I woke up to find one of my exchanges (BTC-e) frozen.
Fuck.
So you robbed an exchange, now what?
How do you move all that stolen internet money so you can buy that yacht you always wanted? Buying things requires a shipping address and leaves a record on the blockchain. Selling bitcoin in person for cash is hard to move high volumes.
If your name is Alexander Vinnik, you open a bitcoin exchange.
Users will transfer you money for the stolen coins which will get mixed in with the legit coins. From outside the exchange bitcoin moves in and out, but no one knows what goes on off the blockchain. The record of transactions only exists in the exchange’s internal ledger.
Anonymity and liquidity achieved!
All you need is a cool name like BTC-e, sounds perfect! right?
Except, it’s not. As Russian national Alexander Vinnik discovered when he was taken into custody.
Now you might be asking yourself how did Vinnik come into the possession of so much stolen bitcoin?
Back in 2014 MtGox was processing 70% of the worlds bitcoin transactions, and they got hacked …. hard.
Now a bitcoin exchange sounds like it would be like Fort Knox right? Fun Fact: MtGox stands for Magic the Gathering online eXchange. Never heard of Magic the Gathering? It’s a card game.
The hacker stole the MtGox hot wallet keys. A hot wallet is like the cashier’s draws in a bank, it has enough money to service the customers. Most of the money is in the vault, incase the bank gets robbed. In the case of a crypto exchange this is an offline wallet, referred to as cold storage.
So the hackers cleaned out the hot wallet.
Forcing MtGox to take bitcoin out of cold storage to continue operating. MtGox knew that bitcoin had been stolen but didn’t know how. The hackers were able to keep taking bitcoin out of the hot wallet. Do you close your doors as the number one global bitcoin exchange?
If your name is Mark Karpelès, the answer is no. Bitcoin is on its way to the moon.
So you have all these stolen coins … time to open up your own exchange and start the laundering. You can’t transfer the stolen coins straight into your new exchange, everyone is watching.
You need to wash the coins first.
Luckily for a small fee Bitcoin Tumbler services have you covered. They break your bitcoins up, move them around, reassemble and repeat a bunch of times. Imagine dropping a glass, it would take time but you could pick up all the bits and put them back together. A bitcoin tumbler is like driving over the broken glass with your car, it’s all there but hard to put back together.
Except the thing is, $4 Billion is a lot of money, and all the transactions are on the blockchain. The blockchain is a public ledger that anyone can audit. It was WizSec’s unofficial, unpaid, independent investigation that lead to Vinnik’s arrest.
So follow the money!
This diagram shows key wallets the stolen bitcoin passed through source
So why are arrests only happening now, three years later?
An incorrect accusation could have sent the suspects into hiding. Security researchers had to collect evidence without tipping the suspects off. Not to mention the math to undo tumbling is hard.
So far the work that WizSec has done has only identified Vinnik as the money launder. The hacker/s responsible for the MtGox robberies are still unknown.
Use public wifi, VPN and TOR (browser of choice for the dark web) and you might feel anonymous … but you are not. Everything you do online leaves a digital footprint.
The data around Vinnik’s online identity could be the linchpin to finding the hacker/s.
The whole space is going through growing pains as bitcoin finds its place in the world. Security is hard to do, especially with bitcoin being outside the reach of regulators. The arrest of Vinnik is a great outcome for bitcoin the technology. Demonstrating that netizens of the world can fight money laundering together.
Enjoyed this post? Send heartcoin by clicking the heart and sharing with a friend.
Some other things I have written: