
Inputs.io hacked – 4100 BTC stolen - citricsquid
https://inputs.io/
======
lbarrow
"No regulations" sounds great up until the moment when the bank gets robbed,
the police don't care, and the only proof that it wasn't an inside job is a
screenshot of the banker's email[1]. (Not that I think that it was an inside
job. I just think this whole situation is kinda funny.)

[https://bitcointalk.org/index.php?topic=283756.msg3505394#ms...](https://bitcointalk.org/index.php?topic=283756.msg3505394#msg3505394)

~~~
jschmitz28
If the owner is either incapable or unwilling to refund everybody's money then
it doesn't even matter whether it was an inside job or not. It's pretty
telling that he's posting a screenshot that essentially says nothing instead
of being open about whether or not he'll be able to fully reimburse the people
who lost money. I don't think it was explicitly stated, but it seems like
people are just getting whatever percentage of the remaining funds that they
owned.

~~~
camus2
If that guy did not have some kind of insurance like banks do, how can he
refund anyone? ( that's a question ).

And would insurances insure this kind of business ? Now are bitcoin wallets
banks ? and are they subject to the same regulations ?

Is that guy a US citizen ? can he be sued by his clients ?

~~~
n3rdy
> If that guy did not have some kind of insurance like banks do, how can he
> refund anyone?

Bitcoin is a relatively new thing, would not be surprised to start seeing
bitcoin insurance for these types of services.

> Is that guy a US citizen ? can he be sued by his clients ?

I think it would depend if his clients have contracts, otherwise its a caveat
emptor deal, especially when dealing with bitcoin.

~~~
makomk
There was actually a Bitcoin "insurance" provider for a while. Like everything
else in the Bitcoin economy, it was entirely unregulated, basically a scam,
and ran with everyone's money.

------
grey-area
These coins were stored on a VPS? On Linode? All it took to steal 1 million
USD was to hack an _email account_?

Insanity.

~~~
tinco
This needs to be upvoted more. How can someone have a hosting provider whilst
claiming to be the most secure _BANK_ out there?

This should have been pointed out long ago. It's a terrible thing that people
get away with this. Arrogant developers who think they can do without sysadmin
skills when building crucial software.

~~~
nwh
> _This should have been pointed out long ago._

It was. The creator smugly relied that it wasn't going to be an issue.

------
M4v3R
4100 BTC = 1.1 mil USD at current prices. These Bitcoins were stolen from
website's "hot wallet" (every shared wallet has to operate one to process
current withdrawals). This hot wallet was probably too hot though, as it seems
that they had most of their coins online, and only about one third offline
(other services claim to store 80-90% offline). According to postings on
Bitcointalk.org forums people are getting back partial refunds. One person
claimed to receive 37% of his balance back [1].

UPDATE: Correction - according to [4] it seems that almost all funds were
stoled in the hot wallet, and the hacker was "nice" enough to not steal it all
at once, presumably to stay undetected and come back for more. I'm not sure if
I buy this argument though.

Also, according to the owners the hack occurred on 26th October [2]. It may be
possible that if you deposited funds after that date you will receive full
refund, as they should still be on their wallets. Unless hackers took that
too.

UPDATE: Also according to [4] the funds that were being deposited after 26th
were being withdrawn at the same time by other users. So they're as gone as
the ones from before 26th. You will be refunded in full only if you deposited
very recently.

This whole situation (and a bunch of previous ones) is also why at Bitalo [3],
we are developing an exchange which will not have this problem, as we use
multi-signature addressees to store the coins. This means that you need two
signatures to spend funds - one from us, and second one from the user. We also
never transmit users password over the wire, as we use SRP protocol for
authentication.

In unrelated news, China just passed 1800 CNY per BTC :). I wonder how's the
security status of chinese exchanges/wallets. Unfortunately I don't know the
language, so can't test that.

[1]
[https://bitcointalk.org/index.php?topic=248803.msg3505884#ms...](https://bitcointalk.org/index.php?topic=248803.msg3505884#msg3505884)

[2]
[https://bitcointalk.org/index.php?topic=248803.msg3505966#ms...](https://bitcointalk.org/index.php?topic=248803.msg3505966#msg3505966)

[3] [http://bitalo.com](http://bitalo.com) (in private beta, drop a message to
martin@bitalo.com to receive an invite)

[4]
[https://bitcointalk.org/index.php?topic=248803.msg3506034#ms...](https://bitcointalk.org/index.php?topic=248803.msg3506034#msg3506034)

~~~
clarkmoody
I see what you did there[3] ;-)

Also, it's a shame that this kind of breach happens, but it seems like it's
been a while since a "$COMPANY hacked X BTC stolen" headline was out there[1].
There seem to have been more of those in the past and they appear with less
frequency, which is a good thing, I guess.

[1] Silk Road doesn't count toward this recollection, since it falls under the
"Bitcoin $COMPANY busted by the feds" headline, which will probably happen
more often in the future.

