The digital pursuit of the golden goose, or how the biggest scam in the history of Bitcoin has turned into a farce
The victims of the recent cryptocurrency scam tried to recover their stolen bitcoins and tried to circumvent the anonymity laid down in the very basis of cryptocurrency. SheepMarketplace, a site that uses Bitcoins and an anonymous Tor browser to provide online sales of prohibited goods, was closed in early December. The site administration reported that one of the dealers found a bug in the system that was used to steal 5400 BTC.
But users suspected that something was wrong, and found that the site most likely retained much larger funds owned by users without reason and was not going to return them. As a result, the former SMP clients unite, and find a bitcoin wallet containing 96000 BTC, which, as they considered, are connected with the scam. At the rate at the time the content of the wallet was 100 million dollars.
What happened next was only possible due to the unique features of the Bitcoin system, one of which is the openness of operations between wallets. As a result, when the money began to be transferred between accounts - users followed these transactions.
The way privacy is treated in the Bitcoin system is markedly different from the approach of the traditional financial system. The usual confidentiality model works through the strong connection of personal identifiers and transactions in transactions involving two parties, but both of them trust the third, usually payment providers, such as Visa or Mastercard.
')
The decentralized nature of Bitcoin means that all transactions must be public, because they must be confirmed by other users of the p2p system. In contrast to this openness, the network is designed to separate transactions from identification: users can see that one purse, indicated by a string of random letters and numbers, sent funds to another wallet, that is, another string of random letters and numbers, but to find out who is behind these strings is extremely difficult.
For small transactions, this is a sufficient condition for preserving almost complete anonymity, although there remains a risk that the use of certain types of transactions can identify a specific user, besides, it should be remembered that publishing your wallet address eliminates anonymity. As a result, when a block of 96,000 BTC is transmitted through the network, the publicly accessible nature of transactions can no longer be overcome.
As a result, one of the participants in the Bitdog sub-forum on Reddit was particularly persistent in tracking money. In a long series of publications sheeproadreloaded2 described in detail the winding journey of money through the entire system.
It was found that small transactions using bitcoins can be laundered using “mixers” that take money from several sources, mix them together in one wallet, and transfer them to the other side. The one who pursues Bitcoin transactions will eventually see how the funds are combined with each other, shuffled, crushed into smaller fractions, which as a result leads to the impossibility of separating the funds being pursued from the money that came into the mixer from other users.
But this scheme is falling apart when trying to launder bitcoins in the amount of $ 100 million. What did the fraudster discover when he tried to clean up the 96000 BTC? The fact that this amount exceeds all other transactions in the mixer, and the output is the same 96 thousand, only put up in a different order. As a result, it turned out that almost all of this money can still be traced to the final address, where they are ultimately stored.
Everything was rather rosy, the pursuers found their means, it remained only to find a way to return them, when suddenly this construction collapsed. Another user of reddit noticed that his own bitcoins were transferred to the same address. Then the truth struck: for the last few days, the pursuers did not chase the fraudster’s wallet, but the technical address for the internal work of BTC-E, the exchange where users exchange bitcoins and other currencies.
At least at one moment online detectives were on the right track. SMP is really closed, and bitcoins are stolen. But instead of crawling into the hole and trying to hide money , the fraudster seems to have done what any normal person would do in his place — exchange digital currency for real money at the first opportunity.
This is not the first time that a major Bitcoin exchange transaction has been in the spotlight. In November, the press published information about the transfer of 190.000 BTC, which approximately corresponded to 147 million dollars and was the largest in history . There were rumors about possible sources of transfers, among which were the Winklevoss twins who invested in Bitcoin, as well as the mysterious creator of the currency Satoshi Nakamoto.
But in fact, this transaction was most likely just the result of the work of the Bitstamp service, a popular European exchanger - after all, most of the money came from accounts registered on this exchange, and later the funds returned to such accounts.
And this is not the first time when the search for reddit, the source of which is the crowd, went awry. The site regularly experiences problems with the fact that its users are trying to track down any criminals using various public information on the network (known as doxxing), which forces us to more carefully follow the rule against posting personal information.
These rules did not prevent, for example, users mistakenly accusing Sunil Tripathi, a missing student from Brown University, that he was the perpetrator of the terrorist attack in Boston in April of this year. The good name Tripathi was restored when the Tsarnaev brothers were called, but it was too late - the avengers hacked the memorial page in memory of him on Facebook, defamed it and informed the whole family that he was a terrorist. Tripathi was found dead a week after the attack.
As for the SMP, the crowd still operates on the same principles of searching and instantly publishing any related information. For example, they thought that a former site moderator was found who gave an interview to the largest newspaper in the Czech Republic in an attempt to clear his name, but behind the scenes of what is happening, some users are still trying to see if there are any other loose ends in this transaction ball.
As for Sheeproadreloaded2, he left the battlefield, refusing to admit that detectives were wrong:
Now, for the most part, everything is back to normal. The second major post in the dying SMP sub-forum is an overview of the suppliers of controlled substances, and detective searches seem to have exhausted themselves.
Here ends an article on Guardian.com, and then I will bring to your attention the translation of an article on a major Czech portal:
We asked Tomash about the evidence that indicates his involvement in the creation of the SMP, published by researcher Gwen Branwen.
1. Tomash has his own hosting for the sheepmarketplace.com domain on a virtual private server, which also hosts several other domains, some of which are controlled by him.
2. One of these sites seems to be very closely connected with SMP itself, it uses the same basic technologies and, possibly, the same user interface, API
3. The official reason for closing [the fan site] is not convincing. In addition, the site was created shortly after the SMP itself.
4. Tomash - the first to start advertising SMP (February 1, 2013). He recommended SMP and BMR (similar site) as alternatives to Silk Road (April 11, 2013).
5. Tomasz is a C ++ developer, knows QT and the Nette Framework, uses Ubuntu, just like an SMP developer.
6. Tomasz complained about the use of bitcoind process memory on a VPS server and discussed the difficulties in running hidden services for functions such as email.
7. Tomash and his girlfriend are active users of the Tor browser, which can be found on screenshots from their computers.
8. It is not yet clear what Tomas is doing at the moment.
9. But it is known that in October he worked on a commercial site that had problems with deposits and accounts.
10. Tomash has published a number of .htaccess files in which the same errors occur as they are in the corresponding SMP files.
11. Previously, he was accused of bitcoin fraud
And the last quote by Tomasz from an interview in Czech:
Here is a cybercrime with cyber criminals, the ideal option of which at the moment is the opening of like-minded groups of three sites: exchanges for the exchange of cryptocurrencies, platforms for the sale of controlled substances and a mixer for clearing deals, so no pyramids are needed. We will follow the development of events with the hope that Bitcoin will mature and bypass the phase of the farce, especially since its course is no longer funny, and is again approaching a thousand US dollars:
But users suspected that something was wrong, and found that the site most likely retained much larger funds owned by users without reason and was not going to return them. As a result, the former SMP clients unite, and find a bitcoin wallet containing 96000 BTC, which, as they considered, are connected with the scam. At the rate at the time the content of the wallet was 100 million dollars.
Chasing money
What happened next was only possible due to the unique features of the Bitcoin system, one of which is the openness of operations between wallets. As a result, when the money began to be transferred between accounts - users followed these transactions.
The way privacy is treated in the Bitcoin system is markedly different from the approach of the traditional financial system. The usual confidentiality model works through the strong connection of personal identifiers and transactions in transactions involving two parties, but both of them trust the third, usually payment providers, such as Visa or Mastercard.
')
The decentralized nature of Bitcoin means that all transactions must be public, because they must be confirmed by other users of the p2p system. In contrast to this openness, the network is designed to separate transactions from identification: users can see that one purse, indicated by a string of random letters and numbers, sent funds to another wallet, that is, another string of random letters and numbers, but to find out who is behind these strings is extremely difficult.
