The Wall Street Journal does a solid job of reporting today in one of its lead stories, The U.S. Cracked a $3.4 Billion Crypto Heist—and Bitcoin’s Anonymity. However, as we’ll discuss, the large steps made in piercing the crypto veil, at least as I read it, do not vitiate the secrecy potential of crypto per se, but of the infrastructure and services around it, on which many users, including those knowing engaged in criminal conduct, use. And this story demonstrates that all it took was one goof by a crypto thief for the Feds to track him down.
I found it odd that the comments I read so far at the Journal and Twitter miss the way the article overstates what are still very large gains by the authorities in tracking crypto transactions and then figuring out who is behind them. And the article (as many Journal readers did point out) confirmed my prejudices about crypto: that it has no uses beyond crime, tax evasion, money laundering, and speculation, none of which are positives to society.
The piece revolves around the bust of one James Zhong, a US computer science student who found a bug on Silk Road, which he’d been using to buy cocaine. He could withdraw twice as much Bitcoin as he had on deposit. He set up additional accounts and made off with about $600,000 of Bitcoin in 2012.
Zhong had the bad fortune to have Silk Road go bust, which gave the authorities their first opportunity to mine transaction records across a network. But the level of forensic skills took a great leap forward with the failure of Mt. Gox in 2014. Crypto maven Jonathan Levin and his business partner Michael Gronager were hired guns on the Mt. Gox collapse, developing software and analytics that became the foundation of Chainalysis. As the story explains:
Government investigators exploit a feature of bitcoin and many other digital currencies: Every transaction is stored forever in blockchain’s online ledger and open for anyone to see. Since Mr. Zhong’s heist, authorities and private firms have compiled the equivalent of a blockchain address book to aid the IRS, Federal Bureau of Investigation and state and local authorities investigating cybercrimes. The blockchain-analytics company Chainalysis Inc., based in New York, said it has mapped more than a billion wallet addresses, separating out legitimate and questionable holdings and identifying the exchanges where the cryptocurrency is converted to cash….
These advances make it difficult for criminals to convert their spoils to cash. After government officials publish wallet addresses connected to crooks, no legitimate cryptocurrency exchange wants to do business with them, fearing legal consequences…
Blockchain analytics provide law-enforcement investigators with an important piece of the blockchain puzzle—mapping the flow of cryptocurrency belonging to specific people and groups. Greater regulatory scrutiny of cryptocurrency exchanges has also helped. Exchanges have stepped up systems to identify the parties they do business with—under so-called know-your-customer requirements—and are more responsive to law-enforcement inquiries.
Let us understand the rub: you as a nefariously-behaving crypto user would be well-protected from the authorities if you did not use a wallet. Of course, you would face the risk of death, loss, or accidental destruction of the device(s) that held your coin. You would also be at risk of loss of your password to your device (this risk also exists with wallets; I have no idea what if any account recovery methods they have).
But what good is having crypto if you can’t eventually trade it or convert into fiat or real economy assets? With exchanges and wallets more widely used and more and more crypto service operators deciding that being on the up and up is a better business proposition, the illicit exchanges and other means for trading out of crypto are declining in importance, and may be shrinking in absolute terms. The Journal piece quotes an expert who claims North Korea has stolen more crypto than it can convert into dollars.
Now back to Zhong. Despite the investigation of the Silk Road failure, no one identified his heist them. Zhong transferred his stolen coins across different accounts for eight years. By 2021, the value of his stash had increased to $3.4 billion.
Zhong kept his “modest” home, but had splurged with a lakefront house, a Lamborghini, and a $150,000 Tesla. But those expenditures weren’t what tipped off the authorities.
What did was Zhong getting sloppy:
For five years after the Silk Road theft, Mr. Zhong sat on his digital treasure. In 2017, he embarked on a $16 million spending spree, much of it spent trying to win friends, according to court papers and his lawyer, Michael Bachner. Mr. Zhong gave away 258 bitcoins, many of them on digital devices each loaded with 50 bitcoins and now worth close to $1.5 million. He hosted friends on chartered planes and boats, at sporting events and in fancy hotels, according to court papers and Clayton Kemker, a former bond salesman who became Mr. Zhong’s business partner.
