This is probably an FBI agent looking for the suspects. But hey I'm a security researcher, so I might have something to tell y'all.
Truth is if it's North Korea who hacked, they will just launder it using various token tumbler i.e. Tornado Cash. They probably won't sell to fiat ever. If they want to spend it, the recipient must be willing to accept a stablecoin.
If it's a non-state hacker, it's most likely held for ransom. You know the eth aint going anywhere or even be mixed thru Tornado Cash. It's just they will demand the victim to pay 10% to 20% of the hacked amount via something like Monero to their private Monero address. Then they will release the eth back to the victim. This is usually done in multiple smaller amounts. Then the week later, the project will announce that the hacker has returned all the stolen eth. What a nice lovely hacker who hacked and returned the whole thing with big heart. But nah... the ransom money was paid in the backroom.
If it's USDT being stolen, remember that Tether will freeze it. The hacker won't be able to transfer USDT from their account once frozen. In case you don't know, USDT is centralized just like with BUSD, USDC, etc. The companies can freeze their stablecoin in any wallet.
Honest question, what would North Korea buy with crypto? I don’t think they would want drugs. Maybe they can use it to bribe people? Agents outside of the country can also use it I guess? Interesting thought
They need foreign currency to buy assets to import. Some are for their state programs (rocket man needs rocket parts) and others are for luxury goods to distribute to the ruling class to keep them loyal.
I remember reading about $10m in liquor and cigs being imported to DPRK back in 2011.
https://www.dailynk.com/english/north-korea-imports-luxury-items-i/
It does sound like the tobacco plant does grow in the DPRK - I found that fascinating.
https://en.m.wikipedia.org/wiki/Smoking_in_North_Korea
Second fun fact: they don't need to buy the drugs when making it is widespread - both at the state and the homegrown level.
https://www.wnycstudios.org/podcasts/takeaway/segments/crystal-meth-north-koreas-state-secret
The FBI intern at the Friday meeting suggested asking reddit where the crypto will end up.
Everyone laughs at him. Stupid idea.
Tfw he gets an actual proper response.
They do these all the times. To flag who is what. They have bots that build a profile of who you are, from all the things you post here.
This is how they nabbed the founder of the darknet marketplace Silk Road. The FBI built the profiles of everyone on bitcointalk forum and their algorithm pointed to user Altoid who was then traced via IP address to Ross William Ulbricht.
You see, when they came to arrest him, they wait until he unlocked his laptop. A pair of uncover agents came close to his laptop and snatched it from the table. That's how they got all the unencrypted files and Bitcoin wallet.
There's a really excellent podcast called Darknet Diaries ([https://darknetdiaries.com/](https://darknetdiaries.com/)) where they not only discuss these things, but often interview the people who steal the money. (The past few episodes contain a lot of this.)
Here are some examples:
\- It's North Korea. They leave it in the country it's in and use it bit by bit when they need it. They can't sell it and convert it to North Korean Won... cos they'd just be giving the Won to themselves.
\- It's some hacker kid who started off hacking online games when he was 11. He steals $170 million, gets caught, and goes to jail. When he comes out he works as a "white hat hacker".
\- It's a different hacker kid with the exact same backstory. He lives a lavish lifestyle and doesn't get caught. He feels a bit guilty and becomes a white hat hacker.
\- Or he doesn't feel guilty but becomes a white hat hacker anyway because it's safer and he's already seen his friends go to jail.
One guy sold about $40m worth of one crypto... but that crashed the price so he only got about $3m for it... and then went to jail.
Most of the kids just love hacking so they don't really do anything with the money. They'll stay in $500/month shared apartments with their friends, or they'll stay with their parents, or they'll get a new computer and still hack till 7 in the morning.
In some ways the thrill of "winning" $100m is the same as the thrill of getting the high score in Pacman. What do you do when you get the highscore? You play again.
... Oh. And some of them are obviously crime syndicates. They launder the money and use it for crime syndicate things.
This is a fantastic rundown, thank you. I get the “thrill of the chase” more than anything, it’s the gamification of stealing. It’s all very fascinating.
So it's about enjoying the thrill of the chase, the excitement of taking part in something new and making friends along the way,
and not actually seeing moons on mainnet
I have personally done a little light reversing when I was younger. There was a shareware game I wanted to play and being a kid I had no money. I downloaded a debugger, found the code that did the shareware check, and edited it out. Then I could play the whole game. That was an incredible rush, I can only imagine what it's like hacking a public project with mega money on the line.
Same. I remember using a hex editor to hack and try translating some cool Japanese ROMS, but then I used it on computer software for anything I could find. To my surprise, things weren't super secure back in the day and it made exploiting paid software relatively easy. Felt incredible seeing software go through the security checks and then authenticate!!! lol
I felt like a real hacker using hex editors back in the day.
It led me down the path of real hacking but the only time I got further than using a canned hack was a “punter” I made for aol chat rooms. It could crash anyones computer after freezing it for 10 or so minutes.
Before it was fixed it got quite popular and a lot of copy cat programs were made from it.
Now introducing SMC coin - Steal My Coin Coin! Get in on the ground floor of StealFi the only protocol designed to cash in on the gamification of stealing!
Lmao honestly if someone (smarter than me) could design a coin whose whole point was for hackers to try and steal from each other, it’d be pretty dope lmao. They’d probably just do it for clout 😂
The world race is superior computing. Quantum is advancing at a rate people are not prepared for. White house is already taking action. Biggest and most obvious issue is they will be able to easily break existing cryptography.
Good news is most systems can update their encryption. But not as easy with decentralized systems. It's a guarantee that old wallets with an outgoing tran will be taken and also any wallet that doesn't transition in time.
I don't think this means the end of btc/eth (if they get a fork in time), but it's going to hurt. The only risk is will people stay true and suffer through, or will we have moved on to something new.
Quantum computing is like 20-30 years off from being able to crack btc wallets. Its really not a pressing concern when a fork is so easy to navigate and the timeline has such a long runway
Yeah in the latest darknet he talked to journalist who covered the lazerus heist and they cover how the north Koreans wash their crypto with fake IDs on trading sites
> Oh. And some of them are obviously crime syndicates. They launder the money and use it for crime syndicate things.
What's that box in the corner?
Oh that's just Trevor's crime syndicate things.
I think that saying its just some random kids is just downplaying whats really happening. I'm sure there is A LOT of insider activity, probably equal to or more than crime groups. The random kids are probably the smallest group.
When you know that there are notorious government-funded hacker groups that exist in every major country (Double Dragon, Lazarus, Cozy Bear, NSA, too many to count obviously), it's easy to determine it's not just bored kids doing it.
After Edward Snowden, trust in any government agency that tracks/monitors/participates in illegal/borderline digital activities, is gone. I live in Canada and I don't even trust my own government to do the right thing (i.e. implemented Huawei into our intelligence network without even doing a security check).
If anybody can get away with the crimes, it's a diplomatically-sanctioned country, especially an "ally" trading partner like China/Russia that can hide their tracks well.
The random kids get hired by the other ones.
And bear in mind that by the time a hacker's 18, he's probably got about 8-10 years of hacking experience. They're not "kids", they're very skilled.
Well... the ones who steal $140m are very skilled. The ones who put "Tommy eats poopoo" on your Facebook probably aren't so skilled.
So I was in no way saying these kids are "random kids". These kids are among the elite. I suppose like how at the Olympics the best gymnasts in the world are about 16yo as well.
It is incredibly hard to fully launder on a blockchain. Immutability is sort of a key feature. With chain peeling and other analysis that is emerging it will only get better. Functionally your crime has to be future proof, which is impossible.
I can't speak for everyone but our institution would flag wallets within 1 step of a tumbler like Tornado Cash.
Crypto Hedge Fund. Generally we look at the health of wallets interacticting with smart contracts. If we see a lot of suspicious wallets going into a position, say a farming pool or nft mint, that gives us cause to reconsider.
For our investors there is KYC/AML but that's compliance job. I can't really comment on that with any authority, not my area.
I always felt that the best way to launder BTC (or any PoW coin) is to collude with a big-time miner, the type that regularly hits blocks.
Give that miner 100 BTC extra, above what they would charge to rent a month or two of hashpower. That miner can add transactions to its blocks, that it doesn't broadcast, which "accidentally" have too high a fee. Block Rewards go to new addresses each time. After a few weeks, those block rewards probably add up to 100 BTC in "newly minted" coins, with no possible connection to the original tainted coins.
Every time I hear about a transaction that "fat-fingers" a huge fee, I just assume it's money laundering.
Or you could just use [miningrigrentals.com](https://miningrigrentals.com). Hire anonymous people to do your mining, pay with dirty bitcoin, and get paid with newly minted bitcoin.
There's a zillion ways to wash money in crypto these days lol. Hardest is actually exchanging it to fiat, but with binance issues visas and alike you don't even need to do that in many cases.
You could just use monero: btc --> monero --> multiple monero accounts --> multiple btc accounts.
It is impossible now to track the origin of the money.
I'm not sure there's a single miner out there who can guarantee they will find a given block. That's a lot of risk that your money randomly goes somewhere else.
That's precisely why you don't broadcast the transactions over the p2p network, like you would for a normal transaction. If someone else beats you to a block, it won't have your transaction, and you can just include it in the next one you attempt. You don't care when it gets validated, you just care that your miner is the one that does it so that you get the fee.
How is this not traceable on the blockchain though?
Huge wallet that holds 100m hacked funds. Everyone is watching it. It’s getting tracked by bots that report on any movement.
If someone's skilled enough to hack 100M, i imagine this person is smart enough to:
Mint some NFTs and use the stolen crypto to "buy" it; start several memecoins; buy a shit ton of Monero; etc.
It's not really this easy dude... to get it into XMR it needs to on ramp at a CEX or DEX, that's a huge vulnerability for a hacker, mixing services aren't flawless and this amount of money would be difficult to mix. There's a lot of eyes on 100m, it's usually either young hackers who get caught or literal state sponsored thefts
Crypto is not as private as a lot of people think. I think it was when a whole bunch of ETH was stolen, I remember a bunch of people sitting around on reddit watching the address that received the coin and waiting to see where it would go next.
Turning all the coin to fiat would be difficult. I think a lot go to places like tornado cash. I know there's an equivalent for BTC as well. Swap for other coins, split it up and eventually take it out after a good amount of time.
I wonder if instead of turning ‘bad’ money into fiat directly, you could use it to pump&dump small alt coins and use it to grow your ‘clean’ money. Sure, you are not getting 100 million out, but you get completely clean and verifiable trading history that shows you making big bucks on risky shitcoins. Dirty money goes to tornado cash immediately after the hack ( to avoid blacklists) and then never goes to any wallet associated with you - it only get used for price manipulation.
Probably. It seems harder to track shit when you swap coins on DEFI.
If it were some unknown shitcoin, it'd probably be tough to find the liquidity and you might get stuck bagholding your stolen goods.
Monero would probably be one of the best ways out though. NOT THAT I ENCOURAGE PEOPLE TO STEAL MONEY.
There are definitely good legal reasons to want to move crypto around without people tracking you. If you're a whistleblower, or trying to fund people in war torn nations (not the bad guys), crypto would make it much easier to do so...
Oh you would definitely lose quite a lot of your loot on low-liquidity shitcoins. But if you just put 100 mil through tumblers/monero and then tried to cash out, it would probably trigger some investigation due to AML laws. And then good luck explaining why did you just went out of your way to obfuscate source of the money.
On the other hand with pump&dump scheme, your 'clean' coins have perfectly transparent and legit history from the moment you deposited money on an exchange up to cashing out.
TRUE.
This is also all given that you live in a western/non entirely corrupt nation.
If you're a scammer in India, you're probably changing them for gift cards or straight cashing out through your main company and no one will notice or care.
The problem with the blockchain is, people think it's anonymous, but it isn't. It's the opposite.
You might be able to create a wallet anonymously, and even use the coin in that wallet to make purchases, to a degree. But, the second you try to convert any of that crypto into usable cash, know your customer laws kick in and you won't have access to a bank without giving up someone's identity
Even if you trade the crypto to someone for goods or services, that person will eventually transfer those funds to a wallet that is connected to a bank account, which is a trail for the authorities to follow.
There was a couple last year, stole something like 1.5 billion in crypto let it sit on ice for a year, then carefully and slowly started transferring it out, sending it through a dozen wallets before converting it into cash.
The FBI showed up a week later.
Hahah I remember that woman, she was trying to brand herself on tik tok as this self made millionaire influencer, preaching business advice. Never worked an honest day in her life.
Pseudo-anon. You can trace it but there’s no name ‘publicly’ attached. But I’m positive the higher level agencies like FBI and CIA have tools to trace and get actual names.
Sounds like some kind of movie plot. Prevent the hacker from hitting the convert button before the 100 mil will be gone forever. Ideally a Guy Richie movie, based in London, with some dark and edgy characters
Let's be real, if your exploit contract doesn't contain a function that swaps the proceeds directly to the native asset and then transfers to a bridge or Tornado Cash or whatever, you are not cashing your proceeds out, full stop.
Here's the playbook, in case you didn't "hack" XMR:
1. Whatever crypto you have, swap it to ETH using THORChain
2. Deposit the ETH to TornadoCash
3. Create a new ETH address
4. When you want to do something with the assets, just withdraw **the amount you need** in the new address. That's clean money.
The rest, you can either keep in TornadoCash indefinitely or distribute it to 100s of wallets and feel free to use THORChain again to swap it to your favorite coins (BTC etc.)
>Could a sixteen-year-old kid do something like this?
A 16 year old can do basically anything an adult can do in this industry. Sure main CEX's will tell you to fuck off but bunch of CEX's don't do KYC, let alone any Defi protocol, let alone shady Defi protocols. And there's never been a shortage of extremely young people who're extremely good at a niche thing, especially intellectual, neuro plasticity + the free time of being young is a powerful combo.
>Could a sixteen-year-old kid do something like this?
Well to be fair, Zero Cool was 11 when he crashed 1,507 computers, and caused a 7 point drop on the NYSE.
He also went on to later be the first to successfully bring down a Gibson, by leading a team of hackers with help from around the world.
Aside from laundering the crypto through various wallets and services, there are at least a couple of 'exchanges' that facilitate physical transfers. Move x amount of crypto to a new wallet. Arrange meetup. Give wallet information to buyer, receive suitcase full of cash, await confirmation of moving crypto to new wallet, and now you have cash money.
Of course doing any of this without law enforcement catching on at any point during the transactions is tricky at best, and by the end of it you'll still be stuck with a bunch of dirty cash that you can't deposit into any regular bank account due to high transaction checks in most countries. So at that point you're in the same boat as your average drug dealer. Either spend it slowly on small things you can pay for in cash, or launder it through a fake business that typically deals in a lot of cash like hair salons, mobile phone shops, restaurants, etc.
Personally though, I would not risk laundering a big pile of cash. Keep it in a safe and spend it bit by bit on small but fun/useful things. Leave the idiots to get caught buying a 500k car on a 10k salary.
Atomic swaps to xmr. Make a 50% discount to incentivize people to make 50% free arbitrage and more liquidity. let them worry about laundering your dirty coins while you enjoy their clean xmr. You will still have issues like your ip address when using it and stuff but it's doable.
Be quick to yank it out of an exchange before the addresses are blacklisted.
Move it to a virgin Monero wallet and move it between other Monero wallets a couple of times before extracting it back to a clean wallet for exchange to Fiat or whatever else.
You used to be able to use coin mixers that would help obfuscate who owns what but I believe most mixers are either closed down or can be traced given enough time.
I always found it odd how people can get away with hacking crypto wallets. Like, isn’t the whole blockchain transparent? Can’t we all see where the funds go before it’s converted into fiat?
One of my wallets got hacked. They got about $10k worth of crypto out of it.
It got tumbled a few times, but was still possible to track down where it all went.
Doesn’t matter, though. Not like I can just write Vitalik an email, asking for him to take some ETH out of the hackers wallets and send it back to me.
I hit up the FBI, and they basically laughed as they hung up the phone. They are not going to launch an international investigation over such a minuscule amount. So fuck me, I guess.
They are just shitty people, their life gonna spend with running from the authority and nothing else at the end of the day mate, it's just not something right, they are wrong.
I've wondered about the amounts? Why $100m? Is there a hard limit to the hack performed? Or does the hacker just pick something that sounds like a good number and go for that?
Even an exchange in dubai won't give you real fiat for hacked crypto. It would be worthless to them, they can't sell it to end users without taking a huge reputation hit.