~~~
chii
i m ok with the feds stamping out crime. But i m not ok with the feds stamping
out something which also has use outside of crimes. I sincerely hope bitcoin
transactions aren't associated with crime, so that its popularity can grow
more mainstream.

~~~
venomsnake
If you have read the whole story of Silk Road they didn't busted them for
bitcoins but for drug trading. And they explicitly stated there were
legitimate uses.

From what I have read the current Fed stance is - if you think BitCoin is
money, we are ok with that as long as you comply with all regulations.

------
nwh
This was a long time coming. The owner of the site's first posts on the forum
was offering blackhat SEO and forum spamming services. Anybody who looked into
the background of the creator could see that.

[https://bitcointalk.org/index.php?topic=111563.msg1208770#ms...](https://bitcointalk.org/index.php?topic=111563.msg1208770#msg1208770)

------
josephagoss
I had hundreds of Bitcoin on Coinlenders up until very recently when they
switched to a "demo" legal-workaround that was legally terrible and childish.

Coinlenders is a sister site to Inputs that share the same wallets.
Coinlenders funds are being re-distributed to Inputs wallets. I obviously made
a good decision to leave Coinlenders when I did as Coinlenders users are going
to get perhaps 40% of their invested amounts back.

What really should happen is the owner (Tradefortress on BitcoinTalk) Should
use his own massive stash of Bitcoins to compensate all his users.

~~~
tempestn
I don't know, $1.1M is a lot of money. If someone stole a million dollars from
my company, I don't know if I'd be rushing to reimburse it with personal funds
(assuming I even could), however bad I felt for the users.

That said, if I recall correctly, one case where the corporate veil can
potentially be pierced in a lawsuit is negligence. IANAL, but maybe users
would have a legitimate case against personal funds, assuming keeping a large
percentage of deposits online was found to be negligent. It'd obviously be an
incredibly complicated and expensive class action suit if it were to happen
though. Also it would probably mean trying to bankrupt a guy who just got
hacked and lost his company...

~~~
makomk
Well, the site owner apparently promised to reimburse any deposit losses with
his own funds back when he was trying to convince people to deposit money on
the site:
[https://bitcointalk.org/index.php?topic=283756.msg3505423#ms...](https://bitcointalk.org/index.php?topic=283756.msg3505423#msg3505423)

~~~
tempestn
Ah, that's a bit different then. Thanks.

------
superuser2
Is there anything to stop the community from creating a database of known-
stolen Bitcoins which participants can choose to reject? I guess all it takes
is one non-participating exchange, but it seems like you could make it much
less convenient to cash out.

~~~
patio11
Many members of the community have reacted quite loudly and negatively to the
suggestion that a central authority should be able to declare certain bitcoins
tainted. This effectively introduces an external-to-the-blockchain way to
essentially remove their bitcoins from their control, which they (currently)
believe is impossible in bitcoin, and which they believe would devalue their
bitcoins if it were known to be possible.

~~~
ronaldx
I gather that it would be straightforward for individual bitcoin users to
refuse to handle known-stolen bitcoins.

Perhaps this is illegal already - under local handling of stolen goods laws.
People would likely be inclined to take up this policy were there a single
case of legal enforcement.

I believe this would lead to a stable situation where those known-stolen
bitcoins were worth far less than regular bitcoins.

The present loud reaction would become irrelevant. What's more, I believe it
would benefit bitcoin to remove some of the danger of (irreversible) theft.

