Topic: The problem of stolen coins (Read 8955 times)

And old users.

They are already published on the block chain. 

What a new user heard is "fuck all that I should keep using Paypal because it is safe".  Most active users on BitcoinTalk aren't going to do all that.  Even doing all that is no guarantee you won't get so called "tainted coins".  What if Bitcoinica hadn't noticed the theft for 8 hours.  How many users even doing all 8 stupid steps on every transaction could end up with "tainted coins".

What does this laundry list of complicated steps accomplish? Absolutely nothing.
What does massive conflicting registries of tainted coins databases? Absolutely nothing.

A bunch of running around in circles flailing hands and accomplishing nothing except to drive away new users. 

I suppose theoretically you are right.  In practice however, I will take that as a "no".  There is a much lower barrier to entry to secure your coins then for every bitcoin user to jump through the 8 hoops you outlined above.  I don't ever see that happening unless the acceptance and use of bitcoins stay very very small.

This may be relevant -
http://en.wikipedia.org/wiki/Nemo_dat_quod_non_habet

In American law, a bona fide purchaser who unknowingly purchases and subsequently sells stolen goods will, at common law, be held liable in trover for the full market value of those goods as of the date of conversion. Since the true owner retains legal title, this is true even in a chain of successive bona fide purchasers (i.e., the true owner can successfully sue the fifth bona fide purchaser in trover).

But . . . .

There are numerous exceptions to the nemo dat rule. Legal tender, for example, does not adhere to the rule in certain circumstances. If a rogue buys goods from a bona fide merchant, that merchant will not have to return the bills to the true owner. To hold the rule to be otherwise would be disruptive to the economy and prevent the free flow of goods in an economy. The same may be true of other "negotiable" instruments, such as cheques. If a thief A steals a cheque from B and sells it to innocent C, C is entitled to deal with the cheque, and A cannot claim it back from C (though the name appearing on the cheque may affect the validity of such a transfer).

Somehow I think we should stay away from a solution where some central authority has the ability to arbitrarily devalue any individual's collection of coins. Today, it may just be stolen coins that get tainted. Tomorrow, coins could become tainted by activities related to terrorism, child porn, prostiution (which BTW is legal in many jurisdictions)  and who knows what else? Who has the right to declare that a crime has taken place involving a certain set of coins?

I think the effort should be focused on giving people the right tools to keep their coins safe - not on rerieving stolen coins after the fact.

Not being able to run a node yourself doesn't mean you would need to use an online wallet. There are intermediate solutions that wouldn't require giving a third party control of your bitcoins, ranging from storing only your private keys and relying on a third party for block chain data, to a 'Simplified Payment Verification' node, where you store your private keys, all of the block headers and only the merkle branches containing the hashes of the transactions you need to verify.

Re: The problem of stolen coins

We can't avoid the fact that bitcoins allow a level of traceability that's greater than cash. I like the analogy Gavin Andresen gave:

http://www.americanbanker.com/issues/177_10/bitcoin-digital-currency-bank-risks-1045734-1.html?zkPrintable=1&nopagination=1


This gives those parties that exchange large numbers of bitcoins, like MtGox, the opportunity to help discourage bitcoin thefts and identify their perpetrators. I think it's unlikely that they're going to do nothing given the power they have to not allow their service to be used to sell stolen bitcoins and make bitcoin crime more difficult to profit from.

That being the case, the situation I think most people want to avoid is one where all bitcoin users need to have a registry on hand that lists all the bitcoin transactions that major exchanges consider to be thefts, and only accept bitcoins that don't trace to them.

To avoid such a situation, while still putting up some obstacles for thieves, I think the exchanges should follow a policy like this:

1) Declare that any deposit of bitcoins that trace back to a bitcoin theft (originally stolen bitcoins) will not be accepted, and will be sent back to the sender, up until six months after the theft, and the deposit, along with the IP address and exchange account information of the depositer will be reported to the police in the jurisdiction of the victim.

2) Declare that any deposit of originally stolen bitcoins, by someone using a known public proxy or TOR exit, could be confiscated, and the deposit, along with the IP address and exchange account information of the depositer will be reported to the police in the jurisdiction of the victim.

