Hacker News new | past | comments | ask | show | jobs | submit login
Experts cracked laptop of crypto CEO who died with $137M, but the money was gone (businessinsider.com)
649 points by turtlegrids 16 days ago | hide | past | web | favorite | 331 comments



For some reason this sounds like the plot of a movie starring Leonardo DiCaprio.

CEO of Crypto Company...

1) Takes time off to build orphanage in region noted for fake deaths.

2) Subsequently dies unexpectedly.

3) Is immediately cremated.

4) Wife waits a month before saying "oh by the way he is dead"

5) Wife claims all keys on encrypted laptop

6) World watches as wallets mysteriously empty

7) Experts crack laptop

8) All wallets turn up in fact empty

9) $140 million disappears into the ether

https://pbs.twimg.com/media/DOjLuy7VoAATprU.jpg


And the widow is left with just the 17 properties, 2 cars, yacht and plane that he earned through honest hard work.

Another thing you could work into the plot is $9m appears to be with WB21 "Banking Redefined" which claimed a million users but was discovered to only have 135 downloads of its app (now removed), is run by a convicted fraudster and was awarded "Global Banker Award 2018" in a black tie ceremony that they seem to have set up themselves to give themselves the award (https://www.youtube.com/watch?v=JbKMdhpwbaw). They are still going I think if you are looking for a safe place to put your money. https://amycastor.com/2019/03/01/diving-into-wb21-the-compan...


That "award" ceremony video is both surreal and ridiculously cringe-inducing at the same time. It wouldn't surprise me if he actually felt like he had "achieved" something when he gave himself that award, either.

It was like you were watching his fantasy of what people would say about him if he was a productive member of society instead of a criminal and fraud.


FWIW, this is only marginally worse than your standard 'industry award' in that he had the nerve to give it to himself. Pretty much every industry has a boatload of meaningless awards. It is done largely for marketing and for 'social engineering'[1]. It is cheap (both in cost and tact) but effective.

[1] Curries favor with the awardees, creates an 'in group' etc...


Feynman spoke at length on the shallowness of awards.

>epaulets, uniform, position: it has nothing to do with something intrinsic of that person.


I see someone that listened to Hidden Brain last week!

https://www.npr.org/2019/02/25/697641324/better-than-cash-ho...


When you have the chance to fulfill your childhood wet dreams fantasy you go for it. Those fake claps, the huge bouquet, beautiful ladies...


Placebos work even when you tell people they’re placebos.

I’m sure he went to bed proud pulling all that off. It still looks like a lot of work.


why is this strange. that's what they do all the time with tech giants who die :D how some awkward old videos and rejoice that they took everyones money for hardly any effort :D


> black tie ceremony

OMG that trophy is indistinguishable from any other tacky chunk of lucite that, say, a particularly motivated carpet distributor might earn as a sales award.

Not to insult carpet distributors, whose work with tangible goods is worth at minimum 500x more than what any fintech slob contributes to the world.


Assuming their contribution is even positive


The applause echoes so tellingly in the mostly empty room..


It also fades in rather than starting. They took a longer applause clip and started in the middle. As someone with a lot of audio production experience, this stuck out to me immediately. So either they used stock audio or there was an edit they didn't hide properly (or both).


Looked like those hilarious techniques taken from street magic to pull off the illusion.


Sounds like typical stuff for the cryptocurrency world.


Or perhaps “widow”


Perhaps seems pretty accurate yes


DiCaprio? This whole affair has been at best a Weekend at Bernie's-level plot. The accounts were emptied 8 months before the death, and yet QCX pretended they were solvent the whole time so they could keep the party going.


In the sequel his ghost solves blocks when you play a latin rhythm and two young/broke computer enthusiasts who moved to Puerto Rico to make it big are the only ones who can see him because they smoked weed that grew in soil mixed with his ashes.


They should make that one first, because unlike the documentary I'd actually pay to see it.


Harold & Kumar go Crypto


Buy FyreCoin


The white paper says it's personally backed by Ja Rule and Blink 182.


This is one of the best comments I've ever seen on HN, oh my god this movie would be awesome!


This is both one of the dumbest and most upvoted things I've ever posted to HN. I mean, I think it's funny.... but the reasons I think it's funny make me really sad and all the internet points makes me sadder.


How High: Blockchain Edition


Would legit watch this movie.


This is an unnecessary takedown of Weekend at Bernie's.


DiCaprio? This whole affair has been at best a Weekend at Bernie's-level plot.

I think it would be best done with the production values of "Catch Me If You Can."


Crypto me outside


The Great Gatsby...


More like Basketball Diaries....a bunch of junkies using and abusing


Perhaps blockchains’ lasting impact will be as an overused plot device in future period pieces set in the early 21st century.


And making blockchain to SQL Server migration consultants wealthy too.


Not enough working blockchain implementations for this to exist.

I wonder what all the white paper consultants are doing now that their profession is over?

Probably working on a cannabis company.


We would have believed postgres, but that's just far-fetched.


Blockchain to CSV, realistically.


This is an enterprise solution. Oracle is even better.


cosmos db is where it is at


I can't believe y'all aren't taking advantage of using MongoDB's data loss feature as an opportunity here in true HN taste.


Chekhov’s Database: if a No-SQL DB is referred to in passing, it is inevitable that it will fail to persist at the most inconvenient time.


Wouldn’t it be SQL Server to blockchain migration consultants that are getting the wealth as opposed to the other way around?


Ah yes, because blockchain data structures are completely useless...


Extravagant is the word I’d use. You can store crypto sigs in a varchar(max)


Isn't blockchain/cryptocurrency popular enough that it should be in summer blockbusters / James Bond / Avengers movies alreadh?



wow literally no fiction, either documentaries or theorycrafting


IMDB's search is limited to titles, and the trend is still relatively new.

A search of synopses and/or other elements might produce something closer to the original request, though I'm not aware of a good resource for this.

The fact that there are multiple extant and in-production projects does suggest some general interest, though.


