I know soooo very little about crypto currency, but his idea here makes sense, at least to me, but what do I know. Is it possible to create a registry like this, or is this never going to work?
"Given bitcoin traceability and the ease of getting an injunction, one can imagine that it might make sense for insurers, bitcoin exchanges, and over-the-counter traders to build some sort of private "ransom registry". The moment that an insurer pays a ransom to a hacker, that insurer simultaneously announces the offending address to the registry. A verified OTC trading desk can now protect itself from potential bankruptcy by always checking the registry to make sure that any bitcoins offered to it are "good" bitcoins. Exchanges too would likewise cross-check incoming bitcoin deposits against the registry."
What if someone gave you change in cash, then you went to deposit it at a bank, and they refused to take it because those bills were in a registry?
You could check the registry yourself before accepting change, but what if those bills weren't in the registry when you checked?
Such a system could be implemented for bitcoin but there are crypto currencies with stronger privacy guarantees for which this would be practically impossible (those guarantees could maybe be cracked in the future, people are working hard on both sides).
How can you launder something with a traceable serial/transaction number? I don’t think it’s possible. The best you can do is mix it with enough other transactions that it becomes murky as to the final destinations.
Ex: If half of the bitcoins used to buy a car were fraudulent, would you need to return half the car?
So, it is slightly more complicated than a serial number. In some sense, everytime you make a transaction, you burn all the input coins and creates new coins for the same value, each assign to the respective recepient. Tracking them is not straight forward.
Most OTC are not very tech savvy and I can imagine one either being criminal but stupid for bringing it to Bitfinex or simply non criminal but did not do their due diligence and KYC the seller (which is very surprising knowing the space)
If bitcoin is not treated as legal currency, then the person you bought the car from would be required to return half the coins you have them to the original owner as they would qualify as stolen property.
This risk would have to be managed by contracts, insurance, and/or quick exchange for safer assets.
The point isn't to make the coins themselves clean, it's to exchange them for something clean.
So a laundering service could specialize in buying tainted coins and to sell them off to other unsuspecting people, pocketing the difference. In return they could provide clean coins for their customers.
The thing is that 96 bitcoin could be thrown through a mixer of sorts.
Take the 96 bitcoin, split it into 96 different addresses with 1 bitcoin, then mix those 96 individual addresses to multiple new addresses and then reassemble them elsewhere. This is a horrible explanation, but explains the general idea. You could also mix from Bitcoin to Monero or another currency and back again through various pairs.
There are lots of things out there to attempt to trace the bitcoins back to the source since every transaction is always logged, however if people keep rearranging coins on various addresses it does make it harder.
Having a blacklist registry of all bad/stolen coins would be great if implemented, however I don't know how feasible it would be.
One, mixer output could be, by default, added to the registry as laundering proceeds. Or two, the subunits could be traced through the mixer, thus retaining their black marks.
This may result in tainting large part of bitcoin in circulation.
If someone buys a coffee with tainted coins, is the cafeteria now responsible for querying the registry to reject the transaction? Or it risks to have whole daily turnover, if spent together, end up tainted?
I'not saying that it's going to happen, but it certainly seems plausible to have laws that merchants who violate some blacklist forfeit their daily turnover, there are existing laws with much, much harsher consequences.
Many upstanding people—and even large companies like payment processors!—process their received funds through a mixer “just to be safe”, i.e. to escape any coincidental untoward paper-trail that attaches to their funds two or three steps back.
You know how they say that every US dollar bill has a little cocaine on it? Using your suggestion, every dollar bill would be marked tainted as drug proceeds.
That's as dumb as laundering clean money “just to be safe” or covering up a crime you didn't commit “just to be safe” (hey Reiser). If your coins are clean, mixers make them dirtier and this has been known all along.
They're not trying to hide the proceeds of a crime, they just want to protect their privacy from anyone snooping on the transactions. The government is not the only party interested in how people are spending their money, and criminals are not the only ones with a legitimate reason to want to keep their financial dealings private.
If you're e.g. a retailer, you can maybe know your coins are clean one step out, but you can't know if they're clean for their whole traceable history without standing up a fancy Network Analysis OLAP cluster and hitting it with some really high-cost queries.
Let me put it this way: what would you do with your float if you run a convenience store in a bad part of town, and know that there are marked bills floating around in the local economy, and that the police might pop in at random one day and take them out of your till? Well, you'd probably deposit your float in your local bank at the end of each day, and then get new, guaranteed-unmarked bills from the bank. That's mixing! It's not money laundering, just mixing. You're removing the potential liability of being blamed for what your customers' employers' customers' employers did.
If we follow the stolen-property example, if a stolen car is broken up and sold as parts, and I buy a widget from it, the fact the car was broken into 96 bits doesn't make the widget any less stolen, no matter how many hands it passes through.
A car with a stolen part does not, itself, become a stolen car, because there’s a clear division between the part and the car itself. The only thing the police would want to seize as stolen property from you is the stolen part—they’d get you to take it out of your car, and be on their way.
Cryptocurrency is less like car parts, and more like gold: putting the crypto through a mixer is like melting some (unknowingly) stolen gold jewellery into a batch of non-stolen gold, forming new gold bars, and then selling those. Is the whole batch of gold now “tainted” by the stolen gold? Does it all need to be seized as stolen property? If not, then what does need to be seized? An equal shaving of gold from each buyer’s new bar?
If it were possible to figure out which mixer recipient was the original jewellery thief, you could just seize their mixed assets, since those assets should be equal in value to the stolen input assets. But the whole point of a mixer is to destroy that linkage, such that you have no idea who any of the recipients are.
e.g.
1. I pay you 1 BTC
2. Wait until I receive whatever I paid for
2. Now I tell you to send me 0.5BTC or else I'll report the entire 1BTC as ransom payment.
The blacklist is just a new and very powerful tool for additional fraud!
Presumably the registry could also have some mechanism of identifying those making the reports (maybe limited to insurance companies), and not just accept random reports of ransom payments. That makes it less ideal, sure, but it could help prevent the scenario you posed.
The problem with all schemes like this are political: Who defines what is "good" versus "bad?" What happens when the hackers use socialengineering to muck with the people running the registry?
Is this typically the case? As far as I understand, fraud losses for example are often treated quite differently than stolen goods. Are ransom payments really considered stolen?
This doesn't necessarily seem like the kind of a situation where the nemo dat rule would be directly applicable, especially given that it doesn't typically extend to money anyway.
This is why Bitcoin's traceability is a problem for it's money status. If people are actively pursuing the stolen bitcoins, regardless of who's currently holding them, then Bitcoin's fungibility will break as some coins will be worth more than others.
The only cryptocurrency that comes close to solving this is Monero, which isn't traceable.
If the attackers were smart, this is what they would've done: Send them to Bitfinex, which is an unregulated and shady exchange, sell them for Monero and withdraw them immediately. Congratulations, now you have a bunch of untraceable cryptocurrency.
You can write down the serial numbers of paper money you hold, but that's not going to help you recover the money if someone steals the money and spends it at a shop.
Untraceability sidesteps getting courts or lawmakers to give you legal status as money. I don't see why governments have any motivation to extend this protection to cryptocurrencies as it would seem to mainly facilitate crime without providing any benefit in terms of encouraging adoption of government controlled currency.
Steal enough banknotes and the bank will go to great lengths to find you. The Northern Bank robbery stole a significant fraction of all NB notes in circulation, so the bank re-issued them, relying on the impossibility of the criminals laundering them before the swap deadline.
Governments are unlikely to give cryptocurrencies the same legal privileges as the currencies they issue.
