And the widow is left with just the 17 properties, 2 cars, yacht and plane that he earned through honest hard work.
Another thing you could work into the plot is $9m appears to be with WB21 "Banking Redefined" which claimed a million users but was discovered to only have 135 downloads of its app (now removed), is run by a convicted fraudster and was awarded "Global Banker Award 2018" in a black tie ceremony that they seem to have set up themselves to give themselves the award (https://www.youtube.com/watch?v=JbKMdhpwbaw). They are still going I think if you are looking for a safe place to put your money. https://amycastor.com/2019/03/01/diving-into-wb21-the-compan...
That "award" ceremony video is both surreal and ridiculously cringe-inducing at the same time. It wouldn't surprise me if he actually felt like he had "achieved" something when he gave himself that award, either.
It was like you were watching his fantasy of what people would say about him if he was a productive member of society instead of a criminal and fraud.
FWIW, this is only marginally worse than your standard 'industry award' in that he had the nerve to give it to himself. Pretty much every industry has a boatload of meaningless awards. It is done largely for marketing and for 'social engineering'[1]. It is cheap (both in cost and tact) but effective.
[1] Curries favor with the awardees, creates an 'in group' etc...
why is this strange. that's what they do all the time with tech giants who die :D how some awkward old videos and rejoice that they took everyones money for hardly any effort :D
OMG that trophy is indistinguishable from any other tacky chunk of lucite that, say, a particularly motivated carpet distributor might earn as a sales award.
Not to insult carpet distributors, whose work with tangible goods is worth at minimum 500x more than what any fintech slob contributes to the world.
It also fades in rather than starting. They took a longer applause clip and started in the middle. As someone with a lot of audio production experience, this stuck out to me immediately. So either they used stock audio or there was an edit they didn't hide properly (or both).
DiCaprio? This whole affair has been at best a Weekend at Bernie's-level plot. The accounts were emptied 8 months before the death, and yet QCX pretended they were solvent the whole time so they could keep the party going.
In the sequel his ghost solves blocks when you play a latin rhythm and two young/broke computer enthusiasts who moved to Puerto Rico to make it big are the only ones who can see him because they smoked weed that grew in soil mixed with his ashes.
This is both one of the dumbest and most upvoted things I've ever posted to HN. I mean, I think it's funny.... but the reasons I think it's funny make me really sad and all the internet points makes me sadder.
SCP Twist: the orphanage itself was the mastermind; it manifests when a blockchain fintech startup launches and exists solely to de-materialise the founders and redistribute crypto funds. The children of the orphanage are yet to be identified, though it is speculated that they are the disappeared fintech founders.
Plot twist: the adoption of the orphans is in fact the canonical blockchain transaction and the recent slowdown in verifications is due to a lack of orphans. This need for more orphans is the fuel for global warfare ultimately turning the purpose of humanity into that of being slave to the blockchain.
More plot twist - (taken from cbc article) "Government records also reveal that Robertson (wife of Gerald Cotten) has used three family names.
Deeds for properties she bought in 2016 show she was once known as Jennifer Forgeron. On Dec. 1, 2016, Nova Scotia's Royal Gazette announced she was changing her name from Jennifer Kathleen Margaret Griffith to her current name, Jennifer Kathleen Margaret Robertson."
Aha, so it's like one of those movie plots where the villain thinks they're so much smarter than everybody else, they just have to drop hints everywhere.
The orphans are the mastermind. The headmaster was nothing more than two kids in a suit. They're all on a beach sipping capri sun playing nintendo switch.
Google for "fake death mafia" returns a bunch of articles that talk about this death, and conveniently have the phrase "in a region known for fake deaths".
I don't understand how that becomes a reference point for any region being known for fake deaths. The search results in fact make it look like someone used his death to slander a whole region.
I mean WOW. In just a few words you manage to describe one of the biggest problem we have today. Luckily Most of the HN crowds are not interested in the "Answer", but why it is the answer. And whether the why was plausible.
Before YouTube/cruptocurrency got big, Delhi was known for its counterfeit industry for winning "first to invent" patent fights.
There are companies that have stocks of decades or century-old paper that they use to forge aged government documents.
I can't find a link to a story at the moment :-(
Can we crowdfund some patent troll busting? Or take down Amazon's stupid one-click patent. Preferably using proof written on an 1800s parchment with quill ink.
"A previous version of this story incorrectly stated that investigators cracked Cotten's laptop and discovered money was missing. In fact, they have possession of his laptop and identified money was missing through public blockchain records."
That will be a much less exciting scene in the movie. Itll be some dramatized "people around a computer watching traceroute"
My take on this is that they probably were insolvent for a long time already due to previous hacks/theft. The CEO just decided to lie about the supposedly 137M in funds 'safely' stored on his laptop.
This is also what happened at MtGox, except that at MtGox they 'lost' wel over a million BTC.
And this is the problem. These guys are not regulated. There is no transparency. There are no external auditors. There is no control. When we find out, it is always too late. Every "cryptocurrency bank" is a potential Enron. I fear both the involvement of Central Banks and at the same time the lack of it.
If EY (or anyone else serious about this) 'follows the money' then that would be a very interesting report to read.
> These guys are not regulated. There is no transparency. There are no external auditors. There is no control.
But that's a feature, not a bug, at least according to the crypto people. But, so far, all they have managed to do is rediscover lessons about the need for regulation, oversight and accountability that the financial industry has learnt decades or even centuries ago.
> > These guys are not regulated. There is no transparency. There are no external auditors. There is no control.
> But that's a feature, not a bug, at least according to the crypto people. But, so far, all they have managed to do is rediscover lessons about the need for regulation, oversight and accountability that the financial industry has learnt decades or even centuries ago.
I feel this is only true for people who have not truly embraced the decentralized aspect of cryptocurrency. For example, many people leave all of their money in one wallet. Centralization. Many people use only one exchange for converting fiat to crypto. Centralization. The harder you look, the more you will find that the only people upset about the state of cryptocurrencies are those that did not diversify and instead reverted to a concept squarely against the cryptocurrency ethos.
Thus is human nature. Who wants to manage 30,000 wallets each containing only a few dollars? The supporting tooling is not there (or is not easy enough to use) and thus we see this recurrent user pattern.
Yes, cryptocurrency can't fail, it can only be failed.
If 99.9% of people are using a technology "wrong", then I would suggest it's bad technology. If we aren't making a technology with actual users in mind, then we're just doing some sort of high-concept performance art.
I think this and the chain that follows is the conversation to be had.
It can be done but there is a meeting in the middle from many sides.
I believe it centers around the simple laws of thermodynamics, the path of least resistance will be taken.
Tools are coming out to make development easier, tools are coming out to make consumption easier.
Think about computing and how much has changed, been misunderstood, and misstated, and flipped on its head in the past thirty years. The ease and accessibility is still being pushed.
So you can truly gain the benefits of crypto if you make your life as inconvenient as a drug dealer stashing wads of bills in random locations to dodge taxes?
I hope people who do this have either a great memory or a great filing system.
The spreadsheets, math tables, the manual toil...you aren't looking at it realistically. Things don't just pop into existence perfectly but iterate into a local and idealistically global minimum from the reality of what people want and need, not what devs and larger organizations think they want and need.
30,000 wallets using 30,000 independent methods of encryption, else you crack one, you cracked many. It's clearly not practical or achievable for any human being.
Yeah, if only there was a tool for managing 30,000 wallets in a centralized way, then it would be more obvious why decentralization makes the need for regulation moot.
You think you're safe with your 30,000 tools -- yet all of your crypto funds are in bitcoin? Centraliser. I spread my wealth across 30,000 different currencies.
You're forgetting. All these are cryptocurrencies. You need to have more than that. I own 30,000 different kinds of assets. Stocks, bonds, crypto, I even own all of the funds. You're suffering from way too much centralization.
Because blockchain is a slow append/overwrite-only consensus database. It does nothing to provide trust. It's also too mechanical for how humans actual deal with each other.
I'm not sure. I'd say the banking crisis was catalyzed by the lack of regulation, but it was going to happen anyways. The whole thing was largely a result of political pressure to create incentives for a home ownership society, and, if you go deeper, a result of political pressure fostering a growth-at-all-costs economic system that will periodically hit societal resource and efficiency limits, regulations be damned.
Not really. The GFC was a financial/banking crisis
There is nothing in "growth at any cost" style "capitalism" that means banks must all collapse together in a coordinated swan dive, like in 2008.
That sort of system will collapse, but not necessarily the banks.
There is no law of nature that says we have to use free to fuck anybody capitalism run rampant over all. It is a choice.
The current brand of capitalism is not "free to fuck anybody", it's actually worse, it's "target the poor". Neoliberal economists specifically call for stealing from workers:
> even in the long run, it’s really, really hard to cut nominal wages. Yet when you have very low inflation, getting relative wages right would require that a significant number of workers take wage cuts. So having a somewhat higher inflation rate would lead to lower unemployment, not just temporarily, but on a sustained basis.
Shorter: we create an economic policy to cheat workers out of the take home value of their earnings to make management easier and post favorable employment metrics for political leaders.
That "growth at all costs" policy, which, by the way is not inherently a free market policy, exists to short shrift the labor class by means of a compounding treadmill that most will fall off.
The point is that relative wages need to be adjusted as the value of jobs changes over time. Some work that was very valuable in the past might have low demand now. If wages are sticky then jobs where value drops faster than inflation will simply go away. That's not necessarily the best outcome if the employee could have coped with a pay cut.
High inflation does not imply that real wages shrink on average.
>High inflation does not imply that real wages shrink on average.
Certainly not! Inflation is great for the privileged, because it forces the hoi polloi into investment schemes to protect their assets from inflation, which disproportionately help finance the business adventures of the privileged (e.g. stocks, bonds).
Thus the average real wage will get higher as a few select individuals get huge astronomical wages.
I wonder if this isn't the US trying to solve its inability to work with Labor using inadequate macro tools. In workplaces where workers have a voice in management, like my country's Volkswagen plant, pay cuts seem possible to implement.
I’ve seen several people in the industry claim that Basel encouraged many of the problems. I don’t know enough about banking to say whether that’s true or not.
These guys are not regulated. There is no transparency. There are no external auditors. There is no control. When we find out, it is always too late. Every "cryptocurrency bank" is a potential Enron.
I think Enron actually had more transparency, and did more good in the world than the failed cryptocurrency companies. I've worked on two pieces of software that originated in Enron, which I believe are still used in production today. I think Enron participated in the invention of weather derivatives.
This would seem to be a private problem. If people choose to park their money with a non-transparent, unaudited random crypto startup, that's their decision and their problem. I'm not interested in paying for "regulators" in such cases.
Not really. It's a private problem only if it stays within the confines of the participants. But when it reaches a scale like this, the harm is wider.
I think the most important societal issue is that it damages investor and consumer confidence.