Plot twist:

10) The CEO was really an actor... hired by the "wife", who masterminded the whole thing

Alternative plot twist:

10b) Both the CEO and wife are hired actors. The head of the orphanage was the mastermind


SCP Twist: the orphanage itself was the mastermind; it manifests when a blockchain fintech startup launches and exists solely to de-materialise the founders and redistribute crypto funds. The children of the orphanage are yet to be identified, though it is speculated that they are the disappeared fintech founders.


Plot twist: the adoption of the orphans is in fact the canonical blockchain transaction and the recent slowdown in verifications is due to a lack of orphans. This need for more orphans is the fuel for global warfare ultimately turning the purpose of humanity into that of being slave to the blockchain.


This sounds like something Kojima would write for another Metal Gear game.


More plot twist - (taken from cbc article) "Government records also reveal that Robertson (wife of Gerald Cotten) has used three family names.

Deeds for properties she bought in 2016 show she was once known as Jennifer Forgeron. On Dec. 1, 2016, Nova Scotia's Royal Gazette announced she was changing her name from Jennifer Kathleen Margaret Griffith to her current name, Jennifer Kathleen Margaret Robertson."

https://www.cbc.ca/news/canada/nova-scotia/quadrigacx-nova-s...


Forgeron? Who uses that as a fake name?


Sounds like a succession of "almost bad" names: "Robertson" (robber), "Griffith" (grifter/grifteth?), "Forgeron" (forger)


Aha, so it's like one of those movie plots where the villain thinks they're so much smarter than everybody else, they just have to drop hints everywhere.


> The head of the orphanage was the mastermind

The orphans are the mastermind. The headmaster was nothing more than two kids in a suit. They're all on a beach sipping capri sun playing nintendo switch.


They had a long day at the business factory, and just want to relax and watch R-rated movies for a while.


Hey look it's uhhh.... Vincent ... um... Adultman!


And he would have gotten away with it too, if it weren't for us meddling kids...


> region noted for fake deaths

There is a place that is known for this specifically? Where can I read more about this?


Google for "fake death mafia". You can add in the name of the CEO if you like, but for me articles about his "death" are already the top hits


Google for "fake death mafia" returns a bunch of articles that talk about this death, and conveniently have the phrase "in a region known for fake deaths".

I don't understand how that becomes a reference point for any region being known for fake deaths. The search results in fact make it look like someone used his death to slander a whole region.


The region became known for fake deaths when the news started implying that it was known for fake deaths. That's how facts are born.


>That's how facts are born.

I mean WOW. In just a few words you manage to describe one of the biggest problem we have today. Luckily Most of the HN crowds are not interested in the "Answer", but why it is the answer. And whether the why was plausible.


That's how business opportunities are born!


Next step: Google "fake death philippines" - at least for me that brought up a telegraph article [1] which explains a bit more.

[1] https://www.telegraph.co.uk/travel/destinations/asia/philipp...


There are several documentaries on YouTube exploring how easy it is to fake death certificates in, say, Delhi. Search for ‘quacks’


Before YouTube/cruptocurrency got big, Delhi was known for its counterfeit industry for winning "first to invent" patent fights.

There are companies that have stocks of decades or century-old paper that they use to forge aged government documents. I can't find a link to a story at the moment :-(


Can we crowdfund some patent troll busting? Or take down Amazon's stupid one-click patent. Preferably using proof written on an 1800s parchment with quill ink.


Amazon's one click patent expired a couple of years ago.


Got more on that?


didn't initially get in hits for that search term that were relevant, what am I looking for?



Google for "fake death mafia"


I didn't find much besides talk of the CEO, and your comment (which is the 4th result).


> Where can I read more about this?

What is the average life expectancy there?


Love the "into the ether" pun


"A previous version of this story incorrectly stated that investigators cracked Cotten's laptop and discovered money was missing. In fact, they have possession of his laptop and identified money was missing through public blockchain records."

That will be a much less exciting scene in the movie. Itll be some dramatized "people around a computer watching traceroute"


It's the wife with the chandelier in the library


Seriously. This is a next-level conspiracy unfolding.


> 6) World watches as wallets mysteriously empty

I missed this. Are there transactions showing the money moving from the cold storage address(es) after his (alleged) death?


Great summary, thanks, that was genuinely helpful.


My take on this is that they probably were insolvent for a long time already due to previous hacks/theft. The CEO just decided to lie about the supposedly 137M in funds 'safely' stored on his laptop.

This is also what happened at MtGox, except that at MtGox they 'lost' wel over a million BTC.

Edit: relevant listening: https://darknetdiaries.com/episode/9/


And this is the problem. These guys are not regulated. There is no transparency. There are no external auditors. There is no control. When we find out, it is always too late. Every "cryptocurrency bank" is a potential Enron. I fear both the involvement of Central Banks and at the same time the lack of it.

If EY (or anyone else serious about this) 'follows the money' then that would be a very interesting report to read.


> These guys are not regulated. There is no transparency. There are no external auditors. There is no control.

But that's a feature, not a bug, at least according to the crypto people. But, so far, all they have managed to do is rediscover lessons about the need for regulation, oversight and accountability that the financial industry has learnt decades or even centuries ago.


> > These guys are not regulated. There is no transparency. There are no external auditors. There is no control.

> But that's a feature, not a bug, at least according to the crypto people. But, so far, all they have managed to do is rediscover lessons about the need for regulation, oversight and accountability that the financial industry has learnt decades or even centuries ago.

I feel this is only true for people who have not truly embraced the decentralized aspect of cryptocurrency. For example, many people leave all of their money in one wallet. Centralization. Many people use only one exchange for converting fiat to crypto. Centralization. The harder you look, the more you will find that the only people upset about the state of cryptocurrencies are those that did not diversify and instead reverted to a concept squarely against the cryptocurrency ethos.

Thus is human nature. Who wants to manage 30,000 wallets each containing only a few dollars? The supporting tooling is not there (or is not easy enough to use) and thus we see this recurrent user pattern.


Yes, cryptocurrency can't fail, it can only be failed.

If 99.9% of people are using a technology "wrong", then I would suggest it's bad technology. If we aren't making a technology with actual users in mind, then we're just doing some sort of high-concept performance art.


I think this and the chain that follows is the conversation to be had.

It can be done but there is a meeting in the middle from many sides.

I believe it centers around the simple laws of thermodynamics, the path of least resistance will be taken.

