99 comments

[ 3.0 ms ] story [ 150 ms ] thread
There's this misconception that bitcoin is private / "safe" for criminals. In reality, the block chain is public (and all of its transactions inside... that is how distributed ledger consensus is achieved among miners) and the on-ramps and off-ramps between fiat are all logged / tracked, especially Coinbase (since they are taking the "safe route" and playing by all of the rules with governments / regulators).

Your last-mile exchange from bitcoin back to USD on Coinbase, for example, is logged and monitored by Coinbase -- furthermore, the bank is incentivized to file Suspicious Activity Reports whenever they see these large wire transfers to the virtual banks used by the exchanges for withdrawing and depositing fiat. So, even privacy coins are tracked in this way (these necessary fiat exchanges).

You can basically say the same thing about IRS tracking crypto tax evaders.

Use Monero
Monero is not completely untraceable either.
Can you elaborate? I know very little about Monero.
Well, I can't speak for why it might be tracable, but can conversely testify that it has dedicated mechanisms for obfuscating and confusing transaction details such as who sent money, who received it, and how much was transferred- mechanisms which are used by default for every transaction, not just for "private" transactions, creating a cloudy swarm of activity in which you can only really tell that "transactions are happening" without access to (or the intense brute-force effort of obtaining) one of the several private keys involved in any given action.

Some ground-laying patents have been filed by CipherTrace, but I think it speaks for itself that the IRS's $625,000.00 bounty on tracing Monero still stands.

Almost the entire comments mix "crypto" with Bitcoin or "all cryptos are the same" which is factually false. Please explain how different it is in comparison, the thread is flooded with baseless claims. This is analogous to placing your money under the bed vs. in a bank vault, they're both unsafe technically, but the difference is vast.
But what if he merely sent the Bitcoin from Coinbase to another wallet first - say a brain wallet he knows in his head - and then transfered the Bitcoins to the hitman?

Wouldn't that be enough for him to be able to say "no i just bought some weed sorry, jail me for a month. i dont know why that person then went on to try to kill my wife."?

Yes you can do it with any money. What's your point?
I suspect there are few real-world examples where "you could just say X" actually works... but in this case the story is that a random "weed dealer" killed not a random person, but a specific person known to the "weed purchaser"?

Who would believe that story?

How does prosecution prove the payment was connected to the hitman and not the weed?

Seems like they'd need to seize the hitman's digital communications, at which point the jig is probably already up.

(comment deleted)
It's "beyond a reasonable doubt," not "beyond all doubt."
Evidence.

A grand jury must look through the evidence and conclude that there is enough there to possibly result in a conviction.

Being actually innocent isn't enough to protect you from the FBI, so no, any suspicious trail at all is too much. Once you're a person of interest, any of the many possible opsec failures is enough to build a case. And for (attempted) murder, the spouse is usually a person of interest.
Yep. The Bitcoin Blockchain is a permanent historical ledger. As time passes and info about who transacted what becomes public, the cost of identifying a transaction decreases. (Assuming Bitcoin is still around) we should assume that over time, the cost to unmask any given btc txn to asymptotically approach $0.

Even if you escape the statute of limitations, there is a good chance your grandchildren will be able to see what you did with Bitcoin by just looking it up on a public website in half a century.

>the cost to unmask any given btc txn to asymptotically approach $0. Mind you, there are several ways to obfuscate transactions even in the bitcoin network. and there are also privacy focused blockchains to whitewash money
All of the 'trustless' tumbling solutions I've seen tend to leave some evidence on the blockchain, it often only dilutes the certainty that a particular input maps to a particular output.

IMO, the only "surefire" way to launder bitcoin is traditional money laundering: send a trusted person dirty bitcoins and they send you back bitcoins from a clean legitimate source. Strong incentive for launderer to take the funds and run, so trust is unstable in this model.

> there is a good chance your grandchildren will be able to see what you did with Bitcoin by just looking it up on a public website in half a century.

That's all of the internet, forget blockchains.

No, it isn't, if a service is properly secured and does not sell it's data then there is no reason to think this. Please stop spreading FUD like this, it only makes people think that privacy is impossible.

Even if you are talking about dragnet collection and you assume that for example NSA can store all traffic on the internet (which is basically impossible) in Utah (or wherever) for future decryption with post-quantum cryptography there is no reason to believe that they would make it public. And that is basically the worst case scenario.

Privacy fatalism helps no-one.

I don't think that's privacy fatalism? Did you know that Reddit's entire graph has been cached on some dudes servers and up until fairly recently allowed search by username? That includes deleted posts and edits.

Reddit is not unique. People do this with Twitter too. I forget the name but there's an entire service for caching changes to your Twitter bio.

> No, it isn't, if a service is properly secured and does not sell it's data then there is no reason to think this

Citation needed. Reddit and Twitter aren't selling data to those people. It's an open API.

You're talking about public info, that people posted on public forums. Is anyone surprised that that info would be public?

We may be talking about different things, but to me "all of the internet" means much more than public data and public forums.

I think it's reasonable for the average internet user to expect that some creep isn't archiving the whole internet. Public or not. We are indeed talking about the same thing, you are just denying that it's a problem.
I'm saying that "all of the internet" is more than the public internet. You seem to be saying the opposite, especially since you said "archiving the whole internet" which implies that any one entity has that sort of access. You say "Public or not" as if that does not make a difference, but there is a huge chasm between the privacy you can (and reasonably should) expect depending on it.

I think privacy is something we should strive for, but I think that when something is said publically on a globally broadcasted medium people cannot reasonably have an expectation of privacy. The problem with privacy in my mind is when there can reasonably be an expectation of privacy but that isn't met.

If I tweet something it's clear that's public. If I DM someone that should be private.

Why is it reasonable to not expect that there would be someone saving public data?

archive.org accepted dumps of Parler, in recent memory, which is clearly stolen information. Do you think that's the first time they've accepted information that is meant to be private?

Facebook had created puppet profiles from people's contact information and made them public, notoriously.

Like, at what point would you like to accept that GPs statement is not hyperbole? Would all information that was private need to go public? By then I'd say it is too late.

This is a rather silly argument where you try to draw some line in online services that has been willfully greyed by the people who create these platforms for their own benefit.

If you want to call GP a privacy fatalist, then I'll just call you a privacy denialist and leave it there.

I strongly believe that privacy is important, but I also think that it is important for people to have clear expectations of when they can expect it.

Is it so absurd to say that if I post stuff publically I cannot expect it to be private and if I post stuff privately I should absolutely be able to depend on it to be private?

I think your example of parler is an example of a service that was not adequately secured to protect it's private communications and the facebook example is clearly unethical and just one of the reasons I don't use the service.

It's not privacy fatalism. I'm referring to the public internet, which is now mined and stored as input for AIs, if nothing else.

We can only speculate that data breaches will be used for such purposes eventually too.

The best you can get is E2EE communications. I find it ironic someone commenting on a text based public forum would argue this.

We may be talking about different things, but to me "all of the internet" means much, much more than the public internet.

> The best you can get is E2EE communications.

There are quite a lot of steps between public data and E2EE.

> I find it ironic someone commenting on a text based public forum would argue this.

I don't have any expectation of privacy here and know what I'm saying is public. On other sites/services I have privacy and know that what I'm saying isn't public.

Maybe my grandchildren will somehow have better luck than I did. Archive.org doesn't have several forums I used to post on. I'd like to get copies of my old posts, but gave up on that years ago. I did manage to track down the owner of one of the forums, but he had no backups.

"Everything stays on the internet forever" is a good cautionary principle, but isn't a strict reality.

> There's this misconception that bitcoin is private / "safe" for criminals.

Is this why we've successfully caught every single ransomware operation transacting in crypto?

To be fair, you have to look at the enormous number of ransomware operators that are conducting their business in fiat...

