
Bitcoin Thieves Yet to Spend Stolen Hoard - ytNumbers
http://www.bbc.com/news/technology-19633980
======
hippich
I experienced the same with funds stolen from my project <http://betco.in/> \-
whoever stole bitcoins just sit on them right now. I do not know if it is
because they are looking for a way to launder them (although it seems simple
to me) or just waiting when bitcoins will cost $100+/$1000+/etc may be?

~~~
nancyhua
How do you launder bitcoins?

~~~
discountgenius
One method involves running a mining pool where you pay little bits of the
"dirty" coins to hundreds of different miners and keep their "clean," freshly-
minted coins for yourself.

It's a relatively new protocol. There may be laundering methods that nobody's
thought of yet.

~~~
nancyhua
People don't trace the dirty bits to the miners?

------
HyprMusic
Excuse my ignorance, but he said he suspects they're sitting on the bitcoins
because they were "hot". I thought that wouldn't matter with bitcoins due to
their anonymous nature?

~~~
chiph
My understanding is that because of the distributed transaction nature of
Bitcoin-the-protocol, the stolen coins will be "hot" forever. As soon as
they're spent, they'll show up in the logs. The identity of the thieves may
never be known, but the coins themselves are identifiable.

I'm surprised someone hasn't started a hot-sheet for stolen coins, so that
exchanges and individuals can check before accepting them.

~~~
kylebrown
Blockchain.info has a taint analysis tool, and there are other tools. Most
bitcoins have a long, highly-mixed history, tainted some small fractional
percent of most any address from time before. Probably because mtgox, as the
largest exchange, mixes coins pretty thoroughly. Risk to the thieves is that
if they try to sell the coins through them, mtgox will freeze the funds. They
have to be mixed elsewhere first and who knows what taint threshold mtgox uses
to freeze funds.

For example, after the Linode hack the stolen coins were moving around and
there were reports, from people who had bought coins from cryptoXchange or had
paid with paxum, that mtgox was freezing those deposits because they were
connected to the stolen funds.

~~~
DougWebb
That sounds a lot like how all US currency has traces of cocaine on it,
because at some point most US bills (maybe just $100 bills) have passed
through a coke dealer's hands.

~~~
politician
"The Argonne National Laboratory study revealed that the average contamination
was 16 micrograms."

<http://www.snopes.com/business/money/cocaine.asp>

------
nodata
Isn't there a famous patch that makes Bitcoin transactions anonymous? How do
we know they're not using that?

Ref: <https://bitcointalk.org/index.php?topic=24784.0>

~~~
eli
that patch purports to make it "more anonymous," not actually anonymous

------
VMG
So would any business that accepts Bitcoin be in legal trouble if it accepted
these coins?

An individual that accepts them?

~~~
rprasad
No. Knowing receipt of stolen property is a crime. However, bitcoins are not
considered property, nor can they be considered stolen, under current U.S.
law.

~~~
politician
Do you if anyone is compiling a list of stolen addresses?

~~~
hippich
no, because funds might be easily transfered to another address. and after
that you need to mark new address as "bad" again. and it become complicated
when only part of funds transfered to another address. and it become even more
complicated when funds transfered to "pool" address, of big exchanger like
mtgox for example. and these funds end up in hands of honest users..

~~~
VMG
I doubt that creating a graph of "tainted" addresses would be very difficult.

~~~
hippich
something like this?
[http://blockchain.info/taint/1dice7EYzJag7SxkdKXLr8Jn14WUb3C...](http://blockchain.info/taint/1dice7EYzJag7SxkdKXLr8Jn14WUb3Cf1)

------
jorgeortiz85
This presents an interesting problem. Do individuals who accept payments in
bitcoin have to verify that the bitcoins the accept haven't been stolen? If
they fail to verify the provenance of their payment, are they at risk of
forfeiting their money or, worse!, being criminally liable for possession of
stolen property?

~~~
ahi
How do you verify that the bitcoins have in fact been stolen?

~~~
jorgeortiz85
Exactly.

------
reubensutton
I'm fairly certain that you keep the balance in a single wallet, so can send
from a different address than the one that received the funds, so really, all
this tells us is that they haven't been stupid and sent money out from the
same wallet they sent it to.

~~~
feral
You don't seem to understand how Bitcoin works: the balance of the address is
what has the 'coins'. They dont exist independent of the balance of the
address.

So you can't spend them from a different address, without first transferring
them to that different address; and that transfer must be publicly announced
to the network. It is the public announcement which gives the other address
the ability to spend the 'coins'.

~~~
reubensutton
You're correct, I assumed it was the wallet that held the coins, not the
individual addresses.

------
debacle
Not necessarily true. They may have simply transferred ownership of the
account the bitcoins were in to someone else outside of the bitcoin universe
(e.g. on a USB drive).

------
kevinpet
Can someone explain if there is a technical reason the network can't collude
to cancel these bitcoins? This seems a reasonable reaction to known theft.

~~~
hippich
technically this can be added into protocol/rules. but then we get back to who
decides what was stolen and what was not.

------
carioca3
Maybe they deleted their wallet in order to destroy the coins?

------
zupreme
I've only been into bitcoin mining and trading for about a month now, so take
this with a grain of salt, but:

If were the criminal behind this heist and I wanted to whitewash these bit
coins, I would first establish several new wallets, would divide the coins
between them, then would programmatically transfer the coins back and forth
between the accounts in random amounts at short but random intervals over the
course of several months to increase the noise level. I would then (again
programmatically) buy a different electronic currency (namecoins, etc.) with
them to obscure the trail even more. Finally I could transfer them back into
bitcoins, using several new wallets.

At that point they could be cashed out or spent more or less freely.

Again, I'm new to bit coins so I may not know all the dynamics involved, but
what I have outlined seems logical based on what I know at this point.

~~~
maxerickson
If I have it right, the self transactions wouldn't do much (because the
transaction history of the bitcoin system is public).

A few other comments mention that Mt. Gox is treating certain coins within
some distance of certain accounts as tainted and freezing those transactions.

