Interm Report On EpicThomasI have been so busy at home lately I haven't been able to keep up with this thread since about page 700. I'll try to catch up soon. In the meantime I seek the forum's advice on what to do next about EpicThomas. Consider this an interim report on my investigation so far.
I have had the exchanges below with EpicThomas . He has answered my most important question yesterday by saying he did not have any accomplices or partners. He continues to maintain that he did not take 300K NXT total from any of plasticAiredale, Framewood, PaulyC, sparta_cuss, or newcn. I believe I have put enough heat on him where I think if he had the codes to reverse the transactions from the bandit accounts to these people he would do so just to get this whole mess behind him. He also seems pretty willing in both messages to hand over 50K NXT in restitution, which is a big deal for him because he is struggling financially in the real world.
So what are the possibilities. Let's go down the list.
1. EpicThomas is responsible for all thefts and lying about not having the codes to the stolen NXT. This makes no sense to me. One call to the Orlando FBI now and he is burnt toast and he knows it. I have said multiple times (and really do feel this way) that if all the victims were made whole then I would drop the pursuit and we all get on with our lives. I think this is too good of a deal for EpicThomas to pass up when the alternative is running the gauntlet on a federal felony charge. I think if he had the codes he would have reversed the thefts by now to get out from under all of this mess. If not, he's running a bluff (50 K NXT restitution, etc) on us right now with the threat of the FBI over his head, and that would take some pretty damn big balls (testicles, for our non-native English speakers).
2. EpicThomas is telling the TRUTH about not having the codes to the stolen 300K NXT but is still LYING about not having an accomplice (who presumably does have the codes) because of either loyalty or fear. This was my main working theory until he just flat out said he had no help on this hack. He could still be lying about not having an accomplice, and if so I'm not certain how to penetrate such a deception. But this makes no sense to me either. It takes all of the big balls required in the above scenario, PLUS he's also taking the fall (all responsibility, for out non-English speakers) for somebody else that has codes which could reverse the thefts and keep us from turning EpicThomas over to the FBI.
The final possibility is that Epic Thomas is telling the truth about BOTH having no codes to stolen NXT AND no helpers. This leads to two final possibilities, equally scary.
3. There is one or more completely independent hacker(s) out there who took the 300K NXT from five accounts as part of a completely different heist and is laughing at all of us right now because we are not even on their trail yet.
4. There is a bug in NXT that has resulted in dumping the entire balance of the five victim's accounts into other accounts unintentionally, perhaps triggered by the code changes EpicThomas added, with NOBODY having the codes to the five victim's 300K NXT. This occurred to me as a result of Jean-Luc's notes attached to the latest 0.5.0 code release: "I have not been able to find any possible cause yet for the most critical in my opinion bug reported so far, transactions being sent to a recipient different than the one selected. I have read through the relevant code again, but don't see any obvious way how this could happen. I am not ignoring those reports and believe it may be a real bug and not a user error, but without a way to reproduce the problem, it is very hard to
track it down."
So it seems to me the truth has to be one of the four possibilities above. Dear reader, pick which possibility YOU believe. Am I missing something?
For the record, the lost/stolen NXT is here:
13643712185318669838 contains 100088 NXT taken from Framewood's 697109629372813510
15182566201738727933 contains 18665 NXT taken from plasticAiredale's 8439060069775407509
16204974692852323982 contains 7808 NXT taken from PaulyC's 16821029889165561706
9793828175536096502 contains 18197 NXT taken from newcn's 16886318053889080545
12152013998194592943 contains 147690 NXT taken from sparta_cuss's 11794318797680953099
Note that
16204974692852323982 also contains 1155 NXT moved from
four other accounts over a four minute period centered around 29.12.2013 08:20:00 (before EpicThomas posted any poisoned links) , original owner(s) unknown and that the loss of plasticAiredale, PaulyC, newcn and Sparta_cuss
also took place as a cluster of four transfers in a four minute period. Computer bug? Methodical heist?
Definitely weird.
You can check whether or not stolen NXT has been returned using the block explorer:
http://87.230.14.1/nxt/nxt.cgi?action=34Let me just make a few other important observations on loose ends that confuse me but are important. EpicThomas had 250K NXT for sale on December 8 and was asking 2BTC for it, and this was before he posted any poisoned links. On December 27, again before posting any poisoned links, he commented that he couldn't believe his 50K NXT was worth so much. This is apparently the 50K NXT he is apparently offering as restitution now. He posted his poisoned links on December 31 twice, at December 31, 2013, 11:53:39 AM and again at on: December 31, 2013, 01:23:22 PM. However,
Framewood claims a theft on December 26 while running a 0.4.4 client and this theft occurred BEFORE EpicThomas posted poisoned links on December 31. This is evidence for possibilities 3 or 4 above and this evidence should not be ignored. This evidence is trying to tell us something and I am not sure what it means.
One last thing. I am reading about unclaimed coins about to be distributed here by NXT leaders.
I vote that plasticAiredale, Framewood, sparta_cuss, and newcn receive sufficient unclaimed coins on top of charity already received to bring their account balances back up to their original starting totals (PaulyC is already there) - particularly if there is a possibility of a bug sending NXT where it is not supposed to go . We can continue to monitor where their stolen coins are because we now the account numbers, and if their stolen coins are ever returned, I am sure they would all donate any "unclaimed" coins back into the NXT "treasury".
I apologize for the length of this post but this has been a complicated
Hard Case Crime novel forensic investigation and I am a little confused on what to do next. I solicit your comments.
Flushing him out:Incidentally, all photos (except the cover art from the "Confession" Hard Case Crime novel cover) are from EpicThomas' own Facebook page.
https://bitcointalksearch.org/topic/m.4271392https://bitcointalksearch.org/topic/m.4271857https://bitcointalksearch.org/topic/m.4273848https://bitcointalksearch.org/topic/m.4279364https://bitcointalksearch.org/topic/m.4280778https://bitcointalksearch.org/topic/m.4281454https://bitcointalksearch.org/topic/m.4281757https://bitcointalksearch.org/topic/m.4281944https://bitcointalksearch.org/topic/m.4282673https://bitcointalksearch.org/topic/m.4283901https://bitcointalksearch.org/topic/m.4289094https://bitcointalksearch.org/topic/m.4291567Begin exchanges with EpicThomas:
Sent to: rickyjames on: January 03, 2014, 02:54:52 PM »I understand that you are angry because you lost your coins but threatening me and my family post after post is not going to help anyone.
The only thing I can do is try to cover the lost coins by using my personal funds +- 50k nxt spread amongst different alt coins.
If I do this I will have to divide it between all the people who claimed their coins got stolen on 1/1.
All I can say is I do not have access to the stolen coins nor do I know the person who has.
Extortion and threathening my life on public forums is not going to help this problem go away.
« Sent to: EpicThomas on: January 03, 2014, 05:08:11 PM »First and most importantly of all, there is no threat whatsoever here to any member of your family no matter what happens. Your family is totally safe under all outcomes. That is one thing you do not have to worry about.
The only reason I have publicly brought up the names of your family were to communicate to you that I know who you are and to get you to sit down at a table with me. That's it. You will note that I have not posted your first name or links to your Facebook page or the last names of any of your family. I have tried to preserve your privacy while doing what I felt was necessary to open a line of communication with you.
So I thank you for responding to me in a personal message. Please, let's take a time out here and just talk for a while just between you and me.
As an aside, I envy you and the relationship you have with your daughter Jocelyn. She is a beautiful girl and it is a wonderful thing that you obviously love her so much. I have a daughter named Diana whom I have not seen for 20 years because her mother turned her against me during our divorce. This hurts me every day. So please know that I respect you as a father and as a man.
It is a generous offer for you to say you will donate your personal holdings of around 50K NXT to cover lost coins. If we are unable to arrange getting the bandit accounts emptied back to their original owners, I think you should plan on doing this as restitution. I have an second account with only 10 NXT in it that I use for testing with Raspberry Pi. Its number is 16092180239932658439. Any coins you put in there I will make sure get distributed to the people who have lost NXT from infected clients. I will publicly post just this one paragraph of our ongoing discussion so the forum group can police my handling of any NXT you choose to surrender in this manner.
I am not out to get you. I want to talk about just what has happened and in particular fill in gaps of knowledge. It is very important that we fully understand what happened.
It looks like you came to the bitcointalk forum in early December to promote your game site of epicdices.com . After that, you seem to have found the NXT thread and started following it. You did your (very clever, I think) posting of a contaminated client for a while and gathered information from it. Then you have appeared to lay low and read the forums, only coming out when the pressure of the posts got too hot.
OK. Now let me ask you this, and it's the key question. Since you have been at bitcointalk forums in the past month, who have you communicated with on the subject of contaminated NXT clients?