As a parallel, consider food regulation. When I go into a store or restaurant, the food I buy is very likely to be safe, because there are a lot of regulators making sure it happens. If they weren't operating, then I'd have to exert a lot more effort to make sure that each thing I eat is safe. Not only would this be a giant waste of effort, but it would significantly reduce the opportunity for innovation and cost reduction, because people would be reluctant to try new products and new restaurants.
Market confidence is even more important for finance, because it's much harder for individuals to know if a given company is really working. It would be a huge problem for society if everybody went back to keeping their money in mattresses and physically moving it everywhere.
And this is why cryoto is unlikely to go mainstream. Because the market for people who are willing to put up with the risks of unregulated banking are too small a minority to be worth it.
For the "invisible hand of the market" to lead to optimal outcomes, decisions need to be made by "rational actors" using "perfect information." It's right there, in the original text!
We can't legislate about "rational actors," but we CAN and SHOULD legislate about "perfect information." Any information hiding is essentially fraud or theft from the rest of the market, because it creates an information asymmetry distortion.
We could for example say that registered companies don't get company benefits (protection of owners from bankruptcy and protection of board from personal liability and such) unless they continually and regularly publish the full (even unaudited) books, not just the occasional brief filings we require now. That would benefit everybody in the market, except those who thrive on fraud and information asymmetry.
You don’t need to pay regulators, you just need to make people able to sue for damages or charge crypto purveyors with fraud. It’s manifestly clear that the majority of these are just pyramid scams.
"Sue later" is not a solution when the money is already gone. That might be ok when facing an industrial company that has plenty of physical assets that could be sold off under bankruptcy, but finance leaves nothing if it fails.
If they published the wallets everyone would be able to audit how much they have in trust. Its a lot more detail than you'd ever have with your traditional broker.
The risks of not using your own cold storage is real. The ability to store your own is outlined by numerous tutorials, explanations.
Nobody is crying for those who sent money to the nigerian prince, I don't think we should cry for anyone here either.
These player are smart enough to know most folks are uneducated on the topic and can be readily swindled by players looking and talking the part.
This happens every day in so many realms outside of blockchain; the opportunity for transparency, the lack of sympathy or control to help those with a lack of understanding, there are certain elements here that can change an environment that is so aggressively finance driven. This is the hope, something different.
The regulation, the trickery, etc it all gets sorted in time to a level we choose to accept. The question is if the potential for change is worth putting up with it until then.
Though if crypto funds are stolen from cold storage due to hack ortheft, there is nothing to do, even if you are regulated. When crypto transfer is done, there is no way to reverse it. Regulation might help to enforce best practices to prevent theft, but it wouldn't help to recover funds if theft happens.
There are decent ways for exchanges to prove they are solvent without revealing details [1]. It's just that very few of them take the effort to set up the system.
If you want decent privacy, it also depends on creditors checking their credit was properly committed.
The Central Bank isn't regulated, isn't transparent and certainly doesn't have any external auditors either. I don't think you understand how cryptocurrencies, central banks and regulations work. Also, regulations doesn't protect against hacks or theft or shady practices.
Do you have a source for any of this? Because my career as a securities regulation & banking attorney tells me the truth is actually the exact opposite of literally everything you’ve asserted.
> Every "cryptocurrency bank" is a potential Enron.
Yeah, these institutions are antithetical to the whole cryptocurrency model. Regulation isn't necessary, education would suffice. The public is not yet ready for this paradigm, and perhaps never will be, but I'm hopeful.
It's scary that with crypto such things can make it so hard to get your money back. I know there was talk of fixing it with a fork to the Ethereum chain one day. Not sure what happened there.
Before/after the 850k/650k hack there were numerous other hacks, the total number of stolen BTC is still not clear, new proof of other hacks is still being discovered.
Apparently Karpeles also found a 'forgotten' wallet of 200k BTC, which he still seems to own. It's a mess.
No, the found wallet is under the control of the trustee overseeing the bankruptcy of MtGox. We know this for certain because he sold 35,000BTC when BTC was around 10,000USD, ensuring the creditors will get their full investment back.
What a beautiful swindle. People who got creamed in the MtGox pyramid collapse where made almost whole by a next generation of suckers who lost 65% of their BTC's value in the bubble.
Did you miss the second claim window as well? We got the trustee to change the bankruptcy format, and it reopened the claim window until I think November.
Did you not get any emails about the claims?
Everything I used to buy the BTC was anonymized (cash deposit, throwaway email address). I have all my MtGox login information but can't access the email address I used to verify anything. Any way I can still file a claim?
Yes, insolvent meaning owned more than their cash on hand.
That didn't mean there wasn't some funds left over. But when someone is the position where they've taken someone's money and only have some left, leaving with the rest inherently looks better than staying and being broke and guilty.
Insolvent sounds right, but wouldn't you have, say $10M or so, reserved for the getaway? Once it's that low, the jig is up, so you may as well abscond with the last bit.
Why is nobody talking about the convicted felon, Omar Dhanani aka Michael Patryn, who is a co-founder and majority shareholder of Quadriga?
Dhanani is very much alive, and is known to have been involved in money laundering schemes. If I were an investigator in this case, that is the first door I would go knocking at.
Not only that but Michael Patryn turned out to be MikeXBT a known frequent poster on /r/bitcoinmarkets often bragging about and showing proof of his big market moving trades on Bitmex...likely with QuadrigaCX customers' money. It's like something from a movie.
I get the tech around crypto is interesting, but if your whole space is inhabited with such people, isn't it time for you to wonder if something's wrong?