As such, traceability will remain a risk for anyone receiving cryptocurrency payments. If a chain analysis reveals an illegal transaction as a precursor, it's going to be considered stolen goods, not money, as the article states.
[1] is about Bitcoin Cash, not Bitcoin.
[2] is basically a Tumbler/Mixer based on a smart contract which there are plenty of available (at least non-smart contract ones)
You can technically introduce anything as a softfork yes. The only difference is how difficult it is to implement, which I think would go beyond "just copy it".
Because, like with mixing services, ZCash shielded transactions are opt-in and can easily be detected. So exchanges could decide to ban coins with mixing in their history or require extensive KYC information.
Yes it's a little different from the problem described in the post, but it's another facet of the fungibility issue.
> So exchanges could decide to ban coins with mixing in their history or require extensive KYC information.
The same way they could decide to ban Monero... seems like what you describe with z-cash is more complex to support in an exchange than simply removing a whole cryptocurrency, thus is less likely to happen.
I would assume that Monero isn't being used because Bitcoin tainting hasn't become a significant issue and Monero doesn't provide sufficient liquidity to allow extorting at scale.
Fascinating and also good news IMHO as it starts to highlight that bitcoins can be tracked and today a stolen mobile phone can be blocked and logged upon a database as stolen, so could bitcoins.
I'm thinking that there is a need/opportunity to be able to register bitcoins as stolen and if vendors used that database, the whole raft of bitcoins used for nefarious activities and more so stolen ones, can be curtailed.
Counterpoint to that thinking would be that it would not curtail the criminal activities such as ransom payments, only shift them into other forms.
Also interesting that the incident response team do not track or follow up tracing and tracking the bitcoins used and that a separate company and process was avenued. This shows that incident response is still a learning process, though encouraging that such situations are within their remit of response and as a service for companies - an important one.
Another take away from this is that law enforcement need to up there game, had this been hard cash, they would be driving this and not the insurance company. That shows how they are behind the times and most likely, budget/skill shortages playing out. But a million dollars is a million dollars in any currency, including crypto currency and again, had this been hard currency, you know that they would of been more resource involved. Though please don't take that as an indictment upon the police services, more an indictment of their resource limitations and one that needs addressing and raised up the flagpole.
Exactly. Additionally, not everyone wants to take their money to the off ramp. This also creates a conundrum for exchanges. If they punish any user with a descendant of any "dirty" coin, it hurts the market and people's willingness to accept crypto at all. If no one is buying and selling crypto, they have no business.
An evildo-er wanting to hide bitcoins has many routes to do so:
* A Mixer
* gamble on one of many online casinos
* buy physical darknet goods with them
* Hack someones account on an exchange and use it.
* The above, but use the coins to 'pump-n-dump' a tiny altcoin. Be one of many 'investors' making money out of the change in altcoin price.
* Go margin trading with them, but make sure to loose them all in a margin call. Do it on a small altcoin so you can be on the other side of that margin call.
What if governments define every output to a mixer transaction to count as receiving stolen goods if any of the inputs are the result of criminal activity?
Apart from that, every option you suggested just hands the problem off to the next person. Eventually people won't want to transact at all because they don't want to receive tainted bitcoins.
Yup. My theory is overtime people will start to realize the vulnerabilities of a public blockchain/public transactions and start using more privacy coins.
Thus the concept of 'tainted bitcoins' isn't likely to last very long, if bitcoin is to continue to be used at all, especially when the creation of new bitcoins keeps going down. This is similar to nearly all paper currency having trace amounts of cocaine et al. on it. (https://en.wikipedia.org/wiki/Contaminated_currency#In_the_U...) If people no longer did trades involving cash with such traces, cash payments would go away very quickly.
If using mixers as such is made explicitly illegal (it's not yet anywhere as far as I know, but it could change), there's no need to have some particular BTC tainted forever because we can follow the money trail.
Let's suppose we see some nontrivial amount (so, not $100 but $100k) of BTC being cashed out to dollars or by buying some legal goods, and we see that this BTC recently passed through a mixer. KYC means that the exchange or merchant will identify "oh, that's Bob". And we can ask Bob - well, where did that money came from? And either he can provide some evidence that he got that money in a legitimate transaction from Charlie (who can then be processed in the same manner), or he can be convicted either of (a) using a mixer if he did so himself; (b) violating money laundering laws by doing large anonymous transactions if he did get money from some 'Charlie' that can't be identified; or (c) violating money laundering laws by refusing to disclose the source of these large cash-like payments.
It's not as simple and some particular nuances of the existing laws would need to be adjusted to make this process work, but that's something governments could and would do.
Not for small amounts that can obviously be laundered easily and nobody cares about that, but it would be quite plausible to ensure that no legit organization would touch a million dollars worth of BTC without ensuring a proper paper trail of how it got there; and anybody intentionally passing 100 BTC through a mixer would just make it difficult for themselves to spend those 100 BTC - because every recipient of large amounts will ask for a proper source for your funds, and a mixer is not one.
If Bitcoin isn't granted money status, that would suck. We can't hold downstream buyers accountable for the money.
However, I still see this as a good thing; if the hackers did sell 96 Bitcoin to one single buyer, then we can now start a paper trail (or physical evidence) on what the single buyer gave them in return (paper money transfer?)
If one were to sell a sports car in exchange for a pile of marked bills taken from a bank robbery, one would rapidly find oneself in hot water. Receiving stolen goods is a crime.
But where does this stop, legally? (Really asking, I don't know.) If you immediately used these bills to buy a different car, then I imagine that could be reversed. But if you (say) paid your laundromat repair-man his salary with these bills, for the next few years, surely he (and his landlord, and his local grocery store) would be in the clear?
Edit: after reading TFA, this is the crucial point (in English law, I guess): "Banknotes, coins, and other highly-liquid paper instruments have a very special legal status. ... was granted to banknotes centuries ago in order to ensure that ... money remained highly liquid. If every merchant had to verify...". Interesting case.
In practice, the law is not trying to 'get' people who innocently receive stolen money or goods. In the example you gave, it would be up to prosecutorial discretion what to do; trying to claw back one salary's worth of already-spent money is probably not worthwhile.
But if someone shows up and tries to deposit a couple grand worth of marked bills, they can expect to be taken into a police station for questioning, and should fully cooperate: this makes it unlikely that the penalty will extend further than confiscation of the stolen cash.
The important thing to realize is: if any of this goes to trial, the prosecution only needs to prove that the money is stolen. It doesn't need to prove the receiver knew it was stolen; that's not what the crime is here, that knowledge makes it a worse crime, accessory to robbery.
The state-level standard appears to vary, the most common case is 'should have known', rather than 'knew for a fact'.
With Bitcoin, where all transactions are a matter of public record, I'd hazard that 'should have known' is baked-in. It will be interesting to see what case law is established in this arena.
That said, my statement above is clearly stronger than reality, except in some states where knowledge doesn't need to be proven.
> With Bitcoin, where all transactions are a matter of public record, I'd hazard that 'should have known' is baked-in.
Who should have known what? After receiving any bitcoin (can't be before!) everyone is obliged to figure out if the coin came from a ransomware attack? How? And what do they do if some of the coin was so tainted?
The transactions are public but the reasons for them are not. Usually ransomware victims don't publicize the fact that they were attacked. Even if they do, they additionally don't publish in which transaction they transferred the ransom. There isn't a practical to determine whether a specific transaction that a wallet received was from ransomware.
I believe that if you can show that you were not involved in and had no reason to be aware of the criminal act, you are under no obligation to return the money.
This is different than recieving other types of stolen goods that haven't been given this special legal status, which ensures that money is fungible and can be accepted with relatively little concern by honest people.
Well there's two ways you can be in trouble. The first is if you knew the money was stolen, then you can go to jail. The second is if you didn't know it was stolen but it's then seized - leaving you with no money.
As for your example I'm not sure. Said repairman would unlikely be in legal trouble, but I don't know if the money would be seized or not.
The article states that is not how money (unlike other types of property) works:
> Banknotes, coins, and other highly-liquid paper instruments have a very special legal status. If you unknowingly accept some banknotes from someone who just obtained them illegally (say via ransom or theft), the law can't compel you to give those banknotes back to the original victim. Money, as the great British jurist Lord Mansfield once declared, isn't like regular property: it "can not be recovered after it has passed into currency."
So the key questions are if cryptocurrency qualifies legally as currency and if not, what the legal standards are for who ends up the owner of that property when it gets mixed via various means.
The article may state that, but it's pretty clearly not the case in all jurisdictions:
> The penalty for larceny and the crime of receiving and concealing stolen property in Michigan depends upon the value of the substantiated property or money involved.
What part of that actually contradicts the point made by the article? As far as I can tell those laws cover knowing or willfully ignorant facilitatation of laundering stolen money.
It says nothing about the need to return stolen money recieved as part of a legitimate seeming transaction.
As the article explains, that is not true under English law; there is a special exception for money. That's what the comment you're replying to is talking about.
There already is such tracking going on, exchanges do freeze balances sometimes. The problem is that if the stolen coin gets traded before exchanges can freeze them you wind up with a lot of innocent people holding those coins and it's not practical to freeze those later.
Consider these two scenarios: A stolen bike vs a stolen sack of coffee.
In the case of the bike, if you can find it you can take it back from someone else who bought it. You can identify it distinctly as your bike, even if it had been bought and sold multiple times.
Now imagine a stolen sack of coffee that the thief sells to a vendor at a market. The vendor dumps it into a big bin full of more coffee. Other people buy bags of it, some containing the stolen beans, some not, some a mix. Now you can't identify your distinct stolen coffee anymore. It's not practical to go after the coffee vendor or its customers.
Bitcoin works like the coffee example not the bike. Balances move around like so many kilos of coffee. If you were to make the coffee vendors or their customers liable for stolen beans they happen to touch then you can't have a functioning coffee market at all.
Of course that isn't to say the coffee vendor can't do anything. If the stolen coffee or money is still in the hands of the coffee vendor then they should turn it over to the police when informed. If it's already gone they can tell the police which way the thief went and how much money was paid. Hopefully the police can find the thief and take the proceeds of his crime to make the victim as whole as possible. Also, just because coffee beans can't practically be identified distinctly doesn't mean a coffee vendor that is knowingly trafficking in stolen coffee should get off the hook.
This is how it's done now with cryptocurrency and the biggest practical problem seems to be that law enforcement doesn't move fast enough to contact exchanges confirming that the claim of wrongdoing is bona fide.
> If you were to make the coffee vendors or their customers liable for stolen beans they happen to touch then you can't have a functioning coffee market at all.
That's not true. It just means that reputation, verification and insurance become critical to the coffee market and that friction makes the coffee market way less liquid.
Now, legislatures and courts may choose to provide indemnity to all unknowing parties to reduce that friction, but it is hardly the only course this can go. The coffee vendor could also be held liable for recieving and mixing that stolen property.
With the increasing amounts of money being lost by large insurance companies as a result of this issue and extortion claims, I would not be surprised to see laws in the not too distant future that move that liability off of the insurance companies and onto exchanges and indivuals. Large insurance companies haveich better lobbyists than cryptocurrency exchanges and the government doesn't seem to benefit from making sure cryptocurrency markets have minimal friction.
> It just means that reputation, verification and insurance become critical to the coffee market and that friction makes the coffee market way less liquid.
That is true, but generally everyone wants commodities markets to be low friction and liquid. Your point is well taken that maybe some governments would rather cryptocurrency markets be higher friction.
Also keep in mind that governments put regulations at points that tend to attract problems. Pawn shops in many places are required to keep records that other private buyers and sellers are not required to keep for the very same items.
> Now, legislatures and courts may choose to
Yes, and how this currently works now depends on what choices they have already made regarding stolen property.
In a lot of places the distinction is whether the property is absolutely identifiable as the stolen property. So in the case of a car, iPad, piece of jewelry or similar it is clear. If Malory steals the iPad belonging to Alice and then sells it to Bob then Alice can legally take the iPad from Bob if she can find it. Getting the money back from Malory is Bob's problem now. On the other hand if Malory steals and sandwich from Alice, sell it to Bob, and Bob eats it, then Alice cannot legally force Bob to compensate her. If Bob sold the iPad to Charlie Alice has to take it up with him, she can't make Bob hand over the money Charlie paid.
> I would not be surprised to see laws in the not too distant future
That may happen or may not, but right now the status quo is that once things have been disposed of by an innocent party the innocent party isn't forced to make restitution. Again, I am not going to claim this is how it works in every country on earth, but it is in the places I am familiar with.
If someone steals a 50lb bag of beans and sells them to me, I am now in possession of 50lbs of stolen property. If I sell 25lbs of the beans before the police catch me, they will confiscate the remaining 25lbs of beans and those beans become evidence. Then I will go to jail for receiving stolen property. Then the victim will sue me in civil court for reimbursement of 50lbs of beans.
Just because you can flip something that's stolen doesn't mean it's gone forever. The victim in either case doesn't care which beans or coins they get. They just want the value of n coins. You could probably skip giving him any coins at all and just reimburse him a dollar amount for the value of his property.
Please remember that for the purpose of this discussion the receiver of the stolen goods and the person they are sold onward to are 100% innocent and nobody suspects them of being dishonest. If the receiver was in on it then this does not apply.
If someone stole 2 iPhones from you and sells them to a used phone dealer, who then sells those very 2 iPhones - your iPhones - to someone else, does the law require the used phone dealer to give you 2 other iPhones of the same model that he happens to have?
I believe, and perhaps I am wrong here, that it does not. As the victim you may well be happy to made whole with 2 other identical iPhones but that is not what will happen. Furthermore, the used phone dealer will not be required to pay you any of the money he received from the buyer of your phones or reimburse you for the cost of your phones.
If the dealer had sold only 1 of the phones then you would get that back and not have to compensate the dealer for his loss resulting in paying the thief.
If the items were such that you cannot prove you own it, such as with coffee beans, then you get absolutely nothing. You do not get some fair volume of them to compensate you.
That is how I understand the way stolen property is handled in general currently. I am not attempting to pass a moral judgement about it, merely describe how it is. (may not be so in all jurisdictions, but in CA/US/UK/AU/at least some parts of SE Asia)
Someone steals your phone. You can sue that someone for the value of lost property if caught or if the police recover money.
If he sells down the line. Police will follow the chain and if the property is found it will be taken and it will be used in trial and recovered back to you.
The people who bought the used phones may lose them. If they do they can sue the store. If the store hasn't sold them they will lose them and can sue the orginal thief.
Pawn shops hold the goods they purchased for 30 days to give time for someone to make a claim against them as property that was stolen from them. (This is my experience in Canada anyway.) In theory, exchanges could do the same thing for deposits above a certain amount, but this would presumably hurt their business the way things work right now.
Don't pawn shops hold items because they are essentially lending money with the item as collateral. They don't sell the items right away because the person that sold them to the pawn shop has the right to repay the loan and reclaim the item within a certain period of time.
