Tuesday, January 11, 2022

Bitcoin and other cryptocurrencies - not so secure as presumed?

 

A recent court case has revealed some interesting information about the supposed anonymity and security of Bitcoin - and, by extension, other cryptocurrencies.


The United States took action in federal court Monday to protect and ultimately return more than $154 million in funds that were allegedly stolen from a subsidiary of Tokyo-based Sony Group Corporation and then seized by law enforcement during the FBI’s investigation of the theft.

. . .

According to the government’s complaint, Rei Ishii, an employee of Sony Life Insurance Company Ltd. (“Sony Life”) in Tokyo, allegedly diverted the $154 million when the company attempted to transfer funds between its financial accounts. Ishii allegedly did this by falsifying transaction instructions, which caused the funds to be transferred to an account that Ishii controlled at a bank in La Jolla, California. Ishii then quickly converted the funds to Bitcoin cryptocurrency, the complaint said.

Based on evidence uncovered during the FBI’s investigation, a seizure warrant was authorized in June 2021 by a U.S. Magistrate Judge in the Southern District of California. As alleged in the supporting affidavit, law enforcement was able to trace Bitcoin transfers and identify that approximately 3,879.16 Bitcoins, representing the proceeds of the funds stolen from a subsidiary of Sony Life, had been transferred to a specific Bitcoin address and then to an offline cryptocurrency cold wallet.

The FBI, with significant assistance from Sony and Citibank, continued to investigate in cooperation with Japan’s National Police Agency, the Tokyo Metropolitan Police Department, Tokyo District Public Prosecutors Office, and JPEC (Japan Prosecutors unit on Emerging Crimes). As a result of this coordinated effort, investigators obtained the “private key” – the rough equivalent of a password – needed to access the Bitcoin address. All the Bitcoins traceable to the theft have been recovered and fully preserved. Ishii has been criminally charged in Japan.


There's more at the link.

One of the features of cryptocurrencies touted by their promoters is the supposed security of your holdings - if you hold the "private key" and keep it secure, nobody else can trace or touch them.  Well, I guess this case proves that isn't so any longer.  Furthermore, if law enforcement can do this, so can law-breakers.

Is cryptocurrency still a safe and secure method of storing and/or transferring wealth?  You be the judge.  Personally, I've always been dubious about that, and now I'm even more so.

Peter


9 comments:

Veritas Publius said...

Bitcoin is not anonymous, the ledger (all transactions) is public, and with government resources and computing power, transactions can be traced and people (in the west/INTERPOL at least) identified given enough motivation.

This is why Monero and similar cryptos are more preferred for fully anonymous transactions. I'm not saying they are absolutely foolproof, as given enough time and big computers, the major governments can frequently find just about anybody I'm sure, but it does make it enormously harder.

There are also ways of "washing" Bitcoin transactions through multiple layers/mixing in with legitimate transactions that make it significantly harder to track the money.

It is really hard/impossible for private actors to get your private key, the preferred method is infecting your computer and grabbing it that way (keystroke loggers, etc).

Ultimately Bitcoin, as the oldest, has far less security and anonymity than later cryptos.

I buy crypto as part of my investments, but I prefer to stick to more speculative/up and coming cryptos, Bitcoin tends to be too rich for my taste.

T Town said...

I seem to remember reading last year or so about the FBI recovering crypto currency from one of the ransomware payments that had made national news. Sorry, but I don't remember the details such as which ransomware event, or which crypto currency, but do recall the amount of discussion in certain circles that it generated.
One must take into account that even open source encryption software is likely compromised by intelligence agencies. After all, they employ people who contribute to the open source software to help insure that they have the ability to break such encryption products.
If anything, I don't trust crypto currency for the simple fact that as a programmer, I understand how vulnerable all electronic record keeping and communications really are.

Kentucky Packrat said...

Original idea from xkcd.com:

Hacker dreams: I'm sorry, Mr. NSA Director, he's encrypted this laptop with 4096 bit technology, even our billion dollar supercomputer won't be able to break the decryption.

Spook reality: (Boss to Minion) Take this $1 wrench, and hit the hacker's legs until he unlocks his laptop for you.

The concept that Bitcoin can't be reversed is silly. If they can't get your passcode, they can get you, and hold you in contempt forever until you give over your passcode.

CDH said...

...as if any other finanicial transactions are better? Don't get me wrong, I am not a fan of cryptocurrencies for the simple fact that they are not backed by *anything* other than faith, even moreso than national currencies. But, they are a barter/exchange like any other and for anyone paying attention ther eis little to no privacy and security in traditional banking either.

Aesop said...

"If you can be seen, you can be shot.
If you can be shot, you can be killed.
"

https://www.youtube.com/watch?v=ZGv8oAHxekU

John T. Block said...

Crypto is computer/internet dependent, yes? So where's your value go if the 'Net gets shut down? I'll stick to silver and gold....

Francis Turner said...

As "Veritas Publius" said, Bitcoin is pseudonymous not anonymous and it is quite possible to track transactions even through washer services.

Almost certainly law enforcement figured out that Ishii or one of his associates had the offline warrent and explained to that person that they'd get a significant reduction in sentencing if they pleaded guilty and decrypted the wallet. Mr Ishii doesn't seem to have done a good job of hiding his tracks so I expect it was as simple as searching his house and finding an SD card with a directory called "\Bitcoin\Wallet\" or similar

But yes, in general, crypto is a decent way to launder funds but I wouldn't leave my loot stashed there

Jonathan H said...

Again, if it isn't in your hands, it's not yours - and I'd IS in your hands, and someone who wants it finds out, they can get it.
As mentioned above, this is why only truly anonymous assets are safe...

Thomas W said...

This doesn't say how they got the private key, just that they got it. Might have been found by brute force computation. Or they could have gotten it more conventionally from Mr. Ishii or somebody else with access to the key.

From what I've read almost every data breach, hack, etc. is by convincing some human being to grant the hacker access to a secure network (e.g. pretending to be an employee who lost their access card / password) or similar low tech methods.