Unregulated financial markets draw crooks like moths to a flame. Forex used to be just as bad.
I wonder if there's anything to be learned from this? Perhaps deregulating markets driven by greed, margin, and leverage is a bad idea? LeT tHe FrEe mArKeT DeciDe?
I'm not convinced of the first half of the headline re laptop cracking.
The article cites the latest monitor report, but the only paragraph I can find with the word laptop just implies the monitor has possession and success with some devices.
"""
As noted in the First Report, known devices of Mr. Gerry Cotten have been secured by the Monitor including, Mr. Cotten’s laptops, cellphones, USB keys and home computer. The Monitor understands that prior to the commencement of the CCAA Proceedings, the Applicants together with their initial outside expert, attempted to access the devices and were successful in respect of certain devices. The Monitor will work with the Applicants and Representative Counsel to determine next steps to access any information and data which may be located on the devices and report back to the Court with respect to those efforts.
"""
Blockchains are already a decentralized ledger and it's a bit more than just a re-skin given eventual but not necessarily immediate consistency. Presumably the missing books, records and financials consisted of the more mundane sort that regular Lotus 1-2-3 could have helped these embezzlers, were they not embezzlers.
Here is the tracking by Ernst & Young (court-appointed) providing all the public information about these developments. The latest report on 1 March 2019 mentions nothing about a cracked laptop.
There's nothing wrong with the article. The March Report merely says they were able to recover the cold storage wallets and discovered they were empty; it doesn't go into how they got access to those wallets since that isn't relevant to the report.
Per the company and prior news reporting, those cold storage wallets discussed in the March Report were only stored on the owner's laptop, which was previously inaccessible due to various security mechanisms. (Reports suggested that the laptop was "locked" but did not indicate whether it was boot-locked or locked via the Windows mechanisms.) The fact that they were able to access those wallets means they "cracked" the security measures on that laptop.
>The fact that they were able to access those wallets means they "cracked" the security measures on that laptop
Incorrect. Experts were able to trace funds back to the cold storage wallets addresses using analysis. But the private keys have not been located and no, the laptop has not been "cracked".
Yup: "The Monitor has commenced a preliminary review of the transactional activity of the
Identified Bitcoin Cold Wallets utilizing public blockchain records. This analysis..."
i thought it's interesting how a third party, reddit, is used in such an official way. the other two channels to be posted on are E&Ys website and quadriga website
The headline and article are both misleading. EY never reported they cracked the encryption on the laptop or recovered any private keys to the so-called cold wallets.
Six empty cold wallet addresses were disclosed by Quadriga, and for the most part they look to have been unused for the last year. EY is investigating some other potential addresses which are also empty.
People might complain about banks, but when you have cases of fraud at least you have people try to recover it. Government makes you keep pretty good records. In this case how do you undo the blockchain? In this case what recourse do you have.
My point is even if someone has your password there are legal routes where you can go recover your money. The bank will then do that. The blockchain is distributed. Who do you go complain to?
That's the whole point of the blockchain. Your money is sovereign. There is nobody to call when it gets stolen, but this also means that no government or bank or agency can take your money or prevent you from being paid (see Visa/Mastercard vs Wikileaks etc)
And maybe someone knows that Mirimir is meatspace me.
But Mirimir is only a semi-anonymous persona. And I don't count on being anonymous as Mirimir.
However, I've had thousands of other personas, over the years. Mostly all using some mix of nested VPN chains and Tor. Some using Mixmaster remailers as well. Many I only used for a few days, or maybe for a month.
I doubt that anyone knows all of the connections. Or even enough to trouble me substantially.
You can stop them from ever spending it. You can't take it from someone, but you can stop them from using it - I doubt most people would consider that much of a difference (they still suffer the loss).
This is true if you consistently have control at every relevant point in the future, but if a malicious entity gets control for a month and then loses it to the crowd again you can spend your old funds. That's one difference. Another is that the transaction log can theoretically be moved to a new chain if some part of the crowd desires (and has been), so if a proprietary ASIC manufacturer takes control the community, or some part of it, could move to a different hashing algorithm that isn't yet targeted by ASICs, and you could spend the funds on that chain. In either scenario you've probably lost value, but not all value as originally suggested.
Can you at least explain why you think with 51% pool control you can’t double spend ? It seems while not trivial you can approve and reject transactions/ mining as you see fit
You can't double spend -- you would need to generate 2 conflicting tx's with the private key. Only the person that holds the money can attempt a double spend, the miners only process and include (or exclude) transactions.
You complain to the insurance company that the exchange uses.
This is how banks deal with the potential for loosing money too, except they have a mixture of private insurance, SROs insurance and state insurance. These things added confidence to their market, centralized crypto services do this too. QuadrigaCX did not.
The bank/exchange/etc that was entrusted to protect your dollars/bitcoin/etc. FDIC insurance is indexed to dollars but insures the value of your deposits. If someone robs a bank there is no way to reverse the robbery by invalidating the physical assets they stole be it cash, gold, bitcoin keys etc. This is not a problem most cryprocurrenties propose to solve.
actually, the entire point of blockchain is that the ledger is public. every movement of each and every bitcoin is public and can be tracked. it just takes time to analyze.
Even if that were so, it would not be sufficient for restitution, but bitcoins and satoshi are just abstractions and do not have individual identity, and cannot, in general, be individually tracked.
This is BS... the money cannot be "gone"... what do they mean by that? There is a public ledger. We would know and can trace where this money went to. Do they mean the wallet was not on the laptop instead?
