There's this misconception that bitcoin is private / "safe" for criminals. In reality, the block chain is public (and all of its transactions inside... that is how distributed ledger consensus is achieved among miners) and the on-ramps and off-ramps between fiat are all logged / tracked, especially Coinbase (since they are taking the "safe route" and playing by all of the rules with governments / regulators).
Your last-mile exchange from bitcoin back to USD on Coinbase, for example, is logged and monitored by Coinbase -- furthermore, the bank is incentivized to file Suspicious Activity Reports whenever they see these large wire transfers to the virtual banks used by the exchanges for withdrawing and depositing fiat. So, even privacy coins are tracked in this way (these necessary fiat exchanges).
You can basically say the same thing about IRS tracking crypto tax evaders.
Well, I can't speak for why it might be tracable, but can conversely testify that it has dedicated mechanisms for obfuscating and confusing transaction details such as who sent money, who received it, and how much was transferred- mechanisms which are used by default for every transaction, not just for "private" transactions, creating a cloudy swarm of activity in which you can only really tell that "transactions are happening" without access to (or the intense brute-force effort of obtaining) one of the several private keys involved in any given action.
Some ground-laying patents have been filed by CipherTrace, but I think it speaks for itself that the IRS's $625,000.00 bounty on tracing Monero still stands.
Almost the entire comments mix "crypto" with Bitcoin or "all cryptos are the same" which is factually false. Please explain how different it is in comparison, the thread is flooded with baseless claims. This is analogous to placing your money under the bed vs. in a bank vault, they're both unsafe technically, but the difference is vast.
But what if he merely sent the Bitcoin from Coinbase to another wallet first - say a brain wallet he knows in his head - and then transfered the Bitcoins to the hitman?
Wouldn't that be enough for him to be able to say "no i just bought some weed sorry, jail me for a month. i dont know why that person then went on to try to kill my wife."?
I suspect there are few real-world examples where "you could just say X" actually works... but in this case the story is that a random "weed dealer" killed not a random person, but a specific person known to the "weed purchaser"?
Being actually innocent isn't enough to protect you from the FBI, so no, any suspicious trail at all is too much. Once you're a person of interest, any of the many possible opsec failures is enough to build a case. And for (attempted) murder, the spouse is usually a person of interest.
Yep. The Bitcoin Blockchain is a permanent historical ledger. As time passes and info about who transacted what becomes public, the cost of identifying a transaction decreases. (Assuming Bitcoin is still around) we should assume that over time, the cost to unmask any given btc txn to asymptotically approach $0.
Even if you escape the statute of limitations, there is a good chance your grandchildren will be able to see what you did with Bitcoin by just looking it up on a public website in half a century.
>the cost to unmask any given btc txn to asymptotically approach $0.
Mind you, there are several ways to obfuscate transactions even in the bitcoin network. and there are also privacy focused blockchains to whitewash money
All of the 'trustless' tumbling solutions I've seen tend to leave some evidence on the blockchain, it often only dilutes the certainty that a particular input maps to a particular output.
IMO, the only "surefire" way to launder bitcoin is traditional money laundering: send a trusted person dirty bitcoins and they send you back bitcoins from a clean legitimate source. Strong incentive for launderer to take the funds and run, so trust is unstable in this model.
No, it isn't, if a service is properly secured and does not sell it's data then there is no reason to think this. Please stop spreading FUD like this, it only makes people think that privacy is impossible.
Even if you are talking about dragnet collection and you assume that for example NSA can store all traffic on the internet (which is basically impossible) in Utah (or wherever) for future decryption with post-quantum cryptography there is no reason to believe that they would make it public. And that is basically the worst case scenario.
I don't think that's privacy fatalism? Did you know that Reddit's entire graph has been cached on some dudes servers and up until fairly recently allowed search by username? That includes deleted posts and edits.
Reddit is not unique. People do this with Twitter too. I forget the name but there's an entire service for caching changes to your Twitter bio.
> No, it isn't, if a service is properly secured and does not sell it's data then there is no reason to think this
Citation needed. Reddit and Twitter aren't selling data to those people. It's an open API.