------
Taylorious
So I have seen several of these stories pop up and I am still kind of confused
by them. Are these hackers actually getting "real" money at some point? Are
they able to cash out these bitcoins to USD or something else in a reasonable
time-frame, or do they simply have a large amount of "fake" money that they
can use for very specific goods and services?

~~~
RyanZAG
They can certainly cash it out using a number of bitcoin to currency services.
So the hacker has done the equivalent of stealing $1mil out of a bank, except
a bank is very easy to trace while stealing BTC means the thief is home free.

    
    
      https://www.bitcoin.de/en?cr=1
      https://www.bitstamp.net/
      https://btc-e.com/
      https://www.bitfinex.com/
      https://localbitcoins.com/

~~~
JeremyBanks
BitCoins are difficult to anonymize. If you take your stolen coins directly to
an exchange, the exchange would be able to identify you if law enforcement
asked.

~~~
nyarlathotep
Well, you could use a site like this:
[https://localbitcoins.com/](https://localbitcoins.com/) but then again doing
hundreds of these cash transactions in person seems like it would be
stressful.

~~~
MichaelGG
Seems to me that the most useful point of the LocalBitcoins service is to find
traders willing to exchange via postal service. Face-to-face interaction seems
like a bad move, especially since the money you're sending could be tracked to
a "theft" and the service or trader might decide to snoop on you. And again,
as the criminal complaint against Nod showed, using USPS is only safe if you
act with sufficient randomness and change profiles. Otherwise they may detect
a large pattern you generate.

It's also safer because it seems the government isn't likely to setup a major
investigation for the case of BTC "theft".

(I say "theft" because it is possible, but unlikely, that the owner of the
wallet transferred the money to someone intentionally, to pay them or
something.)

------
martin_
From their website:

"Security + privacy The most secure wallet ever created."

~~~
raverbashing
That's usually true... Until it isn't

------
verroq
How do we know it's not the owner of input.io cashing out?

~~~
citricsquid
Here is his _proof_ that it is not an inside job:
[https://bitcointalk.org/index.php?topic=283756.msg3505394#ms...](https://bitcointalk.org/index.php?topic=283756.msg3505394#msg3505394)

~~~
lopatin
I'm curious, how would someone go about proving this wasn't an inside job. Is
that possible?

~~~
YokoZar
Short of the actual thief publicly outing himself, I can't really think of any
way.

------
icedicedavid
Back in July, TradeFortress, the operator of input.io claimed that 0 coins are
store on the web facing server.

[https://bitcointalk.org/index.php?topic=251553.0](https://bitcointalk.org/index.php?topic=251553.0)

------
2810
is a trend.. start up a legit Bitcoin service. Run it well with high aims,
etc, etc to make an impression to the public. Consciously create a loop hole
and hack your own Bitcoin service and close it down.

------
barkingcat
"Please don't store Bitcoins on an internet connected device, regardless of it
is your own or a service's."

Best advice I've read so far about bitcoins. All these services that's started
up around keeping bitcoins for you, wallets, banks, they are all dodgy and no
matter how well their marketing seems or how nice their webpages look, I think
in the end - I'd like to keep my own money.

------
albertyw
Anybody wondering how long it will take for Bitcoin to gain enough
respectability for the FBI or Secret Service to get involved after hacks like
this? If the same amount of money was stolen from a normal bank, it'd likely
be covered by every news outlet.

~~~
patio11
Banks losing $1 million to hackers are not exactly science fiction. Typical
outcomes including authorities not catching the thief, insurance paying out or
the bank self-insuring, reiterating NDAs to employees who became aware of the
theft, and absolutely no media coverage.

[Edit to add: For avoidance of ambiguity, I'm really, really, REALLY not
suggesting that "Since banks are equally insecure, bitcoins are a great idea."
Of greatest interest to HN readers, if your bank has a security fumble and
your account is debited $25,000 as a result of this, you will almost certainly
be reimbursed for every penny of that post-haste.]

~~~
rodgerd
> I'm really, really, REALLY not suggesting that "Since banks are equally
> insecure

That's just as well, because otherwise I'd have to mock you. Banks are not
equally insecure. I work for one, and we typically spend 10-20% of the cost of
development for apps on security reviews and testing, and not from numptys
from accounting firms, but actual, well-known, well-respected white hats who
review our designs and run hacks against us.

We aren't perfect, of course. But these monkeys are barely on the same planet,
never mind in the ballpark.

~~~
lmm
Serious question, not trying to be rude.

If banks are full of competent programmers, why are their customer-facing
online banking websites so utterly, utterly terrible?

~~~
wikwocket
I suspect this because, every time there is competition between innovative
features that are nice for users, and ensuring security/limiting exposure and
attack surface, the latter concern wins with little discussion.