If it's all gambled away on the crypto markets (quite likely to have happened), then it's just as gone as if on a lost address, only that some entirely unrelated market actors happened to get (temporarily) richer in the process.
But you can still track history of any coin existed.
If somebody know wallet ids of money before they were stolen, you can trace transactions to see what wallet ids they are in now.
If they say "stolen", it means that they found transactions when money were transferred from victim's wallet. And if they know transactions, then they know source and destination wallet ids.
This is close enough to true for the purposes of this discussion, but in the general case you can only reliably track the flow of funds in aggregate, not the flow of any individual "coin." If addresses A and B send equal amounts of coins to C, C sends all of those coins to D, and D sends half of them to E, you can't really track the coins from A to E or from B to E. The transaction from C to D results in a single output that doesn't distinguish between funds from A and funds from B.
Yes, but my example was contrived for simplicity, and really D can make a transaction with an arbitrary number of inputs and outputs sent to and from an arbitrary number of addresses belonging to an arbitrary number of users. This is what bitcoin mixers do. Now we have a bunch of inputs coming in, and a bunch of evenly sized outputs coming out (with some unevenly sized ones for change). You can still probabilistically track funds if a user did something like putting coins from D into a big mixing transaction with other users and then sending their mixed coins from address F though I to a single address J that just so happens to have the same balance D started with, and of course there are less contrived situations where patterns of behavior would be evident, but this is all probabilistic and you still aren't really tracking individual coins; discrete coins aren't stored on the blockchain, transactions with input and output balances are. If the missing funds are tracked, and this whole affair was the result of malevolence rather than incompetence, I'd bet they're either sitting in a bunch of tiny accounts that have been cycled through mixers more than once or they're going to be before they're spent (having faked your own death, you could see holding off on the mixer until you've had ample time to cover your trail thus giving the appearance of incompetence rather than malevolence for a while).
Plenty of coin movements in an exchange aren't going to make it onto the chain. If I sell on Coinbase and someone else on Coinbase buys it, there's no reason for Coinbase to incur fees to publish that to everyone; they can just shuffle money around on paper.
This reminds me of how chit fund scams worked in India in the 80s.
Often people in the same family(cousins etc) would invest. Always in a fashion, where one of them owed money to the fund, and the other was owed.
If the fund went underwater, they would just go to the chit fund office, and do what was called book adjustment. Basically the fund would not give anything or take anything. On paper it would appear as fund gave money to one cousin, and took from another. In reality the cousin who was supposed to get money from the fund, would get the money from his cousin. And the fund, would mark in his ledger as the debt was paid.
This guy is alive (or dead, but not due to Crohn's Disease complications, as stated initially).
This is not a conspiracy theory anymore. It's clear there's a massive fraud behind all these events.
As a mod for r/CrohnsDisease, it really sucks that this is how most people are first hearing about the disease. Those with IBD already have a difficult time with people not believing they’re sick or that symptoms aren’t that bad since they’re not visible. Now Crohn’s will be associated with this fool using it as an excuse to steal a bunch of money... such a huge disappointment.
Most people think it’s just a stomach ache or diarrhea. They don’t realize how severe and debilitating it can actually be because most people who have it don’t like to broadcast to the world that they’re shitting blood and mucus 30x a day.
> Those with IBD already have a difficult time with people not believing they’re sick or that symptoms aren’t that bad
That's surprising and sad to hear. I have a close friend with Crohn's who is always very stoic even when he's obviously feeling miserable. But I can't imagine people downplaying such a dreadful disease.
It's not that rare, especially when viewed as a subtype of overall IBD. All in all Autoimmune diseases affect between 20 and 50 million people in the US alone
Anyone who knows anyone with Crohn's or Colitis won't. This guy used an excuse. He could have used any excuse. The shit people with Crohn's and Colitis have to deal with is terrible. I wouldn't wish it on my worst enemy.
You can still commit fraud and die of Crohn's Disease. I'd still call this a conspiracy theory (I'll also say that "conspiracy theory" doesn't mean untrue, though we tend to use it as a substitute for "crack pot"). But to quote Sagan "Extraordinary claims require extraordinary evidence."
I do agree with this part:
> It's clear there's a massive fraud
But that doesn't mean he's alive or that there was a coverup in his death.
Maybe I don't know much about bitcoin, but can't you track the address where the bitcoins were being transferred to? Seems like it would be difficult to launder that volume of bitcoin all anonymously where it can be tracked, to a certain extent, through the public blockchain?
There are bitcoin tumblers, essentially the idea is to split up the transaction into multiple transactions of varying sizes to various addresses and to keep doing that in such a way that it doesn't look weird...
Basically they try to hide the transaction among the huge volume of transactions going on, kinda like a VPN or Tor?
1. If the coins were moved through tumblers that would be detectable and highly suspicious.
2. Safely tumbling large quantities of coins is especially difficult. At this scale I would wager twenty dollars that blockchain analysis should be able to trace at least some of the coins with high confidence.
3. It is rumored that many tumblers are run by law enforcement.
Outside the sphere of crypto, this is called "washing" or "laundering" ("cleaned", etc. Anything along this line). "Laundering" is the legal term). Such acts are typically traceable, but generally fly under the radar. Once someone is aware that the money is being washed it is usually uncovered (AFAIK).
Washing crypto would seem even more difficult because transactions are all accounted for. So I'd assume a cleaner would need to have random time variance in redistribution so collisions aren't found. But also, money has to be spent or converted, so that's a big way you could uncover it. Money is harder because cash is still a thing.
