This might actually explain the simple scam nature. Setting up more complex monetisation, i.e. by shorting a company, takes quite a while, especially if you don't want to be tracked. A bitcoin scam is quick and simple to do. And it's not _too_ illegal (compared to, for example, stock manipulation), so the attacker will probably catch less heat.
The advantage of cryptocurrencies is that it allows you to commit the scam anonymously easily and defers the laundering of the money for later, giving you time to devise a scheme to launder it.
Stock markets or fiat currencies on the other hand require quite a bit of work upfront to set up an account before you can trade.
Yes, but tracking that is not easy and we're "only" talking about 120k USD$ here - single persons have been scammed for more. You can steal one car and be above and beyond that.
That's my theory on why they (presumably) didn't touch the stock market or the POTUS account - even if they're found, they really can only be charged with a modest damage sum and some vague hacking accusations; nothing that warrants a global manhunt.
that could be an interesting vector, don't the feds have shit load of BTC from various busts? could they dump a billion into the wallet to make it impossible to launder?
I don't think atomic swaps need to be the full contents of a wallet. It means "atomic" in the usual transactional sense, not that it's all-or-nothing per address.
But even still, the idea to prevent money laundering by sending orders of magnitude more BTC than the initial scam... bold idea.
There are cryptocurrencies like monero whose primary purpose is to facilitate transactions between wallets that cannot be observed (I think).
If they've traded into that currency somewhere, how does one know where that money pops back up - on however many exchanges, under however many identities, in however many amounts, over whatever period of time they drip it back in?
I'm reminded of a paper I read a while back about deanonymizing VPN traffic if you have sufficient observability of nodes in the overall network and something else I can't remember at the moment.
Seems different though. The time they could take to drip money back in to the visible network (for conversion to fiat or appreciation in a "visible" coin) feels like a factor.
edit - heh, just now seeing the article you posted about the FBI's team explicitly mentions a case like this with Monero.
That's not how pseudonymity works, you are anonymous until you accidentally leak, or have to leak, PII linked to your wallet. They can be totally anonymous right now without any mixing. Once they need to convert to fiat they may have to mix first. Or maybe exchange cash wearing a mask with a stranger on the street in a foreign country, etc. Pseudonymity doesn't mean you're not anonymous until you mix.
Do you have more information about how susceptible CoinJoin is, because what I've seen for someone that knows what they are doing it would be near impossible, especially if they then convert it to Monero after.
It's anonymous as long as you don't use it for anything. As the GP notes, that allows it to be stored for a while to deal with later.
If nothing else, it's a good way to prove capability. Want to prove your prior deeds and that you're the one that pulled off that twitter hack? Have someone provide you an address and transfer out of that wallet, and now you've got proof of control of the funds, which works pretty well as a way of verifying you are the individual/group that pulled this off if someone asks. In that way, it's a good advertising.
A wallet is really just a public/private key pair. To prove you have access, you can just sign a message of someone else’s choosing with the private key. No need to transfer any value.
It’s why any claims to be Satoshi are laughable. If you want to go public, just prove it cryptographically.
Even easier, just ask them to provide any message then sign using the key(s) to which ownership is desired to be proven. This still works if the Bitcoin have been spent.
That actually makes the most sense to me. Even makes me wonder about whether it could be an insider leak - someone who knows of an unadvertised exploit that has been patched internally and sold it at the last minute or something.
This makes way more sense than any of the other suggestions in HN.
DMs are almost worthless; who uses DMs for anything important? It's for contacting people you kinda know but not really. State secrets aren't transitted over DM, but not because people wouldn't be stupid enough to do it. the people holding them are much older than the demographic that uses Twitter DMs. Worst case with DMs is some new YouTuber drama would be exposed.
You're underestimating the situation. One possibility is that someone has some information that can be used to blackmail them be exposed. I wouldn't be surprised if there was a politician that used Twitter DMs in such a fashion.
a lot of tech support includes PII over DM. Just in my list right now tmobile has enough in a dm thread for someone to call up and take over my line. It's stupid.