What I mean is, if they implement a new whiz-bang feature, the best case is
that people complain a bit less. But if their new feature opens up an attack
vector or social engineering opportunity, they may suffer serious financial
loss and very bad press.

~~~
lmm
I'm not asking for whizz-bang features, just a lack of the busy,
overengineered sort we tend to see.

Heck, First Direct is one of the better banks in this country, but their
website popups _deliberately hide browser chrome including the address bar_ ,
which is just obviously terrible for security. But that's something that must
have been deliberately added.

~~~
rodgerd
I have had poo-flinging contests (in banking) with external "security experts"
(i.e. grads with a 3 ring binder from accountancy firms) who think ripping out
the chrome is a todo on the required security checklist.

------
o2sd98
Which begs the question, how can one determine the veracity of the security
claims of website operators? Bitcoins are a convertible currency but are not
regulated, insured or guaranteed by any authority. I guess even modern fiat
currencies had their teething problems with theft and counterfeiting, so this
is not too surprising.

~~~
TheTaytay
I wouldn't be surprised (or disappointed) if some enterprising company
developed a security certification (a la PCI) for Bitcoin-related providers.
You wouldn't _have_ to offer it, but the market might favor those that had
subjected themselves to that scrutiny.

~~~
o2sd98
It would be great to see a market solution to this. Bitcoin is a bit like the
gold rush/wild west at the moment which is fine for those who understand this
before diving in, but until these types of trust issues are resolved market
participation will be limited, which presumably will eventually effect the
liquidity of the market for btc.

------
yowza
What happens when bitcoins are stolen? Can they be use again without being
traced?

~~~
onedev
From what I've been told, yes....they can be used when stolen; it's kinda the
whole untraceable, distributed nature of it all.

~~~
steveklabnik
> untraceable

This is wrong. Every single transaction is saved, by everyone. It's the core
of how the protocol works.

That doesn't mean there aren't ways to obscure who controls the wallets, but
it's not untraceable, and 'distributed' has nothing to do with privacy.

~~~
grey-area
I find this point a very interesting one. Everyone insists that transactions
are saved and traceable (which of course they are), but I've never heard of
anyone finding out who stole their coins and getting them back. People just
seem to accept after a break-in that the money is gone and there's nothing
they can do about it. That's not acceptable to me in a currency, particularly
not one that people use as a store of value long-term. So it is _effectively_
untraceable even if technically you can trace the anonymous transactions. The
important part of that statement, which was not wrong, is _they can be used
when stolen_.

This is my biggest reservation about bitcoin - they have taken the worst
attributes of _paper cash_ (pretty anonymous, not tied to a verifiable
identity), and replicated them in a digital currency. If I'm transacting with
someone I want to know who they are, in case of fraud or theft. People even
openly run money laundering operations (mixing), and the community put up with
it! In contrast, most people never store large values of money in actual paper
cash anymore, they store it in a bank, which has identification and laundering
checks, proper tracing of accounts to identities, immediate yet reversible
transactions, and compensation if money is stolen. Bitcoin doesn't come out
well in that comparison.

The other reservation I have about it is the lack of regulation - these
exchanges which hold the money of lots of people are not regulated as banks
are. No-one knows exactly what security they actually have (as opposed to say
they have), sometimes people don't know who's behind them (I remember that 17
year old from Singapore talking here about starting one[1]), and there's no
protection against market manipulation, speculation and cornering, or it seems
against online theft. Given they have become so valuable so quickly, you can
be quite sure the market is heavily manipulated, perhaps even in advance of
thefts like this in order to gain the maximum benefit. What is the cause of
the huge recent spike in prices for example? If bitcoin is to work as a
currency and a store of value (the traditional roles of money), it does need
regulation and verification, but I find it hard to see how that would come
about, given the lack of a central authority and the lack of will to deal with
incidents like this.

I'd love to see a digital currency that tried to emulate the advantages of
_digital cash_ , while doing away with the ability of a central government to
print the currency ad infinitum - that's the big downside of our current
state-backed currencies - it seems Bitcoin is not that currency.

[1]
[https://news.ycombinator.com/item?id=2973301](https://news.ycombinator.com/item?id=2973301)

~~~
steveklabnik
> The important part of that statement, which was not wrong, is they can be
> used when stolen.

I think the important part that's missing is this:

 _If you have the proper opesec_ , BTC is anonymous.

