I thought bitcoins were untraceable? Colonial ransom partially recovered

Factual Questions
41

I just have a basic understanding of Bitcoin type currencies but my understanding is this:

Bitcoins are “mined” by doing some serious computational task - which I gather involves determining practically uncrackable large-prime based codes. Currently mining a coin could cost more in electricity than the bitcoin is worth (but of course, both electricity and bitcoin prices vary…)

From this, I gather bitcoins are in fact effectively serial-numbered. it has unique ID which makes it impossible to duplicate. You can track their progress. If you couldn’t, it wouldn’t be bitcoin.

A transaction transfers a bitcoin from one “wallet” to another. What this transaction entails I’m not sure, but basically it seems to record that coin X (or a portion thereof) is now in the possession of whoever has the password/code for that wallet. Transactions require the sending wallet and receiving wallet to agree, so it’s (virtually) impossible to do a transaction unless the sender gives their private code.

As I understand it, the “blockchain” is essentially the transaction list for a bitcoin, or many, or parts. The key is that a blockchain is distributed so that nobody can take and single-handedly alter it. You make a transaction, give someone a bitcoin, and the whole collective of the blockchain all over the world is updated. (Which is why it was mentioned upthread a transaction can take a while).

The ledgers record the IP address and wallet ID for the transaction. IP addresses can be VPN’d or temporary, and if afterwards the perp takes their wallet offline (think of it like a web server -but only needs to be online when you want to transact bitcoin with it) So the IP is a clue whodunnit but not definitive.

A bitcoin therefore is like a gold bar or a Van Gogh - you can pass it on to someone who in turn will give you something you want. It’s not trivial to make more - it takes luck and significant work to mine gold, or scour Arles for undiscovered paintings. These are what makes bitcoin valuable - because others will exchange it for value and it takes work to make it. Like any commodity, its price depends on what others will pay.

The appeal of bitcoin is that it could be strictly computer data, so o big gold bars to lug around, no alarm system and monitored environment to prevent moths eating your Van Gogh. it can cross international boundaries undetected, and is effectively untraceable with appropriate precautions.

I presume the governments of the world can do anything from making possession of bitcoin illegal to requiring that bitcoin possession be declared to taxing the sale of bitcoin (either transaction tax or capital gains if it goes up). Declaring income is something governments require for everything else when an item is sold for a profit.

What I have seen online as speculation is that the hackers, not being too stupid, would pass the bitcoin through a bunch of cooperative groups who could take a cut for passing it on with their own means of hiding their identities - essentially virtual money laundering. The theory would be - when did the bitcoin get exchanged to someone outside the group? If I trade a bitcoin with Bob, unless the FBI can get to Bob and determine what bitcoin he gave me in return, I have a bitcoin that nobody knows is ill-gotten.

I suppose another tactic the FBI could use is that bitcoin used in an illegal transaction is liable to seizure, even if acquired legitimately. I.e. if the police come to me and say the $100 Porsche I’m driving is stolen property, they take it and that $100 is my problem. (Although there’s a presumption if the price is too low, the buyer had to know it was stolen). Of course making any bitcoin liable to seizure if it was ever involved in an illegal act would I assume seriously degrade the market for bitcoin. I imagine the FBI’s concern over this could be measured in microgiveashits.

42

Certainly, instead of picking up our suspect right away, we can keep him or her under surveillance for a while, which may include keyloggers as well as telephone and internet wiretaps. That would get you any password that was typed in, and many people protect their important information and access with nothing more than a password, or at best two-factor authentication.

FBI vs. Russia shenanigans have apparently been going on for a while. There was some fallout in 2001 when the FBI arrested an innocent ElcomSoft employee who merely gave an invited lecture in the US about his PDF password recovery tool. He spent months held in the US, including some weeks in the slammer, before being released. It is a big stretch to connect the dots between something like that and deliberate ransomware or something even worse (“cyberattacks”), but, for sure, the U.S. and Russia have never seen eye-to-eye on computer crime, copyright law, whistleblowers like Snowden, etc.

43

There are no IP addresses included as part of a transaction— not sure that would make any sense. However, that does not mean the identities of people involved are not known to the FBI by other means.

If you want to explore the public transaction information concerning the suspicious transaction in question, go nuts:

44

For non-technical questions I think a useful analogy is comparing bitcoins to gold coins. If you had, say, $1k in gold coins you couldn’t take them to any store to buy things. You’d first have to go to someone specializing in gold and sell your coins for dollars. The dollars that you got for your coins would depend on the current exchange rate.

Likewise, if you wanted to buy gold coins you’d have to go to a gold store and give them dollars for gold.

45

In theory, even without identities, if the FBI has the private keys, that’s all they need to recover the bitcoins.

Of course, possession of the private keys also implies they probably know the identities of at least some of the people involved.

46

Opinions? I have no opinions. You tagged me into this thread in a post where you led with your own unsupported opinions. If you want facts, consider bringing some.

47

The block chain has to contain the bitcoin identifier, right? So:

On January 1, account number 123 mined bitcoin 8f111dde0. On January 2, account number 123 transferred bitcoin 8f111dde0 to account 456.

48

If anyone is interested in understanding how a blockchain works, this video gives an exceptionally clear step-by-step explanation.

49

The vast majority of US dollars do not exist in any physical form.

50

This on the face of it makes sense, but in fact would only work temporarily.

Because after a time the ransomers might start to specify “Once we have received the coins and we’re not on the illegal list we’ll unlock your systems”. Or indeed specify that they will only unlock your systems after they have successfully transferred the funds to something untraceable / unrecoverable.

The current FBI action seems the better way round. Make ransoming inherently risky because at any time a government could counter-hack you and put you in the shit (well, the level of shit depends on how much the country you’re in cooperates).

51

Thanks guys for your answers.

Think I’ll pass on this Bitcoin thing :shushing_face:

52

Attempting GQ answers:

It first bears mentioning that in this case, notably, the FBI didn’t trace the transactions back to a person. They identified a wallet that they believe contained the funds. Likely it was an online wallet, which means it was on a computer system that itself had a security hole, and they copied the encryption keys to transfer the money back to them. Hopefully that money belonged to the bad guys! But it’s possible that it didn’t, and nobody will ever really know because nobody cares and there’s no recourse.

They’re not saying that they caught the bad guys, because they couldn’t identify the bad guys, and likely never will. They swiped someone’s money and claimed victory.

They are untraceable in the sense that there’s nothing called a Bitcoin, not even an imaginary thing, not even an abstract thing called a different name. You cannot look at a Bitcoin wallet and say “aha, this coin was mined in Croatia in 2014” because there’s no such entity as “this coin”. Bitcoin is just a protocol for you and I agreeing that I have a balance of 17 million, and you have a balance of zero, and I agree that my balance goes down by 17 million so that your balance can become 17 million. 17 million of what? Just the number 17 million.

You may have guessed that for the protocol to work, we need to see each other’s balances first, otherwise how do I know to accept your offer? And to validate your balance, in fact I need to have access to everyone’s balance at every point in time since the network started. There are even web interfaces where you can casually browse every single Bitcoin wallet’s transaction since the beginning of time!

Knowing that, this really sounds like the opposite of “private and untraceable”, right? It actually sounds like a great way to get caught! Well, not so fast. The thing about Bitcoin is that it’s anonymous. Whereas normal banks are required by law to document your name, identity, physical address, and IP address associated with that activity, Bitcoin doesn’t, cannot store that information at all. Certain businesses called exchanges will host an online Bitcoin wallet for you, and they will (by law) accumulate your personal identifying information, but that information doesn’t follow transactions. Bitcoin doesn’t even have a way to store that.

So, in a nutshell, Bitcoin is not “untraceable”. It is much more anonymizable than other forms of currency. The folks who have been getting away with laundering US dollars through traditional banks for decades, can operate with much more anonymity, ease, and success than they previously did.

On the other hand, anyone who thinks “I’ll use Coinbase to swap dollars with Bitcoin and I’ll be invisible…” yeah, you may get away with crimes that are too small to investigate, but if you get too bold you’re probably going to experience some unpleasant consequences.

53

Okay, I was following as best I could. Now I need to know how the Government could “recover” the bitcoins. Does the FBI have a bitcoin account it can transfer this currency to?

54

Pulling in someone’s name just to snark at them is very inappropriate in General Questions, as you should know. This violates several Board rules. No warning this time but please refrain from this sort of thing in the future.