* Bitcoin proponents desire that bitcoin work like the earlier currency example, where an innocent actor who receives stolen currency at part of some transaction for a good or service is protected from having to return those bitcoin.
* Whether an innocent actor in that position is in fact liable or protected in that scenario is fundamentally up to the state(s) involved and their legislative choices.
This (as with the centralization of mining, and exchange prominence) seems to be another example where Bitcoin is -in practice- far more subject to the powers of states than its proponents respresent.
I postulate that few if any states will see any advantage in granting that kind of protection to bitcoin transactions, as states have incentives to ensure their own currencies can be transacted without rigorous detective work, and do not have these same incentives with bitcoin.
You seem to be speculating about some future legislation. What about the situation right now?
>I postulate that few if any states will see any advantage in granting that kind of protection to bitcoin transactions, as states have incentives to ensure their own currencies can be transacted without rigorous detective work, and do not have these same incentives with bitcoin.
Usually these principles apply to all currency, not just the states "own" currency. Why would states need to grant such protection to bitcoin transactions, as opposed to taking away such protection?
The real difference is that coffee and banknotes are property, whereas cryptocurrency is an entry in a distributed database. One can "steal" (or at least gain unauthorized access to) a private key, but one cannot "steal" bitcoins. There is no inherent right to have the rest of the Bitcoin network agree that these bitcoins belong to you. Especially not after the authorized owner of the coins (meaning anyone in possession of the private key) has announced to the network that the coins belong to someone else.
Only after the coffee goes in the big container full of lots of other coffee is it rendered unidentifiable. If the coffee vendor didn't pour the stolen bag of beans into the rest of it then it's still clearly identifiable.
Bitcoins are not quite like the a banknote. If I have a $1 and $20 bill that's 2 things each with a serial number. I can give them to you, and you can give them back to me. Bitcoins on the other hand don't work that way. The movement of them changes them, even though you can trace the flow of the value represented.
Let's say someone steals your 1 bitcoins, sending 0.999998 bitcoins to himself, leaving 0.000002 bitcoins for the miner who confirms the transaction. Then the thief sends 0.999996 bitcoins to someone totally innocent in exchange for a car, leaving another 200 satoshi for that miner.
You find the person who sold that car for those bitcoins and he still controls that balance. Are you entitled to get those bitcoins back?
Well, say the car seller had no other bitcoin. One argument would be that he still has 0.999996 of your bitcoins, so he's obligated to give your property back and he needs to figure out how to collect for the car, tough luck for him. The fact that he doesn't have it all is no different than if his car was stolen and he found just missing a couple of hubcaps.
Another argument could be that no, your bitcoins were the UTXO that you could solve the unlock script for, which you still can, so it's like the car seller had received an item that your bitcoins were exchanged for (new script). I don't think most people would have much sympathy for this argument.
But what if your coins were only 1 input into the transaction sent to the car seller, and then the car seller spent half of on his rent, receiving back the balance to his change address?
Now we've arrived at coffee beans. Even though you can know the balances, you cannot say whether your bitcoins are in the possession of the car seller or his landlord. It makes no sense to say that each of them has half, nor does it make any sense to claim that one or the other has your stolen property.
So assuming bitcoins do not have the special money status and stolen bitcoins are going to be treated like other stolen property is then they are like the coffee beans in that they become unidentifiable without anyone trying to be dishonest.
However as the exchanges are visible it is easy to know the exact amount that has to be returned, therefore theft of such property has a clearly known value (plus damages) as if you kept a precise ledger.
Said value thus does not have to be decided in court to be returned - the question is, do you have to return it in cash of choice or Bitcoin?
The big question is how you find the responsible ransomer if they used a mixer, and whether mixer is culpable for not following KYC for big transaction amounts.
if the goods are effectively interchangeable, then I don't see why you wouldn't just rule that 8 pounds of beans were stolen so you give him 8 pounds of beans out of the bin. They don't have to be literally the exact same beans.
This analogy makes no sense and is fundamentally antithetical to what a blockchain is.
Bitcoin literally has chain of hashes that mark a chain of custody and provably verifies transfers between addresses. Just because actors along the route are mixing it into a big wallet and distributing it out only means they are facilitating money laundering and could be easily be proven to have done so, and every transaction that touches that transaction is complicit.
> The problem is that if the stolen coin gets traded before exchanges can freeze them you wind up with a lot of innocent people holding those coins and it's not practical to freeze those later.
Isn't this fundamentally _not_ how it works in the traditional financial world? If you are paid in ill-gotten money it can certainly be clawed back no matter how innocent you are.
In the US, stolen property is the property of the person it was stolen from. If you bought a stereo from a pawnshop and it turns out it was stolen, the original owner gets his stereo back and you get to try and reclaim your money from the pawnshop. Anything else would create perverse incentives like the grandparent describes.
This rather prominently came into play during the 2008 financial crisis when it turned out banks were forging wet copies of the original mortgage paperwork on foreclosed properties. When banks realized that it was a problem, title insurance started specifically excluding this, so the original owner could take their property back and you would end up with a mortgage on nothing.
Yeah, but for bitcoin ransoms, isn't one big difference (from the coffee case) that you know the destination address long in advance? In that case, it's much harder for it to reach the point of "too distributed".
The problem is that the stolen coin has been traded before exchanges froze them you, if wound up with a lot of innocent people holding those coins, every alleged victims should reach davidveksler(at)engineer com, he is an expert in applied crytography.
My wife abandoned I and my son for 4 months now only for me to contact( THEDARKCRACKER at PROTONMAIL COM ) to help me track her phone to know her where about, after the hack was done it was traced that she has been in a hotel with another guy for 3 months since she left the house.
The article brings up an interesting legal point as to whether bitcoin will be afforded the special legal status of paper cash that protects innocent recipients who accept stolen money ... but really paper cash has no such protections when you're talking about millions of dollars of it, so the point is entirely moot.
Is ransom payment even considered "stolen" in the usual sense? You have willingly paid that, nobody took that from you without permission. I wouldn't be surprised if ransom has it's own different definition.
Forcing an innocent to hand over bitcoins they had no clue they were tainted will make everyone lose trust in bitcoin and cryptocurrencies in general. What's the point of anonymity when trading when you're culpable for wherever that currency came from.
"Forcing an innocent to hand over bitcoins they had no clue they were tainted" shouldn't wreck trust in cryptocurrencies, but rather in the organization unjustly harming those innocents—i.e. the government. If anything the fact that they had to track down each individual recipient and force them to transfer the funds, rather than simply pressuring some bank or other intermediary, ought to increase trust in cryptocurrencies.
The "but I didn't know" excuse of innocence is not universal. In some cases one is required to do due diligence or risk catching some of the guilt in one's trades. Whether Bitcoin traders should be held responsible for the provenance of their coins is an interesting question. It really comes down to whether we want to protect Bitcoin as a payment system. And few people even care so it's not looking good.
Due diligence is not sufficient in the interesting cases. If exchanges instituted a blacklist of known ransom payments, for example, ransomware authors would just wait until the coins have been changed into some other untraceable form before releasing their hostages. Blacklisting the transaction in time to do any good would be the same as not paying the ransom. Reporting the address after the fact can only harm innocents several stages removed from the ransomers who could not possibly have known that the transaction was tainted.
The only reasonable solution is to track down the actual ransomers and make them pay for the damage they caused. Dragging other parties into this can only make things worse.
Making the receiving parties intent in covering losses can help a lot during discovery. Dragging "innocents" into it might just get us to a system that makes it hard for extortionists. And that system might not look like the Bitcoin we know.