The 'BTC is anonymous' meme does nothing more than help people who don't know
what they're doing get busted. It's like Sarah Palin's email account getting
hacked because she picked security questions that were well-known. Even if
you're not doing anything nefarious, you may want to keep certain transactions
private. "BTC is anonymous" means that some people who don't fully understand
how BTC works will be doing things they _think_ are private but actually are
not.

And if you think people know how BTC work, just examine this thread.

~~~
grey-area
As an interested bystander who doesn't know much about bitcoin I'm genuinely
curious if you can address any of the criticisms above or what you think about
them. I'd love to see digital currencies outside state control thrive but am
hesitant to use things like Bitcoin given the explicit lack of regulation and
controls. The anonymous, unregulated side of it is the least attractive to me
- I'd prefer it were not at all anonymous, because of all the issues raised by
that - it leads directly to incidents like this IMO.

~~~
steveklabnik
Oh, I'm sorry if I gave a pro-bitcoin impression. I think BTC is nothing more
than a curiosity. Your criticisms are spot on. I won't ever use BTC for
anything.

------
nnoitra
This is exactly why not everyone should learn how to code and be a developer.

~~~
justin
Just like Mein Kampf is evidence not everyone should learn to read and write.

~~~
kennywinker
Godwin's law
[http://en.wikipedia.org/wiki/Godwin's_law](http://en.wikipedia.org/wiki/Godwin's_law)

------
odihack
Available BANK HACKING SOFTWARE = $1500 This software hacks bank accounts.

HACKDOO (TROJAN) = $1100 Can steal information from any computer, informations
like username and passwords, other account login details and credit card
details.

VAMPIRE 3.5 = $200 Helps in hiding your ip unlimitedly. you can use any ip
address you want

SOFTWARE BUG WESTERN UNION VERSION 2013 = $900 Western Union Bug is a software
that cracks Western Union databases and gives the DATA of Western Union
infomation for payment made to any country in the world. It scans the Western
Union worldwide database and gets you MTCN from any country and city you
choose just within 20 Minutes of clicking on the button start hack The Western
Union Bug 2013 version comes with two types of Activation code, the first 20
digit activation code logs you into the first panel whereby you do fresh
transfer while the second 20 digit activation code logs you into the Western
Union database You can also use the software to make a fresh transfer by also
scanning out a Western Union agent logins and using it to make a transfer to
any Western receiving country in the world It is easy to use. And make quickly
countries such as Africa, EU, CA, AU. TEACHING FEES BUY BANK HACKING SOFTWARE

I will teach you Hacking 3 months with all softwares for $3000 Become a hacker
today. Contact me Odidollarsman@gmail.com

Bank transfers are now available to the following countries : USA UK EU Canada
Australia Russia Singapore Dubai Vietnam

$2,000 - $10,000 per transfer to Personal accounts (Checking accounts, Savings
accounts, Current accounts, Standard accounts) Transfers over $10,000 are
available to Business or Corporate accounts only

Same day service to UK/USA/EU/Canada/Australia - 1 to 2 business days service
to Russia/Dubai/Singapore,

Contact: odidollarsman@gmail.com

------
aric
People who don't understand the importance of storing their own bitcoins
spread across plenty of cold addresses -- generated from fresh, never-
connected boxes and enough entropy -- are begging for loss. Given the attitude
people have with security and the nature of viruses alone, 99%+ of people
aren't 'ready' to use bitcoin beyond small amounts. It's inherently risky for
any considerable amount. I never recommend bitcoin to most other people. It's
recommended as worthy in and of itself, though.

Bitcoin's digital fungibility, which will always be a curse to some, will
always be its greatest virtue. Distrust is one of its most valuable effects.
Respect it or don't respect it. That's up to you.

------
simonebrunozzi
1.1 Million US$ is a strong incentive to fake a theft. How can they prove it
was someone else?

~~~
sz4kerto
They don't need to

------
martinml
They seem to be using Google Apps for the e-mail. And they claim:

    
    
        > The attacker was able to bypass 2FA due to a flaw on the server host side
    

Which flaw is this? Is it a known issue for Google? I would like to know more
details.

~~~
jtolj
As a Linode & GApps customer that uses DFA I'm curious about this as well...
Are they talking about Google, Linode or their own app?

------
elango
Do bit coins have identity and hence be flagged as stolen somewhere ?.

~~~
steveklabnik
Each bitcoin goes into a wallet, which contains an address. There's no
connection between a person and a wallet, though, and it's not a 1:1 mapping,
either.

> flagged as stolen

That would imply some sort of centralized authority to decide exactly what
'stolen' means. Even if a third-party service kept track, it'd be meaningless
in short order, as mixers exist...