Mr. Zhong made his big mistake on Dec. 16, 2020, according to court records and an analysis of his bitcoin transactions by Elliptic. He combined crypto funds the IRS had linked to the Silk Road thefts with legitimate funds he kept in a cryptocurrency exchange.
With Mr. Zhong’s Silk Road link in hand, authorities went to the bitcoin exchange that handled the transaction. The exchange gave IRS agents an IP address, 220.127.116.11, and Mr. Zhong’s internet service provider confirmed that he had been using that address since 2016. A month later, federal agents searched Mr. Zhong’s house and found the digital storage devices that helped clinch the investigation.
I’m surprised Zhong had a static IP address.1 I’m also surprised that he didn’t make regular use of a VPN. Readers?
The denouement was mundane:
In November 2021, federal agents surprised Mr. Zhong with a search warrant and found the digital keys to his crypto fortune hidden in a basement floor safe and a popcorn tin in the bathroom. Mr. Zhong, who pleaded guilty to wire fraud, is scheduled to be sentenced Friday in New York federal court, where prosecutors are seeking a prison sentence of less than two years.
The article makes Zhong sound sad, hoping money would buy him love and friends ad finding his spending produced not much of either. The light sentencing request seems odd. Perhaps Zhong was unusually cooperative? But what sort of helpful information could he have provided?
The larger point is not that is it impossible to get away with crime or otherwise hide your tracks in the world of crypto, but that a very big increase in the sophistication and intensity of oversight means it’s much much harder to hide, and far more likely that anything short of meticulously tech hygiene will put a shady user at risk.
With that in mind, Sam Bankman-Fried’s nearly non-existent records at Alameda look like a feature, not a bug. The lack of concern about accounting for customer and counterparty funds sure sounds like the point of Alameda and FTX was not the business of the business, but whatever else could be hidden in the funds miasma. Consider the latest, via Forbes:
Sam Bankman-Fried and other executives at the now-bankrupt cryptocurrency exchange FTX and defunct sister hedge fund Alameda Research casually joked about misplacing millions of dollars’ worth of digital assets…
In an internal message, Bankman-Fried purportedly said Alameda is “unauditable” [sic], and the investment firm’s brass was simply able to “ballpark” the finances for the hedge fund which once had nearly $40 billion”>nearly $40 billion in assets under management, according to a 43-page interim report by FTX’s new CEO John J. Ray III filed in bankruptcy court.
Alameda and FTX executives “sometimes find” $50 million worth of assets “lying around that we lost track of,” Bankman-Fried allegedly wrote….
FTX let thousands of uncashed deposit checks sit around offices like “junk mail,” approved millions of dollars in expense reports via Emoji on Slack and did not have a comprehensive list of who worked at the exchange when it went under in November, according to the report.
A 2022 internal document suggested Alameda should fudge its numbers for its crypto assets, allegedly saying they should “come up with some numbers? idk.”
Both of SBF’s parents are law professors. His father teaches tax and at least for a bit was involved in FTX. It’s getting less and less conceivable that this off-the-charts inattention to the basic elements of running any business, let alone fabulously fault-intolerant, implosion-prone high volume trading operations, was an accident, as opposed to deliberate, to advance other aims. So was SBF’s real problem that he became too (seemingly) successful, and lost sight of his off ramp? Even if so, SBF is so pathologically unable to admit error that we are unlikely to find out.
1 Yours truly had one, IIRC for a decade, due to having been in Verizon’s DSL trial. It was amusing to have Verizon tech support people go on tilt when they worked out I had a static IP address, which was supposed to be impossible. But unlike Zhong I was not a computer expert in need of covering my tracks.
My house’s IP address is static. I noticed that my ISP, big nationwide telco, made a switch from a short-term assigned IP to a static IP address many years ago.
Have no idea why.
And since the FBI found his IP trail starting in 2016, presumably he got lazy/cocky—-thought that since Silk Road went belly-up and “case closed”, no one would bother looking for his bitcoins.
That’s what’s gets all these “small time” financial criminals, the-powers-that-be devotes a big amount of resources to financial crimes.
