Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Crime Bitcoin

Tracking a Bitcoin Thief 64

An anonymous reader writes A small group of researchers were able to publish an investigative report on the hacking of a popular Bitcoin exchange earlier this year by the name of CryptoRush.in. Close to a million dollars stolen in crypto currency lead the group to discover evidence, track down the attacker and put together a timeline of what exactly happened. A captivating read for a community desensitized by thefts, hackings and lack of reporting. With pictures, and logs to prove it all.
This discussion has been archived. No new comments can be posted.

Tracking a Bitcoin Thief

Comments Filter:
  • They'll involve ponzi accusations, pedophilia, "non-backing", etc....the usual lame arguments.

  • Both these things can easily be faked, so unless they have something more damning, I'd hardly call this proven as presented on it's own. Now, take it to trial and allow the other side to refute the allegations and provide their own evidence and I will give it merit as "proof".
    • by PRMan ( 959735 ) on Thursday October 23, 2014 @09:58PM (#48217939)
      The Blockchain can't be faked. Everyone has a copy.
      • The blockchain doesn't tie in anything that irrefutably proves real world identity, just another bitcoin wallet address which could be controlled by anyone at anytime.

        • 1 single transaction tracked ? Yes, you mostly get just 1 other bitcoin wallet.

          Massively track thousands of such transaction? (that's beyond the capabilities of a small budget research team. But that's well within the capabilities of any decent government) And correlate them with "end-point transaction" (transaction that can be traced to a real-world identity: buying something from an e-shop using bitcoins and ordering it delivered to an address) ?
          then, if the tracked person isn't using an insanely high nu

          • How is a research group with non-privileged access to third party data going to determine such things as shipping addresses? The bitcoin blockchain doesn't extend verification to those shipping addresses etc, so the point stands - it doesn't tie in anything which cannot be faked, all you actually get with the blockchain is "random number X did something with second random number Y".

            Great, the bitcoin blockchain can't be faked - but what about these logs that say "bitcoin wallet X purchased some cocaine and

      • I don't have a copy.

  • Criminals are dumb (Score:5, Insightful)

    by radarskiy ( 2874255 ) on Thursday October 23, 2014 @09:56PM (#48217933)

    Steal a million dollars... in a perfectly traceable currency where every transaction is public.

    • Um consider there are a lot of countries that don't even see bit coin as a real currency. Claiming million $ loss for digital item is like haveing item stole in warcraft. Proven real harm is hard when its something purely digital.
      • Re: (Score:3, Insightful)

        by Anonymous Coward

        The RIAA and MPAA don't seem to have any problems.

        • Because for good or ill, almost every nation has signed off [wikipedia.org] on the idea that the form of fantasy property called "copyright" is legitimate property. Show me a Berne Convention equivalent that "legitimizes" bitcoins and its ilk, and you'll have a serious point instead of vague nerd-rage trolling.

    • by Anonymous Coward

      If this is true, why haven't the mtgox bucks been recovered yet?

    • by AmiMoJo ( 196126 ) *

      They aren't in jail, and it remains to be seen if they launder the money successfully. Also, not all Bitcoin transactions are public. If you put a Bitcoin wallet on a USB flash drive and hand it to someone the transaction is not recorded anywhere. There is no way to know how many people the wallet passed through before the coins resurface in public transactions again.

      • If you put a Bitcoin wallet on a USB flash drive and hand it to someone the transaction is not recorded anywhere.

        Which means there's nothing stopping me from going home and moving the coins in the wallet I just gave to another one, leaving it empty.

        There is no way to know how many people the wallet passed through before the coins resurface in public transactions again.

        If I give away a wallet I received from someone else I risk being held accountable if whoever gave it to me spends the coins in it. So even

    • by Kjella ( 173770 )

      So what? Since there's no central authority to block transactions or seize funds they'll simply be passed around until any relation with the crime is meaningless with almost everybody in the transaction chain is blissfully unaware that somewhere they were stolen. Then what? If you find the person behind the wallet and seize the "stolen property", you introduce a massive transaction risk that totally undermines the cryptographic guarantee that the transaction is final and irreversible. Imagine the following

      • So what? Since there's no central authority to block transactions or seize funds they'll simply be passed around until any relation with the crime is meaningless with almost everybody in the transaction chain is blissfully unaware that somewhere they were stolen.

        Will they pass them around? Enough to blur any relation ship? In a secure way that never leaks any identity?
        (oops, one of the exchange I sent money to managed to record my IP address. No matter how much I keep mixing downstream, part of identity are leaked here)

        Remember that they have adversaries like government who (as recently proven for the NSA, for example) have quite a few ressources.
        A single policeman might not be able to pull enough data and analysis.
        But if goverment suspects that some big danger as

    • by Cramer ( 69040 )

      He stole "coins", not money. He might as well have stolen rabbit droppings, or lawn clippings. The real-world money ("leafy green spendy money") came from people (read: "fools") who will trade real money for those things.

      The only crime here is fraud and computer hacking ("unauthorized access", etc.) But as he's in one part of the world, breaking into systems in various other parts of the world, taking things from people in yet other parts of the world... nobody will bother pursuing him.

  • by kharchenko ( 303729 ) on Thursday October 23, 2014 @10:04PM (#48217969)

    Whipping up a few lame PHP scripts, leaving all the logs, using real name, your own static IP and a personal Dropbox account?! Is that what cuts for a hacker these days? With a million dollar payoff? I am starting to think I am not optimizing my earnings potential :)

    • Re:Amateur hour (Score:5, Informative)

      by Lord_Jeremy ( 1612839 ) on Friday October 24, 2014 @02:19AM (#48218953)
      Note that basically the only hacking technique he used was running a couple websites with malicious code that stole user's email and passwords. Then trying those credentials at lots of other sites looking for stuff to take. In particular, he discovered that the founder/administrator of CryptoRush used the same password for everything and he was able to download server backups that contained the necessary information (private keys?) to access the exchange wallets. So basically everyone involved was participating in amateur hour.
  • I actually tried to read the article, but their images which are supposedly irrefutable proof are all broken. Good job, geniuses.
  • by Anonymous Coward

    I read the article, but do we have any record of Bennett's thoughts on crypto currency? I would like to read any insight he has before drawing my conclusions. He's a frequent contributor.

  • by __aaltlg1547 ( 2541114 ) on Thursday October 23, 2014 @11:13PM (#48218213)

    turns out to be much more traceable than the old fashioned kind, because you need the traceability to verify the transaction and establish who "has" the bitcoins.

    Look out, Mark Karpeles.

    • It's great that Bitcoin is the only cryptocurrency out there, and there are absolutely no advanced alternatives with serious anonymity. After all, Bitcoin was released in 2009 and there's no way for the scene to evolve significantly in mere 5 years.
  • Well that sounds like the solution to http://xkcd.com/792/ [xkcd.com] 's problems...

    On a serious note though, I won't shed a tear for CryptoRush.in. Using the same password on a small, no-reputation mining pool as the admin access to a currency exchange!?! That's a huge fail even by the lowest security standards, and these guys should know better.

    Then what about getting coins stolen from the hot wallet and not even flagging the loss? What's even the point of an offline wallet when you don't reconcile the hot wallet be

  • lead != led (Score:2, Informative)

    by Anonymous Coward

    Sorry if I misunderstood and the crypto currency is actually made out of lead....

The truth of a proposition has nothing to do with its credibility. And vice versa.

Working...