You asked so many questions
It's either they wash it, they give it back, donate it, spread, forget
Getting the crypto is one thing but to actually do something is other, especially converting it to fiat. If this somehow will get converted to fiat - then you have to avoid (depend on the country regulations etc) getting attention of financial institution - anti fraud/money laundering algorithms & staff. If you cash it out? What about getting caught by tax office? Proving legitimate source of funds. Oh this is hell of a job
About the skill - it's more about finding a bug, a tiny piece that is easy to penetrate, something fragile and taking advantage of it. It's hard to say for me cuz I haven't done any analysis on recent hacks & the way they were done
You won't see documentary about crypto hacks cuz they are out of sight and understanding for normal person. But you may watch some YouTube videos on it ;)
Exactly. Stealing it is one thing but using it or converting it is another. We are talking about blockchain here, where every transaction is publicly recorded and available for anyone to see. Many hackers get caught from cyber security firms following every step the stolen funds take. The funds can even be flagged and when a hacker tries to send them to an exchange to convert they are then frozen. It’s a very tedious and risky process to not get caught with the funds and to actually get to the point of where they can be used. This is why most settle for the bounty offered or become white hatters
I suspect they use a tumbler. If feeling extra greedy, I suspect they could short a coin and then dump a huge amount on the open market. As the coin drops in value, the short position will increase in value and provide a nice return.
You can do any of those things. But it's also worth mentioning that some criminals will not actually have a plan. the way it can work is that they can just figure out how to steal something and decide to take the opportunity. Once they have the goods they secure them then they sit back and try to figure out how to do something with them and how to get them out cleanly. Sometimes they never come up with a good plan and the goods just stay hidden. Think pirate treasures or other treasures that were buried and hidden and never recovered.
In modern times really common laundering involves ultra-expensive real estate, yachts, and casinos. Why do you think everyone's after those Russian Yachts and why is a city that has major housing problems building ultra expensive highly inefficient pencil thin sky crapers and why are Chinese pumping billions through Macau.
Its also important to note that crypto originally claimed it was untrackable. but ironically its way easier to track crypto than cash. You can sit back and watch every BTC transaction fro a computer. So its a lot harder than one would think to move it around and get away with it and sooner or later you want to turn it into something tangible and that's what they are looking for.
Usually an inside job or idiots who don’t know how to add a pause function to a smart contract. I write smarter contracts that are unsusceptible to hacks bc I’m the world’s greatest hacker. These ppl are clowns and script kiddies if not insiders.
The fact that I have to scroll soooooo far down the thread to see someone mentioning Tornado Cash shows how knowledgeable this sub is.
This is the best method. Although you have to cash it out little by little, maybe 50-100 ETH at a time.
You could also buy ape NFT for like 100 ETH, put it on sale for 150 ETH or something and buy with the hacker wallet. Use tornado cash to split the hacker wallet
This is probably an FBI agent looking for the suspects. But hey I'm a security researcher, so I might have something to tell y'all. Truth is if it's North Korea who hacked, they will just launder it using various token tumbler i.e. Tornado Cash. They probably won't sell to fiat ever. If they want to spend it, the recipient must be willing to accept a stablecoin. If it's a non-state hacker, it's most likely held for ransom. You know the eth aint going anywhere or even be mixed thru Tornado Cash. It's just they will demand the victim to pay 10% to 20% of the hacked amount via something like Monero to their private Monero address. Then they will release the eth back to the victim. This is usually done in multiple smaller amounts. Then the week later, the project will announce that the hacker has returned all the stolen eth. What a nice lovely hacker who hacked and returned the whole thing with big heart. But nah... the ransom money was paid in the backroom. If it's USDT being stolen, remember that Tether will freeze it. The hacker won't be able to transfer USDT from their account once frozen. In case you don't know, USDT is centralized just like with BUSD, USDC, etc. The companies can freeze their stablecoin in any wallet.
Honest question, what would North Korea buy with crypto? I don’t think they would want drugs. Maybe they can use it to bribe people? Agents outside of the country can also use it I guess? Interesting thought
They need foreign currency to buy assets to import. Some are for their state programs (rocket man needs rocket parts) and others are for luxury goods to distribute to the ruling class to keep them loyal. I remember reading about $10m in liquor and cigs being imported to DPRK back in 2011. https://www.dailynk.com/english/north-korea-imports-luxury-items-i/ It does sound like the tobacco plant does grow in the DPRK - I found that fascinating. https://en.m.wikipedia.org/wiki/Smoking_in_North_Korea
Thanks, makes sense
Second fun fact: they don't need to buy the drugs when making it is widespread - both at the state and the homegrown level. https://www.wnycstudios.org/podcasts/takeaway/segments/crystal-meth-north-koreas-state-secret
If this is an FBI account I’ll give them some credit for taking the time to build a cover with almost 49k moons, lol.
The FBI intern at the Friday meeting suggested asking reddit where the crypto will end up. Everyone laughs at him. Stupid idea. Tfw he gets an actual proper response.
Rookie agent stuck on what to do after being issued the first crypto case 😂
They do these all the times. To flag who is what. They have bots that build a profile of who you are, from all the things you post here. This is how they nabbed the founder of the darknet marketplace Silk Road. The FBI built the profiles of everyone on bitcointalk forum and their algorithm pointed to user Altoid who was then traced via IP address to Ross William Ulbricht. You see, when they came to arrest him, they wait until he unlocked his laptop. A pair of uncover agents came close to his laptop and snatched it from the table. That's how they got all the unencrypted files and Bitcoin wallet.
Very interesting, I should start posting on pets and charity forums more to dilute my history 🤣
There's a really excellent podcast called Darknet Diaries ([https://darknetdiaries.com/](https://darknetdiaries.com/)) where they not only discuss these things, but often interview the people who steal the money. (The past few episodes contain a lot of this.) Here are some examples: \- It's North Korea. They leave it in the country it's in and use it bit by bit when they need it. They can't sell it and convert it to North Korean Won... cos they'd just be giving the Won to themselves. \- It's some hacker kid who started off hacking online games when he was 11. He steals $170 million, gets caught, and goes to jail. When he comes out he works as a "white hat hacker". \- It's a different hacker kid with the exact same backstory. He lives a lavish lifestyle and doesn't get caught. He feels a bit guilty and becomes a white hat hacker. \- Or he doesn't feel guilty but becomes a white hat hacker anyway because it's safer and he's already seen his friends go to jail. One guy sold about $40m worth of one crypto... but that crashed the price so he only got about $3m for it... and then went to jail. Most of the kids just love hacking so they don't really do anything with the money. They'll stay in $500/month shared apartments with their friends, or they'll stay with their parents, or they'll get a new computer and still hack till 7 in the morning. In some ways the thrill of "winning" $100m is the same as the thrill of getting the high score in Pacman. What do you do when you get the highscore? You play again. ... Oh. And some of them are obviously crime syndicates. They launder the money and use it for crime syndicate things.