You can argue that we should suffer the extortionists for other benefits we get out of Bitcoin. I'm not convinced at this point.
> Dragging "innocents" into it might just get us to a system that makes it hard for extortionists.
If you're willing to harm innocents for the sake of your cause—even if the goal is to make things harder for extortionists—then you're no better than those you're fighting.
I see this as an example where the ends can justify the means. The maximum loss those people could incur would be the sums exchanged. If those are restored to the damaged party I don't see how there's a good reason to protect the people who traded. They can still demand restoration from their partners after all. If they traded with crooks, they might get nothing back. Such is life.
To say this is the moral equivalence of extortion is a long shot.
For large amounts such as this one IMHO the key issue is that the recipient can be questioned about the source of the BTC - are they themselves related to the actual crime in question? And searched for evidence of the same.
If they're innocent, they will generally be able to identify the counterparty to whom they sold the goods or services valued at close to $1M, and the goods&services may then lead to the culprit; because (here's the thing) if they "just" did a fully anonymous $1M cash or cash-equivalent transaction, then they're not really innocent in many jurisdictions, because for large amounts money laundering laws generally (nuances depend on country) require you to identify the other party or not do it. Selling something anonymously for $10 in cash is innocent, but selling something intentionally anonymously for $1M in cash (or BTC) generally is a crime of money laundering by itself, no matter where the money came from.
The original article assumes (with no grounding, but just as an example) that the 'innocent recipient' might be some over-the-counter broker. That broker is legally required to 'know your customer'. And if they don't know their customers, well, then they're not innocent and deserve to lose their money.
The same applies to Bitfinex itself - they're required to know from whom they got these 96 BTC. If they don't, well, it's their problem, why not fine them the equivalent of 96 BTC or more for that.
A quick test for "willingly" as you put it, is not due to force, fraud, or fear.
I would think that a ransom situation would likely qualify as some type of duress. Deciding whether the criminal act is "theft" (ie. stolen) or "fraud" or something else is probably missing the point.
And certainly, some aspect in the exchange (pay money for this encryption key) did not involve permission: the encryption of the files!
But, how to restore things after a wrong has occurred? I agree with your point that there is a risk of committing a greater wrong against an innocent party. Hence the special protections of currency as a unique type of property in the article. Does bitcoin fit this model? An interesting discussion!
Does a mugger steal anything? You "willingly" hand them your wallet. In the cryptolocker case, it is to recover your locked file. In the mugger case, it is to not get stabbed.
I think this year we will see the first international orders to miners do not process some addresses and freeze that coins. I know a lot of here thinks, that it's not possible, but bitcoin has only a few big miners. And if they will get orders they will have to comply or fight it in courts. It's not possible to mine anonymously, because you need hundreds of millions to invest into miners and a lot of power.
I imagine it isn't impossible to rent a warehouse under some shell company and fill it with mining hardware in a random non-us country without anyone knowing the owners' identities.
You can, but don't forget, that you have to by miners, get cheap electricity and if you want a result, you have to have major share of hash power. Other way you will not be able to include transactions if majority pools will not agree to include them too.
Don't forget, that this pool should be part of criminal organizacion because I don't think any businessman will invest hundreds of millions of dollars and risk his mining operations shut down.
Unidentified parties mine blocks all the time, so it's doubtful that blacklists sent to the well known pools would be effective. Are they just supposed to orphan mined blocks that contain blacklisted inputs or outputs? How can anyone reasonably be expected to comply with a demand to fork Bitcoin?
Surely any pool that adopted such a policy would lose most of their members pretty quick. Same for any pool that leaves money on the table by deliberately excluding valid, profitable transactions.
You can say they will lose miners, but don't forget, to get a few percent of hash power you need to invest millions right now. it needs only 3 orders in USA, China and Europe and more than 51 percent of hash will be under order.
Small miners will not be able to include, because of orphaning. I agree, that it's not easy process and its expensive.
I wonder how this would go down in Australia. Precedent set from Gamer's vs Natwest is that the buyer retains ownership rights, so long as they purchased the product in good faith that the seller owned the original product or had the right to sell it. So if I buy your stolen car without knowing it is actually yours and was stolen, I retain ownership of the car and you have no legal remedy to retrieve it from me.
"So if I buy your stolen car without knowing it is actually yours and was stolen, I retain ownership of the car and you have no legal remedy to retrieve it from me."
No, the relevant law doesn't apply to stolen goods. It only applies to goods that were obtained by the seller with the consent of the original owner.
"Where a person having bought or agreed to buy goods obtains with the consent of the seller possession of the goods or the documents of title to the goods, the delivery or transfer by that person or by a mercantile agent acting for him of the goods or documents of title under any sale pledge or other disposition thereof to any person receiving the same in good faith and without notice of any lien or other right of the original seller in respect of the goods shall have the same effect as if the person making the delivery or transfer were a mercantile agent intrusted by the owner with the goods or documents of title."
Some decades ago (unfortunately, so long ago that I can't easily find any references to it - it was probably in the 1980s), there was a robbery of a large number of bank notes in my country. For a while after that, all cashiers at markets had a booklet with the serial numbers of the stolen bank notes, so they would be rejected and/or reported to the police. That was possible because the bank notes were newly issued (so they had blocks of consecutive serial numbers), and had never actually entered circulation (IIRC, they were stolen before arriving at the bank).
While the situation is not identical, there are some similarities: an innocent person (who did not take care of checking the serial number when receiving a bank note) could have their money rejected when trying to buy at a market (and would probably also be questioned by the police).
(I don't recall whether the one(s) who stole the bank notes was/were actually caught; are there other Brazilians here who remember about this case? I think it's not the 2005 robbery, which stole only notes which had already entered circulation.)
The fungability/tainted coins/traceability problem is potentially solved with the recent Taproot Schnorr signatures proposals. BIP340, BIP341, BIP342. You guys don't seriously think we would sit around and let the man crush bitcoin because of "tainted coins" do you :]
125 comments
[ 2.8 ms ] story [ 58.0 ms ] thread"Given bitcoin traceability and the ease of getting an injunction, one can imagine that it might make sense for insurers, bitcoin exchanges, and over-the-counter traders to build some sort of private "ransom registry". The moment that an insurer pays a ransom to a hacker, that insurer simultaneously announces the offending address to the registry. A verified OTC trading desk can now protect itself from potential bankruptcy by always checking the registry to make sure that any bitcoins offered to it are "good" bitcoins. Exchanges too would likewise cross-check incoming bitcoin deposits against the registry."
You could check the registry yourself before accepting change, but what if those bills weren't in the registry when you checked?
Such a system could be implemented for bitcoin but there are crypto currencies with stronger privacy guarantees for which this would be practically impossible (those guarantees could maybe be cracked in the future, people are working hard on both sides).
Ex: If half of the bitcoins used to buy a car were fraudulent, would you need to return half the car?
This risk would have to be managed by contracts, insurance, and/or quick exchange for safer assets.
So a laundering service could specialize in buying tainted coins and to sell them off to other unsuspecting people, pocketing the difference. In return they could provide clean coins for their customers.
Take the 96 bitcoin, split it into 96 different addresses with 1 bitcoin, then mix those 96 individual addresses to multiple new addresses and then reassemble them elsewhere. This is a horrible explanation, but explains the general idea. You could also mix from Bitcoin to Monero or another currency and back again through various pairs.
There are lots of things out there to attempt to trace the bitcoins back to the source since every transaction is always logged, however if people keep rearranging coins on various addresses it does make it harder.