Humm. I suppose that there aren't very many of them. Perhaps cryptocurrencies do make some forms of criminal enterprises much easier to operate. I'm willing to accept that 'Hitman for hire' might not be one of them, though - mostly because you need a local presence, at which point, taking payment in cash has a number of advantages.

It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.

People make it out like the fiat conversion step is a big gotcha but criminals make fraudulent bank accounts with stolen/synthetic identities all the time.
Then why are ransomware operators getting paid in Bitcoin?

It's not impossible to use the regular banking system for crime. But it's a lot harder, and a lot easier to get caught. A cartel in Mexico with an annual income in billions might be able to bribe or threaten the right people, but some techie running a small call center is going to have a harder time.

Cash requires a known location and/or time, and may involve the client seeing your face if face-to-face trades are made.

You still need to be local to perform the assassination, but the time and location are still vague. It's basically "somewhere the person will be at some point in the future". Makes it a lot harder to stage a sting because you can't have people set up everywhere that person will be at all times.

We're also not terribly far away from remote assassinations being possible. There was an assassination in Iran that allegedly used a computer to control a machine gun to kill someone. Combine that with a self-driving car, or a remotely operated car, and you've got a hitman mobile. Or the cheap and low-tech route, strapping explosives to drones. The cartels have already started using them, so it's not improbable that you could pilot one across the world. Pay the cartel to set up a drone and give you the credentials to control it and you don't even have to leave your home.

> It would be quite difficult to operate a ransomware operation out of, say, Belarus if you expected your victims to pay by posting you envelopes stuffed with cash.

I don't think that's really true. At the scale of money we're talking about, hiring a courier to handcuff the money to their wrist and fly across the world wouldn't be an excessive cost. The primary downside is the same; there's a known location where the money will be left and picked up.

They might have enough knowledge to use other currencies as intermediaries. I think the OP means criminals in general and not ones with a bit more knowledge.
Do you have a source for that claim?
Sounds like it worked just great for one of the criminals...

From TFA "The FBI has not, however, been able to identify the hitman as yet. The reason is almost certainly because the hitman did not use a commercial service like Coinbase, which must comply with know-your-customer laws, for the Bitcoin transactions but instead relied on his own personal wallet—one that did not reveal any information about his identity."

I wonder if the hitman is the one who notified the BBC. Seems like a better way to make some money than actually, you know, doing the job.

(not implying that the bbc gave him any money)

To me, it sounds like BBC knows more then they let on. Could BBC have been running a undercover investigative story? It just seems too unlikely they could get the hitmans bitcoin address without being somehow involved.
Only because the criminal hasn't yet tried to use that bitcoin to buy something in the real world.

If they try to convert to fiat via an exchange, they can be identified the same way the husband was. If they try to buy products directly without using fiat then it is harder for law enforcement to get the records they need, but still quite possible.

They will probably be safe if they never touch the bitcoin, but that entirely defeats the purpose of using it

Bitcoin is more traceable than cash, but surely creative criminals have worked out a way to launder it?
> Only because the criminal hasn't yet tried to use that bitcoin to buy something in the real world.

An asumption you're making and likely untrue. There are many ways to convert to fiat or skip that step and luander through the dark web

Don't need darkweb for that if you're very careful with how you execute trades on https://localbitcoins.com/ (a service that I believe predates coinbase, circle et al)

Usually, one'd use a coin like Monero instead, the project's wretched history notwithstanding.

What is wretched about Monero's history?
What is wretched in there?
As with any "anonymity" tech (like Tor and the Dark Web), Monero is linked with all sorts of things. I, personally, feel uneasy investing in / using Monero because of that, especially since it isn't also a stable coin.

I can see a lot of value in it though, just like how I see value in Freenet, I2P, Tor and other such overlay networks.