3) Declare that any deposit of originally stolen bitcoins, more than six months after the theft, will be accepted, but the deposit and the depositer's account information will be reported to the police in the jurisdiction of the victim.

This would result in the following:

People would be discouraged from using proxy IPs and TOR when accessing the exchanges, since doing so could result in bitcoins they're depositing to be confiscated if they trace to a heist.

People would not need to have a registry of 'hot' bitcoin-transactions to cross-reference before accepting bitcoins, since receiving originally stolen bitcoins wouldn't mean they would forever be unable to sell them.

Those who steal bitcoins would have a lot more difficulty laundering for six months after the crime than if the exchanges had no six-month non-acceptance period. This increases the chance that stolen bitcoins are recovered.

bitcoin is neither currency or a commodity. it is simply a construct created by a system where proof of work is associated with numbers that are assigned to asymmetric keys. It is nothing more than a number assigned to a key that you created, which in turn is nothing more than random "data" given meaning by another system called cryptography. This is different in that given one of the smallest chances possible to be had, you could just steal every coin ever made. Although that is a very very very x10^100^100 small chance(perhaps not that big/small, but you get the idea).

it also does not matter if it is currency or a commodity. it is exchanged or given for other "stuff". a name is only intended to give it legal ground, and for my purposes, i frankly don't give a fuck, and neither should anyone else that lives in the real world, or wants to live in a free and more fair and just world. And in reality, the only reason we have this overly bloated legal system is so that it is impossible to live lawfully and to ensure that already established corporations can continue to exist.

And stolen coins are not "stolen", they were "donated" (sometimes involuntarily). It was always your choice to have them open and accessible to others on the internet. If you did not know that going in, im sorry but you are in idiot. In fact, you should ALWAYS expect to have all your coins taken at almost all times. Just not as much if you keep them offline. if you do not want your coins stolen, don't give them to other people to keep for you(or even to just hold), that's a fools game. What if your precious online wallet service got attacked by an employee and emptied all the online coins and a large chunk of the cold storage?(just for kicks, they destroyed them, because i doubt you could really get away with it, given proper security procedures, and you never know if they even have any)

It has been awhile since i was last active on this forum, and it has just fallen to utter idiocy. People actually support keeping coins in the hands of larger companies, where in fact that is where they are the least secure if you are technically competent to keep several backups on several different offline medias. bitcoin is broken if one day it is impossible to run a node yourself. Because the minute i am forced to keep coins in an online wallet, ill just stop using bitcoin and use cash.

Well that's my rant, take it with a grain of salt.

Calling Bitcoin a commodity and going through the logical hoops is akin accepting to the Celestial Spheres theory of cosmology during the Dark Ages. It's probably the best we're going to get until people stop believing in the "Invisible Hand" and other dogma created by our monetary based society.

[Citation needed]

what is happening is definite proof that bitcoins are a commodity not a currency.

The problem is that it is too hard to distinguish between Bitcoin being a currency or a commodity. If it were a currency, then you couldn't ask innocent persons that had obtained tainted BTC by trading to just give it up to the authorities.

If it were a commodity however, you could theoretically be charged with receiving stolen property, and possibly be compelled to return the coins. The main problem is that people don't know (and can't be expected to know) whether the coins they are getting are tainted before receiving them. Further, since they are often paid for in goods or non-refundable payment methods, they wouldn't want to give them up without some kind of compensation.

180 days after your account gets suspended Paypal will mail you a check with the ammount that was left there. I hope you didn't use a fake address

seems like whenever i hear of a large bitcoin theft it always has the common factor of the coins being stored online somewhere as in an exchange, pool, etc.  don't want your coins stolen?  learn how to protect them yourself. its not that hard.   some people have just got to learn the hard way.  happened to me with paypal.  they froze my account, with thousands of dollars in it, and i don't even know if or when i will see a dime of that money. but you can rest assured that i will never use paypal again in my life.

I would pay a modest premium for high purity stolen coins of notable lineage in small quantities.  Like I'd probably be willing to pay 5 BTC for 1 BTC that was stolen in the latest incident, if it were 100% pure and had only a small number of intermediate wallets between, for example, bitcoinica's wallet and my own.  I suspect that plenty of other people would be willing to start a collection of famous coins too, if they could only just figure out how.