You have repeatedly said that you don't know who has access to the stolen coins. This is not the same thing as saying you did not communicate with others in the past month about contaminated NXT clients. I personally believe you have got one or more accomplices here and it is important to find out who they are. I understand that you may have loyalty or fear that makes you hesitate to open up on this topic. Let me say that whatever you tell me here about others, I will not go instantly blabbing it to the whole world. I will work with you to understand your concerns and give you what support and privacy I can. But I need to get to the bottom of this, and I just have a gut feeling I'm not there yet.
So talk to me. The clock has stopped ticking and we are at halftime. I will talk back and forth with you as necessary to understand your side of things. We can go as long as you want and exchange as many messages as you want as long as we are making progress in clearing this up. Just don't vanish on me for more than 72 hours unless we've shaken hands that this mess is over, that's all I ask.
Your turn to talk. And thanks again for writing to me.
« Sent to: EpicThomas on: January 04, 2014, 11:21:19 AM »I have not heard from you. You need to talk to me.
This is not over. This is a long way from over. $25,000 has been stolen and that is a major crime. Nobody is going to forget about this and walk away and let you just go on with your life. You are in this up to your eyeballs and you have been since you posted your poisoned link on December 31. It's been a rough four days that haven't turned out like you planned, huh?
You need to answer my question. It is the exact same question the Orlando FBI is going to be asking you very soon if you don't answer it for me.
Who have you been communicating with on the topic of contaminated NXT clients?
On December 23 on your Facebook page you write "Need to find a way to get money for food on Wednesday." and "So...hungry..."
On December 31 you post a poisoned link.
On January 3 you offer to pay 50K NXT worth over $4000 to people that have had their coins stolen, and you say that NXT is from your own personal funds, not stolen coins.
What's the story here? Please tell me. Talk to me. Silence from you is not the right path to resolve your current problem.
« Sent to: rickyjames on: January 04, 2014, 02:55:49 PM »Currently I have about 50k pending on dgex. The exchange is slow so it will take some time.
I did not talk to anyone about what I did and nobody knew I had an interest in nxt or cryptocurrency.
My personal issues had no influence on what has happened. At this point it is still very difficult to convert bitcoins to dollars so I try not to compare them.
I tried to do this recently and it didn't work out.
As far as I know some nxt has already been divided amongst hacked victims.
It would help me to know how you are going to divide it.
I have been very busy the last couple of days so it takes some time to go through all of this and reply.
« Sent to: EpicThomas on: Today at 01:42:29 AM »I have been very busy too. I have a plane flight tomorrow and I need to take some time to think about all of this some more.
I am surprised by your answer. I was convinced you would tell me you had a partner and that somehow he was off running his version of your code or you were running a version of his or something like that. Everybody wants to crucify you but I am trying to listen to what you are saying. I want to know the truth and not a convenient story.
I've hit you pretty hard to get you to make contact with me because if I had not I believe you would be still be sitting back just lurking and reading the posts and watching the show. The fact is I really don't want to turn you in to the FBI if you are not the big guy that has stolen 300K NXT and counting. If you didn't do it and have no idea who did, that means there's a second whole operation going on here totally unconnected to your operation. I just find that hard to believe, just like all of the others find it hard to believe. But I am going to try to change gears here and follow the path of what you are telling me for a while and see if it takes me anywhere closer to cracking this puzzle. If there really is a second guy that so far is totally in the clear, he's the guy I really want. I would appreciate any thoughts or ideas you have on finding him.
Tell me, where did you learn to decompile Java and write a patch sending data back to you etc? How many contaminated versions of the zip file did you post? Do you still have copies of them? If so, please send copies of them to my email address of
[email protected] as attachments. I want to look at the hash codes of your files and compare them to what the vics downloaded. Maybe there's a clue there...
As far as dividing any NXT you contribute back to the people who have been ripped off, I guess I would propose that it be divided up by the same ratios that were given to them by the previous donations for them that was taken up by the community. PaulyC was first and has been fully reimbursed, so it would be among the other four. There's a post on how they were ratioed, I will look for it.
You don't really need me to be a middleman, you can always make contributions directly to them and send them a PM saying you did so.
For the record, my promise still stands for you or anybody else - if the NXT in the bandit accounts is returned to the rightful owners and the transactions that loaded them are reversed, this whole problem is solved and I am willing to say no harm no foul and let it all fade away.
Let's take a breather on this and let me think and check the posts again and try to put the whole picture together again in my head. I will try to write you again by Sunday night.
Please work with me and stay in touch. You still have pieces of this puzzle that I need to hear. Maybe we can work this out yet.
-Ricky
Thank you, sir. Now you know why I haven't been posting on the news site lately. I'll get back over there this week. 
