
Experts cracked laptop of crypto CEO who died with $137M, but the money was gone - turtlegrids
https://www.businessinsider.com/crypto-ceo-died-with-passwords-to-137-million-but-the-money-is-gone-2019-3
======
uberman
For some reason this sounds like the plot of a movie starring Leonardo
DiCaprio.

CEO of Crypto Company...

1) Takes time off to build orphanage in region noted for fake deaths.

2) Subsequently dies unexpectedly.

3) Is immediately cremated.

4) Wife waits a month before saying "oh by the way he is dead"

5) Wife claims all keys on encrypted laptop

6) World watches as wallets mysteriously empty

7) Experts crack laptop

8) All wallets turn up in fact empty

9) $140 million disappears into the ether

[https://pbs.twimg.com/media/DOjLuy7VoAATprU.jpg](https://pbs.twimg.com/media/DOjLuy7VoAATprU.jpg)

~~~
tim333
And the widow is left with just the 17 properties, 2 cars, yacht and plane
that he earned through honest hard work.

Another thing you could work into the plot is $9m appears to be with WB21
"Banking Redefined" which claimed a million users but was discovered to only
have 135 downloads of its app (now removed), is run by a convicted fraudster
and was awarded "Global Banker Award 2018" in a black tie ceremony that they
seem to have set up themselves to give themselves the award
([https://www.youtube.com/watch?v=JbKMdhpwbaw](https://www.youtube.com/watch?v=JbKMdhpwbaw)).
They are still going I think if you are looking for a safe place to put your
money. [https://amycastor.com/2019/03/01/diving-into-wb21-the-
compan...](https://amycastor.com/2019/03/01/diving-into-wb21-the-company-
holding-9-million-of-quadriga-money/)

~~~
908087
That "award" ceremony video is both surreal and ridiculously cringe-inducing
at the same time. It wouldn't surprise me if he actually felt like he had
"achieved" something when he gave himself that award, either.

It was like you were watching his fantasy of what people would say about him
if he was a productive member of society instead of a criminal and fraud.

~~~
qqqwerty
FWIW, this is only marginally worse than your standard 'industry award' in
that he had the nerve to give it to himself. Pretty much every industry has a
boatload of meaningless awards. It is done largely for marketing and for
'social engineering'[1]. It is cheap (both in cost and tact) but effective.

[1] Curries favor with the awardees, creates an 'in group' etc...

~~~
wallace_f
Feynman spoke at length on the shallowness of awards.

>epaulets, uniform, position: it has nothing to do with something intrinsic of
that person.

------
LeonM
My take on this is that they probably were insolvent for a long time already
due to previous hacks/theft. The CEO just decided to lie about the supposedly
137M in funds 'safely' stored on his laptop.

This is also what happened at MtGox, except that at MtGox they 'lost' wel over
a million BTC.

Edit: relevant listening:
[https://darknetdiaries.com/episode/9/](https://darknetdiaries.com/episode/9/)

~~~
HenryBemis
And this is the problem. These guys are not regulated. There is no
transparency. There are no external auditors. There is no control. When we
find out, it is always too late. Every "cryptocurrency bank" is a potential
Enron. I fear both the involvement of Central Banks and at the same time the
lack of it.

If EY (or anyone else serious about this) 'follows the money' then that would
be a very interesting report to read.

~~~
Solar19
This would seem to be a private problem. If people choose to park their money
with a non-transparent, unaudited random crypto startup, that's their decision
and their problem. I'm not interested in paying for "regulators" in such
cases.

~~~
naravara
You don’t need to pay regulators, you just need to make people able to sue for
damages or charge crypto purveyors with fraud. It’s manifestly clear that the
majority of these are just pyramid scams.

~~~
usrusr
"Sue later" is not a solution when the money is already gone. That might be ok
when facing an industrial company that has plenty of physical assets that
could be sold off under bankruptcy, but finance leaves nothing if it fails.

------
deepspace
Why is nobody talking about the convicted felon, Omar Dhanani aka Michael
Patryn, who is a co-founder and majority shareholder of Quadriga?

Dhanani is very much alive, and is known to have been involved in money
laundering schemes. If I were an investigator in this case, that is the first
door I would go knocking at.

~~~
noobermin
I get the tech around crypto is interesting, but if your whole space is
inhabited with such people, isn't it time for you to wonder if something's
wrong?