I think it's reasonable for the average internet user to expect that some creep isn't archiving the whole internet. Public or not. We are indeed talking about the same thing, you are just denying that it's a problem.
I'm saying that "all of the internet" is more than the public internet. You seem to be saying the opposite, especially since you said "archiving the whole internet" which implies that any one entity has that sort of access. You say "Public or not" as if that does not make a difference, but there is a huge chasm between the privacy you can (and reasonably should) expect depending on it.
I think privacy is something we should strive for, but I think that when something is said publically on a globally broadcasted medium people cannot reasonably have an expectation of privacy. The problem with privacy in my mind is when there can reasonably be an expectation of privacy but that isn't met.
If I tweet something it's clear that's public. If I DM someone that should be private.
Why is it reasonable to not expect that there would be someone saving public data?
archive.org accepted dumps of Parler, in recent memory, which is clearly stolen information. Do you think that's the first time they've accepted information that is meant to be private?
Facebook had created puppet profiles from people's contact information and made them public, notoriously.
Like, at what point would you like to accept that GPs statement is not hyperbole? Would all information that was private need to go public? By then I'd say it is too late.
This is a rather silly argument where you try to draw some line in online services that has been willfully greyed by the people who create these platforms for their own benefit.
If you want to call GP a privacy fatalist, then I'll just call you a privacy denialist and leave it there.
I strongly believe that privacy is important, but I also think that it is important for people to have clear expectations of when they can expect it.
Is it so absurd to say that if I post stuff publically I cannot expect it to be private and if I post stuff privately I should absolutely be able to depend on it to be private?
I think your example of parler is an example of a service that was not adequately secured to protect it's private communications and the facebook example is clearly unethical and just one of the reasons I don't use the service.
We may be talking about different things, but to me "all of the internet" means much, much more than the public internet.
> The best you can get is E2EE communications.
There are quite a lot of steps between public data and E2EE.
> I find it ironic someone commenting on a text based public forum would argue this.
I don't have any expectation of privacy here and know what I'm saying is public. On other sites/services I have privacy and know that what I'm saying isn't public.
Maybe my grandchildren will somehow have better luck than I did. Archive.org doesn't have several forums I used to post on. I'd like to get copies of my old posts, but gave up on that years ago. I did manage to track down the owner of one of the forums, but he had no backups.
"Everything stays on the internet forever" is a good cautionary principle, but isn't a strict reality.
To be fair, you have to look at the enormous number of ransomware operators that are conducting their business in fiat...
Humm. I suppose that there aren't very many of them. Perhaps cryptocurrencies do make some forms of criminal enterprises much easier to operate. I'm willing to accept that 'Hitman for hire' might not be one of them, though - mostly because you need a local presence, at which point, taking payment in cash has a number of advantages.
It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.
People make it out like the fiat conversion step is a big gotcha but criminals make fraudulent bank accounts with stolen/synthetic identities all the time.
Then why are ransomware operators getting paid in Bitcoin?
It's not impossible to use the regular banking system for crime. But it's a lot harder, and a lot easier to get caught. A cartel in Mexico with an annual income in billions might be able to bribe or threaten the right people, but some techie running a small call center is going to have a harder time.
Cash requires a known location and/or time, and may involve the client seeing your face if face-to-face trades are made.
You still need to be local to perform the assassination, but the time and location are still vague. It's basically "somewhere the person will be at some point in the future". Makes it a lot harder to stage a sting because you can't have people set up everywhere that person will be at all times.
We're also not terribly far away from remote assassinations being possible. There was an assassination in Iran that allegedly used a computer to control a machine gun to kill someone. Combine that with a self-driving car, or a remotely operated car, and you've got a hitman mobile. Or the cheap and low-tech route, strapping explosives to drones. The cartels have already started using them, so it's not improbable that you could pilot one across the world. Pay the cartel to set up a drone and give you the credentials to control it and you don't even have to leave your home.
> It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.
I don't think that's really true. At the scale of money we're talking about, hiring a courier to handcuff the money to their wrist and fly across the world wouldn't be an excessive cost. The primary downside is the same; there's a known location where the money will be left and picked up.
