An unknown hacker sat in the cryptocurrency “gold mine" for seven years before the feds knocked on him.
More than seven years have passed since Ross Ulbricht was arrested in the Science Fiction section of the San Francisco Library on charges of operating the vast shady Internet drug dealing marketplace known as the Silk Road.
But when the feds got their hands on Ulbricht’s laptop that day, they found the keys to unlocking only a fraction of the bitcoin he had amassed during his years of drug trafficking on the Silk Road. Yesterday, the Justice Department finally revealed where the billion-dollar tranche of Silk Road treasure ended up: stolen by a mysterious hacker and now confiscated by the US Treasury Department. report to WIRED.
The Justice Department yesterday filed a civil complaint for the confiscation of 69,370 bitcoins and other cryptocurrencies seized Nov. 3 from an unnamed person who is only identified as Person X in court documents. According to the IRS Criminal Investigation Unit, hacker X hacked Silk Road some from May 2012 to April 2013, stealing an abundance of money from dark website bitcoin addresses until Ulbricht’s arrest in October 2013.
The IRS say they have finally tracked down the hacker who stole nearly $70,000 of Silk Road in bitcoin, now worth over $1 billion, and allowed law enforcement to take control of the funds.
“The successful prosecution of the founder of Silk Road in 2015 left a billion-dollar question open. Where did the money go?" US Attorney David Anderson wrote in a forfeiture statement. “Today’s complaint about the confiscation of property at least partially answers this question. $1 billion of these proceeds of crime are now in the possession of the United States."
Cryptocurrency analysts first spotted $1 billion worth of coins on the night of November 3rd. The wallet address had long been known and discussed on hacker forums, but remained inaccessible to anyone who did not have secret access keys. While it was far from clear at the time who owned the coins and why they were moved on Tuesday, blockchain analytics firm Elliptic already then linked the wallet with Silk Road: in May 2012, 70,000 coins were moved from Silk Road to two other addresses.
By April 2013, these coins were consolidated into one address, where they were mostly dormant until this week. Even then, it was not clear if Ulbricht was simply moving the cryptocurrency around to different wallets. However, later that year, 101 coins were sent from an address to the now defunct BTC-e exchange. By that time, Ross Ulbricht was already in prison. Even if it was his money, he didn’t have access to the keys needed to move it.
A government confiscation complaint provides the answer to this mystery: The address to which the coins were moved in 2013 did not belong to Ulbricht, but to the hacker who stole them. With the help of blockchain analysis firm Chainalysis, IRS investigators uncovered 54 transactions moving more than 70,000 bitcoins from Silk Road addresses — transactions that Elliptic says happened in 2012 — to two other addresses.
The transactions were for round amounts, and none of them showed up in Silk Road’s own logs as a purchase or withdrawal by the seller, suggesting they were likely the work of hacker X to withdraw stolen loot.
In fact, the forfeiture complaint states that evidence was found that Ulbricht identified the identity of the man who somehow hacked the Silk Road and threatened him to force him to return the money. (The complaint does not explain how the hack occurred or how investigators learned about these threats, but it could all have been documented on Ulbricht’s seized laptop or on a hijacked Silk Road server.)
Hacker X appears to have ignored Ulbricht’s threats and kept the coins for himself, quietly watching their value rise while Ulbricht was arrested, tried and found guilty.
However, somehow the IRS found this X hacker and demanded a refund, to which he agreed on November 3rd. It is not clear exactly how the IRS tracked down the hacker, why the investigation took more than seven years, or what legal means the IRS used to convince X to return the money.
Elliptic co-founder Tom Robinson suggests that the 2015 transfer of 101 bitcoins to BTC-e may have helped: in 2017, BTC-e operators were indicted and businesses seized, along with account information that put the IRS on the trail. hacker x.
“Probably then they got access to the records of the exchange and information about this person,” says Robinson.
The ability to confiscate 10-figure funds gives law enforcement a huge incentive to invest time and money in tracking down the owners of illicit cryptocurrency caches.
After all, at the time the Silk Road was taken over, the roughly 144,000 coins seized from the drug market were worth a tiny fraction of the more than $2 billion they are worth today. The US Marshals put them up for auction for about $48 million in 2014 and 2015. Hacker X, on the other hand, was a more adventurous investor, and his fiscal conservatism would make the US government about a billion dollars richer.
According to Wired.
Cover image: Worldspectrum via Pexels