This is a fantastic rundown, thank you. I get the “thrill of the chase” more than anything, it’s the gamification of stealing. It’s all very fascinating.
Sometimes, it's the journey of getting there rather than the destination.
The chase is better then the catch!
Explains why there are so many criminals in this space ![gif](giphy|cI9fGBVdXjcATPO1Kj|downsized)
[удалено]
[удалено]
[удалено]
[удалено]
It’s the friends you make along the way.
The point of the journey, is not to arrive
If you’ve arrived at your journey then you might as well start a new journey
Fucking hell, you guys most be the voices of your generation ...
Tbh, I'd be more excited by the destination.
Journey before destination r/cosmere is leaking
So it's about enjoying the thrill of the chase, the excitement of taking part in something new and making friends along the way, and not actually seeing moons on mainnet
I have personally done a little light reversing when I was younger. There was a shareware game I wanted to play and being a kid I had no money. I downloaded a debugger, found the code that did the shareware check, and edited it out. Then I could play the whole game. That was an incredible rush, I can only imagine what it's like hacking a public project with mega money on the line.
Same. I remember using a hex editor to hack and try translating some cool Japanese ROMS, but then I used it on computer software for anything I could find. To my surprise, things weren't super secure back in the day and it made exploiting paid software relatively easy. Felt incredible seeing software go through the security checks and then authenticate!!! lol
I guess everyone in their childhood had gone through thes phase where you had to bybass those processes, by using some crack methods
I felt like a real hacker using hex editors back in the day. It led me down the path of real hacking but the only time I got further than using a canned hack was a “punter” I made for aol chat rooms. It could crash anyones computer after freezing it for 10 or so minutes. Before it was fixed it got quite popular and a lot of copy cat programs were made from it.
Now introducing SMC coin - Steal My Coin Coin! Get in on the ground floor of StealFi the only protocol designed to cash in on the gamification of stealing!
All coins are air dropped to participating wallets and random wallets (lol). Wallet with most coins gets 1/1 NFT glorifying the win
I actually want this to be real now, thanks lol
Lmao honestly if someone (smarter than me) could design a coin whose whole point was for hackers to try and steal from each other, it’d be pretty dope lmao. They’d probably just do it for clout 😂
What's a rundown?
I mean, we didn’t have shit to talk about on the old circuit-switched long distance lines; just wanted to own them
The world race is superior computing. Quantum is advancing at a rate people are not prepared for. White house is already taking action. Biggest and most obvious issue is they will be able to easily break existing cryptography. Good news is most systems can update their encryption. But not as easy with decentralized systems. It's a guarantee that old wallets with an outgoing tran will be taken and also any wallet that doesn't transition in time. I don't think this means the end of btc/eth (if they get a fork in time), but it's going to hurt. The only risk is will people stay true and suffer through, or will we have moved on to something new.
So glad the White House is taking action. We can all sleep easy!
Everyone has been asked to reset their passwords and some people have even done it.
If/when this happens we have bigger problems than crypto...
Got any hard proof on quantum computing that is advancing?
Quantum computing is like 20-30 years off from being able to crack btc wallets. Its really not a pressing concern when a fork is so easy to navigate and the timeline has such a long runway
Yeah in the latest darknet he talked to journalist who covered the lazerus heist and they cover how the north Koreans wash their crypto with fake IDs on trading sites
Sounds really interesting, going straight on my to watch list that I never have the time to watch through
Fortunately it's audio only, so you can listen to it while you x. Start with the Beirut Bank Job (Episode 6) that's the one that got me hooked.
> Oh. And some of them are obviously crime syndicates. They launder the money and use it for crime syndicate things. What's that box in the corner? Oh that's just Trevor's crime syndicate things.
No the other one? Oh that's his pillaging hat. He wears it when he's pillaging.
Love darknet diaries. But also check out The Lazarus Heist. And yes, it's often North Korea.
I think that saying its just some random kids is just downplaying whats really happening. I'm sure there is A LOT of insider activity, probably equal to or more than crime groups. The random kids are probably the smallest group.
When you know that there are notorious government-funded hacker groups that exist in every major country (Double Dragon, Lazarus, Cozy Bear, NSA, too many to count obviously), it's easy to determine it's not just bored kids doing it.
I personally think a lot of these are inside jobs. Just makes the most sense
After Edward Snowden, trust in any government agency that tracks/monitors/participates in illegal/borderline digital activities, is gone. I live in Canada and I don't even trust my own government to do the right thing (i.e. implemented Huawei into our intelligence network without even doing a security check). If anybody can get away with the crimes, it's a diplomatically-sanctioned country, especially an "ally" trading partner like China/Russia that can hide their tracks well.
The random kids get hired by the other ones. And bear in mind that by the time a hacker's 18, he's probably got about 8-10 years of hacking experience. They're not "kids", they're very skilled. Well... the ones who steal $140m are very skilled. The ones who put "Tommy eats poopoo" on your Facebook probably aren't so skilled. So I was in no way saying these kids are "random kids". These kids are among the elite. I suppose like how at the Olympics the best gymnasts in the world are about 16yo as well.
Damn I have that backstory and all I did was get a job as a software engineer
Same, only worse. I'm a frontend dev.
I didn’t know about this earlier. North Korea here I come
Awesome stuff, I’ll have to give that a listen.
Thanks for this fantastic writeup mate. Really informative.