1) See that money is transferred from account to washer (instant flag)
2) Search for accounts associated with initial fraud and watch for extraction.
I work in crypto. Transactions can very much be traced. There's no trace of Quadrigas cold wallet holding any large sums of BTC. It's still a mystery what, exactly, did they do with customer funds. It'll be uncovered eventually once enough time has been given to forensic examiners to go through the transactions of the exchange.
It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace: techniques for doing this are similar to large scale deanonimization of Tor traffic, and involve large scale pattern analysis.
> It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace
It was my basically uninformed impression that the bitcoin blockchain consists of a series of transaction records that look like this:
That is to say, the records show that balances increase and decrease, but there is no actual concept of a uniquely identifiable bitcoin (with, say, a serial number) -- there are only balances held by accounts. On this model, it isn't possible to say that other people's coins end up in your destination wallets. Is that not accurate?
(The fact that you can divide one bitcoin into 100,000,000 satoshi also suggests that there's no such thing as an individual bitcoin...)
The way that it works is that a certain number of coins are created when a block is mined. That number is recorded on the ledger associated with an address. Let's say it's 25 BTC, but it can be any number -- it doesn't matter. If you don't spend any of that BTC, then it exists only as that number -- a chunk if you wish. It is indivisible. It sits as 25 BTC in the account. If you decide to spend 5 BTC of the 25, then the ledger records that 5 BTC goes to wherever you are sending it and 20 BTC goes to your wallet. The previous 25 BTC chunk is removed. The 5 BTC exists as a "chunk" in the other wallet and the 20 BTC exists as a "chunk" in your wallet. The 25 BTC "chunk" no longer exists. Each wallet has a list of these "chunks" of BTC. Let's say that I have a 7 BTC "chunk" as well as the 20 BTC chunk. I want to send 22 BTC to someone else. It will take remove both my 20 BTC "chunk" and my 7 BTC "chunk" and give me a 5 BTC "chunk". I can't remember if the recipient gets a 22 BTC "chunk" or a 20 BTC "chunk" and a 5 BTC "chunk" (it's been a long time since I looked at the source code). I think the former, but it is traceable where the original came from and how they "chunks" where split up.
Hopefully that makes it a bit more clear. The word "chunk" is my own -- if you start using it in other discussions, nobody will know what you are talking about ;-) However, the main thing is that the wallets do not contain balances, but lists of transactions that ended up giving them coins. While there is no such thing as a "coin", it's discrete amounts rather than flowing in and out like water.
Not accurate. You can trace the life of a particular 'coin' value -- which is generated in the coinbase reward in a block and spent later on in a UTXO (unclaimed transaction output). We like to pretend that bitcoin is fungible, but it strictly is not; You can trace the life of every 50, 25 and now 12.5 Bitcoin from birth to currently unspent. They all get mixed, so it can be difficult.
Also, what you are describing is the so called 'account' model -- used by Ethereum, EOS, etc. Bitcoin is a 'utxo' model, which allows specific inputs/outputs to be traced.
This is not true. Say I have a wallet with two Satoshi, and I transfer one each to two different wallets. Then I transfer two Satoshi from those wallets to a new wallet. Which way did each Satoshi take? You can't say!
It looks like it is true in a technical sense; a bitcoin transaction record specifies a prior transaction as its input, rather than specifying a source address. So as a purely formal matter, your example records will look like this in relevant part:
T0885: 100 Satoshi from T0002 to address xxxxx0x # 1 wallet, 2 Satoshi
T1001: 1 Satoshi from T0885 to address xxxxx1x
T1104: 1 Satoshi from T0885 to address xxxxx2x # Each Satoshi moves to a separate new wallet
T1300: 1 Satoshi from T1104 to address xxxxx3x
T1400: 1 Satoshi from T1001 to address xxxxx3x # and then they recombine
From that record, it's clear that one Satoshi moved from address 0x to address 3x by way of transaction 1001, and the other one did the same by way of transaction 1104.
However, there is no instrumental difference between an address's balance from one transaction and its balance from another transaction, as the behavior of the address is controlled by the private key associated with that address, and two balances belonging to the same address necessarily share the associated private key. I'm not sure what this is supposed to accomplish.
The transaction sequence in your example is not possible. A transaction output can only be used once as an input. To me, the operation would rather look like these three transactions:
100 Satoshi from A1
2 Satoshi to A2
98 Satoshi to Ax
2 Satoshi from A2
1 Satoshi to A3
1 Satoshi to A4
1 Satoshi from A3
1 Satoshi from A4
2 Satoshi to A5
Edit: Sorry I referred to "wallets" in my previous comment. This allows a scenario where the Satoshis are kept in separate transactions all the time. But I'm not interested in those scenarios. I'm talking about scenarios with multiple inputs and outputs. Where you can't say which of the inputs went which way. In this transaction:
1 Satoshi from A1
1 Satoshi from A2
1 Satoshi to A3
1 Satoshi to A4
Yeah, I will 'change' my position on this. Satoshis in a single UTXO that are split are fungible - in your scenario you cannot identify the specific sat: either a1->a3, or a1->a4. This is kind of like 'forward fungibility'. You can however trace the value in satoshi's back from A4 to their coinbase at birth. At best, we introduce a UTXO taint percentage from previous inputs. Its this taint from other, external inputs that break backwards fungibility (due to taint).
So make public the addresses, give out a reward for proof of destination, and then let the cryptohacker community get after it. Kraken is offering $100k, we just need the addresses.
