
As I can see, the coins are being mixed slowly. Two of the stashes are here...

https://blockchain.info/address/13KLHgJzdp11ZiJzAK43MMX9dKDoRYrHtG => 200 BTC

https://blockchain.info/address/1Af9nUCxKYRuXeHRDS6v14eV1JXxvUFUqc => 1,955.14096723 BTC
whats the point of mixing it is it easier to sell it then?
The point of mixing coins is to prevent your identity from being associated with the theft when you go to sell the coins on an exchange. If the hacker were to sell them he would probably mix them first and then sell them on an exchange.

And since we're on the topic of real life scenario, the average bitcoin user does not check where their coins originated from, for every single transaction. He can discretely trade these to people, as long as he stays off the exchanges. Again, it will takes patience and risk to do this, but nevertheless just find the right people
It would be possible that someone would purchase the coins then eventually sell them on an exchange, then be questioned by law enforcement about how they came into possession with the coins.
sr. member
Activity: 326
Merit: 250
Atdhe Nuhiu
Fiat cashout should not pose the biggest problem if you travel to the right country first. He could easyly meet buyers who wants to buy bitcoins anonymously for using in the deep webs or hiding assets.

The bigger challenge comes with the need to explain the money to the taxation authority which is certainly interested in where the money is coming from.
With no waterproof explaination for the thief, he would have to spend it without drawing attention which is susceptible to fail some day.

it is so simple to cash out and then to deposit these money without any question from anybody. you just have to think that Bitcoin allows the money laundering and nothing more. Smiley

Deposit the money without any question from anybody? In most (western) countries, banks are obligated to report transactions above a certain amount (that amount typically being well below the $100K or equivalent in local currency) or bunches of transactions that appear correlated and add up to an amount above this limit.

Simply dumping $5M on a bank account is going to raise some eyebrows with the hackers local tax department, which in turn might alert law enforcement. So unless the hacker lives in a country with sufficient bank secrecy it might be quite difficult to profit from his newly found wealth.
You do not need to live in country like Andorra to open an account there. Even if it is tax evasion, they do not care.
sr. member
Activity: 326
Merit: 250
Atdhe Nuhiu
Fiat cashout should not pose the biggest problem if you travel to the right country first. He could easyly meet buyers who wants to buy bitcoins anonymously for using in the deep webs or hiding assets.

The bigger challenge comes with the need to explain the money to the taxation authority which is certainly interested in where the money is coming from.
With no waterproof explaination for the thief, he would have to spend it without drawing attention which is susceptible to fail some day.
There are tens of countries where you do not pay taxes from foreign income. I guess the thief - if he feels that what you say is a problem - can go there and buy residency for one year.
legendary
Activity: 812
Merit: 1002
These are stolen coins, the thief did not lose anything monetary from this. So what's the problem with slowly using a mixer over the next few years to get clean coins? It's not hard, all it takes is patience.

And since we're on the topic of real life scenario, the average bitcoin user does not check where their coins originated from, for every single transaction. He can discretely trade these to people, as long as he stays off the exchanges. Again, it will takes patience and risk to do this, but nevertheless just find the right people
sr. member
Activity: 406
Merit: 250
Fiat cashout should not pose the biggest problem if you travel to the right country first. He could easyly meet buyers who wants to buy bitcoins anonymously for using in the deep webs or hiding assets.

The bigger challenge comes with the need to explain the money to the taxation authority which is certainly interested in where the money is coming from.
With no waterproof explaination for the thief, he would have to spend it without drawing attention which is susceptible to fail some day.

it is so simple to cash out and then to deposit these money without any question from anybody. you just have to think that Bitcoin allows the money laundering and nothing more. Smiley

Deposit the money without any question from anybody? In most (western) countries, banks are obligated to report transactions above a certain amount (that amount typically being well below the $100K or equivalent in local currency) or bunches of transactions that appear correlated and add up to an amount above this limit.

Simply dumping $5M on a bank account is going to raise some eyebrows with the hackers local tax department, which in turn might alert law enforcement. So unless the hacker lives in a country with sufficient bank secrecy it might be quite difficult to profit from his newly found wealth.

This is true.  In America, the IRS gets raised flags when you deposit something like $10k or more at a time in your bank account.  

So unless this guy plans on cashing to fiat and living off cash payments or re-distributing the wealth by giving it to his associates/family...he's going to have people in higher places watching his moves and ultimately questioning where it came from.

Looks like he's already starting to use mixers to 'clean' the coins stolen.  That's pretty cool blockchain can mark the funds as tainted/hacked, but ultimately there are still ways to get around this.
sgk
legendary
Activity: 1470
Merit: 1002
!! HODL !!
He could easyly meet buyers who wants to buy bitcoins anonymously for using in the deep webs or hiding assets.

Bitcoin is terrible if talking about hiding assets and thats why it will never be used in the deep webs. Untraceable technologies like Monero are far better fit for privacy needs

Sorry, but Bitcoin can be as anonymous as other so-called anonymous coins if used properly.

Bitcoins can be traced back to an 'address' but after all it is impossible to figure out who owns the address if the owner has enough caution to cover his tracks.
coins purchased via exchanges can be tracable if exchange requires strict KYC, but mined coins have no suc limitation. A miner gets his reward and can use any address to spend them, making it impossible to link these coins to a person.

Newer technologies like Dark Wallet and coin mixers are making it even easier than before.
hero member
Activity: 728
Merit: 500
Fiat cashout should not pose the biggest problem if you travel to the right country first. He could easyly meet buyers who wants to buy bitcoins anonymously for using in the deep webs or hiding assets.

The bigger challenge comes with the need to explain the money to the taxation authority which is certainly interested in where the money is coming from.
With no waterproof explaination for the thief, he would have to spend it without drawing attention which is susceptible to fail some day.

it is so simple to cash out and then to deposit these money without any question from anybody. you just have to think that Bitcoin allows the money laundering and nothing more. Smiley

Deposit the money without any question from anybody? In most (western) countries, banks are obligated to report transactions above a certain amount (that amount typically being well below the $100K or equivalent in local currency) or bunches of transactions that appear correlated and add up to an amount above this limit.

Simply dumping $5M on a bank account is going to raise some eyebrows with the hackers local tax department, which in turn might alert law enforcement. So unless the hacker lives in a country with sufficient bank secrecy it might be quite difficult to profit from his newly found wealth.
Pages:
Jump to: