The biggest bitcoin scam is happening right now
One of the biggest scams in the history of the Bitcoin network is happening right now. 96,000 BTC, which is almost one hundred million dollars, as of now, has been withdrawn from the accounts of clients, suppliers and administrators of the SheepMarketplace (SMP) site over the weekend. SMP was one of the main sites that came to replace SilkRoad, which was closed in October, and now, as a result of this scam, SMP itself is closed. It is still difficult to say exactly what is happening, but site users are trying to solve this puzzle on the popular reddit.com website in the sub-redit r / sheepmarketplace .
Here's what is known at the moment: the attacker (a lone person or a group of people) managed to fake balances in users' accounts, showing that they had Bitcoins in their own wallets on the site, while in fact they had already been transferred. During the week, the entire site was systematically empty, so that by the weekend, when the site administration realized that something was happening and closed the site, a huge amount of funds was written off from the users ’accounts. And all this happened just a few days after another SilkRoad competitor, Black Market Reloaded, announced that it was shutting down due to its inability to accommodate the massive influx of new users leaving SheepMarketplace.
Initially, it was stated that only 5,400 BTC, or about $ 5 million, was stolen, which was reflected in a message on the home page of the site, which indicated the supplier’s fault under the name “EBOOK101”, namely that he found the vulnerability and exploited it:
')
But this ad did not succeed in suppressing rumors that the entire site is in fact a complex scam, and the abduction of 5400 BTC is only a way to cover the tracks and send the search on the wrong track. Moreover, during the weekend it became clear that the amount of stolen funds is much higher.
From November 20 and the following days, a larger number of SMP providers found that they could not withdraw their funds, so immediately after that, they and ordinary users of the site began to publish their complaints on the SMP forum and on the corresponding sub-editor . Administrators assure users that the site is experiencing technical problems associated with updating the automatic system for disguising deals, but the erratic behavior of the market owners during this period is reflected on the SheepMarket Sample , a site compiling information from the accompanying reddit and SMP forum.
By November 27, SMP says that 90 percent of users got the opportunity to withdraw bitcoins. It turned out that this was not the case - and two days later, the developers already say that users will be able to withdraw 1 BTC, but only after the 22-hour countdown expires, but most vendors could not withdraw funds after that time either. And given the rapid growth of the price for Bitcoin after a positive response in Congress a couple of weeks before, this behavior looked suspicious to both SMP users and observers.
A little later, the administration claims that they did not want to flood the Bitcoin network with a multitude of small transactions, which also seems suspicious, because before that it was announced that they could withdraw from small accounts that had less than 1 BTC, and sellers with large budgets could not withdraw funds , leaving the alleged fraudsters free to choose the richest wallets, but not eliminating the network from many small transactions.
On the same day, the redmead user throwme1121 posted a new post in which he claims that he is now convinced that SMP is a scam. He draws such a conclusion from the fact that a couple of suppliers reduced the prices of substances at the same time as difficulties arose on the site and connected Czech website owners and two sellers who were friends with each other in their topic. The reduction in prices allowed them to quickly fill their accounts with bitcoins, and the technical difficulties associated with the complication in processing transactions due to the increase in their number.
A day later, the reddit users of TheNodManOut and silkroadreloaded2 managed to detect a massive outflow of bitcoins using the Blockchain transaction monitoring system, and after that publish in the topic on the redit that 39918 BTC ($ 40 million) just "disappeared into digital broadcasting" - making the administration mentioned Site theft 5400 BTC ($ 6 million) ploy and distraction. This mysterious withdrawal of almost 40 thousand bitcoins (and at this moment the amount has already reached 96 thousand), apparently, occurred only after the administration blocked the users' wallets. This step, according to the Y-combinator, is the hallmark of the scam in the virtual substance market, although the network’s sufficient anonymity does not yet allow to state the accuracy of these assumptions.
Further, the “people's investigators” understand that the huge size of the fraud makes the usual manipulations for the washing of Bitcoins impossible, as long as they track transactions. Suppose you need to “clean up” Bitcoin - in this case, you can send funds not directly, but through a “mixer”, such as Bitcoin Fog , where your transfer will be divided into smaller fractions, mixed with the same fractions, but other Bitcoins, from other places, and all this is again recombined, mixed and split several times, until the entire amount finally goes to the desired wallet, but theoretically in such a way that it is impossible to track. A similar scheme was built into the functionality of the closed in October SilkRoad. But this scheme is possible only if the same number of "pure" bitcoins is present in the "mixer", and preferably more - in the ratio of 2/3 or higher - then it will be almost impossible to track transactions.
It turned out that users were able to track down where the funds were withdrawn from the SMP, and then what method of laundering was used by the attacker. This detective story is described by one of the authors of the disclosure:
At the moment, in the discussion thread on the reddit, the addresses of the wallets, which absorbed the stolen funds, and other information are posted. Each user of the network can check it yourself. There are interesting considerations, such as the fact that attackers may be associated with the site used to launder bitcoins, and other theories.
But this is not the end of the story.
On November 2, journalist and researcher Gwern Branwen publishes in the Silk Road sub-redit a message about the "new and unnamed market . "
“I was given some interesting information. I would like to set the date and urgency for her, and if you have a moment, please do me a favor - cite this message with a link to the hash, a cryptographic hash of the preliminary proof of knowledge ", which he adds for the basis that he possesses a certain information without disclosing it - “in a comment, if several accounts make it, later it will be easier for me to confirm that I actually published this hash on November 3, 2013 and have information that I’m talking about.”
On Sunday, Branwen uploaded the Pastebin page, where he divulges information received from an anonymous hacker. It turns out that the “unnamed market” was the SheepMarketplace.
On November 2, 2013 he was contacted in the IRC chat, “anonymous security lovers”. He said that he has some information that he is ready to share if the journalist promises to keep her secret. He agreed, on the condition that it was not related to violence. A security enthusiast recently read an article by Branwen that Black Market Reloaded and SheepMarketplace would die within a year , and thought that he could help Branven write an even sharper article - if he could provide proof that SheepMarketplace was created by Tomas Jiřikovský, accused of frauds with bitcoins cheater.
Hacker also tells a journalist that he passed this information to the FBI, and also took responsibility for information leaks related to Black Market Reloaded (already mentioned competitor SilkRoad) and Project Black Flag (the site, which is also a victim of Bitcoin theft). Branwen read the results, checked the links, and decided that Jirjikovsky would most likely be the creator of the Sheep Marketplace. Then, as noted in his Pastebin-message , the journalist collected and sorted his notes, made copies of all the linked web pages, and prepared all this in one collection, available for download via Dropbox .
At the moment, this information is taken as the basic version for identifying the identity of the fraudster, and this evidence may lead to self-prosecution by deceived buyers and sellers, hackers and law enforcement agencies. If Bitcoin should become desirable and acceptable to the masses, especially in connection with the recent generous praise in the US Congress, those who invest in cryptocurrency will have the desire to catch and punish fraudsters, and prevent similar scams in the future.
Also, there is another interesting scenario that can explain the chaos on SheepMarketplace, going on in recent days. A mysterious hacker, claims to have passed the information to the FBI on November 2. This means that the FBI had at least an 18-day supply for its investigation, before the site began to experience problems. That would be more than enough for the FBI to find out the identity of the creator of SheepMarketplace, as they did with Ulbricht and SilkRoad.
Given the story, how the puppet anonymous informant Sabu, who works for the FBI, convinced Jeremy Hammond to disclose Stratfor data , would it be a great surprise if agents seized SheepMarketplace? It is quite possible, for example, that with information about the Jirjikovskiy FBI was able to control bitcoin transactions on SMP, and track down sloppy vendors.
At the moment, this scam has become one of the largest abductions in history at the current market value of bitcoins, and is on a par with major "real" crimes, such as stealing diamonds worth $ 108 million in the Harry Winston store in Paris in 2008. Also, the amount of 96000 BTC turns a swindler into one of the richest bitcoin millionaires in the current list of rich people , and all this even without such problems as putting on a mask or threatening someone with a gun.
With the usual robbery, the money would have already evaporated by now, but in this case it is not so - the bitcoin deal cannot disappear without a trace. The scheme works because any and every transaction is public and visible to any and every member of the network, and the participant is as anonymous as its connection to the wallet is anonymous. Right now, when you are reading this article, you can watch as a scammer tries to transfer his bitcoins again - at present it is slightly less than 92,000 BTC and this amount decreases with every small transaction. Selling and cashing these Bitcoins is an extremely difficult task, since the main Bitcoin exchangers require an identity document (in particular, to avoid charges that they are involved in money laundering), and if the withdrawal of funds is broken down into smaller amounts, for example , sell through sites such as localbitcoins.com - a “paper” trail will still be created. And as soon as at least one real bank account appears that has received the stolen funds, it will be quite easy to link it and a specific person.
This article is a compilation of materials from several sources:
www.newstatesman.com
motherboard.vice.com
r / SheepMarketplace
UPD:
Reddite users chasing a fraudster have provided a huge transaction schedule associated with the largest wallet used for the initial withdrawal of funds from the site. Caution, long page filled with images.png
Here's what is known at the moment: the attacker (a lone person or a group of people) managed to fake balances in users' accounts, showing that they had Bitcoins in their own wallets on the site, while in fact they had already been transferred. During the week, the entire site was systematically empty, so that by the weekend, when the site administration realized that something was happening and closed the site, a huge amount of funds was written off from the users ’accounts. And all this happened just a few days after another SilkRoad competitor, Black Market Reloaded, announced that it was shutting down due to its inability to accommodate the massive influx of new users leaving SheepMarketplace.
Initially, it was stated that only 5,400 BTC, or about $ 5 million, was stolen, which was reflected in a message on the home page of the site, which indicated the supplier’s fault under the name “EBOOK101”, namely that he found the vulnerability and exploited it:
')
“This vendor found [a] bug in the system and stole 5,400 BTC — your money, our money, all was stolen. We were not successful. ”
But this ad did not succeed in suppressing rumors that the entire site is in fact a complex scam, and the abduction of 5400 BTC is only a way to cover the tracks and send the search on the wrong track. Moreover, during the weekend it became clear that the amount of stolen funds is much higher.
Chronology and custom investigation
From November 20 and the following days, a larger number of SMP providers found that they could not withdraw their funds, so immediately after that, they and ordinary users of the site began to publish their complaints on the SMP forum and on the corresponding sub-editor . Administrators assure users that the site is experiencing technical problems associated with updating the automatic system for disguising deals, but the erratic behavior of the market owners during this period is reflected on the SheepMarket Sample , a site compiling information from the accompanying reddit and SMP forum.
By November 27, SMP says that 90 percent of users got the opportunity to withdraw bitcoins. It turned out that this was not the case - and two days later, the developers already say that users will be able to withdraw 1 BTC, but only after the 22-hour countdown expires, but most vendors could not withdraw funds after that time either. And given the rapid growth of the price for Bitcoin after a positive response in Congress a couple of weeks before, this behavior looked suspicious to both SMP users and observers.
A little later, the administration claims that they did not want to flood the Bitcoin network with a multitude of small transactions, which also seems suspicious, because before that it was announced that they could withdraw from small accounts that had less than 1 BTC, and sellers with large budgets could not withdraw funds , leaving the alleged fraudsters free to choose the richest wallets, but not eliminating the network from many small transactions.
On the same day, the redmead user throwme1121 posted a new post in which he claims that he is now convinced that SMP is a scam. He draws such a conclusion from the fact that a couple of suppliers reduced the prices of substances at the same time as difficulties arose on the site and connected Czech website owners and two sellers who were friends with each other in their topic. The reduction in prices allowed them to quickly fill their accounts with bitcoins, and the technical difficulties associated with the complication in processing transactions due to the increase in their number.
A day later, the reddit users of TheNodManOut and silkroadreloaded2 managed to detect a massive outflow of bitcoins using the Blockchain transaction monitoring system, and after that publish in the topic on the redit that 39918 BTC ($ 40 million) just "disappeared into digital broadcasting" - making the administration mentioned Site theft 5400 BTC ($ 6 million) ploy and distraction. This mysterious withdrawal of almost 40 thousand bitcoins (and at this moment the amount has already reached 96 thousand), apparently, occurred only after the administration blocked the users' wallets. This step, according to the Y-combinator, is the hallmark of the scam in the virtual substance market, although the network’s sufficient anonymity does not yet allow to state the accuracy of these assumptions.
Further, the “people's investigators” understand that the huge size of the fraud makes the usual manipulations for the washing of Bitcoins impossible, as long as they track transactions. Suppose you need to “clean up” Bitcoin - in this case, you can send funds not directly, but through a “mixer”, such as Bitcoin Fog , where your transfer will be divided into smaller fractions, mixed with the same fractions, but other Bitcoins, from other places, and all this is again recombined, mixed and split several times, until the entire amount finally goes to the desired wallet, but theoretically in such a way that it is impossible to track. A similar scheme was built into the functionality of the closed in October SilkRoad. But this scheme is possible only if the same number of "pure" bitcoins is present in the "mixer", and preferably more - in the ratio of 2/3 or higher - then it will be almost impossible to track transactions.
It turned out that users were able to track down where the funds were withdrawn from the SMP, and then what method of laundering was used by the attacker. This detective story is described by one of the authors of the disclosure:
All day I was chasing a villain with stolen bitcoins using the blockchain. Metaphorically, I was chasing him, watching through the glass roof of a moving train. I lagged behind him for less than 20 minutes, or “two network confirmations”.
The thief desperately created new addresses for wallets and deduced through them funds from 49 original wallets, each time waiting for three or four confirmations of the network before transferring funds again. Every time when I caught up with him, I “six hundred or sixty-sixter” him - sent in pursuit of the captured addresses on 0.00666 bitcoins to spoil his beautiful round numbers, such as 4000, or 8000. Then, suddenly, sums began to appear decimal digits, and now fractional bitcoin accounts jump from wallet to wallet like locusts on a hotplate, never stopping to confirm.
Now he was mixing and laundering our stolen bitcoins a second time, and this mixer was unbeatable.
If you, of course, do not guess what kind of method he uses, one in which almost all the monitored funds are laundered, and do not mix a small part of your bitcoins with them, passing a small amount through the same purses, and using the same algorithm. I was jumping from foot to foot shouting “come on!” On my laptop, waiting for six years for six network confirmations to spend 0.5 BTC in “ Bitcoin Fog ”. My half-bitcoin was eventually shredded and passed through a huge number of wallets, and I followed the largest batch through blockchain.info - and found the addresses with our 96,000 BTC stolen!
At the moment, in the discussion thread on the reddit, the addresses of the wallets, which absorbed the stolen funds, and other information are posted. Each user of the network can check it yourself. There are interesting considerations, such as the fact that attackers may be associated with the site used to launder bitcoins, and other theories.
But this is not the end of the story.
On November 2, journalist and researcher Gwern Branwen publishes in the Silk Road sub-redit a message about the "new and unnamed market . "
“I was given some interesting information. I would like to set the date and urgency for her, and if you have a moment, please do me a favor - cite this message with a link to the hash, a cryptographic hash of the preliminary proof of knowledge ", which he adds for the basis that he possesses a certain information without disclosing it - “in a comment, if several accounts make it, later it will be easier for me to confirm that I actually published this hash on November 3, 2013 and have information that I’m talking about.”