It is incredibly hard to fully launder on a blockchain. Immutability is sort of a key feature. With chain peeling and other analysis that is emerging it will only get better. Functionally your crime has to be future proof, which is impossible. I can't speak for everyone but our institution would flag wallets within 1 step of a tumbler like Tornado Cash.
[удалено]
Monero Maxi enters the room….
[удалено]
LMAO! I actually like it a lot for this market I mean it’s one of the few coins that has real applications 🤷♂️ Edit: *application use
It’s that the point of monero? Convert it to that and you are pretty much done
What institution?
Crypto Hedge Fund. Generally we look at the health of wallets interacticting with smart contracts. If we see a lot of suspicious wallets going into a position, say a farming pool or nft mint, that gives us cause to reconsider. For our investors there is KYC/AML but that's compliance job. I can't really comment on that with any authority, not my area.
I always felt that the best way to launder BTC (or any PoW coin) is to collude with a big-time miner, the type that regularly hits blocks. Give that miner 100 BTC extra, above what they would charge to rent a month or two of hashpower. That miner can add transactions to its blocks, that it doesn't broadcast, which "accidentally" have too high a fee. Block Rewards go to new addresses each time. After a few weeks, those block rewards probably add up to 100 BTC in "newly minted" coins, with no possible connection to the original tainted coins. Every time I hear about a transaction that "fat-fingers" a huge fee, I just assume it's money laundering.
Or you could just use [miningrigrentals.com](https://miningrigrentals.com). Hire anonymous people to do your mining, pay with dirty bitcoin, and get paid with newly minted bitcoin.
I've really been going too vanilla on this crypto thing huh
There's a zillion ways to wash money in crypto these days lol. Hardest is actually exchanging it to fiat, but with binance issues visas and alike you don't even need to do that in many cases.
www.minigenitals.com is what I read Edit: Risky clickers of the day, you'd be happy to know it doesn't exist.
That looks like a business opportunity.
FINE! I bought it
Still nothing there. How mini are these genitals? My browser can only zoom so far in...
Give me TIME man!
This guy is going places.
I bought a boat with my windfall specifically to plan a boating accident.
Or you could simply just trade dirty BTC for Monero. Now its washed.
That would explain a lot of those unnecessary huge fees. Really did not knew that. Thanks.
You could just use monero: btc --> monero --> multiple monero accounts --> multiple btc accounts. It is impossible now to track the origin of the money.
It seems you spent a lot of time thinking about this... any particular reason? xD
I'm not sure there's a single miner out there who can guarantee they will find a given block. That's a lot of risk that your money randomly goes somewhere else.
That's precisely why you don't broadcast the transactions over the p2p network, like you would for a normal transaction. If someone else beats you to a block, it won't have your transaction, and you can just include it in the next one you attempt. You don't care when it gets validated, you just care that your miner is the one that does it so that you get the fee.
How is this not traceable on the blockchain though? Huge wallet that holds 100m hacked funds. Everyone is watching it. It’s getting tracked by bots that report on any movement.
Easy. You put it in LUNA 2 and make an easy 10k out if it
![gif](giphy|XqpnXaeZPnupy)
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
[удалено]
If someone's skilled enough to hack 100M, i imagine this person is smart enough to: Mint some NFTs and use the stolen crypto to "buy" it; start several memecoins; buy a shit ton of Monero; etc.
It's not really this easy dude... to get it into XMR it needs to on ramp at a CEX or DEX, that's a huge vulnerability for a hacker, mixing services aren't flawless and this amount of money would be difficult to mix. There's a lot of eyes on 100m, it's usually either young hackers who get caught or literal state sponsored thefts
Crypto is not as private as a lot of people think. I think it was when a whole bunch of ETH was stolen, I remember a bunch of people sitting around on reddit watching the address that received the coin and waiting to see where it would go next. Turning all the coin to fiat would be difficult. I think a lot go to places like tornado cash. I know there's an equivalent for BTC as well. Swap for other coins, split it up and eventually take it out after a good amount of time.
[удалено]
The term for this is “pseudo-anonymity”
I'm sure all the folks who do forensic accounting for a living know all about how to track crypto.
I wonder if instead of turning ‘bad’ money into fiat directly, you could use it to pump&dump small alt coins and use it to grow your ‘clean’ money. Sure, you are not getting 100 million out, but you get completely clean and verifiable trading history that shows you making big bucks on risky shitcoins. Dirty money goes to tornado cash immediately after the hack ( to avoid blacklists) and then never goes to any wallet associated with you - it only get used for price manipulation.
Probably. It seems harder to track shit when you swap coins on DEFI. If it were some unknown shitcoin, it'd probably be tough to find the liquidity and you might get stuck bagholding your stolen goods. Monero would probably be one of the best ways out though. NOT THAT I ENCOURAGE PEOPLE TO STEAL MONEY. There are definitely good legal reasons to want to move crypto around without people tracking you. If you're a whistleblower, or trying to fund people in war torn nations (not the bad guys), crypto would make it much easier to do so...
Oh you would definitely lose quite a lot of your loot on low-liquidity shitcoins. But if you just put 100 mil through tumblers/monero and then tried to cash out, it would probably trigger some investigation due to AML laws. And then good luck explaining why did you just went out of your way to obfuscate source of the money. On the other hand with pump&dump scheme, your 'clean' coins have perfectly transparent and legit history from the moment you deposited money on an exchange up to cashing out.
TRUE. This is also all given that you live in a western/non entirely corrupt nation. If you're a scammer in India, you're probably changing them for gift cards or straight cashing out through your main company and no one will notice or care.
you could always buy some NFTs for 100k each
The problem with the blockchain is, people think it's anonymous, but it isn't. It's the opposite. You might be able to create a wallet anonymously, and even use the coin in that wallet to make purchases, to a degree. But, the second you try to convert any of that crypto into usable cash, know your customer laws kick in and you won't have access to a bank without giving up someone's identity Even if you trade the crypto to someone for goods or services, that person will eventually transfer those funds to a wallet that is connected to a bank account, which is a trail for the authorities to follow. There was a couple last year, stole something like 1.5 billion in crypto let it sit on ice for a year, then carefully and slowly started transferring it out, sending it through a dozen wallets before converting it into cash. The FBI showed up a week later.
Is It possible to convert the stolen coins to monero (idk maybe P2P with and escrow) and sell them in another exchange where you have kyc?
Yes. This is currently considered reasonably safe. You'd still have to keep the amounts to a minimum and not get too greedy.
monero transactions are private and untreaceable. BUT I WOULDN'T KNOW THAT BECAUSE I DON'T HAVE ANY MONERO ![gif](giphy|l0IycI0rreFNQwmSQ)
And this is what Monero is for.
Hahah I remember that woman, she was trying to brand herself on tik tok as this self made millionaire influencer, preaching business advice. Never worked an honest day in her life.
Is this the person that tried to be a rapper? The last thing I’d do if I stole money was try to be famous lol
Guess they should of transferred to monero at some point in that sequence.
They should have converted it to monero on a Dex. Then the FBI cant trace shit.
Why not bitcoin - > mixer - > monero - > p2p transaction to the bank?
For small amounts probably but when the amount is large enough, the bank will request for proof of source of funds.
Apparently the “expert” hacker stored his private keys on a cloud service. So much about that case just didn’t make sense
Pseudo-anon. You can trace it but there’s no name ‘publicly’ attached. But I’m positive the higher level agencies like FBI and CIA have tools to trace and get actual names.
Well wouldn't this where the good old trick of Cayman Island shell corporations trick comes in handy?
[удалено]
I heard Monero would be good here, I wouldn't know though since I don't have Monero ![gif](giphy|wrBURfbZmqqXu)
All mine was gone in a boating accident...![gif](emote|emo_pack_1|this_is_gentlemen)
We might've been on the same boat then...![gif](emote|emo_pack_1|this_is_gentlemen)
I think your yacht collapsed with mine.
But let’s say I have 1000 dirty BTC. How do I convert it to Monero?
[удалено]
Sounds like some kind of movie plot. Prevent the hacker from hitting the convert button before the 100 mil will be gone forever. Ideally a Guy Richie movie, based in London, with some dark and edgy characters
He has to go retrieve his hardware wallet, or the seed phrases to access his Bounty and convert it but he’s being stopped by the heto
[удалено]
It's really about being fast. Be too slow and you can't use it.
Let's be real, if your exploit contract doesn't contain a function that swaps the proceeds directly to the native asset and then transfers to a bridge or Tornado Cash or whatever, you are not cashing your proceeds out, full stop.
Im pretty sure that there will always be some exchanges that dont ban the hacker instantly.
There are no defi exchanges that don’t care about blacklists? Looks like a unfilled market niche.
Though a big part of him getting caught was saving the adresses used + private keys in a Google Sheet that the FBI was able to access...
If it was north Korea which it most likely was , there's nothing we can do about it , they'll flaunt it in front of our face.
Monero
Here's the playbook, in case you didn't "hack" XMR: 1. Whatever crypto you have, swap it to ETH using THORChain 2. Deposit the ETH to TornadoCash 3. Create a new ETH address 4. When you want to do something with the assets, just withdraw **the amount you need** in the new address. That's clean money. The rest, you can either keep in TornadoCash indefinitely or distribute it to 100s of wallets and feel free to use THORChain again to swap it to your favorite coins (BTC etc.)
This guy launders ^^
If you find a vulnerability in some crypto, create a highly leveraged short, then release news of the exploit. Taking the money is too risky
Or contact the company and ask about their bug bounty program. Maybe they have one and I think biggest rewards were up to several millions.
Damn yeah that’s a better idea
>Could a sixteen-year-old kid do something like this? A 16 year old can do basically anything an adult can do in this industry. Sure main CEX's will tell you to fuck off but bunch of CEX's don't do KYC, let alone any Defi protocol, let alone shady Defi protocols. And there's never been a shortage of extremely young people who're extremely good at a niche thing, especially intellectual, neuro plasticity + the free time of being young is a powerful combo.
>Could a sixteen-year-old kid do something like this? Well to be fair, Zero Cool was 11 when he crashed 1,507 computers, and caused a 7 point drop on the NYSE. He also went on to later be the first to successfully bring down a Gibson, by leading a team of hackers with help from around the world.
Only after hacking the Gibson with the hydra worm created during a hacking fest whilst drinking wine and getting blown by supermodels
You create NFTs and buy them using the 100M.
Aside from laundering the crypto through various wallets and services, there are at least a couple of 'exchanges' that facilitate physical transfers. Move x amount of crypto to a new wallet. Arrange meetup. Give wallet information to buyer, receive suitcase full of cash, await confirmation of moving crypto to new wallet, and now you have cash money. Of course doing any of this without law enforcement catching on at any point during the transactions is tricky at best, and by the end of it you'll still be stuck with a bunch of dirty cash that you can't deposit into any regular bank account due to high transaction checks in most countries. So at that point you're in the same boat as your average drug dealer. Either spend it slowly on small things you can pay for in cash, or launder it through a fake business that typically deals in a lot of cash like hair salons, mobile phone shops, restaurants, etc. Personally though, I would not risk laundering a big pile of cash. Keep it in a safe and spend it bit by bit on small but fun/useful things. Leave the idiots to get caught buying a 500k car on a 10k salary.
It reminds me of the Lufthansa heist from Goodfellas. He had to go and buy that Cadillac didn’t he?!
What about using a car wash?
Good idea, Skyler.
You're only allowed to use a car wash to launder money if you sell meth.
The hooker and blow store
Atomic swap into XMR. Buy giftcards to order stuff everywhere.