Having a blacklist registry of all bad/stolen coins would be great if implemented, however I don't know how feasible it would be.
One, mixer output could be, by default, added to the registry as laundering proceeds. Or two, the subunits could be traced through the mixer, thus retaining their black marks.
If someone buys a coffee with tainted coins, is the cafeteria now responsible for querying the registry to reject the transaction? Or it risks to have whole daily turnover, if spent together, end up tainted?
You know how they say that every US dollar bill has a little cocaine on it? Using your suggestion, every dollar bill would be marked tainted as drug proceeds.
Let me put it this way: what would you do with your float if you run a convenience store in a bad part of town, and know that there are marked bills floating around in the local economy, and that the police might pop in at random one day and take them out of your till? Well, you'd probably deposit your float in your local bank at the end of each day, and then get new, guaranteed-unmarked bills from the bank. That's mixing! It's not money laundering, just mixing. You're removing the potential liability of being blamed for what your customers' employers' customers' employers did.
A car with a stolen part does not, itself, become a stolen car, because there’s a clear division between the part and the car itself. The only thing the police would want to seize as stolen property from you is the stolen part—they’d get you to take it out of your car, and be on their way.
Cryptocurrency is less like car parts, and more like gold: putting the crypto through a mixer is like melting some (unknowingly) stolen gold jewellery into a batch of non-stolen gold, forming new gold bars, and then selling those. Is the whole batch of gold now “tainted” by the stolen gold? Does it all need to be seized as stolen property? If not, then what does need to be seized? An equal shaving of gold from each buyer’s new bar?
If it were possible to figure out which mixer recipient was the original jewellery thief, you could just seize their mixed assets, since those assets should be equal in value to the stolen input assets. But the whole point of a mixer is to destroy that linkage, such that you have no idea who any of the recipients are.
e.g. 1. I pay you 1 BTC 2. Wait until I receive whatever I paid for 2. Now I tell you to send me 0.5BTC or else I'll report the entire 1BTC as ransom payment.
The blacklist is just a new and very powerful tool for additional fraud!
"When we receive our 96 BTC, we'll release your data."
Becomes:
"When we receive our 96 BTC without it being reported to the fraud registry, we'll release your data."
Is this typically the case? As far as I understand, fraud losses for example are often treated quite differently than stolen goods. Are ransom payments really considered stolen?
This doesn't necessarily seem like the kind of a situation where the nemo dat rule would be directly applicable, especially given that it doesn't typically extend to money anyway.
The only cryptocurrency that comes close to solving this is Monero, which isn't traceable.
If the attackers were smart, this is what they would've done: Send them to Bitfinex, which is an unregulated and shady exchange, sell them for Monero and withdraw them immediately. Congratulations, now you have a bunch of untraceable cryptocurrency.
Traceability doesn't need to be a problem.
The governments don't need to do this, the courts do. There's an existing principle they could very cleanly apply here.
Steal enough banknotes and the bank will go to great lengths to find you. The Northern Bank robbery stole a significant fraction of all NB notes in circulation, so the bank re-issued them, relying on the impossibility of the criminals laundering them before the swap deadline.
https://www.belfasttelegraph.co.uk/news/northern-ireland/the...
As such, traceability will remain a risk for anyone receiving cryptocurrency payments. If a chain analysis reveals an illegal transaction as a precursor, it's going to be considered stolen goods, not money, as the article states.
That's fine, but if the governments don't take action it'll be up for the courts to decide that.
>it's going to be considered stolen goods, not money, as the article states.
This is not at all obvious. It's not even clear that the nemo dat rule would apply to any kind of ransom payment.
[1]https://news.bitcoin.com/how-to-obscure-bitcoin-cash-transac... [2]https://medium.com/@tornado.cash/introducing-private-transac...
with cashfusion not even the server owners know which transactions belong to who, which isnt the case with normal mixers[1].
[1]https://medium.com/@james.waugh28/is-cashfusion-really-anony...
Yes it's a little different from the problem described in the post, but it's another facet of the fungibility issue.
The same way they could decide to ban Monero... seems like what you describe with z-cash is more complex to support in an exchange than simply removing a whole cryptocurrency, thus is less likely to happen.
I'm thinking that there is a need/opportunity to be able to register bitcoins as stolen and if vendors used that database, the whole raft of bitcoins used for nefarious activities and more so stolen ones, can be curtailed. Counterpoint to that thinking would be that it would not curtail the criminal activities such as ransom payments, only shift them into other forms.
Also interesting that the incident response team do not track or follow up tracing and tracking the bitcoins used and that a separate company and process was avenued. This shows that incident response is still a learning process, though encouraging that such situations are within their remit of response and as a service for companies - an important one.
Another take away from this is that law enforcement need to up there game, had this been hard cash, they would be driving this and not the insurance company. That shows how they are behind the times and most likely, budget/skill shortages playing out. But a million dollars is a million dollars in any currency, including crypto currency and again, had this been hard currency, you know that they would of been more resource involved. Though please don't take that as an indictment upon the police services, more an indictment of their resource limitations and one that needs addressing and raised up the flagpole.
* A Mixer
* gamble on one of many online casinos
* buy physical darknet goods with them
* Hack someones account on an exchange and use it.
* The above, but use the coins to 'pump-n-dump' a tiny altcoin. Be one of many 'investors' making money out of the change in altcoin price.
* Go margin trading with them, but make sure to loose them all in a margin call. Do it on a small altcoin so you can be on the other side of that margin call.
Apart from that, every option you suggested just hands the problem off to the next person. Eventually people won't want to transact at all because they don't want to receive tainted bitcoins.
Let's suppose we see some nontrivial amount (so, not $100 but $100k) of BTC being cashed out to dollars or by buying some legal goods, and we see that this BTC recently passed through a mixer. KYC means that the exchange or merchant will identify "oh, that's Bob". And we can ask Bob - well, where did that money came from? And either he can provide some evidence that he got that money in a legitimate transaction from Charlie (who can then be processed in the same manner), or he can be convicted either of (a) using a mixer if he did so himself; (b) violating money laundering laws by doing large anonymous transactions if he did get money from some 'Charlie' that can't be identified; or (c) violating money laundering laws by refusing to disclose the source of these large cash-like payments.
It's not as simple and some particular nuances of the existing laws would need to be adjusted to make this process work, but that's something governments could and would do.
Not for small amounts that can obviously be laundered easily and nobody cares about that, but it would be quite plausible to ensure that no legit organization would touch a million dollars worth of BTC without ensuring a proper paper trail of how it got there; and anybody intentionally passing 100 BTC through a mixer would just make it difficult for themselves to spend those 100 BTC - because every recipient of large amounts will ask for a proper source for your funds, and a mixer is not one.
https://www.wired.com/story/bitcoin-blockchain-fifo-dirty-co...
However, I still see this as a good thing; if the hackers did sell 96 Bitcoin to one single buyer, then we can now start a paper trail (or physical evidence) on what the single buyer gave them in return (paper money transfer?)
If one were to sell a sports car in exchange for a pile of marked bills taken from a bank robbery, one would rapidly find oneself in hot water. Receiving stolen goods is a crime.
Edit: after reading TFA, this is the crucial point (in English law, I guess): "Banknotes, coins, and other highly-liquid paper instruments have a very special legal status. ... was granted to banknotes centuries ago in order to ensure that ... money remained highly liquid. If every merchant had to verify...". Interesting case.
In practice, the law is not trying to 'get' people who innocently receive stolen money or goods. In the example you gave, it would be up to prosecutorial discretion what to do; trying to claw back one salary's worth of already-spent money is probably not worthwhile.