People doing nafarious things don't cash out using exchanges. They use things like localbitcoins to make a trade in person (or through an intermediary), and obviously lose a percent of the value in doing so. At that point it basically becomes a cash transaction.
Unless the hitman has decided to retire, it's probably only a matter of time before they catch him using good old fashioned detective work. For instance, investigators might be able to catch the hitman in a sting operation, if they know what marketplace the hitman sells his services on.
I feel like you rather overestimate the prowess of law enforcements ability to solve murders, especially non-slam-dunk ones with a witness and an obvious connection between the murderer and victim.
Maybe so, you could be right. But if this man is taking contracts from the general public, I think that must be a good lead.
> There's this misconception that bitcoin is private / "safe" for criminals

It certainly can be safe and pseudo anonymous. Just need to be careful about fiat on/off ramps and maybe use a mixer or two. These things are not hard to do.

The person who used Coinbase was either lazy or ignorant

I agree, but think there's still ways to remain truly anonymous if you have the technical ability.

Why do you think ransomware groups always accept bitcoin?

"Man Used Bank of America to Pay Hitman in USD for Wife's Murder, FBI Says An FBI agent explains how a BoA account led the agency to the suspect."
(comment deleted)
(comment deleted)
Wait, this actually works?!
Yes, you can pay people and have them murder others. Some do it on a grand scale even (Academi/Blackwater/Xe Services). Same goes for a bunch of other taboo/illegal things, you have the right amount of money, anything is possible.
The article says the FBI intervened before the hit was executed. They were apparently tipped off by the BBC. It's far more likely, in my opinion, that a BBC source would disclose his scam taking bitcoins from would-be hirerers of contract killers, than it is that an actual hitman would have bad enough opsec that the BBC would be the ones to discover his clients.
Kinda crazy. Most DarkWeb 'hitman' sites were just FBI honeypots or good samaritans reporting sketchy individuals to the FBI. I doubt this guy found the services through the 'dark web' or even the Internet. Probably met them through personal connections.
Should have used Monero.
He should not have hired a hit man to murder his wife also.
Would not have mattered since this guy was stupid enough to use Coinbase in the first place.
That's not an appropriate use of "SHUM".
Bitcoin is a dream come true for the FBI/CIA. There are companies building sophisticated software to track the routing of shady payments through the blockchain (wouldn't be surprised if Palantir does this). Eventually, crypto finds it way towards a tangible asset that can be tied to somebody and it's just a matter of a paper trail.
Serious question, I thought BTC's only usefulness came from its usefulness in laundering money. Is this not true?
bitcoin works by distributing the entire history of all bitcoin transactions among a distributed pool of nodes. Anyone can look at any transaction at any time with only a small amount of effort.

there are services that will "mix" your coins with a bunch of other people's, but you can see all the coins that went into the service and the addresses they were all sent to so it's not foolproof.

I've heard that monero is a coin that can be used for laundering, but I've never looked into it so I can't say for sure

Bitcoin's usefulness comes from being able to transact value without a centralized authority. There are no gatekeepers to determine who can transact with whom, to assign value to a medium, or to take that value away. It is democratization of financial power.
I mean pragmatically not abstractly. Bitcoin transaction fees were >$50 recently, so it's useless as a form of payment, and nothing is keeping it from being worthless tomorrow so it's a poor parking spot for money.
(comment deleted)
Pragmatically, I can buy things online without having to give up my name and address. That's a win for me.
... if they are physical items how do you get them?
The main advantage is avoiding the traditional financial systems, as you note. One use of that is to launder money, as you note. Other uses include paying for illegal things (drugs, child pornography, or in some countries run of the mill goods that are banned), or as a parking spot for money when your other options are even worse. I.e. there probably isn't a worse spot to put your money than in Venezuela's currency; despite Bitcoin's instability, it's unlikely to deflate faster than Venezuelan currency. You can also use it to move currency around. I've heard that wealthy Chinese people use it as a vehicle to get money out of China, but I'm not terribly well-versed in that.
I wouldn't say laundering money is its only utility, but the value of BTC is quite likely a reflection of the economic value of illicit activity (or black-market savings, if you prefer). Given how relatively difficult BTC is to use for the average person, it's the simplest explanation (per Occam's razor) for why it's worth so much in aggregate.