Presumably at least his “charity” events or big-ticket purchases triggered an algorithm flag for big-ticket transactions.
The more flags one gets associated to one’s name, it starts the “where there’s smoke, there’s fire” bureaucratic ball rolling for illegal financial activity.
Now why the same effort doesn’t go into taking-down fentanyl dealers or tax evasion or foreign corruption? feature, not a bug…. i guess.
My IP address always changed when I rebooted my router but the one downside to the Trump rural broadband program* is that I now have a static IP address and everyone online knows who I am even if I use a private browser.
Not so sure about VPNs. I’ve always viewed them much as Yves views crypto: yeah, sure, whatever you say but I don’t feel one bit safer using one. Many of us believe that using a VPN simply flags your account as being of possible interest to the authorities.
I’m just curious as to how the Feds can track crypto but not foreign bank deposits…
* Recently our broadband went from 200mbps up/down to 400mbps+ upload/download speeds. No announcement, no extra charge. Just an ISP that provides access to the internet and could care less what I do with it.
VPN is there to stop commercial entities tracking you, particularly the big ISPs. Not to stop 3 letter agencies. There are relatively few VPN endpoints, so not expensive to record or at least monitor all the traffic.
And you can bet your behind that when the g-men come knocking, the VPN provider will roll over and present logs even if they market themselves as having none. This simply because in order to diagnose issues, you have to log activity so you have something to inspect.
A better solution is something like TOR or I2P, where the traffic is bounced around between a large number of computers so that even the entry and exit points don’t know where the traffic is going.
But even that is not safe from an entity with a “godly” view of the net traffic, as that allows patterns in traffic flows to match entrance and exits.
Your computer has a hardware address (the MAC address) which doesn’t change either.
I’m curious how you know you have a static IP address.
A number of ISPs will charge extra for this, and you have to request it.
OK, I’ll admit to not having read the full article, but this strikes me as not a good thing. It sounds as though without due process, “government officials” can make it exceedingly difficult to convert your bitcoin holdings to fiat.
I’m guessing it’s running afoul of Know Your Customer or similar regulations. If you have a wallet associated with known criminal activity, what financial institution would deal with it?
That said, supposedly big US banks were allowed to accept known cartel deposits back in 2008 in order to remain solvent.
Once the numbers become large enough, all rules and laws goes out the window.
Static, or dynamically (DHCP) assigned public IP addresses are logged by the ISPs in the US. The actual log includes name of the customer, address, date and time, etc., depending on the ISP. The logs are maintained for seven years and provided to law enforcement, federal and local agencies via court order. The request specifies the time frame and the IP address’ in question. Most ISPs get at least one court order in a month.
It doesn’t matter, if the customer has static, or DHCP assigned IP address, all records are available for seven years.
Interesting. Do you happen to know the statute from which that logging & retention requirement originates, or if it is a regulatory rule?
Most people don’t have static IP addresses – but they are logged as Ergo says so if police provide an ISP with an IP address paired with a date, the ISP can tell them who was using it.
I think the probability that the journalist misspoke or oversimplified that part is much greater than the probability that the dude had a static IP address.
People like to talk about IP addresses, but there is so much more going on below the IP layer. People talk about having a static IP address but I’ll bet in 90+% of cases their home router is set to DHCP, they just “seem” to always get assigned the same IP address. Well that’s because on the network lay, the DHCP server is building a table of IP addresses it has assigned based upon the MAC addresses of the unique physical IP adapters connected to specific computers in it’s assigned network subset. It’s normally quite easy to to specify a specific IP address for each MAC address on that network subset. AND if you are logging the assignments it doesn’t matter if that IP to MAC table is dynamically changing over time as you’ll have a log of ALL IP addresses ever assigned to the same unique MAC address as they are uniquely assigned to each PHYSICAL piece of networking equipment at the time of manufacturing it.
…OH and don’t think you can swap out your personal router and confuse things because I’m 99.9% sure the MAC address your ISP really cares about is your modem MAC address, that modem you likely got from them so they ALWAYS know where it’s physically located or at least billed to.
