66% or better

Stealing $100 Million in Bitcoins

bitcoin

In early October of this year, online Bitcoin marketplace and ‘the eBay of drugs’ The Silk Road was taken down by the FBI. Just after the black vans took Silk Road head honcho [Dread Pirate Robberts] away, a new Bitcoin marketplace came onto the scene called Sheep Marketplace. Sheep Marketplace closed after revealing that 5400 bitcoins – or $5.8 million USD were stolen by the user EBOOK101 by exploiting a bug in the Sheep site.

Over this last weekend, it was revealed this bug in the Sheep Marketplace site wasn’t responsible for the loss of 5,400 coins, but instead 96,000 BTC, or $100 million USD, making this one of the largest thefts of all time.

Whoever was responsible for this theft didn’t make a clean getaway. Because the Bitcoin block chain records the history of every transaction, laundering bitcoins is harder than it seems. The most common method is to ‘tumble’ the bitcoins – sending them through multiple wallets, combining and recombining them, until tracking groups of bitcoins just becomes too hard.

[sheeproadreloaded2] over on Reddit managed to track these bitcoins to this bitcoin address, an amazing feat that also means there are 96,000 coins in a wallet somewhere that can’t be spent or cashed out without the thief telling the world who he is.

As far as crimes of the century go, this one is at least in the top ten. Unless the thief behind this heist is extraordinarily smart, though, his identity will most likely be found out eventually.

Comments

  1. colecoman1982 says:

    I wonder just how many different drug dealers that guy/girl just stole from…

  2. Tired Juan says:

    Anyone take a look at how many people are begging for money, trying to use terminal illness as an excuse. People disgust me.

    • XOIIO says:

      agreed, i threw up a gofundme thing because i need an isolation transformer and cant afford one and there is a fantastic deal on ebay, but I have gotten virtually no views advertising it on kijiji in case someone kind hearted wanted to help, but I bet if I claimed I had cancer of leukemia I’d get a shitload.

      • avr_punk says:

        Rewind a microwave oven transformer.

        • XOIIO says:

          Sounds a bit sketchy to me alhtough it would me much simpler to get an old microwave, I;ve never rewound one before.

          Anyways this one is a real nice 9 output hospital grade one, 2 left out of the three, I’m hoping I get scrape the money together for it. It would last a lifetime and be invaluable, it just sucks that this is a relatively short opportunity in a time where I don’t have a proper job and can barely make enough to pay bills :/

          I’ve gotten an amazing three views lol http://www.gofundme.com/5jhxeg

          • F says:

            You don’t have a job and can’t pay your bills and you wonder why people won’t give you money? You want to be an “expert” in isolation transformer technology without bothering to do any research? WOW

          • XOIIO says:

            Fail to read much?

            I can make the bills, I just don’t have enough to drop $200 like that, and barely any places around here are hiring. I make the money I do with my own sort of business in local classifieds repairing computers and electronics.

            Also, where did you get the idea I want to be an expert in isolation transformer technology? I guess reading with your ass jumbles up words a fair bit, interesting that you can read and speak with the same orifice though.

            I’d also rather trust my life to equipment properly made than something made my re winding an old transformer from scrap parts.

          • XOIIO says:

            Not to mention the fact that around here there’s fuck all for open positions at any half decent place where you won’t be treated like shit.

          • Todd Harrison says:

            Hospital grade isolation transformer are not tech isolation transformer. Hospital grade means it will protect the equipment from spikes and noise but will also have the secondary tied to ground for common mode noise rejection, meaning you are not protected at all. Plus, Note there are many other safety issues that can get you even when using a tech IT. See my video on how to alter a hospital grade IT into a tech IT as well as some of the gotchas. http://hackaday.com/2011/05/02/isolation-transformer-101/
            For a cheap tech IT I recommend this 120V AC @ 2.5A for $85: http://www.elexp.com/cmp_l288.htm

          • XOIIO says:

            Thanks for the great reply todd, the one I’m looking at says floating point neutral not grounded, I’m wondering if you think that would work as a tech one or if I would still need to modify it.

            Even if I have to modify it (haven’t watched the whole video yet, but this one is toroidal)) I really want this one since it has 9 outputs and is rated for 8.34 amps :)

          • XOIIO says:

            after watching most of the video, it seems that this one would work fine for tech to without modification, I could get a cheaper one but I figure I am going to use this the rest of my life (or at least until I mess up and ruin it, hopefully never though) so I may as well save up a bit more and invest in a nice big one from the start.

          • static says:

            an isolation transformer can be made from two identical 110 V. input transformers, by wiring secondary to secondary, the primary winding of one of the transformers becomes the Secondary the isolated secondary. in another comment you mentioned the one you are looking says “I’m looking at says floating point neutral not grounded” Reads like gibberish to me. Overlooking that 110 V. isolation transformer doesn’t have neutral, that’s the point of an isolation transformer; eliminating the grounded conductor. Unless you have the need for all those outputs, the unit Todd directed you to would get one on your bench quicker.

          • Todd Harrison says:

            If it says “neutral not grounded” it should be fine. Use a DMM and check for continuity between all outputs and ground, it should be open loop. Any hospital grade IT I have seen has the secondary grounded for added noise filtering to give a super clean signal to the hospital instruments. Such IT’s are there to make the cleanest safest signal possible for the instruments, and not to isolate the patients from a grounding event. When using an IT that does have the secondary grounded a GFI can be put on the output of the IT to protect the patients from a grounding event. Tip: put GFI at your tech bench and plug everything you use or test into that, it could save your life. I have tripped my bench GFI many times. Mostly do to annoying inrush but once or twice because I touched or connected something I shouldn’t. However, there is no point in plug-in a tech IT or other instruments, equipment, DUT which uses a transformer into a GFI, it wouldn’t do anything for you and a large transformer would just trip the GFI during inrush. Transformers effectively nullify, or maybe better said “by-pass”, GFI receptacles.

      • Rob says:

        I have started taking apart a microwave transformer to rewind as a high current battery charger. I just had a look at it and the secondary takes up more room than the primary so here’s how you can do it on the cheep without rewinding.

        1) Don’t do this if you are NOT confident that you can do it safely.

        2) Go to youtube and search “MOT transformer” to see how to get these things apart. The best way is to remove one end with an angle grinder or hacksaw.

        3) Get two old microwave ovens from a scrap yard or another cheep location. Get the same model as they will have the same transformer. Some have copper windings and some have aluminium windings. The copper is better.

        4) Take the ends off the transformers, remove the primaries (thick winding) carefully.

        5) Then remove the secondaries. You don’t want these so just rip them out!

        6) Install the two primaries into one transformer with an isolation spacer between them. Re-cap it finding some way to strongly hold the cap on. Something like a large metal hose clamps that aren’t effected by heat. Not glue! Tap and die or bolt right through.

        It’s important that the two primaries have the same number of windings. If you use two of the same part then this will be the case.

        Don’t overestimate the safety that isolation provides. You should be using a ELCBR or RCD now. Phase imbalance safety circuit breaker.

        MOT’s are 800 Watts and upwards so it’s good for about 3 Amps at 240 Volts or about 7 Amps at 110 Volts.

        The microwaves also have fuses and thermal breakers use these to.

  3. supershwa says:

    I wonder what the FBI plans to do with Ross Ulbricht’s 600k BTCs if/when they can find them all…

    • AP² says:

      Sell them, of course. If and when they need Bitcoins for some operation, they can always by some more. It’d be dumb to use addresses that can be traced back to the bust.

  4. Reggie says:

    $100m is chump change compared to the tax avoidance by major corporations.

  5. Solyndra, et al. says:

    $100 million USD, making this one of the largest thefts of all time.

    Pikers.

  6. 54 says:

    Does EBOOK101 knows Sheep Marketplace, could be an inside job. sound like an inside job.

    • Z00111111 says:

      My thoughts exactly. You wouldn’t even feel bad about stealing from people trying to use an online black market.

    • EBOOK010 says:

      Let’s say I’ve come into a few bitcoins recently and need a team of Smart Guys (or Girls, I’m not fussy) to…anonymize…them. Let’s say the prize is, oh, $50 million dollars.

      Think I could find some takers, maybe somewhere in Russia or China?

