Pages:
Author

Topic: Silk Road: Trail of 11,329.89BTC - page 3. (Read 35074 times)

legendary
Activity: 1918
Merit: 1570
Bitcoin: An Idea Worth Spending
October 18, 2013, 04:54:11 PM
#23
Just so that it doesn't go unnoticed, this thread was linked from Forbes: http://www.forbes.com/sites/kashmirhill/2013/10/17/does-this-17-million-bitcoin-wallet-belong-to-alleged-silk-road-mastermind-ross-ulbricht/

Quote
When the FBI took down online drug bazaar Silk Road and seized its assets, the government became the proud new owner of over 26,000 Bitcoins, or almost $4 million that Silk Road customers had sitting in their accounts. The FBI plans to liquidate those when judicial proceedings are over, but it also hopes to seize many more Bitcoins. The FBI suspects that alleged Silk Road mastermind Ross Ulbricht, 29, who was arrested in San Francisco earlier this month, is sitting on 600,000 Bitcoins, or $80 million. I suspect that number’s overblown; that’s the total commission on the 9.5-million worth of Bitcoin sales that Silk Road has seen during its more than two years of illicit life. Surely some have been spent over the years to maintain the site and the lifestyle of its operator(s). But even if the haul isn’t that large, whoever is behind the site would have a massive amount of Bitcoin. Now some Bitcoin enthusiasts on Bitcointalk.org think that they’ve found them.
member
Activity: 110
Merit: 10
October 18, 2013, 04:50:50 PM
#22
it's likely he used a tumbler he designed himself... probably the same one that was on SR.

silk road is known to have a tumbler, though considered not strong.. as OP states.
the silk road tumbler is what lead to the money laundering charges listed in the warrant.

BCB
vip
Activity: 1078
Merit: 1002
BCJ
October 18, 2013, 09:26:21 AM
#21
https://bitcointalksearch.org/topic/m.3361705

Also has anyone made any connection between these SR Addresses and BCTST Addewssws?

Can you please share those addresses with us here? I don't know which addresses you are talking about.

This is one of pirateat40's old payout addresses. 

1LkkxPDNAvnFxc3RSnq4Xk27cTPBcJqBrm

A few defrauded users had send me their pay-in and payout addresses last year when there was small community effort at doing some similar (more rudimentary) block chain analysis to try to find out where some of these funds ended up.  I'll see if I can dig them up.



full member
Activity: 173
Merit: 100
October 18, 2013, 09:03:22 AM
#20
Great job.  You just saved Hank Schrader a TON of work. 

member
Activity: 91
Merit: 10
October 18, 2013, 08:56:02 AM
#19
https://bitcointalksearch.org/topic/m.3361705

Also has anyone made any connection between these SR Addresses and BCTST Addewssws?

Can you please share those addresses with us here? I don't know which addresses you are talking about.
BCB
vip
Activity: 1078
Merit: 1002
BCJ
October 18, 2013, 07:10:38 AM
#18
https://bitcointalksearch.org/topic/m.3361705

Also has anyone made any connection between these SR Addresses and BCTST Addewssws?
member
Activity: 91
Merit: 10
October 14, 2013, 02:06:11 PM
#17
This was actually already addressed in this thread:

https://bitcointalk.org/index.php?topic=94675.640


Nice to see others have also come to same conclusion. I'll try running my script against 1DkyBEKt5S2GDtv7aQw6rQepAvnsRyHoYM tomorrow and see if I can come up with something Wink Too sleepy to do this now... but was good fun!

Quote
I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.

Or they could just get it out of him. Easier and faster.
legendary
Activity: 905
Merit: 1000
October 14, 2013, 01:56:58 PM
#16

I was hoping to find some connect between this address and the address he unwittingly leaked out 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS in this post: https://bitcointalksearch.org/topic/m.94424

Long story short, I think, if my analysis is not wrong, the address 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a belongs to DPR. He used a tumbler to mix his coins but looks like it wasn't good enough to hide the trail.




Nice work.

Properly promoted, this account balance could be an incentive for thousands (or millions) of new Bitcoin users.

Download a wallet and spin the wheel as many times as you want for a chance to win.

Make lemonade.
https://en.wikipedia.org/wiki/When_life_gives_you_lemons,_make_lemonade

hero member
Activity: 732
Merit: 500
Nosce te Ipsum
October 14, 2013, 01:54:05 PM
#15
This was actually already addressed in this thread:

https://bitcointalk.org/index.php?topic=94675.640

The address (1933phf...) is clearly tied to SR. If you follow some of the addresses that feed into that one, they are linked to the "Seized Coins" wallet.

There is not 600,000 coins either btw. That is the total amount of coins the FBI has said SR generated in commission since it was up and running. When you figure that for almost 2 years of SR's life, BTC's were valued at under $20, and he was paying his staff between $1,000-$2,000/week, and was paying for the servers and whatever else was involved in keeping SR secure, there's likely no where near 600,000 coins left. My guess is that the wallet in question was DPR's retirement fund.