Tools are coming out to make development easier, tools are coming out to make consumption easier.

Think about computing and how much has changed, been misunderstood, and misstated, and flipped on its head in the past thirty years. The ease and accessibility is still being pushed.

This will too.


So you can truly gain the benefits of crypto if you make your life as inconvenient as a drug dealer stashing wads of bills in random locations to dodge taxes?

I hope people who do this have either a great memory or a great filing system.


Compare that to ten years into what banking was.

The spreadsheets, math tables, the manual toil...you aren't looking at it realistically. Things don't just pop into existence perfectly but iterate into a local and idealistically global minimum from the reality of what people want and need, not what devs and larger organizations think they want and need.


30,000 wallets using 30,000 independent methods of encryption, else you crack one, you cracked many. It's clearly not practical or achievable for any human being.


Yeah, if only there was a tool for managing 30,000 wallets in a centralized way, then it would be more obvious why decentralization makes the need for regulation moot.


ah, but then they'd be fools for just using one tool. Against the ethos! You need 30,000 tools, obviously.


You think you're safe with your 30,000 tools -- yet all of your crypto funds are in bitcoin? Centraliser. I spread my wealth across 30,000 different currencies.


You're forgetting. All these are cryptocurrencies. You need to have more than that. I own 30,000 different kinds of assets. Stocks, bonds, crypto, I even own all of the funds. You're suffering from way too much centralization.


Are y'all still keeping all your assets on only one planet? Wow, that's risky.


-- skipping a few steps --

Confined to only three dimensions? Pfft.


Your assets are only in regular matter?

Get on my level kid...


Exchanges are more useful when many users use them. By necessity, this needs to be centralized. Can't buy when there are no sellers.


By “needs to be centralized”, you really mean something like “needs to be strongly connected”.


Because blockchain is a slow append/overwrite-only consensus database. It does nothing to provide trust. It's also too mechanical for how humans actual deal with each other.


Who are the cryptocurrency people advocating against regulation, but rediscovering lessons about the need for regulation?

Have you met any of those people? Do they actually exist or are you imagining them?


It's comical.


Considering 2008, what's the point of those lessons? Might as well save a few tax dollars on "regulators".


The banking crisis happened in large part due to lack of regulation, not because of them.


I'm not sure. I'd say the banking crisis was catalyzed by the lack of regulation, but it was going to happen anyways. The whole thing was largely a result of political pressure to create incentives for a home ownership society, and, if you go deeper, a result of political pressure fostering a growth-at-all-costs economic system that will periodically hit societal resource and efficiency limits, regulations be damned.


Not really. The GFC was a financial/banking crisis There is nothing in "growth at any cost" style "capitalism" that means banks must all collapse together in a coordinated swan dive, like in 2008.

That sort of system will collapse, but not necessarily the banks.

There is no law of nature that says we have to use free to fuck anybody capitalism run rampant over all. It is a choice.

I think it is time we made a different choice!


The current brand of capitalism is not "free to fuck anybody", it's actually worse, it's "target the poor". Neoliberal economists specifically call for stealing from workers:

https://krugman.blogs.nytimes.com/2010/02/13/the-case-for-hi...

> even in the long run, it’s really, really hard to cut nominal wages. Yet when you have very low inflation, getting relative wages right would require that a significant number of workers take wage cuts. So having a somewhat higher inflation rate would lead to lower unemployment, not just temporarily, but on a sustained basis.

Shorter: we create an economic policy to cheat workers out of the take home value of their earnings to make management easier and post favorable employment metrics for political leaders.

That "growth at all costs" policy, which, by the way is not inherently a free market policy, exists to short shrift the labor class by means of a compounding treadmill that most will fall off.


The point is that relative wages need to be adjusted as the value of jobs changes over time. Some work that was very valuable in the past might have low demand now. If wages are sticky then jobs where value drops faster than inflation will simply go away. That's not necessarily the best outcome if the employee could have coped with a pay cut.

High inflation does not imply that real wages shrink on average.


>High inflation does not imply that real wages shrink on average.

Certainly not! Inflation is great for the privileged, because it forces the hoi polloi into investment schemes to protect their assets from inflation, which disproportionately help finance the business adventures of the privileged (e.g. stocks, bonds).

Thus the average real wage will get higher as a few select individuals get huge astronomical wages.


I wonder if this isn't the US trying to solve its inability to work with Labor using inadequate macro tools. In workplaces where workers have a voice in management, like my country's Volkswagen plant, pay cuts seem possible to implement.


I’ve seen several people in the industry claim that Basel encouraged many of the problems. I don’t know enough about banking to say whether that’s true or not.


how many depositors lost money in the financial crisis?


In the UK and Netherlands plenty due to icesave AFAIK [1]. I'm not sure if deposits over the protected amount were ever paid back.

//edit - looks like they were by the UK and NL governments.

1. https://en.m.wikipedia.org/wiki/Icesave_dispute


These guys are not regulated. There is no transparency. There are no external auditors. There is no control. When we find out, it is always too late. Every "cryptocurrency bank" is a potential Enron.

I think Enron actually had more transparency, and did more good in the world than the failed cryptocurrency companies. I've worked on two pieces of software that originated in Enron, which I believe are still used in production today. I think Enron participated in the invention of weather derivatives.

(No, I have never worked for Enron.)


This would seem to be a private problem. If people choose to park their money with a non-transparent, unaudited random crypto startup, that's their decision and their problem. I'm not interested in paying for "regulators" in such cases.


Not really. It's a private problem only if it stays within the confines of the participants. But when it reaches a scale like this, the harm is wider.

I think the most important societal issue is that it damages investor and consumer confidence.

As a parallel, consider food regulation. When I go into a store or restaurant, the food I buy is very likely to be safe, because there are a lot of regulators making sure it happens. If they weren't operating, then I'd have to exert a lot more effort to make sure that each thing I eat is safe. Not only would this be a giant waste of effort, but it would significantly reduce the opportunity for innovation and cost reduction, because people would be reluctant to try new products and new restaurants.

Market confidence is even more important for finance, because it's much harder for individuals to know if a given company is really working. It would be a huge problem for society if everybody went back to keeping their money in mattresses and physically moving it everywhere.