      • peterbjornx says:

        so, then at least one other person knows the identity of the thief, not smart…

      • ChalkBored says:

        hello my naem is John Johnson. my father was a nigeran prince who was wronglly arrested by warloards
        before he was arestead he had amazed 100 milion dolars in bitcoins……

      • Mindbleach says:

        Feasible, if he recognizes something is better than nothing.

        Offer $2 in Bitcoins to anyone who asks, telling them there’s another $4 for them if they “donate” $1 to some newly-established Google Wallet account. Even if only 100 out of 100,000 send money back, that’s only $200,000 risked. Then those lucky 100 get $4 and a message offering $8 if they’ll send $2 to a new Paypal account. They’d have to be stupid not to, right? Even if this time’s a trick, they keep $3 for nothing.

        Soon they’re handling $256, $512, $1024, etc., always shuttling half of it to somewhere new. Some benevolent lunatic has paid them hundreds of dollars in a matter of hours. Word gets out that this thing is real, and 90,000 people undelete their spam folders and start sending $1.

        Even if absolutely everyone cheats eventually, keeping the latest payment for themselves – the thief can extract roughly a quarter of the money, potentially very quickly. $25M is still one hell of a lot of money.

  7. Alistair says:

    “Unless the thief behind this heist is extraordinarily smart, though, his identity will most likely be found out eventually.”

    He could just say “easy come, easy go”, delete the wallet and walk away.
    Ok, I suppose that would make him extraordinarily smart /for a thief/

    • alex says:

      that’s what i was thinking. i wonder how it will impact the economy of bitcoins, but then someone else said it was only 0.8% of all bitcoins, so probably not at all.

      • Dax says:

        It can be used to crash the market at the height of a bubble, because the free bitcoins on the market are diminishing in numbers due to the high demand. That’s the sole reason the price goes up – more people want them than people are willing to sell.

        So if you suddenly plop down thousands of bitcoins at 10% below market level, people are going to grab them like hotcakes and that temporarily satisfies the demand, and the coin hoard…er… investors see the price going down rapidly and start to sell theirs in fear of losing the investment, which sets the ball rolling for a market crash and the exchanges get closed to stop people from selling again.

      • Me says:

        But how many times can we say this was only .8% that was only .8%, etc… before it IS a problem. Considering that the total number of Bitcoins that will ever exist does have a limit….

    • James says:

      He could be doing something similar to Goldfinger’s plan in the James Bond movie Goldfinger. The villain, Goldfinger, acquires a whole bunch of gold, including Fort Knox, with the intent of destroying the gold to boost the value of his private gold stash. Au about that?

  8. Chris C. says:

    Interestingly, the amount stolen was about 0.8% of all BTC in existence. Makes you wonder just how much Bitcoins are used as a black market currency.

  9. sf says:

    Meh. The spam scheme of “we need a business representative $YOURCOUNTRY, you just have to take the money our clients wire you and send it by western union to us”, which seems to work somewhat, will be adjusted, and they only get some poor schmuck who actually believed it.

    Or use it in places where they don’t care who you are and where your coin comes from. Like a black market ;)

  10. Kerimil says:

    Do you guys think that bitcoin will become global in the future ?? Just out of curiosity

  11. matt says:

    So why couldnt you just use bitcoin gambling services to launder the coins? Assuming they dont make their records public wouldnt you get back someone elses coin? I’m guessing you couldnt do this for all of it since the gambling service isnt sitting on 100m worth of coin, but over time I would think you could get some of the money out anonymously.

    • AP² says:

      If the cops come knocking, do you really trust them to keep the logs secret? Why?

      • Joe1 says:

        Well other issue is a lot of sites block any kind of proxies, including TOR. I’d also be interested in if there’s a way to do such a site on I2P that people could trust. It seems that it’s all too easy for the house to cheat the players.

        The real reason sites allow BTC is because PayPal is the worse combination of pimp and preacher to their users. To ‘save us’, you pretty much can’t do anything with it that might remotely have a possibility of offending someone, and when you do, it takes all your profit in very high fees.

        • gnianig says:

          add the following lines to your torrc file
          ExitNodes Unnamed
          StrictNodes 1

          and suddenly many blocks are gone.
          “Unnamed” nodes are often home computers with ADSL connection and that means they are likely to have fresh IPs not figuring in blacklists.