I know they said they have been unable to decrypt his large wallet, but I would be willing to bet that it is more likely that they cannot decrypt a file, or partition that they believe contains the secret keys to any other wallets he may have.
sr. member
Activity: 333
Merit: 252
October 14, 2013, 01:33:40 PM
#14
there was a while ago an address with >500k BTC that was linked
to SR: people just put money on SR and they ended at that 500k address.
There was a lot of discussion about that address which was perhaps
the reason that the owner split it into several - but still rather  large - addresses,
one of which is the still notorious 1933ph

so yeah. It's most probably him.
sr. member
Activity: 378
Merit: 250
October 14, 2013, 12:58:55 PM
#13
very good work done by you its apperciated good luck  Smiley
sr. member
Activity: 378
Merit: 325
hivewallet.com
October 14, 2013, 12:45:48 PM
#12
So, yet another mistake on DPR's part. For certain the highest-denominated wallet was going to receive this kind of scrutiny eventually.
legendary
Activity: 3066
Merit: 1147
The revolution will be monetized!
October 14, 2013, 11:39:07 AM
#11
Wow dude, nice work.  Smiley
legendary
Activity: 1792
Merit: 1111
October 14, 2013, 11:37:39 AM
#10
bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself

This was not even existed in 2011
legendary
Activity: 1764
Merit: 1000
October 14, 2013, 11:32:44 AM
#9
bitcoinfog.com is the only deepnet service for this purpose (at least to my knowledge). maybe he used them, if he didn't mix it himself
member
Activity: 91
Merit: 10
October 14, 2013, 11:15:05 AM
#8

Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.


The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough.

Is there any other known addresses of DPR?

This is because he split the 11K BTC into multiple transactions (one of 5KBTC and the other of 3K and 2K BTC). I'm pretty sure all the dest addresses for those transactions belong to the Tumbler service. The paths taken for each of the above 3 transactions can be different lengthwise. The script I wrote just followed 1 path (which was the shortest) which turned out to be the 2K BTC one (the path taken could have been any of the above transactions).

Unless DPR knew who the receiver was beforehand, it would not be possible for his 2K BTC to end up as the first transaction to 1933phf. The 1933phf address looks like it was used for only storage (probably offline) seeing that there are no coins spent from that address. This way I could conclude that both the sender and the receiver is DPR himself.
legendary
Activity: 1792
Merit: 1111
October 14, 2013, 11:02:57 AM
#7

Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other accounts.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.


The 1LDNL....... received 11,329.89 BTC, while only 2,000 BTC end up in 1933phf..... Not saying you are wrong but that's not strong enough.

Is there any other known addresses of DPR?
member
Activity: 91
Merit: 10
October 14, 2013, 10:53:41 AM
#6
I found the same link too. The 1933ph..... could be DPR's address but I think the evidence is not strong enough. It's possible that he just spent 2000BTC with the tx afeecd8e47d6c3912d6c2e5f7a2ceafdecc9d4ad221480fe90847c23f81c8892.

BTW, someone sent 2 x 1.73632986BTC to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a on 2013-10-09.

You can verify that the first ever transaction to 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a came from DPR's address: http://blockchain.info/tx/70d46f768b73e50440e41977eb13ab25826137a8d34486958c7d55c5931c6081

Notice that all the inputs came from this address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y. I'm pretty sure if you go backwards you can land at DPR's other addresses.

Also, I don't think DPR just spent it (to someone elses address) as the trail has only addresses that were used for mixing... all the intermediate addresses have exactly 2 transactions... 1 receive from previous mixing address and 1 to the next mixing address all the way to its destination 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a.

The script I wrote followed a path that had addresses with only 2-10 transactions.
So lets break in down:

DPR's known address: 1LDNLreKJ6GawBHPgB5yfVLBERi8g3SbQS
Tumbler's receive address: 1BG9jDV3pA1MsJUnvRyWuA2b7PfGd4MZaw (only 2 transactions)
Tumbler's next mixer address: 12h6TzwPNBvDnppbsqpyXwW4oo5UUKaKSa (only 2 transactions)
Tumbler's next mixer address: 1EG9HJG9aGqzgGujfNQMiNbyqpKnFxafvE (4 transactions but note that the only output is to 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh... the remaining transactions are just too small -> this address may have been reused by the tumbler)
Tumbler's next mixer address: 1AHki5AbZYiz4fHkGSTVKN3T1Tv5PwZpnh (only 2 transactions)
Tumbler's final mixer address: 15TEAwEMxVS3BK718HhwgJg7nxwyJ2ib9y (7 transactions -> Note that this has only one output)
Final Destination address: 1933phfhK3ZgFQNLGSDXvqCn32k2buXY8a

There is no other path followed by the tumbler. So possibly the service used by DPR was pretty weak or probably he just manually mixed it himself.
sr. member
Activity: 252
Merit: 250
October 14, 2013, 10:44:09 AM
#5
Very Impressive
legendary
Activity: 4270
Merit: 4534
October 14, 2013, 10:33:38 AM
#4
its pretty impressive that you found that. i also didn't know that dpr is thought to be username altoid.  I guess in theory he could have just used a random address in the thread but unlikely.  now if we could only figure out the private key...

the SR arrest warrent of DPR mentions that altoid is DPR.. and thats how he was caught.. altoids email address was Ross Ulbricht@gmail
Pages:
Jump to: