Can someone explain how is it possible to steal Bitcoin if every transaction is recorded in a public ledger? Does not every bitcoin have its own signature which allows you to track its movement? New to this.
This is what I don't understand. If you can watch every transaction, is the key to successfully getting away with theft the ability to withdraw funds without being detected?
You can try to conceal your coins by sending to many addresses, using mixer services to switch your coins with someone else and then trade them often to other cryptocurrencies which makes them harder to track. I would personally try to trade them for Monero where you basically can't trace your transactions.
The problem is that the individual coins aren't tagged. It's not like cash where you could conceivably note the serial numbers of all the bills that were stolen. You can track the theft and see where the coins got sent, then see where those wallets sent additional coins, etc., but they'll soon get mixed up with legitimate coins (especially if the thief uses a mixer) and you won't be able to know which is which.
It would be possible to fork Bitcoin to reject the transactions used in the theft, thereby restoring the funds. This is what Ethereum did for the DAO hack. But so far, the Bitcoin community hasn't shown a willingness to do this.
Yes it is possible to check the history of a Bitcoin and see that it has been stolen. Provided that you take the effort to do that.
This is no different than when a bank is robbed and banknotes are stolen. The bank might have written down the numbers of the banknotes and those can be published. But most shops won't check those when somebody buys something.
> This is no different than when a bank is robbed and banknotes are stolen. The bank might have written down the numbers of the banknotes and those can be published. But most shops won't check those when somebody buys something.
Well it's quite a bit different because everyone has access to the ledger where you can see what "bills" were stolen and can automatically prevent them from being used.
That's not how it works. Individual satoshis do not have a serial number. As soon as it goes through a mixer, you cannot definitively say which are stolen and which are legit.
Bitcoin's blockchain is just a ledger of amounts stored at addresses at points in time.
With bitcoins, it is easier to track the notes, but it is also easier to get rid of the association if you find someone willing to clean them for you.
Say I steal 10 bitcoins from you. I go to someone who cleans bitcoins for a cost of 10%. I send them 10 bitcoins, and they send 1 bitcoin to 9 different wallets (keeping the 10th as payment). That alone would allow you to still track it. But now add in thousands of other people sending them bitcoins on the same day, and some random pauses as to when they send the bitcoins to other wallets, and you are no longer able to tell which bitcoins in are associated with which bitcoins out.
Now, do you just get businesses to stop doing business with anyone (any wallet) that has ever received bit coins from the mixer? And there are many mixers out there.
And this is still simplified. You can be governments are monitoring and running statistical analysis on those mixers to try to find people laundering bitcoins associated with especially bad things. I'd even guess some of the bitcoin laundering operations are ran by governments in an attempt to better track the flow of bitcoins.
Not doing business with mixers: wow, what an interesting way to stir up trouble! Someone should create a service to distinguish "legit" from "tainted" Bitcoin. Let's see if Gresham's law applies so 1 bitcoin is no longer 1 bitcoin. What would the other exchanges do if one of them started trading these separately?
It's important to distinguish two issues: (1) whether the currency is usable as currency and (2) whether there are forensic clues enabling law enforcement to identify criminals. They're completely separate questions.
The value of a dollar bill is the same whether it was used in a crime. But if it has some ink on it, it might provide evidence that the person holding it robbed a bank. The ink doesn't keep the dollar from being usable.
It has to be this way. Otherwise money simply gets taken out of circulation, and people participating in the economy have to worry about whether money is money.
You definitely can, but without cooperation of the rest of the network, they will still be able to spend the money. If you could identify where the person re-spent the stolen coins, and found cooperative courts, you could try to go after them that way, but it's an uphill battle.
In Ethereum's DAO hack, tokens were also stolen, but they got lucky and the money wasn't spendable for a while (because of how the transaction/contract was written), so they were actually able to convince the entire network[1] to agree to reverse that theft as part of the protocol and recover the tokens that way.
On a low level there are no "coins", just numeric amounts of smallest units of Bitcoin (satoshis) attached to outputs. Outputs have predicates (scripts) that allow the one who can satisfy the predicate to move amount in the output. Generally it's EC signature requirement but can be more complex. A transaction has also inputs that indicate which output do you want to claim and some data that satisfies the predicate (generally it's also a script but usually only data).
And yes, it's not possible to hide stolen Bitcoin. These addresses will be monitored forever. Think about what would happen if you stole some Bitcoin from the mafia and could not cash it. There are some services that can mix Bitcoin to hide their origin.
Think of 'owning' a bitcoin as 'having the ability to spend' this bitcoin.
This ability is guarded by a private key. If this private key is stolen, someone else ALSO has the ability to spend this bitcoin.
Then, if this attacker transfers this bitcoin to another of his own private keys (he 'spends' it), in the blockchain there will be a record, yes. But who owns this new private key is unknown.
I don't know, I'd probably be pretty salty too if I'd known of bitcoin for years, never bought any because I kept predicting its demise / uselessness, and was continuously made wrong by reality. This meme shouldn't make me laugh but seems fitting... https://pbs.twimg.com/media/DQfNIzNVAAETVOB?format=jpg&name=...
What really pisses me off is how it got handled by NiceHash:
Alex Zvyozdny: Many of you already know that the site reddit spread information about the alleged hacking of our service. We hasten to assure everyone that your bitcoins are safe and sound. And we are the largest pool in the CIS countries are not going to close, but rather increase our presence in the regions.
In connection with the increased number of those wishing to mine the crypto currency at our sites, as well as rent or lease capacities for mining, we conduct PLANNED technical works, which are to be completed on Friday morning. From December 8, the service will work in the standard mode.
Since this is the most massive update in the last two years, we have indeed suspended all Bitcoin payments, and the funds were taken to a safe place. After the works - everything will be returned to their places. Please do not panic!
Sincerely yours, NiceHash.
How is it that this can't be prevented by the Bitcoin network? The network should be able to mark coins stolen and unusable...oh wait it can't. Because in order to do that you'd need a trusted third party to verify the coins were stolen defeating the purpose of a distributed ledger that doesn't require third party trust. Yet another shortcoming of trying to replicate cash.
I read GP the other way around - by mimicking some of the behavior of cash (inability to mark as stolen), Bitcoin runs into some problem (combating fraud).
Is that actually true? I've heard it as well, but it seems like an impossible task for a bank.
Are they scanning all the bills that come in? Which bills are in which teller's drawer? I doubt it.
If they received new bills in sequential order from the mint and had them stolen, I could see how they would know the numbers. But then again, what's the point? Your average business isn't going to scan numbers, so by the time the bills pop up again, you have no idea the path they took.
I've heard that serial numbers from ransom money would be recorded. That makes a bit more sense as they are one-time events and there is value in knowing if you find money it came via the ransom.
Tellers used to have at least one packet of money in each of their drawers that have their serial numbers recorded. If they get robbed they are supposed to include it depending on the relative safety of the situation. I believe new bills from the federal reserve are also sequential and an inventory of those are probably recorded when they are accepted and counts are verified. At least that is how I remember it from about 15 years ago.
I’ve heard that's true of some of the serial numbers of bills stolen, but only because banks track a small and segregated set of bills in each tellers drawers, not because they track all serial numbers, and isn't used so much to find thieves and to confirm them once other mechanisms have caught them.
Really depends on your point of view. The entire use-case of Bitcoin is that no one can reach back in time and "undo" transactions. There is no point for it to exist otherwise.
And then we'll all be forced to accept it from criminals for payment - or there will be a governing body/platform you must put transactions through to decide if it is usable (stolen) or not?
The thing is that for every other currency the governing body/platform cannot be trusted, as has been clearly proven many times, but even the Fed proved it cannot be trusted in 2008-2009 (and before that in 2001).
The organisations these governments put forth as arbiters are, of course, are much worse. Pretty much every bank of any size has been caught embezzling, unilaterally cutting people's accounts, and worse. In many cases for very petty reasons, or just for a quick buck.
So what exactly is your suggestion ?
Is bitcoin more or less trustworthy than BAC, WFC, which are the organisations the Fed chooses to represent it to normal Americans ?
Read the whole sentence I wrote. "Yet another shorting coming of trying to replicate cash." The problem isn't the blockchain. The block chain is all good and well. The problem is the anonymity associated with the transactions. There has to be a balance between anonymity and security of transactions.
Could the community as a whole black list a bitcoin address so they could at least not spend the money they stole? Are you able to track the history of who was a previous owner of the bitcoin?
Seems like a major issue. If these hacks keep happening thieves are going to own more bitcoin they the rest of the community.
Tezos allows for blockchain consensus rule/s to evolve over time, which is a pretty cool idea, though the project seems to be struggling with management problems after having raised hundreds of millions in USD.