~~~
erobbins
Unregulated financial markets draw crooks like moths to a flame. Forex used to
be just as bad.

I wonder if there's anything to be learned from this? Perhaps deregulating
markets driven by greed, margin, and leverage is a bad idea? LeT tHe FrEe
mArKeT DeciDe?

------
markjenkinswpg
I'm not convinced of the first half of the headline re laptop cracking.

The article cites the latest monitor report, but the only paragraph I can find
with the word laptop just implies the monitor has possession and success with
some devices.

""" As noted in the First Report, known devices of Mr. Gerry Cotten have been
secured by the Monitor including, Mr. Cotten’s laptops, cellphones, USB keys
and home computer. The Monitor understands that prior to the commencement of
the CCAA Proceedings, the Applicants together with their initial outside
expert, attempted to access the devices and were successful in respect of
certain devices. The Monitor will work with the Applicants and Representative
Counsel to determine next steps to access any information and data which may
be located on the devices and report back to the Court with respect to those
efforts. """

~~~
Scoundreller
It may not matter much.

There’s no evidence that a cold wallet with much of anything even exists.

But the devices may hold some records of external accounts (eg: deposits on
other exchanges).

------
rchaud
> The investigators said they found other issues too, such as that Quadriga
> kept "limited books and records" and never reported its financials.

New SaaS idea: Skin Lotus 1-2-3 and sell it as a "decentralized on-premise
bookkeeping solution for your blockchain"

~~~
stendinatorr
>decentralized >on-site

you made my day

~~~
rchaud
I should have added "serverless" as well, come to think of it!

------
eyezick
This article is innaccurate.

Here is the tracking by Ernst & Young (court-appointed) providing all the
public information about these developments. The latest report on 1 March 2019
mentions nothing about a cracked laptop.

[https://documentcentre.eycan.com/Pages/Main.aspx?SID=1445](https://documentcentre.eycan.com/Pages/Main.aspx?SID=1445)

~~~
gamblor956
There's nothing wrong with the article. The March Report merely says they were
able to recover the cold storage wallets and discovered they were empty; it
doesn't go into _how_ they got access to those wallets since that isn't
relevant to the report.

Per the company and prior news reporting, those cold storage wallets discussed
in the March Report were only stored on the owner's laptop, which was
previously inaccessible due to various security mechanisms. (Reports suggested
that the laptop was "locked" but did not indicate whether it was boot-locked
or locked via the Windows mechanisms.) The fact that they were able to access
those wallets means they "cracked" the security measures on that laptop.

~~~
mthoms
>The fact that they were able to access those wallets means they "cracked" the
security measures on that laptop

Incorrect. Experts were able to trace funds back to the cold storage wallets
addresses using analysis. But the private keys have not been located and no,
the laptop has not been "cracked".

~~~
eyezick
Yup: "The Monitor has commenced a preliminary review of the transactional
activity of the Identified Bitcoin Cold Wallets utilizing public blockchain
records. This analysis..."

------
rkagerer
The headline and article are both misleading. EY never reported they cracked
the encryption on the laptop or recovered any private keys to the so-called
cold wallets.

Six empty cold wallet addresses were disclosed by Quadriga, and for the most
part they look to have been unused for the last year. EY is investigating some
other potential addresses which are also empty.

Source:
[https://documentcentre.eycan.com/eycm_library/Quadriga%20Fin...](https://documentcentre.eycan.com/eycm_library/Quadriga%20Fintech%20Solutions%20Corp/English/1.%20Monitor's%20Reports/4.%20Third%20Report%20of%20the%20Monitor/Third%20Report%20of%20the%20Monitor%20dated%20March%201,%202019.pdf)

------
samfisher83
People might complain about banks, but when you have cases of fraud at least
you have people try to recover it. Government makes you keep pretty good
records. In this case how do you undo the blockchain? In this case what
recourse do you have.

~~~
whttheuuu
actually, the entire point of blockchain is that the ledger is public. every
movement of each and every bitcoin is public and can be tracked. it just takes
time to analyze.

~~~
mannykannot
Even if that were so, it would not be sufficient for restitution, but bitcoins
and satoshi are just abstractions and do not have individual identity, and
cannot, in general, be individually tracked.