On Sunday, Branwen uploaded the Pastebin page, where he divulges information received from an anonymous hacker. It turns out that the “unnamed market” was the SheepMarketplace.
On November 2, 2013 he was contacted in the IRC chat, “anonymous security lovers”. He said that he has some information that he is ready to share if the journalist promises to keep her secret. He agreed, on the condition that it was not related to violence. A security enthusiast recently read an article by Branwen that Black Market Reloaded and SheepMarketplace would die within a year , and thought that he could help Branven write an even sharper article - if he could provide proof that SheepMarketplace was created by Tomas Jiřikovský, accused of frauds with bitcoins cheater.
Hacker also tells a journalist that he passed this information to the FBI, and also took responsibility for information leaks related to Black Market Reloaded (already mentioned competitor SilkRoad) and Project Black Flag (the site, which is also a victim of Bitcoin theft). Branwen read the results, checked the links, and decided that Jirjikovsky would most likely be the creator of the Sheep Marketplace. Then, as noted in his Pastebin-message , the journalist collected and sorted his notes, made copies of all the linked web pages, and prepared all this in one collection, available for download via Dropbox .
At the moment, this information is taken as the basic version for identifying the identity of the fraudster, and this evidence may lead to self-prosecution by deceived buyers and sellers, hackers and law enforcement agencies. If Bitcoin should become desirable and acceptable to the masses, especially in connection with the recent generous praise in the US Congress, those who invest in cryptocurrency will have the desire to catch and punish fraudsters, and prevent similar scams in the future.
Also, there is another interesting scenario that can explain the chaos on SheepMarketplace, going on in recent days. A mysterious hacker, claims to have passed the information to the FBI on November 2. This means that the FBI had at least an 18-day supply for its investigation, before the site began to experience problems. That would be more than enough for the FBI to find out the identity of the creator of SheepMarketplace, as they did with Ulbricht and SilkRoad.
Given the story, how the puppet anonymous informant Sabu, who works for the FBI, convinced Jeremy Hammond to disclose Stratfor data , would it be a great surprise if agents seized SheepMarketplace? It is quite possible, for example, that with information about the Jirjikovskiy FBI was able to control bitcoin transactions on SMP, and track down sloppy vendors.
At the moment, this scam has become one of the largest abductions in history at the current market value of bitcoins, and is on a par with major "real" crimes, such as stealing diamonds worth $ 108 million in the Harry Winston store in Paris in 2008. Also, the amount of 96000 BTC turns a swindler into one of the richest bitcoin millionaires in the current list of rich people , and all this even without such problems as putting on a mask or threatening someone with a gun.
With the usual robbery, the money would have already evaporated by now, but in this case it is not so - the bitcoin deal cannot disappear without a trace. The scheme works because any and every transaction is public and visible to any and every member of the network, and the participant is as anonymous as its connection to the wallet is anonymous. Right now, when you are reading this article, you can watch as a scammer tries to transfer his bitcoins again - at present it is slightly less than 92,000 BTC and this amount decreases with every small transaction. Selling and cashing these Bitcoins is an extremely difficult task, since the main Bitcoin exchangers require an identity document (in particular, to avoid charges that they are involved in money laundering), and if the withdrawal of funds is broken down into smaller amounts, for example , sell through sites such as localbitcoins.com - a “paper” trail will still be created. And as soon as at least one real bank account appears that has received the stolen funds, it will be quite easy to link it and a specific person.
This article is a compilation of materials from several sources:
www.newstatesman.com
motherboard.vice.com
r / SheepMarketplace
UPD:
Reddite users chasing a fraudster have provided a huge transaction schedule associated with the largest wallet used for the initial withdrawal of funds from the site. Caution, long page filled with images.png
Source: https://habr.com/ru/post/204688/
All Articles