Why would it be a hard fork? Anyone can freely decide not to buy bitcoin from specific addresses without any change to the software running the blockchain nodes.
See the problem is, how can you trust the claim of coins being stolen to begin with? A common scenario would be I buy something with the coins and then I decide to claim they were stolen thus making the coins useless.
Who is the "trusted third party", the arbiter of such disputes? Is it the government that relies on civil forfeiture laws to keep the lights on in many local municipalities? Which government? The US? EU? China? Russia?
Best you can do is start a tainted coins site and record it there.
That's exactly my point. That's the main issue here. This is a short coming of cash, so why are we trying to replicate it? A truly decentralized system can exist that ties value to an individual instead preventing these things.
Credit card chargeback fraud is extremely common. Accepting irreversible payments would be better for these cases as the customer cannot pay, walk out with goods and keep their money. It's much harder for a public company to actively defraud their customers so this is actually more sane.
Maybe they were hacked, maybe the owners stole it, you'll never know. And no one really knows the wallet of the mined coins so they can't really be traced outside of the company.
It is used as a synonym of "doer" or "builder" but in the software/internet related industries, e.g. this website.
Which is a bit strange since "to hack" doesn't carry good connotations, neither a "hacker" in the original sense.
Similarly there is now this term "maker" which I find... ridiculous, to be honest. Are carpenters "makers?" What about electricians? Plumbers? Why does "maker" seem to imply a nerd with an Arduino or a 3d printer?
Still mostly the original definition, but as tech culture spills into the mainstream more people are coming around to something approaching "someone who codes."
Hacker has switched around a few times. In the Comp-Sci/academic/programmer world the semi-original use of 'hacker' was in reference to the pranksters at MIT's Tech Model Railroad Club and the MIT Artificial Intelligence Laboratory, then for those that hacked into computer systems not just at MIT, leading to the thief-like image down the road. HN's name is out of the MIT prankster heritage of those people that can 'hack' something together or find novel pathways in systems (not just computers).
Can someone walk me through how this happens from a technical perspective? Nicehash must keep their PK at some "super secret place" so they can sign transactions out to their miners. In an ideal situation that PK is unreachable even in a security breach—but if it's not well guarded enough then once that PK is found the floodgates are open. Is that correct? Also, from a technical perspective why would a pool keep so much BTC in a hot wallet? Shouldn't they be constantly distributing rewards out to miners, and just pocketing a % them selves which (you'd assume) they'd move to cold storage?
Fundamentally, it is difficult to protect 256 bits of information from a highly motivated attacker.
You can make it more difficult by using things like cold wallets with Shamir Secret Sharing schemes, but $70m of seemingly untraceable assets is an attractive target. Even if you require a quorum of ten people to access the cold wallet, that’s still $10m per person if split amongst themselves.
And someone has to build that system in a trustworthy way in the first place.
79 comments
[ 4.8 ms ] story [ 157 ms ] threadInput 1,000 different peoples coins, output any one of their coins one at a time. There's no way to know whose coins are coming out the other side.
https://en.wikipedia.org/wiki/Bitcoin_mixer
You can try to conceal your coins by sending to many addresses, using mixer services to switch your coins with someone else and then trade them often to other cryptocurrencies which makes them harder to track. I would personally try to trade them for Monero where you basically can't trace your transactions.
It would be possible to fork Bitcoin to reject the transactions used in the theft, thereby restoring the funds. This is what Ethereum did for the DAO hack. But so far, the Bitcoin community hasn't shown a willingness to do this.
This is no different than when a bank is robbed and banknotes are stolen. The bank might have written down the numbers of the banknotes and those can be published. But most shops won't check those when somebody buys something.
Well it's quite a bit different because everyone has access to the ledger where you can see what "bills" were stolen and can automatically prevent them from being used.
Bitcoin's blockchain is just a ledger of amounts stored at addresses at points in time.
Say I steal 10 bitcoins from you. I go to someone who cleans bitcoins for a cost of 10%. I send them 10 bitcoins, and they send 1 bitcoin to 9 different wallets (keeping the 10th as payment). That alone would allow you to still track it. But now add in thousands of other people sending them bitcoins on the same day, and some random pauses as to when they send the bitcoins to other wallets, and you are no longer able to tell which bitcoins in are associated with which bitcoins out.
Now, do you just get businesses to stop doing business with anyone (any wallet) that has ever received bit coins from the mixer? And there are many mixers out there.