1-6 seem fine
7-8 BS

If it comes to that Bitcoin is dead, again. Do you seriously think we should do that with every transaction?
Non tech-savvy people, heck even some tech-savvy people have no idea what you just wrote there, not alone a clue how to go about it. BTW to 6: "What is a private key? and where do I find it?" to 7: "Which client should I use and how do I use it?"

If you are for real here Bitcoin will never lift off to the main public, on the contrary it will become totally marginalised, ie for computer nerds only. If we want that, go ahead with 7 and 8.

If we don't, we need to make absolutely clear to MtGox and all general and potential users of bitcoin that if stolen coins are kept back from exchanges those exchanges need to face boycot or people will start rejecting BTC. This WILL be the end of BTC.

amencon@page1: "Do the people that find themselves in possession of laundered stolen coins have the same opportunity to protect themselves?"

Yes:
1: Don't publish your public keys. Keep them as secret you would keep your private keys.

2: Again: Treat your public keys as they were your credit card numbers. Would you enter your credit card number at some random untrusted USD to EUR exchange? Would you give your credit card number openly on this forum? Would you give your credit card number to some random wanting to give your money?

3: Yes you can give public keys. But treat them as your credit card number. ONLY give them to trusted people. Think of trusted people as like those nice webshops that you trust and know have good reputation. You freely give your cc to them.

4: Only deal with trusted indivuals.

5: Once a key is used, consider it void. After a adress has been used for a legit transaction, NEVER ever reuse that key. NEVER ever collect
any coins that may randomly fall into that adress. Toss away the private key after the coins has been spent.
(Because the public key go into the blockchain and is published and leaked.)

6: If a public key does leak, make sure to claim all coins before any new coins appear at that adress, and then toss away the private key to the leaked public key.

7: If you get unknown coins at a adress, use a client that allows you to select coins, to make sure to only select non-stolen inputs, to claim all coins from adress.

8: If, and ever if, unknown coins ever get mixed with your own coins in some way making them unseparable without tracing you to the stolen source coin, toss all those coins overboard.

Please, stop acting like this was a matter of personal choice. (Not directing this solely to you).

If whatever exchange you use confiscates coins with x% taint then that's the most important taint % to you. If the market starts distinguishing in taint levels, then any taint is relevant to you. If the x% of taint your exchanger thinks he's warranted to ask you questions is a loose range, then the very uncertainty will make you avoid any taint at all. Taken to the extreme the system would be so complicated a lot of people would just give up.

One has to take into account that all addresses with any number of coins are in the blockchain, you can in theory get randomly tainted in some sort of lottery, they are all public. In many cases, people advertise donation addresses and such. Any foe would be able to effectively taint these. There are dozens of implications once we break the assumption that all BTC are equal. It's a mess.

So, you bail if someone will not accept your tainted coins... or worse, they wait 'till  you send them before informing you the product or service you purchased will not be honored.
Now, on the flip side, would you accept bitcoins in payment if you clearly knew they were stolen?

This is nothing more than a new dynamic most of us have not thought through. Let's look at it in a positive way.
Sounds like a new service is needed where the community can watch where these coins go.
What someone or some service does with this information is entirely up to them.

how would you react if...
          you received 100% tainted coins from the source?
          or 100% tainted coins but jumped through a few addresses?
          50% tainted?
          10% tainted?
          <1% tainted?


Me personally, I wouldn't care the slightest once my coins are tainted less than 10%.

Sorry, but with great power comes great responsibility!

Spins a web, any size,
Catches thieves just like flies
Look Out!
Here comes the Spiderman.

Is he strong?
Listen bud,
He's got radioactive blood.
Can he swing from a thread
Take a look overhead
Hey, there
There goes the Spiderman.

In the chill of night
At the scene of a crime
Like a streak of light
He arrives just in time.

Spiderman, Spiderman
Friendly neighborhood Spiderman
Wealth and fame
He's ingnored
Action is his reward.

To him, life is a great big bang up
Whenever there's a hang up
You'll find the Spider man.