And what if the startup fakes transparency and audits? How far down the stack of turtles do you want to climb?


And this is why cryoto is unlikely to go mainstream. Because the market for people who are willing to put up with the risks of unregulated banking are too small a minority to be worth it.


>I'm not interested in paying for "regulators" in such cases.

You shouldn't have to pay a penny, the industry should be taxed so that the regulation is self-funded.


For the "invisible hand of the market" to lead to optimal outcomes, decisions need to be made by "rational actors" using "perfect information." It's right there, in the original text!

We can't legislate about "rational actors," but we CAN and SHOULD legislate about "perfect information." Any information hiding is essentially fraud or theft from the rest of the market, because it creates an information asymmetry distortion.

We could for example say that registered companies don't get company benefits (protection of owners from bankruptcy and protection of board from personal liability and such) unless they continually and regularly publish the full (even unaudited) books, not just the occasional brief filings we require now. That would benefit everybody in the market, except those who thrive on fraud and information asymmetry.


You don’t need to pay regulators, you just need to make people able to sue for damages or charge crypto purveyors with fraud. It’s manifestly clear that the majority of these are just pyramid scams.


"Sue later" is not a solution when the money is already gone. That might be ok when facing an industrial company that has plenty of physical assets that could be sold off under bankruptcy, but finance leaves nothing if it fails.


If they published the wallets everyone would be able to audit how much they have in trust. Its a lot more detail than you'd ever have with your traditional broker.


Is it a problem though.

The risks of not using your own cold storage is real. The ability to store your own is outlined by numerous tutorials, explanations.

Nobody is crying for those who sent money to the nigerian prince, I don't think we should cry for anyone here either.

These player are smart enough to know most folks are uneducated on the topic and can be readily swindled by players looking and talking the part.

This happens every day in so many realms outside of blockchain; the opportunity for transparency, the lack of sympathy or control to help those with a lack of understanding, there are certain elements here that can change an environment that is so aggressively finance driven. This is the hope, something different.

The regulation, the trickery, etc it all gets sorted in time to a level we choose to accept. The question is if the potential for change is worth putting up with it until then.


Though if crypto funds are stolen from cold storage due to hack ortheft, there is nothing to do, even if you are regulated. When crypto transfer is done, there is no way to reverse it. Regulation might help to enforce best practices to prevent theft, but it wouldn't help to recover funds if theft happens.


There are decent ways for exchanges to prove they are solvent without revealing details [1]. It's just that very few of them take the effort to set up the system. If you want decent privacy, it also depends on creditors checking their credit was properly committed.

[1] https://eprint.iacr.org/2015/1008.pdf


Yes the features of a fiat currency


Yup, crypto lesson in hard way


The Central Bank isn't regulated, isn't transparent and certainly doesn't have any external auditors either. I don't think you understand how cryptocurrencies, central banks and regulations work. Also, regulations doesn't protect against hacks or theft or shady practices.



The US federal reserve is audited by a private firm hired by the board. They are not audited by a government regulatory body.


Do you have a source for any of this? Because my career as a securities regulation & banking attorney tells me the truth is actually the exact opposite of literally everything you’ve asserted.


The source is Ron Paul


> Every "cryptocurrency bank" is a potential Enron.

Yeah, these institutions are antithetical to the whole cryptocurrency model. Regulation isn't necessary, education would suffice. The public is not yet ready for this paradigm, and perhaps never will be, but I'm hopeful.


Kraken had like a two hour podcast coming to much the same conclusion as the most probable explanation https://www.youtube.com/watch?v=QB0OQae4fWo

It seems the problems may have started with a software screw up, leaving the "0x" off the ether address. https://www.reddit.com/r/ethereum/comments/6ettq5/statement_...

which lost them I think 67,317 ETH permanently. Ah the wonders of cryptocurrency. https://www.reddit.com/r/ethereum/comments/6er78h/warning_do...


I’m a bit sympathetic to their loss.

They were supposed to use 0x notation for a particular hex value, but the software always worked without it.

Then some tiny x.x.1 patch upgrade changed the functionality, now requiring the 0x, without documenting the change.


It's scary that with crypto such things can make it so hard to get your money back. I know there was talk of fixing it with a fork to the Ethereum chain one day. Not sure what happened there.


They did that once. I guess this exchange didn’t have enough pull to change the whole “code is law” principle.


> at MtGox they 'lost' wel over a million BTC.

The initial report was 850 000 lost BTC which later was brought down to 650 000. Scroll to the end of https://www.mtgox.com/img/pdf/20140320-btc-announce.pdf


Before/after the 850k/650k hack there were numerous other hacks, the total number of stolen BTC is still not clear, new proof of other hacks is still being discovered.

Apparently Karpeles also found a 'forgotten' wallet of 200k BTC, which he still seems to own. It's a mess.


No, the found wallet is under the control of the trustee overseeing the bankruptcy of MtGox. We know this for certain because he sold 35,000BTC when BTC was around 10,000USD, ensuring the creditors will get their full investment back.

Doesn't make us whole of course, but it is nice.


What a beautiful swindle. People who got creamed in the MtGox pyramid collapse where made almost whole by a next generation of suckers who lost 65% of their BTC's value in the bubble.


I lost some 2010 BTC (trading at ~$30) in the MtGox failure, and then missed the window to make a claim. Harsh.


Did you miss the second claim window as well? We got the trustee to change the bankruptcy format, and it reopened the claim window until I think November. Did you not get any emails about the claims?


Everything I used to buy the BTC was anonymized (cash deposit, throwaway email address). I have all my MtGox login information but can't access the email address I used to verify anything. Any way I can still file a claim?


I think you're too late, but you can make an account here and ask: forum.mtgoxlegal.com

It's a forum organized by creditors who together pay for a lawyer and an activist to represent us in the bankruptcy.


But it was trading at around $600 during the MtGox meltdown. Are you thinking of the first MtGox crash (June 2011) that they recovered from?


I think he means he bought them when they where $30, so he would have made some nice gains.


Tinco is correct, I bought before the MtGox crash at around $30 but used them as my exchange to do the trade, and never pulled them into a wallet.


Darknet Diaries is such a good podcast. I've been working through it recently and this is the next episode I'm up to. Can't wait.


Yes, insolvent meaning owned more than their cash on hand.

That didn't mean there wasn't some funds left over. But when someone is the position where they've taken someone's money and only have some left, leaving with the rest inherently looks better than staying and being broke and guilty.

Adds an extra nuance to "wake up, time to die"


Insolvent sounds right, but wouldn't you have, say $10M or so, reserved for the getaway? Once it's that low, the jig is up, so you may as well abscond with the last bit.


Why is nobody talking about the convicted felon, Omar Dhanani aka Michael Patryn, who is a co-founder and majority shareholder of Quadriga?

Dhanani is very much alive, and is known to have been involved in money laundering schemes. If I were an investigator in this case, that is the first door I would go knocking at.


Not only that but Michael Patryn turned out to be MikeXBT a known frequent poster on /r/bitcoinmarkets often bragging about and showing proof of his big market moving trades on Bitmex...likely with QuadrigaCX customers' money. It's like something from a movie.


What the hell?! Where did you get that info from?



I get the tech around crypto is interesting, but if your whole space is inhabited with such people, isn't it time for you to wonder if something's wrong?


Unregulated financial markets draw crooks like moths to a flame. Forex used to be just as bad.

I wonder if there's anything to be learned from this? Perhaps deregulating markets driven by greed, margin, and leverage is a bad idea? LeT tHe FrEe mArKeT DeciDe?


Here you go: https://www.theglobeandmail.com/business/article-quadriga-co...

But believed to be a minority shareholder, not majority.


Super obnoxious paywall. You can grab the content by doing a quick Apple+A, Apple+C.

https://pastebin.com/572stP0A


Yeah it's so obvious, that I'm sure that is the first door they knocked on, and continue to monitor.

If he's got the cash, he's probably not spending it or acting like he's got it to the point that it ruled him out as a suspect.


I'm not convinced of the first half of the headline re laptop cracking.

The article cites the latest monitor report, but the only paragraph I can find with the word laptop just implies the monitor has possession and success with some devices.

""" As noted in the First Report, known devices of Mr. Gerry Cotten have been secured by the Monitor including, Mr. Cotten’s laptops, cellphones, USB keys and home computer. The Monitor understands that prior to the commencement of the CCAA Proceedings, the Applicants together with their initial outside expert, attempted to access the devices and were successful in respect of certain devices. The Monitor will work with the Applicants and Representative Counsel to determine next steps to access any information and data which may be located on the devices and report back to the Court with respect to those efforts. """


It may not matter much.

There’s no evidence that a cold wallet with much of anything even exists.

But the devices may hold some records of external accounts (eg: deposits on other exchanges).


r/Bitcoin basically agrees with you and thinks it's clickbait:

https://www.reddit.com/r/Bitcoin/comments/ay34gc/experts_fin...


> The investigators said they found other issues too, such as that Quadriga kept "limited books and records" and never reported its financials.

New SaaS idea: Skin Lotus 1-2-3 and sell it as a "decentralized on-premise bookkeeping solution for your blockchain"


>decentralized >on-site

you made my day


I should have added "serverless" as well, come to think of it!


Blockchains are already a decentralized ledger and it's a bit more than just a re-skin given eventual but not necessarily immediate consistency. Presumably the missing books, records and financials consisted of the more mundane sort that regular Lotus 1-2-3 could have helped these embezzlers, were they not embezzlers.


This article is innaccurate.

Here is the tracking by Ernst & Young (court-appointed) providing all the public information about these developments. The latest report on 1 March 2019 mentions nothing about a cracked laptop.

https://documentcentre.eycan.com/Pages/Main.aspx?SID=1445


There's nothing wrong with the article. The March Report merely says they were able to recover the cold storage wallets and discovered they were empty; it doesn't go into how they got access to those wallets since that isn't relevant to the report.

Per the company and prior news reporting, those cold storage wallets discussed in the March Report were only stored on the owner's laptop, which was previously inaccessible due to various security mechanisms. (Reports suggested that the laptop was "locked" but did not indicate whether it was boot-locked or locked via the Windows mechanisms.) The fact that they were able to access those wallets means they "cracked" the security measures on that laptop.


>The fact that they were able to access those wallets means they "cracked" the security measures on that laptop

Incorrect. Experts were able to trace funds back to the cold storage wallets addresses using analysis. But the private keys have not been located and no, the laptop has not been "cracked".


Yup: "The Monitor has commenced a preliminary review of the transactional activity of the Identified Bitcoin Cold Wallets utilizing public blockchain records. This analysis..."


randomly clicked around there and saw the following about E&Y being ordered to post

"a copy of the Order on www.reddit.com/r/quadrigacx"

https://documentcentre.eycan.com/eycm_library/Quadriga%20Fin... p.10

i thought it's interesting how a third party, reddit, is used in such an official way. the other two channels to be posted on are E&Ys website and quadriga website


The headline and article are both misleading. EY never reported they cracked the encryption on the laptop or recovered any private keys to the so-called cold wallets.

Six empty cold wallet addresses were disclosed by Quadriga, and for the most part they look to have been unused for the last year. EY is investigating some other potential addresses which are also empty.

Source: https://documentcentre.eycan.com/eycm_library/Quadriga%20Fin...


People might complain about banks, but when you have cases of fraud at least you have people try to recover it. Government makes you keep pretty good records. In this case how do you undo the blockchain? In this case what recourse do you have.


blockchain != exchanges holding your private keys


My point is even if someone has your password there are legal routes where you can go recover your money. The bank will then do that. The blockchain is distributed. Who do you go complain to?


That's the whole point of the blockchain. Your money is sovereign. There is nobody to call when it gets stolen, but this also means that no government or bank or agency can take your money or prevent you from being paid (see Visa/Mastercard vs Wikileaks etc)


There are governments that can knock you over the head and take your wallet right after you unlock it.


They can only do that if they know who you are.

So make sure that they don't!


Oh they already know who you are. Too late to fight that fight


Of course they know my meatspace identity.

And maybe someone knows that Mirimir is meatspace me.