        • matt says:

          I was referring to darknet gambling services. They advertise themselves as essentially RNGs and advertise the payout rates, I can only assume the only people who use them are people laundering coins because there is no traditional game aspect to it like poker or blackjack.

      • Ren says:

        yeah, like “What happens in Vegas, stays in Vegas”
        We found out how true that was when casinos voluntarily gave up any record of Bill Bennet’s activities to major news outlets.

    • Macon says:

      Here’s my understanding: the bitcoin address with the money is publicly known. If they try to transfer funds to a 2nd bitcoin address, we’ll know the address just from the public records. The money is worthless, unless someone’s dumb enough to take it, and then it’s only valuable to them if they can find someone else willing to take it. Classic pyramid scheme. We may or may not know who any of these address belongs to, but they’d know where they got it from. Their safety relies on no-one in the chain saying anything, and everyone getting enough real money to incentivise them to keep quiet. None of the $100m can ever be spent in the open bitcoin market without leaving a trail as it spreads out. It’s a hot potato.

      • Kerimil says:

        Hmm interesting…. So someone can steal bitcoins and send them to your address and you’re pretty much screwed. try to prove it wasn’t you

      • Greg Kennedy says:

        That’s not a pyramid scheme.

        • Dax says:

          It is.

          “A pyramid scheme is an unsustainable business model that involves promising participants payment or services, primarily for enrolling other people into the scheme, rather than supplying any real investment or sale of products or services to the public.”

          The whole BTC is a pyramid scheme because it only works as long as it gets new investors to replace the old ones that cash out of the game.

          • Kerimil says:

            You do realise that your definition somewhat fits all the currencies in use ?? The difference though is that all other currencies can be inflated by increasing money supply. Thus essentially a well hidden slavery

      • joey says:

        What on earth are you talking about? That is not how things work at all. For one, what makes you think you are going to know where your coins come from? This would not be that difficult at all. You would have to be a moron to be cashing them out through MTGox or Bitstamp or something. There are a ton of ways to handle this. Leaving the bitcoins in circulation, with no indication that you ever even sold them, and the person you sold them to having no idea who you were.

      • aztraph says:

        First rule of doing ANYTHING illegal. have someone else to blame it on, even/especially if that person is fictitious. better yet would be to have layers of fictitious IDs daisy chained in with real people. 50 or so would be sufficient to throw off any investigation. It’s elaborate to be sure, but with a multimillion dollar payday, I would think the trouble would be worth it, especially if it protects your real identity.

      • matt says:

        But why would the gambling operators care where the coins come from? They simply take a cut and give it to someone else who also uses their service. They seem like the perfect laundering BC operation.

      • Dax says:

        -” The money is worthless, unless someone’s dumb enough to take it, and then it’s only valuable to them if they can find someone else willing to take it. Classic pyramid scheme.”

        Incidentally, you just described the entire bitcoin economy there. The money is worthless unless you find some shmuck to exchange it with for something real, and the only way to get out of the game is to find someone stupider than you were.

      • Bitcoin become mainstream, fund and trader are exchanging it. They totally don’t care or don’t know how it work. It is just something highly volatile that make you win a lot. If it is on the market for cheap they’ll buy it.
        Bitcoin user are not intelligent enough to care or even to understand that. I mean “user” of the money, not geeks, miner, someone that researched it or someone that have an interest in the case.

        BTW have you ever tried to explain what BTC is and how it is mined?

        If that stealer is intelligent enough and he probably is, he will use advanced technique to wash it and nobody will be able to find who he is. As said above in the thread, they are plenty of people willing to make money by any means. Without even knowing the risk, caring about it or at least even understanding it. Money is money since they are no regulation yet on BTC those people will not risk a lot, they might not risk anything at all.
        The only way to piss him off is to block his wallet on MtGox and other trading hub, but since they are no regulatory authority it is just goodwill….

        • piped says:

          He could just send small amounts to random beggars and wait till they start using it, then he could send small amount to his own wallet and no-one would know who is the real thief?
          He may not get 100M, but maybe he can buy something nice once in a while, hell, if he wanted he could become robin hood and send money to everyone.

      • boot says:

        not if he opens a lot of wallets, splits it and tranfers it around a bit.

  12. joey says:

    Do any of you guys actually use BTC?
    $100M is alot, but it would be no trouble at all to convert a few $K per week to cash, leaving a huge dead end at the end of the trail. It would not really be difficult at all to cash it all out over some time. You guys must not understand that there are many ways to turn bitcoins into cash, and the large exchanges are completely unnecessary.

  13. Dave says:

    I’ve never really understood BTC. Am I right to assume that people who were robbed are never going to see their money again? Isn’t that the way BTC was created?

    • sean says:

      It’s just like cash, except the serial number from every bill is kept track of for every transaction and is a matter of public record. I (user #1) print a bill with serial number 12345, therefore #1 owns 12345. If I transfer it to you (user #2), everyone in the network knows (and needs to agree) that #1 transferred 12345 to #2, thus making #2 the owner. If I try to transfer 12345 again, this gets rejected because everyone already knows (from the public recorrd) 12345 belongs to #2.

      The problem comes when the bad guy, #3 steals 12345 from you. You know that you once had 12345, and you know that #3 took it, but the identity of #3 is a mystery. However, if #3 uses it to buy something, and ships to “John Smith, 123 First St, New York”, then you have a good idea that #3 knows a John Smith, and you can send the hitman to convince John Smith to reveal the identity of #3. No matter what #3 does with 12345, it will be a matter of public record. You can create as many users as you want, so if #3 creates a new user (copy of himself) #4, then he can transfer 12345 to user #4 … but then now the problem is you now know that #4 has the coin, and #4 probably knows #3, either through a business transaction or

      In the real world it would be difficult to track a coin, especially if you split it among lots of “new identities”, however for $1M it is worthwhile for a lot of people to find who did it.

      (also note this is very simplified – it’s a lot of work to “print a bill”, so you can’t just go and create a new one when you like)

  14. Charles says:

    I know someone that will get visitors soon…

  15. plinkle says:

    considering the amount and the fact the thief must have known they couldnt spend it. it seems likely to me that the theft was intended to manipulate the value of the bit coins themselves.

  16. rasz says:

    Chinese dont give a duck where BTC comes from, they will be glad to exchange it.

    • Blue Footed Booby says:

      The problem isn’t spending them, the problem is spending them without the public transaction history providing a trail that takes authorities in countries who care right back to you. The countries where you can rely on folks not just handing over data on customers who paid them in bitcoins are also the places where organizations like the CIA, NSA, or Mossad can figuratively (or in some cases literally) walk in and take the info they need.

  17. cde says:

    I figure, something this trackable, it’s less about unjustly gains, as it is about illegally depriving someone of their use. I mean, I don’t need Lil’ Johnny’s Glasses with his initials in gold on them, they don’t do anything for me, but I bet Lil’ Johnny would be pissed if he can’t use them.

  18. TacticalNinja says:

    Tsk tsk.

  19. cc says:

    he should just randomly give some of it away to lots of people, he’ll lose some of it but it will be harder to track.

    • Mindbleach says:

      Exactly. $100 to 1,000,000 addresses, half of which he controls, half of them randomly chosen from the blockchain history. Then watch what other people do with the money and act statistically indistinguishable from them with the half he controls.

  20. Simon says:

    Landry the coins exchanging them with another crypto and then back to BTC?
    Take 1000 btc, buy litecoin on different excanges, send litecoin to your multiple addresses, make some laundry on different wallet, resend to different excange accounts, reconvert to BTC. Cash out. Quite boring but would this work?

  21. Tron9000 says:

    This isn’t even a “robin hood” act! they’ve basically done what banks are doing now! obtain a ton of money and sit on it and make people want it! I wouldn’t be surprised if it was a bank!

  22. Alonjar says:

    I’m really surprised by everyones lack of ingenuity here on Hackaday. The money could VERY easily be laundered by anonmyously exchanging Bitcoins for Litecoins, second life lindens, etc, back and forth. Doing so would break the bitcoin block chain.

  23. Jack says:

    HINT: Bitcoin is a ponzi scheme.
    As soon as there is actually an effective way to convert mass bitcoins to USD (which there isn’t, the exchanges cannot just wire you 10million without getting owned by the government) the market will plummet when the big holders cash out.
    Until that point the price will continue to inflate hilariously.