They might have enough knowledge to use other currencies as intermediaries. I think the OP means criminals in general and not ones with a bit more knowledge.
Sounds like it worked just great for one of the criminals...
From TFA "The FBI has not, however, been able to identify the hitman as yet. The reason is almost certainly because the hitman did not use a commercial service like Coinbase, which must comply with know-your-customer laws, for the Bitcoin transactions but instead relied on his own personal wallet—one that did not reveal any information about his identity."
To me, it sounds like BBC knows more then they let on. Could BBC have been running a undercover investigative story? It just seems too unlikely they could get the hitmans bitcoin address without being somehow involved.
Only because the criminal hasn't yet tried to use that bitcoin to buy something in the real world.
If they try to convert to fiat via an exchange, they can be identified the same way the husband was. If they try to buy products directly without using fiat then it is harder for law enforcement to get the records they need, but still quite possible.
They will probably be safe if they never touch the bitcoin, but that entirely defeats the purpose of using it
Don't need darkweb for that if you're very careful with how you execute trades on https://localbitcoins.com/ (a service that I believe predates coinbase, circle et al)
Usually, one'd use a coin like Monero instead, the project's wretched history notwithstanding.
As with any "anonymity" tech (like Tor and the Dark Web), Monero is linked with all sorts of things. I, personally, feel uneasy investing in / using Monero because of that, especially since it isn't also a stable coin.
I can see a lot of value in it though, just like how I see value in Freenet, I2P, Tor and other such overlay networks.
People doing nafarious things don't cash out using exchanges. They use things like localbitcoins to make a trade in person (or through an intermediary), and obviously lose a percent of the value in doing so. At that point it basically becomes a cash transaction.
Unless the hitman has decided to retire, it's probably only a matter of time before they catch him using good old fashioned detective work. For instance, investigators might be able to catch the hitman in a sting operation, if they know what marketplace the hitman sells his services on.
I feel like you rather overestimate the prowess of law enforcements ability to solve murders, especially non-slam-dunk ones with a witness and an obvious connection between the murderer and victim.
> There's this misconception that bitcoin is private / "safe" for criminals
It certainly can be safe and pseudo anonymous. Just need to be careful about fiat on/off ramps and maybe use a mixer or two. These things are not hard to do.
The person who used Coinbase was either lazy or ignorant
Yes, you can pay people and have them murder others. Some do it on a grand scale even (Academi/Blackwater/Xe Services). Same goes for a bunch of other taboo/illegal things, you have the right amount of money, anything is possible.
The article says the FBI intervened before the hit was executed. They were apparently tipped off by the BBC. It's far more likely, in my opinion, that a BBC source would disclose his scam taking bitcoins from would-be hirerers of contract killers, than it is that an actual hitman would have bad enough opsec that the BBC would be the ones to discover his clients.
Kinda crazy. Most DarkWeb 'hitman' sites were just FBI honeypots or good samaritans reporting sketchy individuals to the FBI. I doubt this guy found the services through the 'dark web' or even the Internet. Probably met them through personal connections.
Bitcoin is a dream come true for the FBI/CIA. There are companies building sophisticated software to track the routing of shady payments through the blockchain (wouldn't be surprised if Palantir does this). Eventually, crypto finds it way towards a tangible asset that can be tied to somebody and it's just a matter of a paper trail.
bitcoin works by distributing the entire history of all bitcoin transactions among a distributed pool of nodes. Anyone can look at any transaction at any time with only a small amount of effort.
there are services that will "mix" your coins with a bunch of other people's, but you can see all the coins that went into the service and the addresses they were all sent to so it's not foolproof.
I've heard that monero is a coin that can be used for laundering, but I've never looked into it so I can't say for sure
Bitcoin's usefulness comes from being able to transact value without a centralized authority. There are no gatekeepers to determine who can transact with whom, to assign value to a medium, or to take that value away. It is democratization of financial power.
I mean pragmatically not abstractly. Bitcoin transaction fees were >$50 recently, so it's useless as a form of payment, and nothing is keeping it from being worthless tomorrow so it's a poor parking spot for money.
