BTC-e.com down ! Police detains the owner .

[mustangy]

simple short entire story
Breaking open the MtGox case, part 1

Earlier today news broke of an arrest in Greece of a Russian national suspected of running a large-scale money laundering operation focused on Bitcoin. The man has since been publicly identified as Alexander Vinnik, 38, and over $4 billion USD is said to have been trafficked through the operation since 2011.

We won't beat around the bush with it: Vinnik is our chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof). This is the result of years of patient work, and these findings were surely independently uncovered by other investigators as well. Everyone who worked on the case have patiently kept quiet while forwarding findings to law enforcement, so as not to tip suspects off and to maximize the chances of arrests.

With such an arrest actually happening, we think today might — finally — be the day when we can begin talking about what we've actually been doing all this time and what we found. Thank you for your patience.


Summary
We're going to split this into a couple of different posts, as our full findings cover a wider range of topics, and for this post we'll just very quickly summarize the main BTC theft and its connection to Vinnik:
In September 2011, the MtGox hot wallet private keys were stolen, in a case of a simple copied wallet.dat file. This gave the hacker access to a sizable number of bitcoins immediately, but also were able to spend the incoming trickle of bitcoins deposited to any of the addresses contained.
Over time, the hacker regularly emptied out whatever coins they could spend using the compromised keys, and sent them to wallet(s) controlled by Vinnik. This went on for long periods, but also had breaks — a prominent second phase of thefts happened later in 2012 and 2013.
By mid 2013 when the funds spendable from the compromised keys had slowed to a near halt, the thief had taken out about 630,000 BTC from MtGox.
In addition, the shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. None of these users seem to have reported their "sudden luck".
After the coins entered Vinnik's wallets, most were moved to BTC-e and presumably sold off or laundered (BTC-e money codes were a popular choice). In total some 300,000 BTC ended up on BTC-e, while other coins were deposited to other exchanges, including MtGox itself.
Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e.
The stolen MtGox coins were not the only stolen coins handled by Vinnik; coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012 were all laundered through the same wallets.
Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME". As WME, Vinnik had previously made a public outcry that coins had been confiscated from him (the coins in question coming from Bitcoinica).
There were other thefts and incidents explaining other missing funds from MtGox. More on that in later posts.
There will be follow-up posts fleshing out the details of this post as well, for now we are keeping it short simply to stay close to the announcement of the arrest.
Coin flow
Having identified the actual transactions for the bulk of the stolen MtGox bitcoins, we traced them and clustered all addresses involved, quickly finding that other stolen coins were making their way into the same wallets. Below is a summarized illustration highlighting the theft coin flow of September 2011 onwards:


(The top area of the graph includes clusters unrelated to Vinnik, and appear to be part of a different theft.)
As some coins were deposited back to MtGox, we could identify which accounts were used to receive them; two in particular were of interest, and were possible to link to the online identity "WME". (Clusters who directly used these MtGox accounts are highlighted in red.) WME has been active since a long time back, often advertising "cheap coins" on the BitcoinTalk forums and wanting to trade exchange money codes. BTC-e publicly vouched for him, saying that "[we] know WME very well".

WME was involved with an incident involving stolen Bitcoinica funds (visible in the graph above), which provided yet another strong indicator that we had identified the right man, seemingly the main money launderer behind the MtGox heist. This incident also ended up revealing the name "Alexander Vinnik", though we didn't at the time think it was his real name, having seen many aliases. Today's arrest suggests it was real after all

To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.

http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

[mayax]

You can lookup Poloniex right here (and whoever else, assuming they have MSB's).. https://www.fincen.gov/msb-registrant-search

Poloniex says:

MSB Registration Number: 31000091844018
Registration Type: Corrected Report, Re-registration
Legal Name: Poloniex, Inc.
DBA Name:
Street Address: 1013 Centre Rd, Suite 403-B
City: Wilmington
State: DELAWARE
Zip: 19801
MSB Activities:
 Money transmitter, Other
States of MSB Activities:
 Alabama, Alaska, American Samoa, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District Of Columbia,
 Federated States Of Micronesia, Florida, Georgia, Guam, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas,
 Kentucky, Louisiana, Maine, Marshall Islands, Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri,
 Montana, Nebraska, Nevada, New Jersey, New Mexico, North Carolina, North Dakota, Northern Mariana Islands, Ohio, Oklahoma,
 Oregon, Palau, Pennsylvania, Puerto Rico, Rhode Island, South Carolina, South Dakota, Tennessee, Texas, Utah,
 Vermont, Virgin Islands, US, Virginia, Washington, West Virginia, Wisconsin, Wyoming
All States & Territories & Foreign Flag: Foreign
Number of Branches:
Authorized Signature Date: 08/29/2016
Received Date: 08/30/2016

