How one guy lost millions of dollars of bitcoin to a hacker

Originally published at: http://boingboing.net/2016/12/20/how-one-guy-lost-millions-of-d.html

…

hmmmm, sounds like a plausible way to reduce some tax liability.

Welcome to the Future of Currency. Freedom from governmental and institutional regulations have created a perfect alternative in Bitcoin. The official currency of the Libertaria lifestyle.

Does his cellphone provider have any liability here?

Isn’t the point of Bitcoin that, with the block chain, they can track where the money went?

[quote=“hungryjoe, post:4, topic:91522, full:true”]
Does his cellphone provider have any liability here?
[/quote]Yeah. I’d think a lawsuit is in order if they basically gave away most of what he owned because someone called in and asked them to.

Kind of like hiding all your money in your mattress. It’s all fine and dandy until a fire or burglary occurs.

The first thing the thief’s going to do is dump the stolen BTC into an anonymizing tumbler and walk away with new BTC from various sources while yours move into a random pool somewhere to be doled out slowly to other thieves. They’re run by mafiosos in eastern Europe and other places where laws are loose and your chances of recovering anything are nil. Money laundering was among the first things that was sorted out in the BTC world. Even if you discovered that Alexandru in Bucharest had your BTC, this might not be useful information.

So two-factor authentication is basically useless if people can just take over your phone number? What the heck are we supposed to do? If you read the article they even say asking for a port block on your number is probably useless. It does mention that Google voice numbers can be blocked. So is switching to that the answer?

At least I don’t have any bit coins to steal. How much damage can a hacker to to a regular old online bank account? Can they just transfer money out of it to wherever? (I don’t even know how to transfer money out of my own account.) It would be nice if we could have some safeguard added to online bank accounts equivalent to “no online transfers or withdrawals or anything like that.”

I can imagine that working for small quantities, but could it really work for a theft this big? You’d think that most of the same coins would go back to their original owner.

You’re not thinking about just how many persons are using “tumbler” services to swap drug money from Darknet Markets.

Very little in the way of Bitcoin payments are used for purposes that would fly with the traditional payment processors beyond speculation.

I don’t pay too close attention, since the whole Bitcoin world is basically a toxic mess of organized crime and goldbug zealots and it’s pretty disturbing to look at closely for very long. The criminals pulling the big heists have worked out ways to move huge quantities, though, the Silk Road 2 and Mt Gox heists immediately transferred quantities larger than this heist through a bunch of tumblers/mixers to launder the stolen BTC and disappeared with their stolen crypto-currency.

I pay attention mostly because goldbug zealots make me laugh (or at least did before Trump) and I know persons who investigate money laundering rings.

The way you keep bitcoin safe is to put it in a paper wallet (here’s just one example) and lock the wallet in a safe deposit box. That makes it impervious to any online attack (though it will still be vulnerable to a bank heist). This guy was in bitcoin long enough to know that, and so I am kind of stunned that he would have been careless enough not to take that very simple precaution.

Better yet: multiple bitcoin paper wallets, spread across multiple safe deposit boxes. It’s the only way to be sure.

Man, heist films will all have to be retro. Can you immagine something like The Italian Job or Oceans 11 set in 2030?

90 minutes of this guy on the phone and clicking on stuff.

I’d hope so but then if he passed all the security tests what else can the provider do? This seems like a well planned attack. It’s probably no co-incidence that the victim had millions in Bitcoin.

Christ though, this Kenna guy is going to commit suicide isn’t he?? Most of us imagine getting millions but imagine losing millions.

Online banks are subject to tons of regulations (depending on your jurisdiction, of course), and they deal with fraud day-in day-out, so you’re likely to get most of your money back (at worst you can sue them and you’ll likely win). As long as you can somehow prove that it wasn’t you moving the money, you’ll be fine - the onus on the bank to secure their systems. There are no such guarantees with distributed cryptocurrencies.

Sometimes, that most-disparaged of concept called “Rule of Law” can turn out to be quite useful indeed.

(of course you should still practice good password hygiene - use a password manager and long random pwd, etc etc).

He’s the sort of guy who can afford to sit on millions of dollars worth of Bitcoins, so he probably has plenty of other money as well. Given the amount of Bitcoin the article implies he accumulated versus the implied scale of his loss, my guess is that he diversified his holdings long ago.

Though he had locked it with a 30-character password, the hackers moved the coins off.

How? Was it “passwordpasswordpassword123456”?