------
xutopia
This is BS... the money cannot be "gone"... what do they mean by that? There
is a public ledger. We would know and can trace where this money went to. Do
they mean the wallet was not on the laptop instead?

~~~
ceejayoz
If the keys are lost, the money is for all intents and purposes gone.

~~~
deepsun
But you can still track history of any coin existed.

If somebody know wallet ids of money before they were stolen, you can trace
transactions to see what wallet ids they are in now.

If they say "stolen", it means that they found transactions when money were
transferred from victim's wallet. And if they know transactions, then they
know source and destination wallet ids.

~~~
blotter_paper
This is close enough to true for the purposes of this discussion, but in the
general case you can only reliably track the flow of funds in aggregate, not
the flow of any individual "coin." If addresses A and B send equal amounts of
coins to C, C sends all of those coins to D, and D sends half of them to E,
you can't really track the coins from A to E or from B to E. The transaction
from C to D results in a single output that doesn't distinguish between funds
from A and funds from B.

~~~
dd36
You track D and E. At scale, there surely are consistent patterns.

~~~
blotter_paper
Yes, but my example was contrived for simplicity, and really D can make a
transaction with an arbitrary number of inputs and outputs sent to and from an
arbitrary number of addresses belonging to an arbitrary number of users. This
is what bitcoin mixers do. Now we have a bunch of inputs coming in, and a
bunch of evenly sized outputs coming out (with some unevenly sized ones for
change). You can still probabilistically track funds if a user did something
like putting coins from D into a big mixing transaction with other users and
then sending their mixed coins from address F though I to a single address J
that just so happens to have the same balance D started with, and of course
there are less contrived situations where patterns of behavior would be
evident, but this is all probabilistic and you still aren't really tracking
individual coins; discrete coins aren't stored on the blockchain, transactions
with input and output balances are. If the missing funds are tracked, and this
whole affair was the result of malevolence rather than incompetence, I'd bet
they're either sitting in a bunch of tiny accounts that have been cycled
through mixers more than once or they're going to be before they're spent
(having faked your own death, you could see holding off on the mixer until
you've had ample time to cover your trail thus giving the appearance of
incompetence rather than malevolence for a while).

------
whoisjuan
This guy is alive (or dead, but not due to Crohn's Disease complications, as
stated initially). This is not a conspiracy theory anymore. It's clear there's
a massive fraud behind all these events.

~~~
covercash
As a mod for r/CrohnsDisease, it really sucks that this is how most people are
first hearing about the disease. Those with IBD already have a difficult time
with people not believing they’re sick or that symptoms aren’t that bad since
they’re not visible. Now Crohn’s will be associated with this fool using it as
an excuse to steal a bunch of money... such a huge disappointment.

~~~
patrickmcnamara
I really doubt that this is how most people are first hearing of Crohn's
disease.

~~~
covercash
Most people think it’s just a stomach ache or diarrhea. They don’t realize how
severe and debilitating it can actually be because most people who have it
don’t like to broadcast to the world that they’re shitting blood and mucus 30x
a day.

------
a_bouncing_bean
Maybe I don't know much about bitcoin, but can't you track the address where
the bitcoins were being transferred to? Seems like it would be difficult to
launder that volume of bitcoin all anonymously where it can be tracked, to a
certain extent, through the public blockchain?

~~~
omouse
There are bitcoin _tumblers_ , essentially the idea is to split up the
transaction into multiple transactions of varying sizes to various addresses
and to keep doing that in such a way that it doesn't look weird...

Basically they try to hide the transaction among the huge volume of
transactions going on, kinda like a VPN or Tor?

~~~
EthanHeilman
1\. If the coins were moved through tumblers that would be detectable and
highly suspicious.

2\. Safely tumbling large quantities of coins is especially difficult. At this
scale I would wager twenty dollars that blockchain analysis should be able to
trace at least some of the coins with high confidence.

3\. It is rumored that many tumblers are run by law enforcement.

~~~
godelski
Outside the sphere of crypto, this is called "washing" or "laundering"
("cleaned", etc. Anything along this line). "Laundering" is the legal term).
Such acts are typically traceable, but generally fly under the radar. Once
someone is aware that the money is being washed it is usually uncovered
(AFAIK).

Washing crypto would seem even more difficult because transactions are all
accounted for. So I'd assume a cleaner would need to have random time variance
in redistribution so collisions aren't found. But also, money has to be spent
or converted, so that's a big way you could uncover it. Money is harder
because cash is still a thing.

1) See that money is transferred from account to washer (instant flag)

2) Search for accounts associated with initial fraud and watch for extraction.