I keep saying that by registering with FINCEN, it does NOT mean that a company is a MSB.

"Information contained on this site has been provided by the MSB registrant. FinCEN does not verify information submitted by the MSB. Information provided on this site reflects only what was provided directly to FinCEN."


You can register on FINCEN website yourself... right now with any name you want.   make a try.


So, being registered with FINCEN means nothing. First a company MUST be a MSB and then to submit on Fincen website.

A US company must be registered as MSB in all the states if they want to deal/trade/do business  in all of them. See Coinbase, Gemini, Itbit, Circle. Look to their websites. You will notice something like :

https://www.coinbase.com/legal/licenses

https://gemini.com/about/


See? BIG difference between Kraken, Poloniex and similar others and these ones

Again, being registered on FINCEN page without being MSB = zero (outlaw, illegal)

Please show me on Kraken and Poloniex website (or ask them via email, phone) where they are registered as MSB.

[Siren]

They said they are in for a unscheduled maintenance but it looks like this is no maintenance. Its already more than 24 hours now since they are down and from the looks of it they are not hack as well. I don't want to speculate, but its looks something is not right here. Another drama before the Aug 1 date. Great!!!

[Wendigo]

i said for SO many times(you can check my posts) : "by using an unlicensed exchanger, you are exposed to frauds and scams."  

do you think that Coinbase and similar others 5-6 exchangers which have a financial license,  were stupids to spend millions for their licenses? they want to play for a long time without looking behind and having the peace of the mind.
also, they can offer you the peace of the mind because they are insured. why would you use a shit/anonymous exchanger instead? for what?

I always target exchangers like BTC-e, KRaken, Poloniex and others without any license. Mark my words, they will come next.

Sorry mate but I am pretty sure Kraken has license to operate in all EU states from the Euro zone. I don't know about Poloniex though.

I think next on the agenda is shutting down all Bitcoin mixers. Then after having taken care of the exchanges and mixers they will most likely go after the gambling sites.

Kraken has NO license to operate anywhere including EU or USA. It's in the same position as BTC-e.  You can ask them about that and then please share the information. A financial license or MSB registration must be a public information.  

https://www.siliconluxembourg.lu/leading-bitcoin-exchange-kraken-com-announces-partnership-with-paycash/

http://paybefore.com/pay-world/virtual-currency-exchange-kraken-reaches-into-europe-oct-17-2013/

[Bully_Duster]

They banned me for trolling in the troll box which i did not care about but they held my assets for over a week I could not withdraw my own coin just because some one was butt-hurt about something I said. I could have started a new account under a different email but after that incident i realized that if they could keep me from my coins over some one being upset then, what if they just get greedy? I never went back to BTC-e except to PM some of my chat buddies and warn them to get out. that was about 7 months ago.

[owlcatz]

@mayax - So are you implying that Kraken and/or Poloniex are lying to Fincen?  

MSB Registration Number: 31000101726901
Registration Type: Corrected Report, Renewal
Legal Name: Payward Ventures, Inc.
DBA Name: Kraken
Street Address: 237 Kearny Street #102
City: San Francisco
State: CALIFORNIA
Zip: 94108
MSB Activities:
 Money transmitter, Other
States of MSB Activities:
 Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District Of Columbia, Florida,
 Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine,
 Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire,
 New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island,
 South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wisconsin, Wyoming

All States & Territories & Foreign Flag:
Number of Branches:
Authorized Signature Date: 03/14/2017
Received Date: 03/15/2017

[mayax]

i said for SO many times(you can check my posts) : "by using an unlicensed exchanger, you are exposed to frauds and scams."  

do you think that Coinbase and similar others 5-6 exchangers which have a financial license,  were stupids to spend millions for their licenses? they want to play for a long time without looking behind and having the peace of the mind.
also, they can offer you the peace of the mind because they are insured. why would you use a shit/anonymous exchanger instead? for what?

I always target exchangers like BTC-e, KRaken, Poloniex and others without any license. Mark my words, they will come next.

Sorry mate but I am pretty sure Kraken has license to operate in all EU states from the Euro zone. I don't know about Poloniex though.

I think next on the agenda is shutting down all Bitcoin mixers. Then after having taken care of the exchanges and mixers they will most likely go after the gambling sites.

Kraken has NO license to operate anywhere including EU or USA. It's in the same position as BTC-e.  You can ask them about that and then please share the information. A financial license or MSB registration must be a public information.  

https://www.siliconluxembourg.lu/leading-bitcoin-exchange-kraken-com-announces-partnership-with-paycash/

http://paybefore.com/pay-world/virtual-currency-exchange-kraken-reaches-into-europe-oct-17-2013/

yes, they made a partnership with a payment processor(PayCash Europe) which have a financial license. so what?

Kraken must have a financial license too. they are dealing with fiat. they have a bank account where they receive money from clients and they exchange to e-currency. that means MSB and they are not.

it's simple.

Please read the article again :

About PayCash Europe S.A.

PayCash Europe S.A. is a Luxembourg-based Electronic Money Institution


About Kraken

Kraken combines years of experience in the virtual goods and currency markets with a highly skilled engineering team and a host of carefully cultivated banking and finance relationships. Kraken (http://www.kraken.com), the full-featured professional digital currency exchange and trading platform.

in short, Kraken a lot of "bla bla". No license.

[mayax]

@mayax - So are you implying that Kraken and/or Poloniex are lying to Fincen?  

MSB Registration Number: 31000101726901
Registration Type: Corrected Report, Renewal
Legal Name: Payward Ventures, Inc.
DBA Name: Kraken
Street Address: 237 Kearny Street #102
City: San Francisco
State: CALIFORNIA
Zip: 94108
MSB Activities:
 Money transmitter, Other
States of MSB Activities:
 Alabama, Alaska, Arizona, Arkansas, California, Colorado, Connecticut, Delaware, District Of Columbia, Florida,
 Georgia, Hawaii, Idaho, Illinois, Indiana, Iowa, Kansas, Kentucky, Louisiana, Maine,
 Maryland, Massachusetts, Michigan, Minnesota, Mississippi, Missouri, Montana, Nebraska, Nevada, New Hampshire,
 New Jersey, New Mexico, New York, North Carolina, North Dakota, Ohio, Oklahoma, Oregon, Pennsylvania, Rhode Island,
 South Carolina, South Dakota, Tennessee, Texas, Utah, Vermont, Virginia, West Virginia, Wisconsin, Wyoming

All States & Territories & Foreign Flag:
Number of Branches:
Authorized Signature Date: 03/14/2017
Received Date: 03/15/2017

YES, I saying (explicitly stated) that Kraken, Poloniex and many others are lying  FINCEN        

Please ask these exchangers to provide their MSB registration and the State(s) where they are registered as MSB.  

[Wendigo]

[Netnox]

This is ridiculous. The Americans have detained a Russian citizen in Greece, for running a Bitcoin operation from Bulgaria. Now they want him deported to the United States. WTF? Why the Americans can't mind their own business.

[sgtwiggles]

Damn. How can other exchanges be safe from this? I don't think any one of them tries to verify where the money is coming from, that's the whole point of bitcoin. anonymity.

Looks like BTC-e is going to be shut down.  Blocknet more relevant than ever.

Blocknet is decentralized. no 3rd party risk! Game changer

Trade direct wallet to wallet. https://www.youtube.com/channel/UCCDBoR9fHb21bLH7FGvFrQg

[Lutpin]

This is ridiculous. The Americans have detained a Russian citizen in Greece, for running a Bitcoin operation from Bulgaria. Now they want him deported to the United States.

Sounds a bit like Canadian citizen gets arrested in Thailand on pressure from the US and commits "suicide" in his cell before being extradited to the US, doesn't it?