The FBI/private companies have specialized tools for tracking Bitcoins throughout their lifespan. All the data is out in the open so there is no hiding unless he converted to Monero anonymously.
considering Monero could you or someone elaborate on this a bit more? Maybe clarify if I'm misunderstanding something:
1) My understanding is, every transaction in bitcoin is public knowledge forever as part of the forever growing block chain. That is, there is no way to ever remove a transfer.
2) The only anonymity built in bitcoin is to hide your identity with pseudonymity, nobody necessarily knows your bitcoin address you are using. However if you are buying coins with credit card for example from person A and spend those at person B, person A will know that you have just spend that money at person B, and person B will know that you bought the coins from person A.
3) The only way(?) to hide, make the transactions anonymous is via tumbling, that is you send your coins into a huge account outside your control that aggregates maybe millions of $ from thousands of people and then sends them out again into random addresses. Nobody except the provider of the tumble service knows where your money went, making you anonymous, your money untraceable. I assume you want to repeat this process a few times with different tumble services.
Is that correct? I'm no expert. Also with 3) how feasible is that with $130 million? I mean to successfully tumble wouldn't I need at least double the amount probably much much more? How large are the tumbles in services such as bestmixer.io? Also it seems to me that with enough heuristics even tumble services could potentially be traced back, this doesn't seem impossible to me?
1. correct; 2. correct; 3. Kinda but Not quite the only way -- you can convert the values in the coins into another chain, ideally something like monero in which 1. applies, but 2. does not. (Monero uses a different transaction format called RingCT, it hides the true inputs/outputs among decoys and signs the set with a ring sig. It also hides the true amount transacted via Confidential Transaction encoding using a commitment and a range proof). Its much easier to tumble the value when the source/destination and magnitude is obscured.
How feasible to do this with $130 million? Yesterdays trade volume for monero was 75 million (thus actual on chain tx's are much less). So it would take a while to do this without drawing attention. I don't have a lot of faith in pure bitcoin tumblers. Possibly scams or fraud. Im yet to see one that works as expected.
I'm guessing they brute forced into his laptop (or used a windows exploit or something) and opened up the program to find the cold wallet addresses (which is amazing they didn't have elsewhere) and then found them to be empty. Even if they didn't have the private keys, they'd just need the address to discover the balance. Though, the keys were also probably on the laptop.
I don’t know about now, but in the past accessing an account was as easy as resetting the password in safe mode. I have done this numerous times when I worked in IT for people who forgot their passwords. It was such a stupid simple workaround. It wouldn’t surprise me if such workarounds still exist in win 10 and previous.
Maybe there's an exploit with the hardware or operating system that is not known to the standard population, but is known by the government, hardware/OS manufacturer and black hat/white hat crackers.
Based on what I've read, the NSA and other white-hat organizations have access to 0-days or have discovered 0-days that can crack these things but they're not released to the public or if they are, they're released years later.
Why would it? If no one else knows the password, just say it was a weak password (or even that you got lucky). There's $137m missing, so clearly something went wrong - one more mistake wouldn't be hard to believe. Even if it does, does it matter? "There's a vulnerability in <OS>" is not exactly news or useful.
0days are not magic. Stare enough at code and you will find them. E&Y and the other Professional Services companies have a big pentesting team, and they would have made discoveries on their own regarding system security. Any company with a large security / research team would have 0days. What they do with them, (report, sit, burn, etc) is up the organizational and individual ethics of the operator.
Because 0-days are accessible to anyone with money. And Ernst and Young would have a ton of money, and plenty of opportunities where clients would come to them and hire them privately about issues like this.
Coming up with 0-days is moderately hard with your own cracking team. Buying them is an easy thing to do.
Ultimately, that's what 0-days are for in the wider market. You find one and sell it.
Ernst and Young are huge and do a lot of very sophisticated forensic accounting work. If they don't have people in house, they almost certainly have the phone number to someone who does.
The NSA wears two hats, one for each head. [0] The white hat secures government communication, prevents industrial espionage, hardens national infrastructure and collaborates on FIPS and other standards. The black hat eavesdrops on foreign government communication, conducts mass surveillance, hacks national infrastructure and backdoors FIPS and other standards.
0. https://en.wikipedia.org/wiki/National_Security_Agency#Missi...NSA's eavesdropping mission includes radio broadcasting, both from various organizations and individuals, the Internet, telephone calls, and other intercepted forms of communication. Its secure communications mission includes military, diplomatic, and all other sensitive, confidential or secret government communications.[51]
We don't know, but people have been speculating that the death was faked in order to get away with theft and mismanagement of Quadriga wallets. Every new detail seems to suggest a scam and fake death.
The scam conclusion is stronger than, and does not rely on, the fake death one. The combination does seem to be the most likely, but even if he's really dead, this still looks like a scam.
Rumour has it the exchange did this anyway as it was short/long on different coins. They lost a ton of ether in the past, so they may have had to do such switcheroos for a while.
Cant believe the article makes no mention of the other major piece of this conspiracy which is that Michael Patryn, the co-founder of Quadriga, is actually Omar Dhanani, who was charged with one count of conspiracy to transfer identification documents as part of Shadowcrew.com and did 18 months in jail. IMO he is the real mastermind here, as his criminal record shows he was fully capable of hacking Cotten's accounts and was in close enough proximity to his networks to not raise suspicion.
I am curious to know the OS on the laptop that was cracked. macOS, Linux, Windows? I would be surprised if a highly technically founder was running Windows.