For small transactions, this is a sufficient condition for preserving almost complete anonymity, although there remains a risk that the use of certain types of transactions can identify a specific user, besides, it should be remembered that publishing your wallet address eliminates anonymity. As a result, when a block of 96,000 BTC is transmitted through the network, the publicly accessible nature of transactions can no longer be overcome.
As a result, one of the participants in the Bitdog sub-forum on Reddit was particularly persistent in tracking money. In a long series of publications sheeproadreloaded2 described in detail the winding journey of money through the entire system.
It was found that small transactions using bitcoins can be laundered using “mixers” that take money from several sources, mix them together in one wallet, and transfer them to the other side. The one who pursues Bitcoin transactions will eventually see how the funds are combined with each other, shuffled, crushed into smaller fractions, which as a result leads to the impossibility of separating the funds being pursued from the money that came into the mixer from other users.
But this scheme is falling apart when trying to launder bitcoins in the amount of $ 100 million. What did the fraudster discover when he tried to clean up the 96000 BTC? The fact that this amount exceeds all other transactions in the mixer, and the output is the same 96 thousand, only put up in a different order. As a result, it turned out that almost all of this money can still be traced to the final address, where they are ultimately stored.
Everything was rather rosy, the pursuers found their means, it remained only to find a way to return them, when suddenly this construction collapsed. Another user of reddit noticed that his own bitcoins were transferred to the same address. Then the truth struck: for the last few days, the pursuers did not chase the fraudster’s wallet, but the technical address for the internal work of BTC-E, the exchange where users exchange bitcoins and other currencies.
Dead end
At least at one moment online detectives were on the right track. SMP is really closed, and bitcoins are stolen. But instead of crawling into the hole and trying to hide money , the fraudster seems to have done what any normal person would do in his place — exchange digital currency for real money at the first opportunity.
This is not the first time that a major Bitcoin exchange transaction has been in the spotlight. In November, the press published information about the transfer of 190.000 BTC, which approximately corresponded to 147 million dollars and was the largest in history . There were rumors about possible sources of transfers, among which were the Winklevoss twins who invested in Bitcoin, as well as the mysterious creator of the currency Satoshi Nakamoto.
But in fact, this transaction was most likely just the result of the work of the Bitstamp service, a popular European exchanger - after all, most of the money came from accounts registered on this exchange, and later the funds returned to such accounts.
And this is not the first time when the search for reddit, the source of which is the crowd, went awry. The site regularly experiences problems with the fact that its users are trying to track down any criminals using various public information on the network (known as doxxing), which forces us to more carefully follow the rule against posting personal information.
These rules did not prevent, for example, users mistakenly accusing Sunil Tripathi, a missing student from Brown University, that he was the perpetrator of the terrorist attack in Boston in April of this year. The good name Tripathi was restored when the Tsarnaev brothers were called, but it was too late - the avengers hacked the memorial page in memory of him on Facebook, defamed it and informed the whole family that he was a terrorist. Tripathi was found dead a week after the attack.
As for the SMP, the crowd still operates on the same principles of searching and instantly publishing any related information. For example, they thought that a former site moderator was found who gave an interview to the largest newspaper in the Czech Republic in an attempt to clear his name, but behind the scenes of what is happening, some users are still trying to see if there are any other loose ends in this transaction ball.
As for Sheeproadreloaded2, he left the battlefield, refusing to admit that detectives were wrong:
You all help stop [the crook] so that he does not become the richest man in Europe in the last 20 years. I'm going home, I'm tired, I don't have milk in the fridge, and I need to go back to my daily work, move away from the work of a detective who is solving secrets. I think bitcoins are a reality because I sell them. Most of you only buy it and trade it for substances. In fact, this is a type of currency that not only buys political power - it is enough to bend the very fabric of space / time.
Now, for the most part, everything is back to normal. The second major post in the dying SMP sub-forum is an overview of the suppliers of controlled substances, and detective searches seem to have exhausted themselves.