But if someone shows up and tries to deposit a couple grand worth of marked bills, they can expect to be taken into a police station for questioning, and should fully cooperate: this makes it unlikely that the penalty will extend further than confiscation of the stolen cash.
The important thing to realize is: if any of this goes to trial, the prosecution only needs to prove that the money is stolen. It doesn't need to prove the receiver knew it was stolen; that's not what the crime is here, that knowledge makes it a worse crime, accessory to robbery.
https://en.wikipedia.org/wiki/Possession_of_stolen_goods
The state-level standard appears to vary, the most common case is 'should have known', rather than 'knew for a fact'.
With Bitcoin, where all transactions are a matter of public record, I'd hazard that 'should have known' is baked-in. It will be interesting to see what case law is established in this arena.
That said, my statement above is clearly stronger than reality, except in some states where knowledge doesn't need to be proven.
Who should have known what? After receiving any bitcoin (can't be before!) everyone is obliged to figure out if the coin came from a ransomware attack? How? And what do they do if some of the coin was so tainted?
This is different than recieving other types of stolen goods that haven't been given this special legal status, which ensures that money is fungible and can be accepted with relatively little concern by honest people.
As for your example I'm not sure. Said repairman would unlikely be in legal trouble, but I don't know if the money would be seized or not.
> Banknotes, coins, and other highly-liquid paper instruments have a very special legal status. If you unknowingly accept some banknotes from someone who just obtained them illegally (say via ransom or theft), the law can't compel you to give those banknotes back to the original victim. Money, as the great British jurist Lord Mansfield once declared, isn't like regular property: it "can not be recovered after it has passed into currency."
So the key questions are if cryptocurrency qualifies legally as currency and if not, what the legal standards are for who ends up the owner of that property when it gets mixed via various means.
> The penalty for larceny and the crime of receiving and concealing stolen property in Michigan depends upon the value of the substantiated property or money involved.
https://www.cyabdolaw.com/larceny-and-receiving-stolen-prope...
It says nothing about the need to return stolen money recieved as part of a legitimate seeming transaction.
Consider these two scenarios: A stolen bike vs a stolen sack of coffee.
In the case of the bike, if you can find it you can take it back from someone else who bought it. You can identify it distinctly as your bike, even if it had been bought and sold multiple times.
Now imagine a stolen sack of coffee that the thief sells to a vendor at a market. The vendor dumps it into a big bin full of more coffee. Other people buy bags of it, some containing the stolen beans, some not, some a mix. Now you can't identify your distinct stolen coffee anymore. It's not practical to go after the coffee vendor or its customers.
Bitcoin works like the coffee example not the bike. Balances move around like so many kilos of coffee. If you were to make the coffee vendors or their customers liable for stolen beans they happen to touch then you can't have a functioning coffee market at all.
Of course that isn't to say the coffee vendor can't do anything. If the stolen coffee or money is still in the hands of the coffee vendor then they should turn it over to the police when informed. If it's already gone they can tell the police which way the thief went and how much money was paid. Hopefully the police can find the thief and take the proceeds of his crime to make the victim as whole as possible. Also, just because coffee beans can't practically be identified distinctly doesn't mean a coffee vendor that is knowingly trafficking in stolen coffee should get off the hook.
This is how it's done now with cryptocurrency and the biggest practical problem seems to be that law enforcement doesn't move fast enough to contact exchanges confirming that the claim of wrongdoing is bona fide.
That's not true. It just means that reputation, verification and insurance become critical to the coffee market and that friction makes the coffee market way less liquid.
Now, legislatures and courts may choose to provide indemnity to all unknowing parties to reduce that friction, but it is hardly the only course this can go. The coffee vendor could also be held liable for recieving and mixing that stolen property.
With the increasing amounts of money being lost by large insurance companies as a result of this issue and extortion claims, I would not be surprised to see laws in the not too distant future that move that liability off of the insurance companies and onto exchanges and indivuals. Large insurance companies haveich better lobbyists than cryptocurrency exchanges and the government doesn't seem to benefit from making sure cryptocurrency markets have minimal friction.
That is true, but generally everyone wants commodities markets to be low friction and liquid. Your point is well taken that maybe some governments would rather cryptocurrency markets be higher friction.
Also keep in mind that governments put regulations at points that tend to attract problems. Pawn shops in many places are required to keep records that other private buyers and sellers are not required to keep for the very same items.
> Now, legislatures and courts may choose to
Yes, and how this currently works now depends on what choices they have already made regarding stolen property.
In a lot of places the distinction is whether the property is absolutely identifiable as the stolen property. So in the case of a car, iPad, piece of jewelry or similar it is clear. If Malory steals the iPad belonging to Alice and then sells it to Bob then Alice can legally take the iPad from Bob if she can find it. Getting the money back from Malory is Bob's problem now. On the other hand if Malory steals and sandwich from Alice, sell it to Bob, and Bob eats it, then Alice cannot legally force Bob to compensate her. If Bob sold the iPad to Charlie Alice has to take it up with him, she can't make Bob hand over the money Charlie paid.
> I would not be surprised to see laws in the not too distant future
That may happen or may not, but right now the status quo is that once things have been disposed of by an innocent party the innocent party isn't forced to make restitution. Again, I am not going to claim this is how it works in every country on earth, but it is in the places I am familiar with.
If someone steals a 50lb bag of beans and sells them to me, I am now in possession of 50lbs of stolen property. If I sell 25lbs of the beans before the police catch me, they will confiscate the remaining 25lbs of beans and those beans become evidence. Then I will go to jail for receiving stolen property. Then the victim will sue me in civil court for reimbursement of 50lbs of beans.
Just because you can flip something that's stolen doesn't mean it's gone forever. The victim in either case doesn't care which beans or coins they get. They just want the value of n coins. You could probably skip giving him any coins at all and just reimburse him a dollar amount for the value of his property.
Please remember that for the purpose of this discussion the receiver of the stolen goods and the person they are sold onward to are 100% innocent and nobody suspects them of being dishonest. If the receiver was in on it then this does not apply.
If someone stole 2 iPhones from you and sells them to a used phone dealer, who then sells those very 2 iPhones - your iPhones - to someone else, does the law require the used phone dealer to give you 2 other iPhones of the same model that he happens to have?
I believe, and perhaps I am wrong here, that it does not. As the victim you may well be happy to made whole with 2 other identical iPhones but that is not what will happen. Furthermore, the used phone dealer will not be required to pay you any of the money he received from the buyer of your phones or reimburse you for the cost of your phones.
If the dealer had sold only 1 of the phones then you would get that back and not have to compensate the dealer for his loss resulting in paying the thief.
If the items were such that you cannot prove you own it, such as with coffee beans, then you get absolutely nothing. You do not get some fair volume of them to compensate you.
That is how I understand the way stolen property is handled in general currently. I am not attempting to pass a moral judgement about it, merely describe how it is. (may not be so in all jurisdictions, but in CA/US/UK/AU/at least some parts of SE Asia)
If he sells down the line. Police will follow the chain and if the property is found it will be taken and it will be used in trial and recovered back to you.
The people who bought the used phones may lose them. If they do they can sue the store. If the store hasn't sold them they will lose them and can sue the orginal thief.
But you can identify distinct stolen/tainted Bitcoin. Just like you can identify distinct stolen banknotes.
The difference (according to the article) is that banknotes have special legal status meaning that they're effectively fungible after being spent.
* Bitcoin proponents desire that bitcoin work like the earlier currency example, where an innocent actor who receives stolen currency at part of some transaction for a good or service is protected from having to return those bitcoin.
* Whether an innocent actor in that position is in fact liable or protected in that scenario is fundamentally up to the state(s) involved and their legislative choices.
This (as with the centralization of mining, and exchange prominence) seems to be another example where Bitcoin is -in practice- far more subject to the powers of states than its proponents respresent.
I postulate that few if any states will see any advantage in granting that kind of protection to bitcoin transactions, as states have incentives to ensure their own currencies can be transacted without rigorous detective work, and do not have these same incentives with bitcoin.
>I postulate that few if any states will see any advantage in granting that kind of protection to bitcoin transactions, as states have incentives to ensure their own currencies can be transacted without rigorous detective work, and do not have these same incentives with bitcoin.
Usually these principles apply to all currency, not just the states "own" currency. Why would states need to grant such protection to bitcoin transactions, as opposed to taking away such protection?
Bitcoins are not quite like the a banknote. If I have a $1 and $20 bill that's 2 things each with a serial number. I can give them to you, and you can give them back to me. Bitcoins on the other hand don't work that way. The movement of them changes them, even though you can trace the flow of the value represented.
Let's say someone steals your 1 bitcoins, sending 0.999998 bitcoins to himself, leaving 0.000002 bitcoins for the miner who confirms the transaction. Then the thief sends 0.999996 bitcoins to someone totally innocent in exchange for a car, leaving another 200 satoshi for that miner.
You find the person who sold that car for those bitcoins and he still controls that balance. Are you entitled to get those bitcoins back?
Well, say the car seller had no other bitcoin. One argument would be that he still has 0.999996 of your bitcoins, so he's obligated to give your property back and he needs to figure out how to collect for the car, tough luck for him. The fact that he doesn't have it all is no different than if his car was stolen and he found just missing a couple of hubcaps.
Another argument could be that no, your bitcoins were the UTXO that you could solve the unlock script for, which you still can, so it's like the car seller had received an item that your bitcoins were exchanged for (new script). I don't think most people would have much sympathy for this argument.
But what if your coins were only 1 input into the transaction sent to the car seller, and then the car seller spent half of on his rent, receiving back the balance to his change address?
Now we've arrived at coffee beans. Even though you can know the balances, you cannot say whether your bitcoins are in the possession of the car seller or his landlord. It makes no sense to say that each of them has half, nor does it make any sense to claim that one or the other has your stolen property.
So assuming bitcoins do not have the special money status and stolen bitcoins are going to be treated like other stolen property is then they are like the coffee beans in that they become unidentifiable without anyone trying to be dishonest.
Said value thus does not have to be decided in court to be returned - the question is, do you have to return it in cash of choice or Bitcoin?
The big question is how you find the responsible ransomer if they used a mixer, and whether mixer is culpable for not following KYC for big transaction amounts.
Not at all. You can merge stolen bitcoin with "clean" bitcoin. You can not do that with banknotes.
If you give someone two $10 bills those don't magically turn into a $20. That does happen with Bitcoin though.
Bitcoin literally has chain of hashes that mark a chain of custody and provably verifies transfers between addresses. Just because actors along the route are mixing it into a big wallet and distributing it out only means they are facilitating money laundering and could be easily be proven to have done so, and every transaction that touches that transaction is complicit.
Isn't this fundamentally _not_ how it works in the traditional financial world? If you are paid in ill-gotten money it can certainly be clawed back no matter how innocent you are.
This rather prominently came into play during the 2008 financial crisis when it turned out banks were forging wet copies of the original mortgage paperwork on foreclosed properties. When banks realized that it was a problem, title insurance started specifically excluding this, so the original owner could take their property back and you would end up with a mortgage on nothing.
Forcing an innocent to hand over bitcoins they had no clue they were tainted will make everyone lose trust in bitcoin and cryptocurrencies in general. What's the point of anonymity when trading when you're culpable for wherever that currency came from.
The only reasonable solution is to track down the actual ransomers and make them pay for the damage they caused. Dragging other parties into this can only make things worse.
You can argue that we should suffer the extortionists for other benefits we get out of Bitcoin. I'm not convinced at this point.
If you're willing to harm innocents for the sake of your cause—even if the goal is to make things harder for extortionists—then you're no better than those you're fighting.
To say this is the moral equivalence of extortion is a long shot.
If they're innocent, they will generally be able to identify the counterparty to whom they sold the goods or services valued at close to $1M, and the goods&services may then lead to the culprit; because (here's the thing) if they "just" did a fully anonymous $1M cash or cash-equivalent transaction, then they're not really innocent in many jurisdictions, because for large amounts money laundering laws generally (nuances depend on country) require you to identify the other party or not do it. Selling something anonymously for $10 in cash is innocent, but selling something intentionally anonymously for $1M in cash (or BTC) generally is a crime of money laundering by itself, no matter where the money came from.
The original article assumes (with no grounding, but just as an example) that the 'innocent recipient' might be some over-the-counter broker. That broker is legally required to 'know your customer'. And if they don't know their customers, well, then they're not innocent and deserve to lose their money.
The same applies to Bitfinex itself - they're required to know from whom they got these 96 BTC. If they don't, well, it's their problem, why not fine them the equivalent of 96 BTC or more for that.
I would think that a ransom situation would likely qualify as some type of duress. Deciding whether the criminal act is "theft" (ie. stolen) or "fraud" or something else is probably missing the point.
And certainly, some aspect in the exchange (pay money for this encryption key) did not involve permission: the encryption of the files!
But, how to restore things after a wrong has occurred? I agree with your point that there is a risk of committing a greater wrong against an innocent party. Hence the special protections of currency as a unique type of property in the article. Does bitcoin fit this model? An interesting discussion!
You don't have a right to trade anonymously; sorry, but that's called money laundering.
Don't forget, that this pool should be part of criminal organizacion because I don't think any businessman will invest hundreds of millions of dollars and risk his mining operations shut down.
Surely any pool that adopted such a policy would lose most of their members pretty quick. Same for any pool that leaves money on the table by deliberately excluding valid, profitable transactions.
Small miners will not be able to include, because of orphaning. I agree, that it's not easy process and its expensive.
https://jade.io/article/67364
No, the relevant law doesn't apply to stolen goods. It only applies to goods that were obtained by the seller with the consent of the original owner.
"Where a person having bought or agreed to buy goods obtains with the consent of the seller possession of the goods or the documents of title to the goods, the delivery or transfer by that person or by a mercantile agent acting for him of the goods or documents of title under any sale pledge or other disposition thereof to any person receiving the same in good faith and without notice of any lien or other right of the original seller in respect of the goods shall have the same effect as if the person making the delivery or transfer were a mercantile agent intrusted by the owner with the goods or documents of title."
Some decades ago (unfortunately, so long ago that I can't easily find any references to it - it was probably in the 1980s), there was a robbery of a large number of bank notes in my country. For a while after that, all cashiers at markets had a booklet with the serial numbers of the stolen bank notes, so they would be rejected and/or reported to the police. That was possible because the bank notes were newly issued (so they had blocks of consecutive serial numbers), and had never actually entered circulation (IIRC, they were stolen before arriving at the bank).
While the situation is not identical, there are some similarities: an innocent person (who did not take care of checking the serial number when receiving a bank note) could have their money rejected when trying to buy at a market (and would probably also be questioned by the police).
(I don't recall whether the one(s) who stole the bank notes was/were actually caught; are there other Brazilians here who remember about this case? I think it's not the 2005 robbery, which stole only notes which had already entered circulation.)
https://github.com/bitcoin/bips/blob/master/bip-0341.mediawi...