A reminder to everyone that this is GQ and the discussion should be restricted to the central question of whether Bitcoins are or are not traceable.

Thanks,

RickJay
Moderator

55

No. As far as I can tell from this it’s more like

  • In transaction X a bitcoin is mined and placed in wallet A
  • In transaction Y a bitcoin placed in wallet A in transaction X is placed in wallet B
  • In transaction Z a bitcoin placed in wallet B in transaction Y is placed in wallet C

These are all that is recorded about those transactions. Where they went, the output, and which output from a previous transaction led to them being in the wallet, the input.

There’s no “bitcoin identifier”, just a … blockchain of transactions that has to start at the “no originating wallet required” transaction the miner who encoded a particular block gets to add to the block.

56

I think someone else already corrected this, but I wanted to emphasize it: This is 100%, completely, absolutely wrong. Bitcoins don’t exist. There’s no such thing as a Bitcoin, nonexistent things do not have serial numbers, therefore Bitcoin has no serial numbers. This isn’t a cute syllogism, it’s a technical fact.

Bitcoin is just a protocol for recording numerical changes to account balances. That’s it.

57

There’s nothing special about Bitcoin wallets. Almost certainly the FBI has thousands of them for various purposes. It’s about as involved as creating a fake email address, except you don’t even need a server to do it, you can do it on your own computer using Bitcoin software. It never even needs to leave your control. Totally decentralized.

58

This is absolute nonsense as there is no way to identify “a bitcoin”.

Someone could invent a cryptocurrency network that does this. Perhaps a government might see value in creating one. It’s technically possible, but AFAIK nobody’s ever rationalized the effort. At any rate, if it happens, it’s not going to be Bitcoin, because Bitcoin isn’t designed like that.

The confident incorrectness that always shows up in these Bitcoin threads is… really something.

59

They probably opened a Coinbase account, and said “I’d like to buy 22 million Bitcoin”, and Coinbase said “this is the market rate in dollars” and they paid it.

Just as you can buy a Mexican Peso without waiting for the central bank of Mexico to create more supply, you can buy Bitcoin without waiting for it to be mined. It’s a currency, you can use it to purchase goods and services, or you can trade it on the exchanges.

There is an exchange rate, and it floats depending on supply vs. demand, like other currency.

It’s worth mentioning that Bitcoin is mathematically supply-constrained and therefore deflationary. The more Bitcoin supply expands, the more computationally expensive it becomes to expand it, so the supply grows more and more slowly. If demand grows or stays constant, then the exchange rate will rise. Bitcoin holders are betting on this, but I personally doubt this will happen. I expect that as Bitcoin becomes more expensive, and transactions are slower to clear, a competing cryptocurrency will take its place (don’t ask me which one), and Bitcoin will be abandoned.

60

I’m picking a small nit from a good summary.

The key bitcoin operation for mining is generating a hash of the new part of the transaction ledger. The hash is computed by feeding the bytes of the ledger through a function that generates a small (usually 256- to 1024-bit, not sure what BTC uses) value. The function has the property that it can be calculated deterministically, but changing even one bit in the bytes fed to the function will change the bits of the hash in a way that is unpredictable except by recalculating the entire hash.

So a miner, when confronted with a new set of transactions to add to the ledger, adds a “new bitcoin” transaction, which includes their own wallet to add the new bitcoin to as well as a lot of garbage bits that can be varied so as to vary the generated hashes. Typically, in large mining operations, the transaction ledger is farmed out to large numbers of hash-calculation computers, each with a range of garbage bits to try.

Each hash calculated is then checked to see how many leading zero bits it has (i.e. how low the number is). Once a hash is calculated that is above a certain threshold number of zero bits, that hash is sent out to all participants and everyone gets to work on the next block.

Large-prime based codes come in with the use of bitcoin wallets, each of which has a cryptographic-strength public and private key. The public key is the wallet ID, known to all, and can be used to verify that an operation was approved by someone who knows the private key. The private key is used to sign transactions and must stay unknown to others.

The FBI apparently got the private key to the ransomware hackers’ wallet and were able to transfer the bitcoin out, then convert it back into dollars at an exchange. How they got that private key is the unknown part.

HMS_Irruncible already pointed out that bitcoins have no unique identifier, so I won’t go farther into that.