I ask my ISPs for a static address for remote access. They have no problem granting that (at least where I am) That might be what he was doing.
in other crypto news:
If the Feds are after me pot of gold at the end of a cloudy rainbow, bad news as i’ve long since misplaced my $4.01 grubstake investment in Bitcoin from a Coinstar terminal in Visalia, oh i’ve said too much already.
If the Feds can do this for crypto, why not as much effort (or more) on people frontrunning CPI (or other) releases when they can track CUSIP numbers?
Because it would expose (catch) the wrong people? That would be my guess in this different set of laws for where you live on the hierarchical food chain (class).
Robert Kennedy, Jr posted this recently on his Twitter feed. The article states that cryptocurrencies are being attacked by the Biden Admin. and by The Fed. The purpose is to destroy cryptocurrency as the government is moving towards Central Bank Digital Currency. See what you think:
“The claim that FedNow is not the first step toward a CBDC would be more easily digestible were we not aware of the Biden administration’s steady barrage of hostile broadsides against cryptocurrencies.
Between 2008-22, the Fed partnered with a handful of big banks to print $10 trillion-ten centuries of wealth in 15 years — a bonanza for the Banksters.
Cryptocurrencies like Bitcoin give the public an escape route from the splatter zone when this bubble invariably bursts. So the White House is colluding with the banksters to keep us all trapped in the bubble of profiteering and control.
In his Feb. 8 post on Pirate Wires, Nic Carter @nic__carter
describes how the White House has organized bankers to participate in a sophisticated, widespread crackdown to destroy the crypto industry. Carter describes 15 incidents where President Biden has weaponized FDIC, OCC + DOJ to force crypto-friendly banks to close their doors to crypto firms since Dec. 3. The recent crackdown on crypto blocks exit ramps, removes alternative rails, and strengthens government control over both the financial and political systems.
We should be wary since CBDCs are the ultimate mechanisms for social surveillance and control. As Balaji Srinivasan @balajis
says, “The distinction between FedNow and a CBDC is important from a technical standpoint, but not from a civil liberties standpoint.” Balaji compares FedNow to “a virus that has evolved to evade recognition by changing its sequence without really changing its function.'”
The idea that the sole purpose of Bitcoin and other cryptocurrencies is to facilitate illicit transactions is a narrative carefully nurtured by the state and state-affiliated entities, which includes banks and the majority of corporate America.
Bitcoin was created as a response to the fiscal irresponsibility of central banks, and because there is a clear need for a digital currency that is unencumbered by the hubris of state actors. There have been numerous recent examples of this hubris at the micro level (Canadian truckers having their assets frozen) and macro level (Russia having their dollar-denominated reserves stolen).
The genesis block of Bitcoin, or the first bitcoins that were ‘mined’ by Satoshi, contains the following message, a reference to the state’s response to the 2008 GFC:
Bitcoin was first employed in illicit transactions because state-sanctioned transactions for things like illegal drugs are outlawed, not because of any special property of cryptocurrency, and certainly not by explicit intention of early Bitcoin developers. Cash served perfectly well for those types of transactions for a very long time. Because cryptocurrency is a superior product (non-physical, instantaneous, more portable), it began to eat into the market share of cash as the preferred medium of these transactions, especially among the tech-savvy.
One of the powerful features of the blockchain is that it is instantly auditable. Every transaction is recorded forever, with the ledger easily accessible to anyone with an internet connection. If the creator(s) of Bitcoin really wanted to make a product that solely existed to aid criminal enterprise, this is about the worst possible feature you could add. However, since that was not the point of Bitcoin, as the message in the genesis block makes clear, as do the forum conversations between the initial developers, it makes perfect sense. Bitcoin is an immutable ledger where you absolutely cannot run or hide, especially if you tie your personal identity to your wallet, which many willingly do, and which will become more common as adoption increases. And should you attempt to ‘cash out’ after participating in crime or fraud, it makes it extraordinarily difficult to hide forever, as the article summarized by Yves points out. This is not a ‘failure’ of the promise of anonymity, it is a feature of the blockchain design.