Here ends an article on Guardian.com, and then I will bring to your attention the translation of an article on a major Czech portal:
An interview with Tomasz JiĹ™Ăkowski on the portal Lidovky.cz
We asked Tomash about the evidence that indicates his involvement in the creation of the SMP, published by researcher Gwen Branwen.
1. Tomash has his own hosting for the sheepmarketplace.com domain on a virtual private server, which also hosts several other domains, some of which are controlled by him.
This is not a VPS server, this is a physical server, which is now located in Slovakia, in DataCube. It placed 17 projects. The server is no longer the most modern and, therefore, has limitations on the number of projects.
2. One of these sites seems to be very closely connected with SMP itself, it uses the same basic technologies and, possibly, the same user interface, API
I don’t know exactly what the author means by this, it’s possible that I can use Nette and PHP.
3. The official reason for closing [the fan site] is not convincing. In addition, the site was created shortly after the SMP itself.
I do not know when the SMP was opened, and therefore I cannot comment on this statement.
4. Tomash - the first to start advertising SMP (February 1, 2013). He recommended SMP and BMR (similar site) as alternatives to Silk Road (April 11, 2013).
I do not know what the author gives for advertising as an example, therefore it is very difficult to answer this question.
5. Tomasz is a C ++ developer, knows QT and the Nette Framework, uses Ubuntu, just like an SMP developer.
I wrote some amount of code in C ++ about a year ago, see the link or link . This was the Apache Manager MySql PHP project. If someone is interested, I can show the source code of unfinished projects. As for Nette and my questions on the forum, they are associated only with work projects I worked on, either on my own or on customers' projects. At that time I was working at Ĺ nekweb - web hosting, and I was wondering how exactly you can automate the registration of a new client and learn about its needs.
6. Tomasz complained about the use of bitcoind process memory on a VPS server and discussed the difficulties in running hidden services for functions such as email.
Yes, not so long ago I solved the problem with the performance of bitcoin operations on the server, this was done for the AnonymousTrade.com project. But at that moment I was more concerned with general issues, and tried to find out if it was possible to start such a service at all. Unfortunately at the forum of the pirate party there were not many answers from lawyers, and I had no opportunity to ask somewhere else.
7. Tomash and his girlfriend are active users of the Tor browser, which can be found on screenshots from their computers.
[ironic] Yes, and it’s especially dangerous that the photo is a cat right next to a computer with a Tor icon on it. This browser is an integral part of working with a bitcoin wallet due to the fact that the server can be attacked. Large exchanges and similar services use Tor to avoid external attacks. If the problem is that I installed Tor for my work, then yes, this is really bad.
8. It is not yet clear what Tomas is doing at the moment.
9. But it is known that in October he worked on a commercial site that had problems with deposits and accounts.
10. Tomash has published a number of .htaccess files in which the same errors occur as they are in the corresponding SMP files.
11. Previously, he was accused of bitcoin fraud
Questions 8, 9, 10 and 11 are very unintelligible, and I really have no idea what he is asking, I have nothing to say.
And the last quote by Tomasz from an interview in Czech:
People think this is my project. These thoughts are supported by a document that tells my story on the Czech Internet, reflected in two forums for programmers - Nette and Root, where I tried to solve problems with my projects, and also some of the questions on one of the projects were voiced by me on the pirate party forum. Now I send angry letters, life threatening, or require to send money. But the truth is that my first meeting with SMP was when users warned me that a fan page dedicated to sheepmarketplace.com is using our hosting. This site has been disabled because it is against Czech law.
Here is a cybercrime with cyber criminals, the ideal option of which at the moment is the opening of like-minded groups of three sites: exchanges for the exchange of cryptocurrencies, platforms for the sale of controlled substances and a mixer for clearing deals, so no pyramids are needed. We will follow the development of events with the hope that Bitcoin will mature and bypass the phase of the farce, especially since its course is no longer funny, and is again approaching a thousand US dollars:
Source: https://habr.com/ru/post/205534/
All Articles