The main advantage is avoiding the traditional financial systems, as you note. One use of that is to launder money, as you note. Other uses include paying for illegal things (drugs, child pornography, or in some countries run of the mill goods that are banned), or as a parking spot for money when your other options are even worse. I.e. there probably isn't a worse spot to put your money than in Venezuela's currency; despite Bitcoin's instability, it's unlikely to deflate faster than Venezuelan currency. You can also use it to move currency around. I've heard that wealthy Chinese people use it as a vehicle to get money out of China, but I'm not terribly well-versed in that.
I wouldn't say laundering money is its only utility, but the value of BTC is quite likely a reflection of the economic value of illicit activity (or black-market savings, if you prefer). Given how relatively difficult BTC is to use for the average person, it's the simplest explanation (per Occam's razor) for why it's worth so much in aggregate.
Think about it: If you were a criminal, would you rather keep your cash under a proverbial mattress like in the old days, or in properties that could be seized by the local government? Or in BTC, where it can't really be seized, is semi-anonymous, and where there is a (imperfect but decent) exchange market for fiat currency (and, rarely, goods and services) when you need it?
That is the ultimate problem of Bitcoin that it is non-fungible, which means it's not a real currency if 1 BTC != another 1 BTC.
If you get paid in BTC you never know if you receive tainted coins and have them confiscated by exchange at the withdrawal attempt.
So Internet was demonized at first, saying it allowed pedophiles to share child pornography with impunity from their home. Then we learned that internet allowed to catch more pedophiles than ever.
Looks like this scheme finally applied to bitcoin. It was very easy to predict though.
I am morbidly curious how much being a hit man pays. I don't want to look it up for fear of finding myself 'on a list' :) but it's such a high risk occupation that one assumes it's pretty profitable. In the US, anyway. This brings me to bitcoin.
Would it be smarter as a murderer-for-hire to ask to be paid in a less-expensive (for now) but growing currency such as Etherium or Litecoin? I mean, ask the 'client' for X dollars worth of that coin and then let it appreciate over time. Maybe that's missing the mark. But I sort of feel like you'd be better off going for the long term gains and, potentially at least, being able to cash out earlier?
Since this murder-for-hire chose to use a global and transparent ledger that will have that transaction until either the world disappears or the ledger somehow disappears from all nodes, I don't think "smarter" should come anywhere near this. Using blockchains like Bitcoin for crime is far beyond stupid.
> Would it be smarter as a murderer-for-hire to ask to be paid in a less-expensive (for now) but growing currency such as Etherium or Litecoin?
No, because the efficient market hypothesis.
If you know that some asset is definitely going to significantly appreciate in value why don't you just buy it and skip out the hitman thing? The answer is that almost noone has any better idea of what the correct price should be than whatever the current price is.
Magic invisible hand waving solves all problems, including cancer, pollution, climate change, death, genocide, taxes, and frizzy hair. It'll even give a good back rub, for a nominal fee.
From my reading of probably unreliable/fake sources, a "hit" on a normal civilian typically ranges from $10-50k. Cost increases with difficulty of accessing target, risk of detection and making it look accidental.
A hitman may wish to delay use of payment for opsec reasons, but I think it's odd to think their desire for speculative risk would be much different than the general public.
The crypto demonization FUD is always going to be there. "Naughty currencies are bad for you. Trust us, we're the real, old, stodgy currencies who are defending our fiefdoms with mass-media hitpieces."
Publish the addresses, and criminal use of Bitcoin will end immediately. Offer bitcoin address clemency, and the criminals will be delivered on a silver platter by whomever they cashed out with.
Yes; I realize the dystopian possibilities. But if we trust law enforcement, and we believe that the laws are and will always be just, then we should want to help them.
Either way, it’s already happening in secret. The question is really whether it should happen in the open.
> Agent Anderson got wind of the scheme, set out in this court filing, from the sheriff in Knoxville, TN, who told him about it after receiving a tip from staff members at the British Broadcasting Corporation (BBC).
99 comments
[ 3.0 ms ] story [ 150 ms ] threadYour last-mile exchange from bitcoin back to USD on Coinbase, for example, is logged and monitored by Coinbase -- furthermore, the bank is incentivized to file Suspicious Activity Reports whenever they see these large wire transfers to the virtual banks used by the exchanges for withdrawing and depositing fiat. So, even privacy coins are tracked in this way (these necessary fiat exchanges).
