For the last couple of months, since my UK banking partner ended its relationship with my bitcoin OTC trading company, I have engaged in high volume cash trades with a couple of regular clients.
My modus operandi has always had a strong focus on security. I keep a lot of my coins in cold storage but I also have one main trading wallet on blockchain.info that has 2-Factor Authentication enabled. When a trade is organised, I send coins from this wallet to an intermediary wallet (also blockchain.info) using the shared send feature with my IP address concealed. I then obtain a new identity and repeat this procedure, sending the coins to a blockchain.info address attached to a phone I only use for trading. The relationship of my primary online wallet to the one I use to trade is therefore very obscure. Once the trade is completed I never use the same intermediary address or trading address on my phone again. The computer I use is rarely used for anything other than bitcoin trading, has multiple levels of encryption, has all scripts turned off on the internet browser, employs little snitch to guard against keyloggers and is never in the presence of anyone I trade with. Once I walk away from it, even to go to the toilet, any sensitive info encrypted in a hidden container.
A couple of days ago, I logged into my blockchain account to find my coins gone. I felt I had been a victim of a man-in-the-middle attack that grabbed my password and that that person also cracked Google Authenticator. I knew I had no hope of getting my coins back and actually did very little to even attempt to do so. Then yesterday, when I was trading with another customer, he informed he that he heard from another trader that people had backdoor access to blockchain.info and 2 weeks ago they stole a very similar amount of coins to what I had taken. I called the trader the information stemmed from (whom I also trade with regularly) and asked him about it, never telling him that I had coins stolen. I met him for a trade today and continued to quiz him, feigning interest in learning the technique so I could engage in stealing myself. He refused to tell me his methods but said that with the help of friends he was able to gain access almost 'at will' and that 2-Factor authentication (all forms of it) was no hindrance. He bragged that he currently had access to a wallet with 1800 BTC in it but needed the wallet address to be able to steal the coins. (He also said that Bitstamp has been compromised several times but that this was never made public but didn't say it was him and his associates who did this). All the while I was questioning I didn't really believe what he was saying, I guess I was just going on a slight bit of hope it was related to my loss. He also claimed that when he had compromised an account, he flew to a foreign country to steal the coins and dumped the laptop immediately. The whole process takes about 4 hours apparently. Again I'm not sure why anyone would do this considering there are many ways to conceal one's IP. Eventually, I quizzed him on his 'big score' from a couple of weeks ago. The amount he claimed to have taken was the exact amount I had stolen. I immediately told him that they were mine as this couldn't be a coincidence. He asked me for proof that I owned the wallet he compromised and I told him he'd have to accompany me to my place and to my computer. He refused to go. I repeated that I knew the coins were mine, it's too much of a coincidence and that I wanted him to return them immediately before I called the police. He first said, "No way, I'm smarter than you", then completely changed his story and denied ever saying anything he said previously. I left him by giving him 24 hours to return my coins before I involved LE. They are still in the same address they were sent to after the theft along other coins.
The fact is he's stolen my coins. What is up for question is how he did it. If he has compromised blockchain.info, why does he need wallet addresses to finish the job? Is that why he needs to have contact with someone he steals from? Despite having trading contact with me, how has he isolated the identity of my primary wallet considering the steps I have taken? The most confusing element of the story is however, how on earth did he not know it was me he stole from?