[owlcatz]

YES, I saying (explicitly stated) that Kraken, Poloniex and many others are lying  FINCEN        

Please ask these exchangers to provide their MSB registration and the State(s) where they are registered as MSB.  

So, how can they be "Lying" when they have to register through this system? https://bsaefiling.fincen.treas.gov/main.html

Are you even in the USA? Why do you think they would lie to Fincen? Do you even know what Fincen stands for? Lying to fincen would be about one of the dumbest things anyone or business in America could possibly do?!

[fast2fix]

they will be back in 5-10 days according to their latest tweet, i don't think they will be coming back. rip btce.

Update2: Ha дaнный мoмeнт вeдyтcя paбoты пo вoccтaнoвлeнию paбoты cepвиca. Пpимepныe cpoки oт 5 дo 10 днeй. Cпacибo зa пoнимaниe #btce

translation

At the moment, work is underway to restore the service. Approximate time of 5 to 10 days. Thank you for understanding #btce

[mayax]

This is ridiculous. The Americans have detained a Russian citizen in Greece, for running a Bitcoin operation from Bulgaria. Now they want him deported to the United States. WTF? Why the Americans can't mind their own business.

Most states require money services businesses operating within their territory to be licensed with the state banking department.  Note that many states also require registration of foreign MSBs(finacial company) that transact with their residents.  For example, money transmitters with no physical presence in Texas that transact with residents of Texas must be licensed in the State of Texas; same with all the other states.

So, if your company is registered in EU or any in other country and  it makes financial transactions(you are an exchanger) with US residents, you MUST be MSB in all the States.

US considers that once you deal with US residents, you must respect their law. See the casinos too; same shit  The casinos(even they are registered in EU) are not allowed to deal with US citizens.

[d3t0x]

Yay! Even more FUD to lower the price. Until this market gets some regulation at least from an exchange standpoint this stuff will continue to happen.

There's no accountability, so why would they follow the law.

[sparkgap]

they will be back in 5-10 days according to their latest tweet, i don't think they will be coming back. rip btce.

Update2: Ha дaнный мoмeнт вeдyтcя paбoты пo вoccтaнoвлeнию paбoты cepвиca. Пpимepныe cpoки oт 5 дo 10 днeй. Cпacибo зa пoнимaниe #btce

translation

At the moment, work is underway to restore the service. Approximate time of 5 to 10 days. Thank you for understanding #btce

Let's hope that's simply the time it takes for the Feds to snapshot their data and return the servers... My altcoins there have nothing to do with their shenanigans.

[tauceramica]

they will be back in 5-10 days according to their latest tweet, i don't think they will be coming back. rip btce.

Update2: Ha дaнный мoмeнт вeдyтcя paбoты пo вoccтaнoвлeнию paбoты cepвиca. Пpимepныe cpoки oт 5 дo 10 днeй. Cпacибo зa пoнимaниe #btce

translation

At the moment, work is underway to restore the service. Approximate time of 5 to 10 days. Thank you for understanding #btce

My buddy told me not to use btc-e exchanger. So they were really scammers, it seems. There is no service repair that could take 5-10 days. Kindly beware they are gone .

Server repair takes hours, not days.

[mayax]

they will be back in 5-10 days according to their latest tweet, i don't think they will be coming back. rip btce.

Update2: Ha дaнный мoмeнт вeдyтcя paбoты пo вoccтaнoвлeнию paбoты cepвиca. Пpимepныe cpoки oт 5 дo 10 днeй. Cпacибo зa пoнимaниe #btce

translation

At the moment, work is underway to restore the service. Approximate time of 5 to 10 days. Thank you for understanding #btce

Let's hope that's simply the time it takes for the Feds to snapshot their data and return the servers... My altcoins there have nothing to do with their shenanigans.

you are joking, right?

[sid3bysid3]

simple short entire story
Breaking open the MtGox case, part 1

Earlier today news broke of an arrest in Greece of a Russian national suspected of running a large-scale money laundering operation focused on Bitcoin. The man has since been publicly identified as Alexander Vinnik, 38, and over $4 billion USD is said to have been trafficked through the operation since 2011.

We won't beat around the bush with it: Vinnik is our chief suspect for involvement in the MtGox theft (or the laundering of the proceeds thereof). This is the result of years of patient work, and these findings were surely independently uncovered by other investigators as well. Everyone who worked on the case have patiently kept quiet while forwarding findings to law enforcement, so as not to tip suspects off and to maximize the chances of arrests.