But Mirimir is only a semi-anonymous persona. And I don't count on being anonymous as Mirimir.

However, I've had thousands of other personas, over the years. Mostly all using some mix of nested VPN chains and Tor. Some using Mixmaster remailers as well. Many I only used for a few days, or maybe for a month.

I doubt that anyone knows all of the connections. Or even enough to trouble me substantially.


Not true, an entity with control of >50% of the pool can. I thought such a pool exists


Even with 100% of hashpower you can't steal anyone's money


You can stop them from ever spending it. You can't take it from someone, but you can stop them from using it - I doubt most people would consider that much of a difference (they still suffer the loss).


This is true if you consistently have control at every relevant point in the future, but if a malicious entity gets control for a month and then loses it to the crowd again you can spend your old funds. That's one difference. Another is that the transaction log can theoretically be moved to a new chain if some part of the crowd desires (and has been), so if a proprietary ASIC manufacturer takes control the community, or some part of it, could move to a different hashing algorithm that isn't yet targeted by ASICs, and you could spend the funds on that chain. In either scenario you've probably lost value, but not all value as originally suggested.


Can you at least explain why you think with 51% pool control you can’t double spend ? It seems while not trivial you can approve and reject transactions/ mining as you see fit


You can just threaten to reverse any transaction they ever make.


I think double spend coins as well, but don't quote me.


You can't double spend -- you would need to generate 2 conflicting tx's with the private key. Only the person that holds the money can attempt a double spend, the miners only process and include (or exclude) transactions.


You complain to the insurance company that the exchange uses.

This is how banks deal with the potential for loosing money too, except they have a mixture of private insurance, SROs insurance and state insurance. These things added confidence to their market, centralized crypto services do this too. QuadrigaCX did not.


The bank/exchange/etc that was entrusted to protect your dollars/bitcoin/etc. FDIC insurance is indexed to dollars but insures the value of your deposits. If someone robs a bank there is no way to reverse the robbery by invalidating the physical assets they stole be it cash, gold, bitcoin keys etc. This is not a problem most cryprocurrenties propose to solve.


actually, the entire point of blockchain is that the ledger is public. every movement of each and every bitcoin is public and can be tracked. it just takes time to analyze.


Even if that were so, it would not be sufficient for restitution, but bitcoins and satoshi are just abstractions and do not have individual identity, and cannot, in general, be individually tracked.


Its public, but you can't reverse it.


This is BS... the money cannot be "gone"... what do they mean by that? There is a public ledger. We would know and can trace where this money went to. Do they mean the wallet was not on the laptop instead?


Nobody has been able to identify any cold wallets with any significant deposits.

This should have been easily found by analyzing user deposits and withdrawals, but so far, nada.


Then it's not "stolen", it's "never existed".


The customer deposits certainly existed somewhere, even if a single cold wallet holding $137M in BTC didn't.


Though it is possible there are some withdrawals that weren’t backed by any deposits.

You don’t need to steal a wallet if you can update your account balance and then do formal withdrawals through the front-end.


The cold wallet was empty.

Some other accounts on that exchange were set up "outside process", and it's not sure who owns those accounts.

https://www.bbc.co.uk/news/technology-47454528


If the keys are lost, the money is for all intents and purposes gone.


If it's all gambled away on the crypto markets (quite likely to have happened), then it's just as gone as if on a lost address, only that some entirely unrelated market actors happened to get (temporarily) richer in the process.


But you can still track history of any coin existed.

If somebody know wallet ids of money before they were stolen, you can trace transactions to see what wallet ids they are in now.

If they say "stolen", it means that they found transactions when money were transferred from victim's wallet. And if they know transactions, then they know source and destination wallet ids.


This is close enough to true for the purposes of this discussion, but in the general case you can only reliably track the flow of funds in aggregate, not the flow of any individual "coin." If addresses A and B send equal amounts of coins to C, C sends all of those coins to D, and D sends half of them to E, you can't really track the coins from A to E or from B to E. The transaction from C to D results in a single output that doesn't distinguish between funds from A and funds from B.


You track D and E. At scale, there surely are consistent patterns.


Yes, but my example was contrived for simplicity, and really D can make a transaction with an arbitrary number of inputs and outputs sent to and from an arbitrary number of addresses belonging to an arbitrary number of users. This is what bitcoin mixers do. Now we have a bunch of inputs coming in, and a bunch of evenly sized outputs coming out (with some unevenly sized ones for change). You can still probabilistically track funds if a user did something like putting coins from D into a big mixing transaction with other users and then sending their mixed coins from address F though I to a single address J that just so happens to have the same balance D started with, and of course there are less contrived situations where patterns of behavior would be evident, but this is all probabilistic and you still aren't really tracking individual coins; discrete coins aren't stored on the blockchain, transactions with input and output balances are. If the missing funds are tracked, and this whole affair was the result of malevolence rather than incompetence, I'd bet they're either sitting in a bunch of tiny accounts that have been cycled through mixers more than once or they're going to be before they're spent (having faked your own death, you could see holding off on the mixer until you've had ample time to cover your trail thus giving the appearance of incompetence rather than malevolence for a while).


it's a feature of the blockchain that you can track each and every transaction.


You can't track the off-chain stuff, though.

Plenty of coin movements in an exchange aren't going to make it onto the chain. If I sell on Coinbase and someone else on Coinbase buys it, there's no reason for Coinbase to incur fees to publish that to everyone; they can just shuffle money around on paper.


This reminds me of how chit fund scams worked in India in the 80s.

Often people in the same family(cousins etc) would invest. Always in a fashion, where one of them owed money to the fund, and the other was owed.

If the fund went underwater, they would just go to the chit fund office, and do what was called book adjustment. Basically the fund would not give anything or take anything. On paper it would appear as fund gave money to one cousin, and took from another. In reality the cousin who was supposed to get money from the fund, would get the money from his cousin. And the fund, would mark in his ledger as the debt was paid.

This way people didn't make losses.


This guy is alive (or dead, but not due to Crohn's Disease complications, as stated initially). This is not a conspiracy theory anymore. It's clear there's a massive fraud behind all these events.


