Seems kind of unfair to Jow…
Okay, but the tricksiness here isn’t with making someone whole vis-a-vis bitcoins vs. dollars, it’s cash vs. merchandise.
It is not clear to me that either of us understands the law around this well enough to come to a clear conclusion. From my intuition and my limited legal knowledge, it seems like the liability and obligations around transfer of stolen dollar bills should not be materially different from transfer of stolen bitcoin.
If it’s digital and not paper money, then dollars are potentially much easier as the accounts are much less likely to be anonymous. But I think we’re so far off in the weeds that it does not help anything for me to keep pursuing this sidetrack.
As I said, try to imagine the FBI’s concern for you in this scenario. Or for anyone whose entire wallet is unusable because they accepted bitcoin from a tainted location.
Presumably the scenario would be if Acme Inc paid a ransom of $5M then any transaction where a wallet accepted some of that bitcoin balance from the ransomer’s wallet - the entire balance would be forfeit up to $5M. Ditto for the next wallet. and so on. Once the FBI had recovered all transactions that came out of that wallet, then it would be up to each forfeitee(?) to claim their share of the excess, provided they could show the rest of their balance was legitimately obtained through a non-illegal transaction. Otherwise, the standard “proceeds of crime” legislation would apply.
Imagine if the FBI traced a bunch of bank robbers who took $5M, found they had passed the money on to others (i.e. for a Bentley and a nice yacht) they could seize the amount of those legitimate transactions from the sellers. If they raided Bob’s house and Bob could prove he had nothing to do with the bank job but had $2M in his safe, he’s just “holding it for a friend”, the whole lot would be seized until Bob could prove how much he was holding actually belonged to the bank robbers. Plus he’d have to explain where the rest of the money came, and why he was not part of a laundering scheme, etc.
I stand corrected. See, I learned something.
But the point is, bitcoin maintains its rarity, and hence its value, because unlike paper money it can’t simply be printed in whatever quantity the issuer wants; it’s more like gold, which needs to be mined. So holders can be fairly sure the market will not be suddenly flooded with something they think is worth a lot.
Also, the authorities if properly motivated presumably can work backward from legitimate holders of bitcoin - where did this come from, and why? This allows them to put a name (person or organization) to a wallet. If the Treasury can maintain a registry of every $100 bill in circulation, I’m sure they can build a database of name-vs-wallet and slowly build a picture of who owns some of the wallets, thus essentially tracking bitcoin to some extent. I assume they have some sources - possibly reluctantly - cooperating to help with this identification.
(I.e.Bob buys a Porsche with bitcoin and the FBI has a “discussion” with the dealer. Now they know Bob’s wallet as well as the dealer’s; and the wallets the bitcoin went through to get to Bob. If they can determine how to get to Bob (threat of tax evasion charges?) now Bob can identify who he dealt with - either by name or by what business they do… and so on. Big businesses getting into the game just makes it easier for governments to get leverage on them. )
Anything is possible if we’re speculating about the activities of law enforcement that we don’t know. What’s likely is that they have a list of wallets of interest around criminal investigations, and they have collected any AML/KYC information about those wallets. They may have analyzed patterns of activity to relate some wallets to one another.
But historically, most exchanges haven’t used AML/KYC and are still not compliant. As I mentioned, you don’t need to go through an exchange to create a bitcoin wallet, you don’t need to register your name anywhere, you can maintain a thousand anonymous wallets with permission from nobody. The haystack for searching needles is truly enormous.
What crime did Bob commit, though? Why are they looking at Bob? What if Bob claims he got the funds from an offshore gambling site, which has now flown by night and is beyond a US jurisdiction, and he actually paid taxes on those funds? If your scenario assumes that law enforcement already has a lot of information on Bob, or he’s made some dumb mistakes, then yes, it will be easy to roll him up.
If you think he’s a snotty punk who can’t possibly get away with this, you’re going to need more than that. Bitcoin makes it possible to pull off shenanigans that were previously only available to seasoned, well-connected money launderers. That’s why it’s causing such concern with law enforcement. Not that Bitcoin is always invisible and uncrackable, but the enormous number of people who can move money under the radar just for funsies. It’s a big universe of activity to search and monitor.
The government has a lot of reach. But consider that sophisticated criminals have been getting away with money-laundering for many, many years with ordinary SWIFT transactions before Bitcoin ever came on the scene. With Bitcoin we’re talking about a system where anybody can create and trade without even talking to an above-board exchange, let alone one that is KYC or AML compliant.
Kind of hard to visualise. What’s that in double-decker buses?
[Moderating]
This is not appropriate for GQ.
[Not moderating]
While, strictly speaking, it’s true that all that we know is that the FBI got ahold of the private keys of one or more wallets, there’s no conceivable way that they could have gotten the private keys without knowing who the owner of those wallets were. Maybe the owner of those wallets was the thieves, maybe the owner was an exchange like Coinbase that the thieves were doing business with, maybe the owner was someone that the thieves sent bitcoin to to buy something else… but whoever it was, the FBI must certainly know who they were, because every plausible way for them to get the private keys requires that they know that.
That’s around 23,000 AEC Routemasters, or 19 Leaning Tower of Pisas. Or around 1/100th of a 99942 Apophis. (All numbers approximate.)
When the U.S. needed to send cash to Iraq
see also
Naturally, much of it was… untraceable.
This fallacy is known as the argument from incredulity, i.e. I cannot imagine it, therefore it must not have happened.