With such an arrest actually happening, we think today might — finally — be the day when we can begin talking about what we've actually been doing all this time and what we found. Thank you for your patience.


Summary
We're going to split this into a couple of different posts, as our full findings cover a wider range of topics, and for this post we'll just very quickly summarize the main BTC theft and its connection to Vinnik:
In September 2011, the MtGox hot wallet private keys were stolen, in a case of a simple copied wallet.dat file. This gave the hacker access to a sizable number of bitcoins immediately, but also were able to spend the incoming trickle of bitcoins deposited to any of the addresses contained.
Over time, the hacker regularly emptied out whatever coins they could spend using the compromised keys, and sent them to wallet(s) controlled by Vinnik. This went on for long periods, but also had breaks — a prominent second phase of thefts happened later in 2012 and 2013.
By mid 2013 when the funds spendable from the compromised keys had slowed to a near halt, the thief had taken out about 630,000 BTC from MtGox.
In addition, the shared keypool of the wallet.dat file lead to address reuse, which confused MtGox's systems into mistakenly interpreting some of the thief's spending as deposits, crediting multiple user accounts with large sums of BTC and causing MtGox's numbers to go further out of balance by about 40,000 BTC. None of these users seem to have reported their "sudden luck".
After the coins entered Vinnik's wallets, most were moved to BTC-e and presumably sold off or laundered (BTC-e money codes were a popular choice). In total some 300,000 BTC ended up on BTC-e, while other coins were deposited to other exchanges, including MtGox itself.
Some of the funds moved to BTC-e seem to have moved straight to internal storage rather than customer deposit addresses, hinting at a relationship between Vinnik and BTC-e.
The stolen MtGox coins were not the only stolen coins handled by Vinnik; coins stolen from Bitcoinica, Bitfloor and several other thefts from back in 2011 and 2012 were all laundered through the same wallets.
Moving coins back onto MtGox was what let us identify Vinnik, as the MtGox accounts he used could be linked to his online identity "WME". As WME, Vinnik had previously made a public outcry that coins had been confiscated from him (the coins in question coming from Bitcoinica).
There were other thefts and incidents explaining other missing funds from MtGox. More on that in later posts.
There will be follow-up posts fleshing out the details of this post as well, for now we are keeping it short simply to stay close to the announcement of the arrest.
Coin flow
Having identified the actual transactions for the bulk of the stolen MtGox bitcoins, we traced them and clustered all addresses involved, quickly finding that other stolen coins were making their way into the same wallets. Below is a summarized illustration highlighting the theft coin flow of September 2011 onwards:


(The top area of the graph includes clusters unrelated to Vinnik, and appear to be part of a different theft.)
As some coins were deposited back to MtGox, we could identify which accounts were used to receive them; two in particular were of interest, and were possible to link to the online identity "WME". (Clusters who directly used these MtGox accounts are highlighted in red.) WME has been active since a long time back, often advertising "cheap coins" on the BitcoinTalk forums and wanting to trade exchange money codes. BTC-e publicly vouched for him, saying that "[we] know WME very well".

WME was involved with an incident involving stolen Bitcoinica funds (visible in the graph above), which provided yet another strong indicator that we had identified the right man, seemingly the main money launderer behind the MtGox heist. This incident also ended up revealing the name "Alexander Vinnik", though we didn't at the time think it was his real name, having seen many aliases. Today's arrest suggests it was real after all

To be clear, this investigation turned up evidence to identify Vinnik not as a hacker/thief but as a money launderer; his arrest news also suggests this is what he is being suspected for. He may have merely bought cheap coins from thieves and offered a laundering service. He is, however, a crucial piece of the puzzle, as he will have likely known who he was dealing with and laundering for, and so represents a major breakthrough in the case. We assume that law enforcement will now be taking the appropriate next steps to pursue all the remaining angles and hopefully identify the other individuals involved as well.

http://blog.wizsec.jp/2017/07/breaking-open-mtgox-1.html

I am shocked, what's the destiny of BTC-E? Will people get access to withdraw their funds? And what will happen next?