You can basically say the same thing about IRS tracking crypto tax evaders.
Some ground-laying patents have been filed by CipherTrace, but I think it speaks for itself that the IRS's $625,000.00 bounty on tracing Monero still stands.
Wouldn't that be enough for him to be able to say "no i just bought some weed sorry, jail me for a month. i dont know why that person then went on to try to kill my wife."?
Who would believe that story?
Seems like they'd need to seize the hitman's digital communications, at which point the jig is probably already up.
A grand jury must look through the evidence and conclude that there is enough there to possibly result in a conviction.
Even if you escape the statute of limitations, there is a good chance your grandchildren will be able to see what you did with Bitcoin by just looking it up on a public website in half a century.
IMO, the only "surefire" way to launder bitcoin is traditional money laundering: send a trusted person dirty bitcoins and they send you back bitcoins from a clean legitimate source. Strong incentive for launderer to take the funds and run, so trust is unstable in this model.
That's all of the internet, forget blockchains.
Even if you are talking about dragnet collection and you assume that for example NSA can store all traffic on the internet (which is basically impossible) in Utah (or wherever) for future decryption with post-quantum cryptography there is no reason to believe that they would make it public. And that is basically the worst case scenario.
Privacy fatalism helps no-one.
Reddit is not unique. People do this with Twitter too. I forget the name but there's an entire service for caching changes to your Twitter bio.
> No, it isn't, if a service is properly secured and does not sell it's data then there is no reason to think this
Citation needed. Reddit and Twitter aren't selling data to those people. It's an open API.
We may be talking about different things, but to me "all of the internet" means much more than public data and public forums.
I think privacy is something we should strive for, but I think that when something is said publically on a globally broadcasted medium people cannot reasonably have an expectation of privacy. The problem with privacy in my mind is when there can reasonably be an expectation of privacy but that isn't met.
If I tweet something it's clear that's public. If I DM someone that should be private.
Why is it reasonable to not expect that there would be someone saving public data?
Facebook had created puppet profiles from people's contact information and made them public, notoriously.
Like, at what point would you like to accept that GPs statement is not hyperbole? Would all information that was private need to go public? By then I'd say it is too late.
This is a rather silly argument where you try to draw some line in online services that has been willfully greyed by the people who create these platforms for their own benefit.
If you want to call GP a privacy fatalist, then I'll just call you a privacy denialist and leave it there.
Is it so absurd to say that if I post stuff publically I cannot expect it to be private and if I post stuff privately I should absolutely be able to depend on it to be private?
I think your example of parler is an example of a service that was not adequately secured to protect it's private communications and the facebook example is clearly unethical and just one of the reasons I don't use the service.
We can only speculate that data breaches will be used for such purposes eventually too.
The best you can get is E2EE communications. I find it ironic someone commenting on a text based public forum would argue this.
> The best you can get is E2EE communications.
There are quite a lot of steps between public data and E2EE.
> I find it ironic someone commenting on a text based public forum would argue this.
I don't have any expectation of privacy here and know what I'm saying is public. On other sites/services I have privacy and know that what I'm saying isn't public.
"Everything stays on the internet forever" is a good cautionary principle, but isn't a strict reality.
Is this why we've successfully caught every single ransomware operation transacting in crypto?
Humm. I suppose that there aren't very many of them. Perhaps cryptocurrencies do make some forms of criminal enterprises much easier to operate. I'm willing to accept that 'Hitman for hire' might not be one of them, though - mostly because you need a local presence, at which point, taking payment in cash has a number of advantages.
It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.
It's not impossible to use the regular banking system for crime. But it's a lot harder, and a lot easier to get caught. A cartel in Mexico with an annual income in billions might be able to bribe or threaten the right people, but some techie running a small call center is going to have a harder time.
You still need to be local to perform the assassination, but the time and location are still vague. It's basically "somewhere the person will be at some point in the future". Makes it a lot harder to stage a sting because you can't have people set up everywhere that person will be at all times.