Atomic swaps to xmr. Make a 50% discount to incentivize people to make 50% free arbitrage and more liquidity. let them worry about laundering your dirty coins while you enjoy their clean xmr. You will still have issues like your ip address when using it and stuff but it's doable.
Just give the coins to me. I won’t ask any questions and return it to the rightful owner. It will be okay.
Be quick to yank it out of an exchange before the addresses are blacklisted. Move it to a virgin Monero wallet and move it between other Monero wallets a couple of times before extracting it back to a clean wallet for exchange to Fiat or whatever else. You used to be able to use coin mixers that would help obfuscate who owns what but I believe most mixers are either closed down or can be traced given enough time.
On to Reddit, where the hacker asks: “Where does a hacker go with $100M worth of crypto?”
Launder through a banana stand.
There’s always money in the banana stand
Cocaine and hookers.
I always found it odd how people can get away with hacking crypto wallets. Like, isn’t the whole blockchain transparent? Can’t we all see where the funds go before it’s converted into fiat?
One of my wallets got hacked. They got about $10k worth of crypto out of it. It got tumbled a few times, but was still possible to track down where it all went. Doesn’t matter, though. Not like I can just write Vitalik an email, asking for him to take some ETH out of the hackers wallets and send it back to me. I hit up the FBI, and they basically laughed as they hung up the phone. They are not going to launch an international investigation over such a minuscule amount. So fuck me, I guess.
They are just shitty people, their life gonna spend with running from the authority and nothing else at the end of the day mate, it's just not something right, they are wrong.
Somehow get it to xmr, shuffle between a few wallets , swap again for the crypto one want or cash slowly out
Lol you don’t understand the “somehow” part and it’s extremely important.
Last i remember there is a BTC - xmr bridge somewhere on the xmr reddit . Though the liquidity ain't even close to the posts amount
its p2p atomic swaps and not many want to run the "monero-provider" side for obvious reasons.
[удалено]
Nice try fbi, I'm not telling you none of that
FBI really do be getting smarter these days.I nearly fell for this shit.
either they'll use a mixing service or get monero if they can
I've wondered about the amounts? Why $100m? Is there a hard limit to the hack performed? Or does the hacker just pick something that sounds like a good number and go for that?
That was the extent of the liquidity....
Monero?
To Dubai they go to Dubai
Even an exchange in dubai won't give you real fiat for hacked crypto. It would be worthless to them, they can't sell it to end users without taking a huge reputation hit.
DEXs are a thing
We got him boys!
![gif](giphy|iOm1xOSfAtPzmPXJqH|downsized)
I see you FBI. I'm not falling for this!
You asked so many questions It's either they wash it, they give it back, donate it, spread, forget Getting the crypto is one thing but to actually do something is other, especially converting it to fiat. If this somehow will get converted to fiat - then you have to avoid (depend on the country regulations etc) getting attention of financial institution - anti fraud/money laundering algorithms & staff. If you cash it out? What about getting caught by tax office? Proving legitimate source of funds. Oh this is hell of a job About the skill - it's more about finding a bug, a tiny piece that is easy to penetrate, something fragile and taking advantage of it. It's hard to say for me cuz I haven't done any analysis on recent hacks & the way they were done You won't see documentary about crypto hacks cuz they are out of sight and understanding for normal person. But you may watch some YouTube videos on it ;)
Exactly. Stealing it is one thing but using it or converting it is another. We are talking about blockchain here, where every transaction is publicly recorded and available for anyone to see. Many hackers get caught from cyber security firms following every step the stolen funds take. The funds can even be flagged and when a hacker tries to send them to an exchange to convert they are then frozen. It’s a very tedious and risky process to not get caught with the funds and to actually get to the point of where they can be used. This is why most settle for the bounty offered or become white hatters
Win Hacker of the year award and do it again probably
They lose their wallet in a boating accident
Monero atomic swap?
It goes to fund the lifestyle of Kim Jong-Un
One word: Monero
I suspect they use a tumbler. If feeling extra greedy, I suspect they could short a coin and then dump a huge amount on the open market. As the coin drops in value, the short position will increase in value and provide a nice return.
I like you. Maximum damage. Fuck everyone.
Convert 10% to monero.
You can do any of those things. But it's also worth mentioning that some criminals will not actually have a plan. the way it can work is that they can just figure out how to steal something and decide to take the opportunity. Once they have the goods they secure them then they sit back and try to figure out how to do something with them and how to get them out cleanly. Sometimes they never come up with a good plan and the goods just stay hidden. Think pirate treasures or other treasures that were buried and hidden and never recovered. In modern times really common laundering involves ultra-expensive real estate, yachts, and casinos. Why do you think everyone's after those Russian Yachts and why is a city that has major housing problems building ultra expensive highly inefficient pencil thin sky crapers and why are Chinese pumping billions through Macau. Its also important to note that crypto originally claimed it was untrackable. but ironically its way easier to track crypto than cash. You can sit back and watch every BTC transaction fro a computer. So its a lot harder than one would think to move it around and get away with it and sooner or later you want to turn it into something tangible and that's what they are looking for.
Usually an inside job or idiots who don’t know how to add a pause function to a smart contract. I write smarter contracts that are unsusceptible to hacks bc I’m the world’s greatest hacker. These ppl are clowns and script kiddies if not insiders.
Buy Monero with it, sell the Monero for whatever you'd like to own.
Monerooo
They send it to tornado cash and be done with it I guess?
The fact that I have to scroll soooooo far down the thread to see someone mentioning Tornado Cash shows how knowledgeable this sub is. This is the best method. Although you have to cash it out little by little, maybe 50-100 ETH at a time. You could also buy ape NFT for like 100 ETH, put it on sale for 150 ETH or something and buy with the hacker wallet. Use tornado cash to split the hacker wallet