Does this indicate there is a known vulnerability in the login process of the OS?
If i was to guess, i would guess that it was Bitlocker vuln, CVE-2018-12037, where the bitlocker crypto implementation is left to the junk SSD 'self encrypting' feature which is found to be broken. I have my doubts they cracked Veracrypt, LUKS or filevault2 with operator supplied keys. Or they got the keys from Microsoft/Apple (filevault2 and bitlocker will escrow the keys to the OS vendor in home editions).
Given that blockchain is supposed to be a public ledger, can someone explain why they cannot trace where the coins were transferred to when they were moved out of the cold wallets?
In my simple world there must be a way to trace them to their ultimate origins?
I would like to have an ELI5 too! I understand that coins could be sent and blurred into a lot of different wallets, etc. but still have trouble understanding how it is so hard to follow, since the money eventually has to be either sent to a bank account or use to buy things.
what does "mixed with other coins" mean exactly? If I own a wallet, and someone steals coins and "mix" their coins with mine in my wallet, they eventually have to get those coins back right? So I probably know them and can found and interrogated?
The problem is that 'coin' is not a useful analogy and it makes things hard to understand. Coins don't exist. Only balances do. What you have is a balance (the number of 'coins'), but coins don't have an identity (as they don't exist). What one can track is the transactions.
So if you send (part of) your balance to another account, that can be seen. If that account sends on a similar amount, that also can be tracked. (Even if you split it between multiple accounts by sending to multiples of them.) The only way you can lose sight of the money if goes to an account that has a (relatively) large number of incoming and outgoing transactions. That can be a person actively paying and earning in BTC (and then you caught whoever stole the money) or a mix. It collects incoming transactions from a large number of addressess (accounts) and then sends these out to a large (but differing) number of other addresses. All you see is constant incoming and outgoing transactions of different values, that add up to (almost) 0 over a long period of time. But you won't be able to correlate them (and no coins exist that could have an identity, just balances).
EDIT: Side note - the way actually BTC works, they don't store your balance (as, I think, ETH does), i.e. the balance of an address (account), only the transactions. The balance can be calculated from the sum of all the transactions for that specific address (incoming ones add, outgoing ones subtract from it).
You can track the money going from the cold storage wallet into an account that the mixer service owns. Say it's 10.000 coins.
The mixer then transfers 37, 185, 205, 1002, and other random amounts to other accounts, which in turn transfers it to other accounts, and at some point they get funneled to one or more accounts owned by the person who originally transferred the money into the mixer.
Couple this with a lot of other people doing the same at the same time for the same mixer service, and you cannot say who owns the coins being transferred between the accounts. It is public what money was transferred back and forth, but without some serious analysis it's practically impossible to track who is likely to own the accounts where the money end up.
So - and thank you for bearing with me on this - individual BTC don't have a unique identifier that allow one to trace its transaction history? I must admit, I always assumed that they were uniquely identifiable.
Yes. In the first place, BTC are divisible to eight decimal places, so there would be a lot of these IDs if they were to exist. And there's no reason the divisibility can't change in the future, so these IDs would have to be quite complicated.
A (non-coinbase) transaction is valid if its inputs equal its outputs, and if its inputs come from the outputs of other transactions, which in turn are valid if their inputs come from other transactions, all the way to one or more coinbase transactions. This is sufficient to demonstrate that the transaction is valid - ie it's using coins that exist instead of creating them from thin air. That is all that the protocol cares about.
Back in 2015 two rogue U.S. Secret Service agents, Shaun Bridges and Carl Mark Force, were caught and sentenced to prison for stealing funds while investigating the first high profile darknet market the Silk Road. Shaun Bridges plead guilty for moving 1,600 bitcoins of seized bitcoins confiscated by federal authorities.
One real problem with cryptocurrencies: the information you need to determine that someone has the key to a blockchain address gives you the power to withdraw funds from that address. You can't just demand that a third party auditor have copies of all the keys.
(Yeah, dual-sig, split keys, etc. Theoretically possible, not done in practice much.)
I believe the scheme lets depositors prove that their own coins were included in the liabilities calculation. If some depositors never check, the exchange could steal their funds, but if it was a regular part of using an exchange, it would put a pretty strict limit on how much could be looted before it was noticed.
Everyone is a fraud. “A previous version of this story incorrectly stated that investigators cracked Cotten's laptop and discovered money was missing. In fact, they have possession of his laptop and identified money was missing through public blockchain records.”
In that case he could just come out with it. My guess is he lost the money either by trading or through pure technical incompetence that resulted in hardware loss or did something to erase it all on accident. Coming out with this would not excuse him from legal consequences as much as it would he be claimed he was hacked.
As far as I'm concerned, if you give your money to some dude on the internet with ZERO oversight or regulation, you're pretty much guaranteed something like this happening at some point. how is this different than giving cash to your cousin's uncle who promises to give it back "whenever you need it"?
Value has a bright future. There will always need to be some means of exchanging it. Fiat currencies fit the current system of a bunch of countries defending their territory and needing to collect taxes.
CEO of Crypto Company...
1) Takes time off to build orphanage in region noted for fake deaths.
2) Subsequently dies unexpectedly.
3) Is immediately cremated.
4) Wife waits a month before saying "oh by the way he is dead"
5) Wife claims all keys on encrypted laptop
6) World watches as wallets mysteriously empty
7) Experts crack laptop
8) All wallets turn up in fact empty
9) $140 million disappears into the ether
https://pbs.twimg.com/media/DOjLuy7VoAATprU.jpg