We're also not terribly far away from remote assassinations being possible. There was an assassination in Iran that allegedly used a computer to control a machine gun to kill someone. Combine that with a self-driving car, or a remotely operated car, and you've got a hitman mobile. Or the cheap and low-tech route, strapping explosives to drones. The cartels have already started using them, so it's not improbable that you could pilot one across the world. Pay the cartel to set up a drone and give you the credentials to control it and you don't even have to leave your home.
> It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.
I don't think that's really true. At the scale of money we're talking about, hiring a courier to handcuff the money to their wrist and fly across the world wouldn't be an excessive cost. The primary downside is the same; there's a known location where the money will be left and picked up.
From TFA "The FBI has not, however, been able to identify the hitman as yet. The reason is almost certainly because the hitman did not use a commercial service like Coinbase, which must comply with know-your-customer laws, for the Bitcoin transactions but instead relied on his own personal wallet—one that did not reveal any information about his identity."
(not implying that the bbc gave him any money)
If they try to convert to fiat via an exchange, they can be identified the same way the husband was. If they try to buy products directly without using fiat then it is harder for law enforcement to get the records they need, but still quite possible.
They will probably be safe if they never touch the bitcoin, but that entirely defeats the purpose of using it
An asumption you're making and likely untrue. There are many ways to convert to fiat or skip that step and luander through the dark web
Usually, one'd use a coin like Monero instead, the project's wretched history notwithstanding.
I can see a lot of value in it though, just like how I see value in Freenet, I2P, Tor and other such overlay networks.
https://bitcoinlaundry.online/en/index.htm
It certainly can be safe and pseudo anonymous. Just need to be careful about fiat on/off ramps and maybe use a mixer or two. These things are not hard to do.
The person who used Coinbase was either lazy or ignorant
Why do you think ransomware groups always accept bitcoin?
https://thehill.com/homenews/house/547280-gaetz-paid-accused...
https://www.nytimes.com/1982/05/25/us/ohio-candidate-tells-o...
https://www.chainalysis.com/ (no affiliation)
there are services that will "mix" your coins with a bunch of other people's, but you can see all the coins that went into the service and the addresses they were all sent to so it's not foolproof.
I've heard that monero is a coin that can be used for laundering, but I've never looked into it so I can't say for sure
Think about it: If you were a criminal, would you rather keep your cash under a proverbial mattress like in the old days, or in properties that could be seized by the local government? Or in BTC, where it can't really be seized, is semi-anonymous, and where there is a (imperfect but decent) exchange market for fiat currency (and, rarely, goods and services) when you need it?
I know what I would choose.
The main reason behind the rise in price is purely speculation and fomo.
Looks like this scheme finally applied to bitcoin. It was very easy to predict though.
Would it be smarter as a murderer-for-hire to ask to be paid in a less-expensive (for now) but growing currency such as Etherium or Litecoin? I mean, ask the 'client' for X dollars worth of that coin and then let it appreciate over time. Maybe that's missing the mark. But I sort of feel like you'd be better off going for the long term gains and, potentially at least, being able to cash out earlier?
The Wikipedia page has more info on "contract killing", won't put you on a list to just read that :) https://en.wikipedia.org/wiki/Contract_killing
Since this murder-for-hire chose to use a global and transparent ledger that will have that transaction until either the world disappears or the ledger somehow disappears from all nodes, I don't think "smarter" should come anywhere near this. Using blockchains like Bitcoin for crime is far beyond stupid.
What would it take for the Bitcoin blockchain to atrophy enough so as to be unusable?
No, because the efficient market hypothesis.
If you know that some asset is definitely going to significantly appreciate in value why don't you just buy it and skip out the hitman thing? The answer is that almost noone has any better idea of what the correct price should be than whatever the current price is.
A hitman may wish to delay use of payment for opsec reasons, but I think it's odd to think their desire for speculative risk would be much different than the general public.
https://www.google.com/amp/s/wwmt.com/amp/news/local/former-...
Yes; I realize the dystopian possibilities. But if we trust law enforcement, and we believe that the laws are and will always be just, then we should want to help them.
Either way, it’s already happening in secret. The question is really whether it should happen in the open.
The heck?