~~~
Maxion
I work in crypto. Transactions can very much be traced. There's no trace of
Quadrigas cold wallet holding any large sums of BTC. It's still a mystery
what, exactly, did they do with customer funds. It'll be uncovered eventually
once enough time has been given to forensic examiners to go through the
transactions of the exchange.

------
dtx1
How did they crack the Laptop? Just Bruteforcing a bad password or 0Day-ing
the Encryption?

~~~
omouse
I think this is the $137 million dollar question.

~~~
emilsedgh
So they thought. Turns out it was worth nothing.

------
bifrost
Wow! Do we know if this was some sort of scam or what? Thats... just wow....

~~~
smt88
We don't know, but people have been speculating that the death was faked in
order to get away with theft and mismanagement of Quadriga wallets. Every new
detail seems to suggest a scam and fake death.

~~~
dragonwriter
The scam conclusion is stronger than, and does not rely on, the fake death
one. The combination does seem to be the most likely, but even if he's really
dead, this still looks like a scam.

------
reilly3000
Shouldn’t there be a ledger somewhere of transactions tied to those coins?

~~~
cwmma
Like maybe a distributed ledger of some sort?

~~~
hmhrex
That is publicly available for everyone to read?

~~~
TecoAndJix
That points to a tumble service address where it disappears forever in Monero
land?

~~~
Scoundreller
Or just different coins out than went in.

Rumour has it the exchange did this anyway as it was short/long on different
coins. They lost a ton of ether in the past, so they may have had to do such
switcheroos for a while.

------
jacquesm
I think it might pay off to spread the mugshot of this character far and wide.
There is a non zero chance that he's not dead at all.

~~~
vkou
Yes, to make it easier for vigilante justice to find, and kill someone some
unlucky sap who looks like Gerald.

~~~
jacquesm
I think you're jumping to conclusions a bit.

------
jamisteven
Cant believe the article makes no mention of the other major piece of this
conspiracy which is that Michael Patryn, the co-founder of Quadriga, is
actually Omar Dhanani, who was charged with one count of conspiracy to
transfer identification documents as part of Shadowcrew.com and did 18 months
in jail. IMO he is the real mastermind here, as his criminal record shows he
was fully capable of hacking Cotten's accounts and was in close enough
proximity to his networks to not raise suspicion.

------
nodesocket
I am curious to know the OS on the laptop that was cracked. macOS, Linux,
Windows? I would be surprised if a highly technically founder was running
Windows.

Does this indicate there is a known vulnerability in the login process of the
OS?

~~~
g45y45
If i was to guess, i would guess that it was Bitlocker vuln, CVE-2018-12037,
where the bitlocker crypto implementation is left to the junk SSD 'self
encrypting' feature which is found to be broken. I have my doubts they cracked
Veracrypt, LUKS or filevault2 with operator supplied keys. Or they got the
keys from Microsoft/Apple (filevault2 and bitlocker will escrow the keys to
the OS vendor in home editions).

~~~
nodesocket
So you think they broke the disk encryption not the OS login mechanism?

------
ID1452319
Given that blockchain is supposed to be a public ledger, can someone explain
why they cannot trace where the coins were transferred to when they were moved
out of the cold wallets?

In my simple world there must be a way to trace them to their ultimate
origins?

~~~
Arnavion
You can know where they went from the cold wallet. You can't know for sure
where the coins went after that, once they've been mixed with other coins.

Laundry / tumbler services exist to do this at scale.

~~~
jypepin
what does "mixed with other coins" mean exactly? If I own a wallet, and
someone steals coins and "mix" their coins with mine in my wallet, they
eventually have to get those coins back right? So I probably know them and can
found and interrogated?

legit question

~~~
Arnavion
Let's say there are three BTC addresses in the world, #1 to #3. Let's say
address #1 has 1 BTC that you're interested in.

On Monday, all three addresses send all their BTC to address #4. The next day,
address #4 sends the coins back to addresses #5 through #7.

Which address out of #5, #6 or #7 has the original BTC you were interested in?