And this is still simplified. You can be governments are monitoring and running statistical analysis on those mixers to try to find people laundering bitcoins associated with especially bad things. I'd even guess some of the bitcoin laundering operations are ran by governments in an attempt to better track the flow of bitcoins.
The value of a dollar bill is the same whether it was used in a crime. But if it has some ink on it, it might provide evidence that the person holding it robbed a bank. The ink doesn't keep the dollar from being usable.
It has to be this way. Otherwise money simply gets taken out of circulation, and people participating in the economy have to worry about whether money is money.
More: https://www.reddit.com/r/Bitcoin/comments/1qomqt/what_a_land...
And with no way to reverse it there's no way to pull the balance back.
In Ethereum's DAO hack, tokens were also stolen, but they got lucky and the money wasn't spendable for a while (because of how the transaction/contract was written), so they were actually able to convince the entire network[1] to agree to reverse that theft as part of the protocol and recover the tokens that way.
[1] Minus a fragment that became EthereumClassic.
And yes, it's not possible to hide stolen Bitcoin. These addresses will be monitored forever. Think about what would happen if you stole some Bitcoin from the mafia and could not cash it. There are some services that can mix Bitcoin to hide their origin.
This ability is guarded by a private key. If this private key is stolen, someone else ALSO has the ability to spend this bitcoin.
Then, if this attacker transfers this bitcoin to another of his own private keys (he 'spends' it), in the blockchain there will be a record, yes. But who owns this new private key is unknown.
all the ransomware in the news in recent year or two accepted bitcoin payment to decrypt your data.
Alex Zvyozdny: Many of you already know that the site reddit spread information about the alleged hacking of our service. We hasten to assure everyone that your bitcoins are safe and sound. And we are the largest pool in the CIS countries are not going to close, but rather increase our presence in the regions. In connection with the increased number of those wishing to mine the crypto currency at our sites, as well as rent or lease capacities for mining, we conduct PLANNED technical works, which are to be completed on Friday morning. From December 8, the service will work in the standard mode. Since this is the most massive update in the last two years, we have indeed suspended all Bitcoin payments, and the funds were taken to a safe place. After the works - everything will be returned to their places. Please do not panic! Sincerely yours, NiceHash.
Gonna call fake news on that quote until proven otherwise. Lots of trolls/disinfo out there about this. e.g. https://www.facebook.com/NiceHashSupport
That said, these guys probably exit scammed.
Are they scanning all the bills that come in? Which bills are in which teller's drawer? I doubt it.
If they received new bills in sequential order from the mint and had them stolen, I could see how they would know the numbers. But then again, what's the point? Your average business isn't going to scan numbers, so by the time the bills pop up again, you have no idea the path they took.
I've heard that serial numbers from ransom money would be recorded. That makes a bit more sense as they are one-time events and there is value in knowing if you find money it came via the ransom.
Really depends on your point of view. The entire use-case of Bitcoin is that no one can reach back in time and "undo" transactions. There is no point for it to exist otherwise.
It's a feature, not a bug.
The organisations these governments put forth as arbiters are, of course, are much worse. Pretty much every bank of any size has been caught embezzling, unilaterally cutting people's accounts, and worse. In many cases for very petty reasons, or just for a quick buck.
So what exactly is your suggestion ?
Is bitcoin more or less trustworthy than BAC, WFC, which are the organisations the Fed chooses to represent it to normal Americans ?
More trustworthy. No doubt about that whatsoever.
Seems like a major issue. If these hacks keep happening thieves are going to own more bitcoin they the rest of the community.
Best you can do is start a tainted coins site and record it there.
Bitcoin didn't invent crime. It's not going to stop it, either.
Credit card chargeback fraud is extremely common. Accepting irreversible payments would be better for these cases as the customer cannot pay, walk out with goods and keep their money. It's much harder for a public company to actively defraud their customers so this is actually more sane.
Also cash has the exact same properties.
I mean, sort of. There are logistics that make stealing $70m worth of physical cash difficult.
https://en.wikipedia.org/wiki/Hacker
https://en.wikipedia.org/wiki/Hacks_at_the_Massachusetts_Ins...
http://hacks.mit.edu/
You can make it more difficult by using things like cold wallets with Shamir Secret Sharing schemes, but $70m of seemingly untraceable assets is an attractive target. Even if you require a quorum of ten people to access the cold wallet, that’s still $10m per person if split amongst themselves.
And someone has to build that system in a trustworthy way in the first place.