  24. Will says:

    Bitcoins are so stupid it’s not even funny. Let’s spend thousands on hardware and electricity bills to “find” some fake currency that some internet douchebags say is worth $XX.XX. In reality it’s worth nothing and you’ve wasted your $ on hardware and electricty for NOTHING.

    • I already broke even, buying stuff and exchanging for $
      I have solar panel, I’ve a 5ghash miner that cost me like 175€ it took me 2months… But with the money I throwed in hardware a year ago I should have brought BTC at that time, I would have been rich by now.

      Not a wast at all more like a good operation for me ;)

    • joey says:

      Wow, you have absolutely no clue what you are talking about. Bitcoins are worth almost $900 each at themoment. It is no problem at all to convert them to dollars. It takes me under an hour. I just today sold 3BTC for $950 each on localbitcoins.com in under an hour. BTC may be stupid, but they can sure as heck make you RICH.

  25. Sasha says:

    FIY the suspected thief has been majorly doxxed quite a while ago, his name and identity is quite public. I wouldn’t be surprised if someone travelled to the Czech republic and extorted him.

  26. BitCoin scam…One of the largest thefts of all time? This pales in comparison to what the Private Banks (i.e. Federal Reserve Bank and it’s bastard child branchs (Chase, G.Sach, etc,.) stole from the US Citizens which amounts to untold TRILLIONS! Let’s just keep letting them devaluing everyone’s hard earned currency and allow them to use the worthless money they created from thin air to trade for real assets… Notice how the Federal Reserve got a .GOV website??? WTF! They are a private commerical bank!

  27. Thebes says:

    I’d wager that this thief had no idea of the size of their heist until they pulled it off, and further that they have no good plan on how to launder as many coins.
    As a side note, I think there are now bitcoin laundering jobs for hundreds of hackers.

  28. Mardok says:

    If I know anything about economics, taking that many bitcoins off the market (assume the thief never uses them) will definitely make the existing bitcoins worth more. If the thief was smart he would have bought a bunch of legit bicoins and profited that way.

  29. Dra says:

    I’m completely unsure why this guy couldn’t just re-do this whole “tumble” thing and hide his trail again.

    • J-man says:

      You loose money doing a tumble. Each time you send money there is a small transaction fee. When you split up bitcoins into many chunks and shuffle them around a lot these fees compound and actually add up.

      • boot says:

        that wasn’t the problem, he only lost 3 mil during the tumble. the problem is he has 100 mil, tumbling a huge amount of bitcoins like that wil give you back most of your own coins.

  30. J-man says:

    I’m not sure why anyone here hasn’t pointed this out but that wallet sheepreloaded found had money before sheep marketplace even existed. The reporting on this has been horrible and I suspect sheepreloaded being a part of this.

  31. Uri says:

    Why does one rob an exchange or a bank? For the money, yes sometimes. For the excitement? Probably. Are there other reasons ? That’s the question. Bitcoin is under attack by governments and “The Banking System” because they do not control it. So the question speaks to motive for the robbery.

    • Agree, they might think it is a way to impose a control over it by making people asking for a central regulatory. But bitcoin market should stay as is, a little bit like eve-online (ppl also invest real money there buying game time that they sell for isk and they can lose it to thief, to scam or to whatever someone clever invent). Everything should stay unregulated, you invest only the money you are willing to lose.
      Regulation are imposed for the trust to build, with BTC we doesn’t need that at all. ppl use it or not, it is totally virtual anyway. State and finance might want to control it because it start to get major and lot of real money goes into the system. That money might just vanish from one day to another. But they might also be able to profit from bitcoin if it is “legalised” / “recognised”.
      BTC is more like an asset that a money in my eyes but that is another debate.

  32. assdf says:

    Tumble? Seriously?

    Since offshore banks are recognizing bitcoin, a clean slate costs about 6%.

    Best luck EBOOK101.

  33. timdogs says:

    if you are Robin Hood
    1D41AmXL3KEhUHZcHC3X32GSU2yLr9GRNi

  34. Bob says:

    No follow up to say that this was all a massive red herring? The sheepreloaded guy in his delusional chase was actually looking at a BTC-E wallet and their customers!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s