There are cryptocurrencies that have the explicit purpose of being anonymous and untraceable like Zcash or Monero, so-called privacy coins, whose developers saw the public, immutable nature of the Bitcoin blockchain ledger as a liability and not a feature. These currencies are much better for the commission of illicit transactions, as they take steps to encrypt and obscure transactions and wallets. There have also been software products built (so-called privacy protocols) that are specifically designed to anonymize Bitcoin (Bisq) and Ethereum (TornadoCash). The state is currently mobilizing against these privacy protocols and coins, offering large cash awards to those who can compromise them and incentivizing entities not to deal with them. It should be made clear that the creators of privacy coins and privacy protocols have a very different intention than the creators of Bitcoin and most other cryptocurrencies.
In closing, I would offer the reader two possible financial futures for humanity:
1. Compulsory adoption of central bank digital currencies which will be required for participation in public life
2. Voluntary adoption of non-state affiliated cryptocurrencies, which, depending on the ability of the state to stifle them, may partially stem the tide of tyranny that will accompany compulsory CBDC adoption
This choice will seem like that between a rock and a hard place for many, but I would imagine, gun-to-the-head, most people would choose non-state cryptocurrencies as the preferred option over CBDCs. This choice is especially obvious for me as an American who sees that the unholy Neolib/Neocon alliance will likely hold onto power in the West for the foreseeable future. They control all of the meaningful levers of power in government and finance and they will use CBDCs to control society. They will use these tools to come after places like Naked Capitalism, in time. I would gently remind the reader that PayPal already nuked Consortium News for its heterodox views. In a world of CBDCs where (god forbid) a hot war breaks out between the West and China and/or Russia, NC will have a massive target on its back. There may be a time when the only way to support this site is with cryptocurrency if we continue on our present course, and everyone should be prepared for it, no matter how distasteful that thought seems given the prevailing views of the NC commentariat on crypto writ large.
One final word about the subject of the article, Mr. Zhong: he is a thief, no more and no less. Because he used cryptocurrency to steal does not make cryptocurrency bad, no more than cash is bad because a robber can steal it from a bank.
How does currency exist outside of a state, and, in this modern age, banks?
I had some hopes when it became prominent 15 or so years ago, and as an electrical/software/telecom engineer was intrigued but soured on it. Here’s my “narrative”. The actual uses cases are all dodgy activities, it’s “mining” is massive waste of energy and concentrated in a handful of unsavory actors, it’s a poor store of value, it’s transactions are slow and costly, and it’s inherently deflationary. What happens to Bitcoins that are if someone loses their password?
Crypto currency advocates (and their goldbug precursors) talk about is the drawbacks of fiat currency, but never acknowledge the drawbacks of their preferred solution, nor acknowledge why modern money works the way it does. The drawbacks of fiat currency are due to policy decisions and circumstances, as opposed to inevitable consequences. I also largely agree with Taleb’s thoughts on crypto.
David Graeber’s book Debt (which I think should be required reading) and Modern Monetary Theory are also hard to square up with crypto currencies.
If privacy is important, just use physical cash.
What do we do when physical cash is no longer an option?
As long as a community is reasonably small, it will be by verbal or written IOUs.
Your comment demonstrates a fundamental misconception of what currencies are and how they work.
The best one-stop kneecapping of the far too widespread fantasizing about crypto came at the Heisenberg Report, Crypto: Everyone Was That Stupid:
> All of this is possible. But why would we do it? What would be the point? The private money traded would have value in some context, but the idea of creating exchanges for it is so blatantly ridiculous that no one would entertain it even for a second. It’s not even worth a thought experiment.
Isn’t that what Binance and other crypto exchanges do? I can use their P2P option to essentially convert any fiat into any major crypto into any other fiat in another country and very fast. I agree there’s no need for the vast majority of cryptos but it’s not for me to decide.
> I found it odd that the comments I read so far at the Journal and Twitter miss the way the article overstates what are still very large gains by the authorities in tracking crypto transactions and then figuring out who is behind them. And the article (as many Journal readers did point out) confirmed my prejudices about crypto: that it has no uses beyond crime, tax evasion, money laundering, and speculation, none of which are positives to society.