Think about it: If you were a criminal, would you rather keep your cash under a proverbial mattress like in the old days, or in properties that could be seized by the local government? Or in BTC, where it can't really be seized, is semi-anonymous, and where there is a (imperfect but decent) exchange market for fiat currency (and, rarely, goods and services) when you need it?

I know what I would choose.

I disagree: criminals mostly use it as a mean to transfer money.

The main reason behind the rise in price is purely speculation and fomo.

That is the ultimate problem of Bitcoin that it is non-fungible, which means it's not a real currency if 1 BTC != another 1 BTC. If you get paid in BTC you never know if you receive tainted coins and have them confiscated by exchange at the withdrawal attempt.
What's the CoinBase method for connecting via ACH or is it only wires? Funding via ACH would just be two numbers, at the easiest.
So Internet was demonized at first, saying it allowed pedophiles to share child pornography with impunity from their home. Then we learned that internet allowed to catch more pedophiles than ever.

Looks like this scheme finally applied to bitcoin. It was very easy to predict though.

I am morbidly curious how much being a hit man pays. I don't want to look it up for fear of finding myself 'on a list' :) but it's such a high risk occupation that one assumes it's pretty profitable. In the US, anyway. This brings me to bitcoin.

Would it be smarter as a murderer-for-hire to ask to be paid in a less-expensive (for now) but growing currency such as Etherium or Litecoin? I mean, ask the 'client' for X dollars worth of that coin and then let it appreciate over time. Maybe that's missing the mark. But I sort of feel like you'd be better off going for the long term gains and, potentially at least, being able to cash out earlier?

Seems to go for less than $100K USD, which surprised me (source is Australian though http://edition.cnn.com/2004/WORLD/asiapcf/02/05/australia.ki...)

The Wikipedia page has more info on "contract killing", won't put you on a list to just read that :) https://en.wikipedia.org/wiki/Contract_killing

Since this murder-for-hire chose to use a global and transparent ledger that will have that transaction until either the world disappears or the ledger somehow disappears from all nodes, I don't think "smarter" should come anywhere near this. Using blockchains like Bitcoin for crime is far beyond stupid.

That’s a great point. And it brings up a question I’ve never had before :)

What would it take for the Bitcoin blockchain to atrophy enough so as to be unusable?

> Would it be smarter as a murderer-for-hire to ask to be paid in a less-expensive (for now) but growing currency such as Etherium or Litecoin?

No, because the efficient market hypothesis.

If you know that some asset is definitely going to significantly appreciate in value why don't you just buy it and skip out the hitman thing? The answer is that almost noone has any better idea of what the correct price should be than whatever the current price is.

eFfiCiEnT MaRkEt HyPoThEsIs
Magic invisible hand waving solves all problems, including cancer, pollution, climate change, death, genocide, taxes, and frizzy hair. It'll even give a good back rub, for a nominal fee.
From my reading of probably unreliable/fake sources, a "hit" on a normal civilian typically ranges from $10-50k. Cost increases with difficulty of accessing target, risk of detection and making it look accidental.

A hitman may wish to delay use of payment for opsec reasons, but I think it's odd to think their desire for speculative risk would be much different than the general public.

There have been murders for hires in the US for as little as 2000$, often done by teenagers.
How did the BBC know about this plot? This is something that the story does not explain.
The crypto demonization FUD is always going to be there. "Naughty currencies are bad for you. Trust us, we're the real, old, stodgy currencies who are defending our fiefdoms with mass-media hitpieces."
Publish the addresses, and criminal use of Bitcoin will end immediately. Offer bitcoin address clemency, and the criminals will be delivered on a silver platter by whomever they cashed out with.

Yes; I realize the dystopian possibilities. But if we trust law enforcement, and we believe that the laws are and will always be just, then we should want to help them.

Either way, it’s already happening in secret. The question is really whether it should happen in the open.

> Agent Anderson got wind of the scheme, set out in this court filing, from the sheriff in Knoxville, TN, who told him about it after receiving a tip from staff members at the British Broadcasting Corporation (BBC).

The heck?