I think it’s likely that the FBI knows a pseudonym and maybe some affiliations of the target… but their actual real-life identity? Doubtful. The G-Men will normally be the first ones to tell you that they nabbed the responsible parties, and make an example of them as a deterrent. “If we got this dimwit, then we can get you too.”
Private keys are nothing but files from a system. If you’re looking for files left somewhere, you don’t need to know who owns them, you just need to know what systems have been accessed. There is ample precedent for infiltrating the social network of hackers and getting someone to spill information that leads to an exploit of a network where sensitive files are stored. Hackers love to boast, they love to hack one another, they love to throw wrenches in one another’s work. It’s the most common way of catching them.
IOW, a quite conceivable and normal way of doing business.
Yes, they’re files on a computer. And their owner is the owner of that computer. What are you positing, that one of the thieves just accidentally left their laptop on a park bench somewhere? How would the FBI be searching a computer, if they don’t even know who owns that computer?
And see, cash is considered untraceable, but it does have serial numbers and can be traced- but poorly.
This is why we know for certain that “DB Cooper” never spent any appreciable amount of that money, since all the serial numbers were recorded, and the FBI and Treasury have been on the lookout for them.
Worn out bills are all double checked and recorded before being destroyed , and no cash from that hijack ever showed up.
Most computers in the world are in fact not laptops, and most of them do not reside in a person’s physical custody. Most of them are actually online, often called “servers” residing in a “cloud”, and can be leased by someone with a credit card and a minimal expertise. I myself have a credit card and minimal expertise, and I operate a few of them for my own personal use.
But we could also assume it’s a laptop. Like servers, most laptops nowadays have a piece of equipment called a “network interface.” We normally think of this as a device that allows us to access the internet, but it also allows inbound access as well. Although the computer manufacturer strives to make inbound access controlled and difficult to access by outside parties, sometimes their software and equipment contains errors, misconfigurations, or outdated computing programs that can unwittingly permit access to a determined adversary.
Hackers often use message boards as you and I are doing now, which also run on networked servers. If one were to gain control of such a server, they may be able to see network addresses belonging to individuals making certain posts. Such control of a server might be gained by intrusion, or by monitoring network traffic, or might be gained by an attack called a “man-in-the-middle” attack in which a hostile party impersonates a server in order to collect private information.
At any rate, if one is able to collect the individual’s network address, then one can more easily discover the addresses of other computers on that same network and apply intrusion techniques to those computers. Upon gaining access to such computers, one could sweep the filesystem for files resembling unsecured encryption keys, and transmit them back to one’s own system for further use and analysis.
All this can be done, and often is done, without knowing the exact identity of the owner of the target system.
If the bitcoin private keys are stored on a cloud server in such a way that access to the server enables recovery of the keys, then the thief has unwisely given away the bitcoins to the owner of that server, and so the statement remains true that the police can identify the owner of the bitcoins.
The presumption is that the feds are for some reason interested in Bob. Any financial activity he does will raise questions. As a result, if he does something like buy a fancy car from some dealer who takes bitcoin, then the Feds will learn (from the dealer) the identity of at least one of Bob’s wallets. Bob had better be prepared to answer some questions, especially if he received bitcoin from some ransomware hackers.
I suppose the trick is to not let the authorities know the identity of your wallet, but then - how do you do commerce? You have to find car dealers, money changers, etc. that you are sure are not cooperating with the feds.
(What’s the current status of offshore gambling? Is that legal in the USA? I recall a while ago they were happy yo arrest anyone running offshore online casinos for a while…)
One thing I saw mentioned on MSNBC today was that the wallet the bitcoin was recovered from was in northern California, and already involved in another investigation. Colonial had notified the FBI fairly quickly, and the north Cal FBI office found the Colonial connection to the north Cal wallet not long after.
No, that is not necessarily true, because:
- the identity of the server owner may not be known.
- the owner of the server may have no idea that a squatter is using it to transfer bitcoin
- the identity of the cloud or network owner may not be known
The murky ownership of resources, along with the weak, absent, or unenforced regulations in “international waters” is precisely what allows hackers to operate their own dark networks, and colonize legitimate networks undetected for their own nefarious purposes. Even within legitimate jurisictions there are wild-west areas. And in rogue states like Russia? Forget about it.
Or a hair more than 2 Nimitz class aircraft carriers for a different perspective.
To my knowledge, it’s not illegal to hold money in your bank account without explaining where you got it. It only becomes a problem if the feds suspect you’re involved in a crime that itself involved the movement of X dollars, and coincidentally X amount of dollars has passed through an account that you control. Using Bitcoin doesn’t automatically mean you waive your privacy rights, any more than it does with dollars.
In another thread we went through all sorts of wild scenarios that amount to the same thing: if one isn’t careful where their identifiable accounts touch anonymous ones, then you don’t have anonymity. This has always been true of traditional currency, yet folks have been getting away with money-laundering for quite a long time.
Nobody claims Bitcoin effortessly makes one invisible to all real-world touchpoints; merely that it makes this goal much more achievable than is possible with traditional means, and that the public nature of the transaction log is no real impediment to that end.
Yes, it depends if the feds are interested in the person for some reason. They need only convince a judge this is worth a warrant - not trivial, but not “guilty beyond reasonable doubt”.
For example, if A pays an underage girl and then B transfers the exact amount to A ,“for tuition expenses” both B and A may be subject to scrutiny. (To pull an example out of thin air).
It is not illegal per se. But if you get audited, the auditor can & will ask where the deposits came from, and unless you can show you reported them or they are non-taxable, you will owe taxes. Have enough of said unexplained income, and you can be charged with Tax Evasion.