~~~
Angostura
So - and thank you for bearing with me on this - individual BTC don't have a
unique identifier that allow one to trace its transaction history? I must
admit, I always assumed that they were uniquely identifiable.

~~~
Arnavion
Yes. In the first place, BTC are divisible to eight decimal places, so there
would be a lot of these IDs if they were to exist. And there's no reason the
divisibility can't change in the future, so these IDs would have to be quite
complicated.

A (non-coinbase) transaction is valid if its inputs equal its outputs, and if
its inputs come from the outputs of other transactions, which in turn are
valid if their inputs come from other transactions, all the way to one or more
coinbase transactions. This is sufficient to demonstrate that the transaction
is valid - ie it's using coins that exist instead of creating them from thin
air. That is all that the protocol cares about.

~~~
Angostura
Thank you for taking the time to clear up my misapprehension.

------
harrumph
"Why yes, the wallet we found was empty. Totally empty."

~~~
mv4
Back in 2015 two rogue U.S. Secret Service agents, Shaun Bridges and Carl Mark
Force, were caught and sentenced to prison for stealing funds while
investigating the first high profile darknet market the Silk Road. Shaun
Bridges plead guilty for moving 1,600 bitcoins of seized bitcoins confiscated
by federal authorities.

~~~
astrodust
You can't steal in the course of an investigation what was already stolen as
part of the crime.

~~~
harrumph
> You can't steal in the course of an investigation what was already stolen as
> part of the crime.

Sorry, what?

------
Animats
One real problem with cryptocurrencies: the information you need to determine
that someone has the key to a blockchain address gives you the power to
withdraw funds from that address. You can't just demand that a third party
auditor have copies of all the keys.

(Yeah, dual-sig, split keys, etc. Theoretically possible, not done in practice
much.)

~~~
roywiggins
There are actually whole cryptographic schemes people have written to prove
you have control over the money you say you do.

[https://news.ycombinator.com/item?id=7277865](https://news.ycombinator.com/item?id=7277865)

~~~
Scoundreller
But how do you prove how much you owe?

If an exchange can prove it controls 10 BTC, great. But what if it owes 20
people 1 BTC each?

~~~
roywiggins
I believe the scheme lets depositors prove that their _own_ coins were
included in the liabilities calculation. If some depositors never check, the
exchange could steal their funds, but if it was a regular part of using an
exchange, it would put a pretty strict limit on how much could be looted
before it was noticed.

------
agentofoblivion
Everyone is a fraud. “A previous version of this story incorrectly stated that
investigators cracked Cotten's laptop and discovered money was missing. In
fact, they have possession of his laptop and identified money was missing
through public blockchain records.”

------
miguelmota
Is there a link to the on-chain transaction showing the transfer of the funds?

------
HNBRN
comment_on_crypto_fail = ( author_religion == 'crypto' && author_lost_money ==
false ) ? 'misstep' : 'regulate_urgently'

------
kdme
I don't get why people even try to store their cryptos in a cloud-based
wallet. Just store it in a USB and put it in a safety deposit box.

~~~
mrhappyunhappy
Some have mentioned they were transacting when their deposits withdrawals
stopped working. It wasn’t a matter of storage.

------
Shorel
According to the dates and other information in the article, it is also
possible he was hacked and someone else has the money.

~~~
mrhappyunhappy
In that case he could just come out with it. My guess is he lost the money
either by trading or through pure technical incompetence that resulted in
hardware loss or did something to erase it all on accident. Coming out with
this would not excuse him from legal consequences as much as it would he be
claimed he was hacked.

------
DeonPenny
Is the future still in crypto?

------
RickJWagner
Wow. I'll be watching for more news on this one. Interesting.

------
caprese
What.

Were.

The.

Addresses.

~~~
lysp
1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M

1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB

1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe

1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R

1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa

1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP

Edit:
[https://www.reddit.com/r/QuadrigaCX2/comments/aq3r08/a_break...](https://www.reddit.com/r/QuadrigaCX2/comments/aq3r08/a_breakdown_of_qcx_btc_movements_what_we_know_and/)

------
entity345
Banks and actual currencies still have a bright future.

~~~
xenospn
As far as I'm concerned, if you give your money to some dude on the internet
with ZERO oversight or regulation, you're pretty much guaranteed something
like this happening at some point. how is this different than giving cash to
your cousin's uncle who promises to give it back "whenever you need it"?