~~~
josephagoss
Also there is no connection between a wallet and an address except the wallet
stores the address.

When the client sends the address the change is returned to a new change
address, and the wallets are being designed now to never reuse addresses.

So it would become very hard to determine which of the outputs are change
addresses and in the same wallet.

------
ryanthejuggler
I had 0.25 BTC on Inputs.io and was uneasy about using the service. I withdrew
it all on Monday to my phone... now I'm so glad that I did!

------
borplk
Smells like inside job

~~~
sjwright
It doesn't smell like either, because a competent outside or inside job will
smell the same.

------
justinholmes
When are these online wallet companies going to start using colocated servers
owned by themselves instead of Linode and other vps companies.

------
sojorn
Interesting that the "theft" didn't happen until BTC reached $300.

------
Helianthus
I don't know what you expected, Bitcoin enthusiasts.

You bought into a system where coins could be _permanently_ lost because you
forgot a password.

You bought into a system where the government cheerfully gained control of a
large share of the market by simple confiscation.

You have _recreated money_. But you aren't even good at it! You still think
that simple cryptography will excuse you from the fact that _you 're greedy
bastards_.

The reason I hate Bitcoin is that it _intentionally_ promotes a counter-
establishment treatise, and you have the batshit insane _gall_ to claim that
it is different.

I'm venting.

~~~
mrb
You fail to point out that cash has all the same drawbacks:

You can permanently lose cash if destroyed in a fire.

Your cash or bank account can be confiscated easily by the government.

Etc.

Of course, unlike cash, Bitcoin has advantages because it offers the option to
_prevent_ these losses: you _can_ back up a Bitcoin wallet. You _can_ avoid
government confiscation (password-protected wallet). Etc.

~~~
grey-area
I'm always astounded by comparisons of bitcoin to paper cash - in 10 years we
probably won't even be using paper cash and it is hardly ever used for large
transactions now in advanced countries - paper cash is history. I think I've
done about 5% at most of my spending in paper in the last month.

How about digital cash?

Also, Bitcoin can be confiscated by the government, along with the
computer/server it sits on (see silk road). A $5 wrench or a jail cell will
deal with your encryption. You can also permanently lose it if someone copies
your wallet/backup and then spends it particularly while it is on one of these
exchanges - that's because transactions are not reversible or traceable to a
verified identity.

Technically, I think Bitcoin sounds really substantial and love the idea of
creating/spending keys which avoid government inflation, but the axioms on
which the usage is based are all wrong -

I've never lost money in a fire, and never will. I don't want to avoid
government confiscation by technical means (which fail), I want to avoid it by
law. I don't want to be able to launder money (or for others to). I don't want
my transactions to be anonymous and to have no central authority and no
accountability when theft/fraud happens.

~~~
qnr
> Also, Bitcoin can be confiscated by the government

Not if you specifically want to prevent this. A bitcoin private key is 256-bit
ECDSA, which provides 128 bits of security. If you can remember a 10 word
randomly generated diceware phrase[1], you can securely store bitcoins in your
brain.

[1] calculating the private key as a SHA256(phrase) for example

~~~
grey-area
_A $5 wrench or a jail cell will deal with your encryption._

~~~
aianus
I don't think the US is at the point where they torture citizens for private
keys. And they'd only be able to use jail as leverage by offering a reduced
sentence. Even then, you might refuse if, for example, you'd rather stay in
prison and leave the money to your family.

~~~
grey-area
_Even then, you might refuse if, for example, you 'd rather stay in prison and
leave the money to your family._

Somehow, I don't think the government will leave you that option ;) You'll
stay in prison _and_ have the means to use the bitcoins confiscated or
outlawed. They can also confiscate all your other assets, like the house your
family lives in.

There are many options available to a sovereign government which mean that
relying on purely technical measures will not defeat them, because they have a
monopoly on force, up to and including lethal force.

~~~
aianus
Yes, but unless the government becomes significantly more tyrannical than they
are at present, bitcoin is a useful tool for dodging asset forfeiture. For
example, your private keys could be distributed amongst n of m
gangsters/wife/sons/lawyers/whatever including foreigners.

Implemented correctly, it's much much more difficult to steal or seize than
cash while at the same time being much much easier to smuggle to places with
no extradition where money trumps the rule of law.