As a mod for r/CrohnsDisease, it really sucks that this is how most people are first hearing about the disease. Those with IBD already have a difficult time with people not believing they’re sick or that symptoms aren’t that bad since they’re not visible. Now Crohn’s will be associated with this fool using it as an excuse to steal a bunch of money... such a huge disappointment.


I really doubt that this is how most people are first hearing of Crohn's disease.


Most people think it’s just a stomach ache or diarrhea. They don’t realize how severe and debilitating it can actually be because most people who have it don’t like to broadcast to the world that they’re shitting blood and mucus 30x a day.


> Those with IBD already have a difficult time with people not believing they’re sick or that symptoms aren’t that bad

That's surprising and sad to hear. I have a close friend with Crohn's who is always very stoic even when he's obviously feeling miserable. But I can't imagine people downplaying such a dreadful disease.


For rare diseases there is no such thing as bad publicity. This might even lead to someone with IBD being curious enough to get checked out.


It's not that rare, especially when viewed as a subtype of overall IBD. All in all Autoimmune diseases affect between 20 and 50 million people in the US alone


Anyone who knows anyone with Crohn's or Colitis won't. This guy used an excuse. He could have used any excuse. The shit people with Crohn's and Colitis have to deal with is terrible. I wouldn't wish it on my worst enemy.


TIL that IBD can mean Inflammatory Bowel Diseases as well as Initial Block Download.


I can empathise with this. I dated someone with IBD and had many sleepless nights when I found out the ambulance was on its way.

Invisible illness is terrible.


You can still commit fraud and die of Crohn's Disease. I'd still call this a conspiracy theory (I'll also say that "conspiracy theory" doesn't mean untrue, though we tend to use it as a substitute for "crack pot"). But to quote Sagan "Extraordinary claims require extraordinary evidence."

I do agree with this part:

> It's clear there's a massive fraud

But that doesn't mean he's alive or that there was a coverup in his death.


Definitely still a conspiracy theory. But I think that all the circumstances bring it out if range of "crackpot".

A will being created right before the trip also adds to the suspicions.


Wasn’t the trip his honeymoon? Will creation at marriage is not suspicious


[flagged]


Pretending to die is an extraordinarily rare occurrence, yes.


Having incentives worth $137M is a rare circumstance. In that circumstance, such an occurrence would be less rare.


Maybe I don't know much about bitcoin, but can't you track the address where the bitcoins were being transferred to? Seems like it would be difficult to launder that volume of bitcoin all anonymously where it can be tracked, to a certain extent, through the public blockchain?


There are bitcoin tumblers, essentially the idea is to split up the transaction into multiple transactions of varying sizes to various addresses and to keep doing that in such a way that it doesn't look weird...

Basically they try to hide the transaction among the huge volume of transactions going on, kinda like a VPN or Tor?


1. If the coins were moved through tumblers that would be detectable and highly suspicious.

2. Safely tumbling large quantities of coins is especially difficult. At this scale I would wager twenty dollars that blockchain analysis should be able to trace at least some of the coins with high confidence.

3. It is rumored that many tumblers are run by law enforcement.


Outside the sphere of crypto, this is called "washing" or "laundering" ("cleaned", etc. Anything along this line). "Laundering" is the legal term). Such acts are typically traceable, but generally fly under the radar. Once someone is aware that the money is being washed it is usually uncovered (AFAIK).

Washing crypto would seem even more difficult because transactions are all accounted for. So I'd assume a cleaner would need to have random time variance in redistribution so collisions aren't found. But also, money has to be spent or converted, so that's a big way you could uncover it. Money is harder because cash is still a thing.

1) See that money is transferred from account to washer (instant flag)

2) Search for accounts associated with initial fraud and watch for extraction.


I work in crypto. Transactions can very much be traced. There's no trace of Quadrigas cold wallet holding any large sums of BTC. It's still a mystery what, exactly, did they do with customer funds. It'll be uncovered eventually once enough time has been given to forensic examiners to go through the transactions of the exchange.


The thing is, exchanges pool funds and users on exchanges do withdrawals all the time, and sometimes send to these services.

The lack of an auditable cold wallet was a huge red flag. So was their multimillion ether loss (how would they cover that!?!?).

But even with public cold wallets, the public doesn’t know how much crypto or fiat is owed to users.


A corrupt exchange is it's own tumbler.


It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace: techniques for doing this are similar to large scale deanonimization of Tor traffic, and involve large scale pattern analysis.


> It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace

It was my basically uninformed impression that the bitcoin blockchain consists of a series of transaction records that look like this:

- Address xxxxx1x sends 10 bitcoins to address xxxxx2x; address xxxxx7x mints 25 bitcoins

That is to say, the records show that balances increase and decrease, but there is no actual concept of a uniquely identifiable bitcoin (with, say, a serial number) -- there are only balances held by accounts. On this model, it isn't possible to say that other people's coins end up in your destination wallets. Is that not accurate?

(The fact that you can divide one bitcoin into 100,000,000 satoshi also suggests that there's no such thing as an individual bitcoin...)


The way that it works is that a certain number of coins are created when a block is mined. That number is recorded on the ledger associated with an address. Let's say it's 25 BTC, but it can be any number -- it doesn't matter. If you don't spend any of that BTC, then it exists only as that number -- a chunk if you wish. It is indivisible. It sits as 25 BTC in the account. If you decide to spend 5 BTC of the 25, then the ledger records that 5 BTC goes to wherever you are sending it and 20 BTC goes to your wallet. The previous 25 BTC chunk is removed. The 5 BTC exists as a "chunk" in the other wallet and the 20 BTC exists as a "chunk" in your wallet. The 25 BTC "chunk" no longer exists. Each wallet has a list of these "chunks" of BTC. Let's say that I have a 7 BTC "chunk" as well as the 20 BTC chunk. I want to send 22 BTC to someone else. It will take remove both my 20 BTC "chunk" and my 7 BTC "chunk" and give me a 5 BTC "chunk". I can't remember if the recipient gets a 22 BTC "chunk" or a 20 BTC "chunk" and a 5 BTC "chunk" (it's been a long time since I looked at the source code). I think the former, but it is traceable where the original came from and how they "chunks" where split up.