Considering that most of the WSJ readers are what, middle-class something-something from a rich first world country, it’s no wonder they can’t get any ideas for crypto apart from drugs and speculation. But the rest of us do. The simplest thing that comes to mind is remittances. Especially if you emigrated from some country that you have problems wiring money to directly and it will take time and the conversion rate will often be garbage with additional fees on top. And what if you own some property in your country of origin and need to pay taxes on it? Or utilities? Another one is paying for local services. None of that is illegal but is a common problem that crypto exchange specifically solves very efficiently.
I don’t get it at all. Why is Crypto ever legit? Why would anyone want to convert it to sovereign cash? If crypto is so benign why not just FDIC insure it… no need to convert to dollars, that’s just redundant – another way to confirm that one crypto coin is worth $30,000 dollars. It’s beyond comprehension to allow crypto to exist for any goal short of complete decentralization of money and the devaluation of every good and service on the planet. And then where are we? What else could SBF have been thinking? Besides nothing resembling a coherent thought. He was imagining what it would be like when every electron had been mined and logged by a permanent digit. That sounds about as useful as a full-body rash.
kriptid gives a thoughtful answer to some of these questions, above.
Susan asks: “Why is Crypto ever legit? That’s what we always thought, too, until we read Robert Kennedy, Jr’s recent tweet on the subject matter. He thinks it’s a positive step in distancing ourselves from the gigantic clutches of Big US Banks, Big US Government, and Big Finance. They are ALL interwined by the US Dollar System.
As Kreptid points out: “as an American who sees that the unholy Neolib/Neocon alliance will likely hold onto power in the West for the foreseeable future. They control all of the meaningful levers of power in government and finance and they will use CBDCs to control society.”
This is especially true if you know that the entire US $$ worldwide domain is slowly crumbling with Non-Western nations who are leaving the US $ system and trading with in each other’s own currencies. At the rate of those advances, the US $$ System will eventually lose its premier status because the Non-Western nations have ALL been racked by the US’ IMF Loans, $$ Blackmail, and other hideous means of destroying the financial/economic “sovereignty” of those countries.
If you read the history of past Western Empires, you realize how those Empires eventually died with much of it centered around “trade” and which types of currency were used. See The Dutch Republic, The Spanish Empire and the British Empire.
I’m not too anxious about big government control over sovereign money. Central banksters have been doing lots of heavy lifting managing to maintain liquidity. No small thing when the profit motive competes with social well being. It was most interesting to realize how central bankers for sovereign money get boxed into a corner when that country becomes too prosperous. Kinda Minsky. I would really like to see a parallel economy of SOEs started to repair and maintain the environment, but that’s yet another sovereign prerogative. And you are right that this craziness has been going on for millennia. I’m just now reading Peter Frankopan’s The Silk Roads. and I’m set back learning how often the pattern of riches to rags repeats itself. Making Modern Monetary Theory a very logical choice. We have reached that point in human evolution where we can no longer pillage each other for riches. Because extinction. And we can’t all be rich because then nobody is rich. Ha! So that’s the good news. And better, governments actually want peace and stability – good economies based on trade and exchange – therefore they want functioning monetary systems. If my choice is between crypto baloney and sovereign fiat I’ll take sovereign fiat always. Which in my thinking unequivocally precludes crypto. And I’m not at all worried about central bank digital money. Yet.
Like several other commenters above, I’d be curious to hear why the Feds believe this is how they should be spending our tax dollars, instead of going after some actual big fish.
Needless to say, Mr. Zhong was extremely careless, transferring stolen BTC to a wallet he accessed directly from his home. A VPN might have provided an extra layer of obfuscation, but the VPN provider might have offered up their logs as well, outing Zhong’s home IP address.
The Feds probably told themselves they were in pursuit of some seriously bad hombres, on the dark web to hire a killer, sell weapons, or traffic young people.
Instead, they netted a lonesome CompSci student who didn’t even have a friend to score coke from.
I’m with you, Acacia. What a profligate waste of resources to spend YEARS figuring out Zhong’s crimes and then slap him with a consequence of less than two years in the slammer! Maybe the Feds figure it was worth the education they got, but It’s really an insult to all of us just muddling through life trying to pay our bills on time and keep our heads above water.