Hopefully that makes it a bit more clear. The word "chunk" is my own -- if you start using it in other discussions, nobody will know what you are talking about ;-) However, the main thing is that the wallets do not contain balances, but lists of transactions that ended up giving them coins. While there is no such thing as a "coin", it's discrete amounts rather than flowing in and out like water.


Not accurate. You can trace the life of a particular 'coin' value -- which is generated in the coinbase reward in a block and spent later on in a UTXO (unclaimed transaction output). We like to pretend that bitcoin is fungible, but it strictly is not; You can trace the life of every 50, 25 and now 12.5 Bitcoin from birth to currently unspent. They all get mixed, so it can be difficult.

Also, what you are describing is the so called 'account' model -- used by Ethereum, EOS, etc. Bitcoin is a 'utxo' model, which allows specific inputs/outputs to be traced.


   (The fact that you can divide one bitcoin into 100,000,000 satoshi
    also suggests that there's no such thing as an individual bitcoin...) 
Wouldn't it rather say "there is such a thing as a satoshi" ?


No, because my first argument still applies in full to satoshi. There are balances of satoshi, but no individual satoshi.


every satoshi can be traced from birth until unspent. There are most certainly individual satoshi. they live in UTXO's.


This is not true. Say I have a wallet with two Satoshi, and I transfer one each to two different wallets. Then I transfer two Satoshi from those wallets to a new wallet. Which way did each Satoshi take? You can't say!


It looks like it is true in a technical sense; a bitcoin transaction record specifies a prior transaction as its input, rather than specifying a source address. So as a purely formal matter, your example records will look like this in relevant part:

    T0885: 100 Satoshi from T0002 to address xxxxx0x # 1 wallet, 2 Satoshi
    T1001:   1 Satoshi from T0885 to address xxxxx1x
    T1104:   1 Satoshi from T0885 to address xxxxx2x # Each Satoshi moves to a separate new wallet
    T1300:   1 Satoshi from T1104 to address xxxxx3x
    T1400:   1 Satoshi from T1001 to address xxxxx3x # and then they recombine
https://en.bitcoin.it/wiki/Transaction

From that record, it's clear that one Satoshi moved from address 0x to address 3x by way of transaction 1001, and the other one did the same by way of transaction 1104.

However, there is no instrumental difference between an address's balance from one transaction and its balance from another transaction, as the behavior of the address is controlled by the private key associated with that address, and two balances belonging to the same address necessarily share the associated private key. I'm not sure what this is supposed to accomplish.


The transaction sequence in your example is not possible. A transaction output can only be used once as an input. To me, the operation would rather look like these three transactions:

    100 Satoshi from A1
        2 Satoshi to A2
        98 Satoshi to Ax

    2 Satoshi from A2
        1 Satoshi to A3
        1 Satoshi to A4

    1 Satoshi from A3
    1 Satoshi from A4
        2 Satoshi to A5
Edit: Sorry I referred to "wallets" in my previous comment. This allows a scenario where the Satoshis are kept in separate transactions all the time. But I'm not interested in those scenarios. I'm talking about scenarios with multiple inputs and outputs. Where you can't say which of the inputs went which way. In this transaction:

    1 Satoshi from A1
    1 Satoshi from A2
        1 Satoshi to A3
        1 Satoshi to A4
You can't tell which Satoshi went where.


Yeah, I will 'change' my position on this. Satoshis in a single UTXO that are split are fungible - in your scenario you cannot identify the specific sat: either a1->a3, or a1->a4. This is kind of like 'forward fungibility'. You can however trace the value in satoshi's back from A4 to their coinbase at birth. At best, we introduce a UTXO taint percentage from previous inputs. Its this taint from other, external inputs that break backwards fungibility (due to taint).


So make public the addresses, give out a reward for proof of destination, and then let the cryptohacker community get after it. Kraken is offering $100k, we just need the addresses.


The FBI/private companies have specialized tools for tracking Bitcoins throughout their lifespan. All the data is out in the open so there is no hiding unless he converted to Monero anonymously.


considering Monero could you or someone elaborate on this a bit more? Maybe clarify if I'm misunderstanding something:

1) My understanding is, every transaction in bitcoin is public knowledge forever as part of the forever growing block chain. That is, there is no way to ever remove a transfer.

2) The only anonymity built in bitcoin is to hide your identity with pseudonymity, nobody necessarily knows your bitcoin address you are using. However if you are buying coins with credit card for example from person A and spend those at person B, person A will know that you have just spend that money at person B, and person B will know that you bought the coins from person A.

3) The only way(?) to hide, make the transactions anonymous is via tumbling, that is you send your coins into a huge account outside your control that aggregates maybe millions of $ from thousands of people and then sends them out again into random addresses. Nobody except the provider of the tumble service knows where your money went, making you anonymous, your money untraceable. I assume you want to repeat this process a few times with different tumble services.

Is that correct? I'm no expert. Also with 3) how feasible is that with $130 million? I mean to successfully tumble wouldn't I need at least double the amount probably much much more? How large are the tumbles in services such as bestmixer.io? Also it seems to me that with enough heuristics even tumble services could potentially be traced back, this doesn't seem impossible to me?


1. correct; 2. correct; 3. Kinda but Not quite the only way -- you can convert the values in the coins into another chain, ideally something like monero in which 1. applies, but 2. does not. (Monero uses a different transaction format called RingCT, it hides the true inputs/outputs among decoys and signs the set with a ring sig. It also hides the true amount transacted via Confidential Transaction encoding using a commitment and a range proof). Its much easier to tumble the value when the source/destination and magnitude is obscured.

How feasible to do this with $130 million? Yesterdays trade volume for monero was 75 million (thus actual on chain tx's are much less). So it would take a while to do this without drawing attention. I don't have a lot of faith in pure bitcoin tumblers. Possibly scams or fraud. Im yet to see one that works as expected.


"Im yet to see one that works as expected"

it might be wasabi wallet. not 100% though


thanks for your clarification i appreciate it


I was thinking you need a jump to cash somewhere, but even that would lead to _someone_. The coins can't just disappear.


That can be a difficulty but I imagine owning an exchange helps a lot


Applications are open for YC Summer 2019

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact

Search: