Why Ilya Lichtenstein didn't coinjoin?

[Jason Brendon]

Hey folks,
I don't know if posting like this would offend or violate any rules here. Let me know and I will delete it if so.
So one thing got me thinking: the Ilya Lichtenstein couple who hacked the Bitflinex exchange was literally the richest crypto couple in the world at that point, on paper.
However, how could they cash it out?
Smart people like Lichtenstein couple couldn't figure out a way to wash the coins? through coinjoins or converted them into monero and then converted them back.(through localmonero or anything like that)

Why they didn't do so?
Reasons being two:
1. coinjoins can be unmixed. (if you think conjoins can disguise, then why didn't they conjoin?)
2. i don't really know.


Your input here.

[1714760505]

1714760505

[franky1]

coinjoins work by people putting in, small 0.x amount of coin
where when coinjoin when they get like 50*0.x the use another groups 50*0.x for groupA.. and use groupA's for groupB's

problem is even trying to get these 50*0.x take time to find enough people/coin
problem is when thieves steal 120,000btc. trying to use a service that only handles 0.x amounts. just becomes an impossible thing to use unless you are going to sit there and split your funds more then 100,000 times
which if you do the math would take more then a year of non stop full time work

they did actually try to hide their spending. by converting to monero and then converting back to remove the 'taint'
but the thing is they used exchanges to do this where they messed up by using ID/email/devices that could then link accounts and see amounts deposited matched even when taint of coin addresses were not the same inbetween

[Jason Brendon]

but the thing is they used exchanges to do this where they messed up by using ID/email/devices that could then link accounts and see amounts deposited matched even when taint of coin addresses were not the same inbetween

How come smart people like these two failed to such junior issues? They could have used some decentralized monero exchanges to launder the tainted coins.

[Upgrade00]

How come smart people like these two failed to such junior issues? They could have used some decentralized monero exchanges to launder the tainted coins.

The thing is after a scam of a large magnitude, the options to liquidate becomes very thin. The address is going to get flagged by many exchanges, and if you're going to use a decentralized platform, you'll need to also reveal the address you want the new coins sent to, which could still be a means of exposure.

It's doable to launder, but quite difficult to execute. Further prove that Bitcoin or crypto does not encourage scams and frauds with its transparent nature.

[stompix]

Smart people like Lichtenstein couple couldn't figure out a way to wash the coins? through coinjoins or converted them into monero and then converted them back.(through localmonero or anything like that)

There are two things, trying to break the links between the hacked coins and the coins in your wallet, which can be done with mixing and,  like Lichtenstein and Morgan tried with depositing and withdrawing coins from Alphabay, peeling chains, and even chain hopping through instant exchanges, and many others and the other is cashing the coins (even if clean) out.

This is where two really f** up, they've set a few fake identities, set up companies, and tried to exchange the cleaned coins through them but in most cases, they ended up with them frozen because exchanges asked for the source of funds and the two of them have been able to come up with a believable story, and since more and more of these cases happened investigators started putting the pieces together.

Basically, if the two would have never tried to exchange the coins to fiat through centralized exchanges they would have probably never been caught, or at least it would have been that easy for the investigators.

[Jason Brendon]

The thing is after a scam of a large magnitude, the options to liquidate becomes very thin. The address is going to get flagged by many exchanges, and if you're going to use a decentralized platform, you'll need to also reveal the address you want the new coins sent to, which could still be a means of exposure.

hey, monero is not telling where the coins are sent to.  (i am not shilling monero or anything. i am just saying.)
Check out how hackers in north-korea actually get things done. Nice and easy.

[Upgrade00]

<snip>

I'm aware monero is a privacy coin, the point I was making, was how much difficult it gets to clean the funds, when the scam goes public and related addresses gets flagged.

Considering the BTC amount, exchanging that to monero would need a platform with very high liquidity or would be done over a long period of time, both scenarios would increase chances of exposure.

[PrivacyG]

I think the more pressure is put on you through the public, the harder it is to find the smooth and easy way out.  You just know there are hundreds or thousands of eyes on you and every single trace you may have left, so there was probably even some sort of anxiety every time they were trying to find the way out.  Because since you are being looked after by so many people and agencies, you just have that feeling that every time you get on the Internet to look for a way out they will start linking you as a suspect.

Realistically, it is extremely hard to hide your moves if you are using a computer that is online, centralized exchanges, public Blockchains et cetera.  If you want to hide, you have to hide for good and you have to make sure every step is accurately calculated with no chance of going wrong.  A little wrong step on the Internet leaves a permanent footprint that might ultimately lead to your identity reveal.

For example.  Coin Joining would have been a good choice, only if they knew how to properly do it without getting exposed.  There is a problem with managing change after a Join is complete.  There are multiple possible flaws that, once done, will expose everything.

-
Regards,
PrivacyG

[franky1]

hey, monero is not telling where the coins are sent to.  (i am not shilling monero or anything. i am just saying.)
Check out how hackers in north-korea actually get things done. Nice and easy.

they were not found via chain analysis.
they were found via services that required emails. ID's etc, where emails linked to apple cloud accounts that linked to a data store of a private key

lessons to learn.
when apple says your personal data is safe on their cloud. dont be dumb. it obviously isnt
when money service businesses say they dont exchange information with other entities.. dont be dumb. they will
when using mixers or privacy promoted crypto. dont be dumb. just using these ass some suspicion points to your account risk level

yep although tracking taint of privacy coins is not something that exchanges can do(easily):
just having a user make deposits via monero earns that user suspicion flag points. just from the act of using monero
just having a user make withdrawal via monero earns that user suspicion flag points. just from the act of using monero

where regulated exchanges in many cases do share info about risky users that both exchanges might know of

[NotATether]

hey, monero is not telling where the coins are sent to.  (i am not shilling monero or anything. i am just saying.)
Check out how hackers in north-korea actually get things done. Nice and easy.

Yes but you see, your options for exchanging monero are limited. Exchanges intentionally do not support it because of laws requiring them to drop it, so you have to rely on some unknown exchanges - and obviously these exchanges do not want to become targets for law-enforcement so they must have at least a small amount of chain analysis to protect themselves.

[Jason Brendon]

\
lessons to learn.
when apple says your personal data is safe on their cloud. dont be dumb. it obviously isnt
when money service businesses say they dont exchange information with other entities.. dont be dumb. they will

That's totally against the philosophy of bitcoiners — trustless. And yet they trusted Apple's words. They actually got themselves f***ed.

[franky1]

\
lessons to learn.
when apple says your personal data is safe on their cloud. dont be dumb. it obviously isnt
when money service businesses say they dont exchange information with other entities.. dont be dumb. they will

That's totally against the philosophy of bitcoiners — trustless. And yet they trusted Apple's words. They actually got themselves f***ed.

i wouldn't categorise the thieves as "bitcoiners". they are just immoral opportunists that used and abused crypto to get 'value' which enriched their FIAT lifestyles.

the other thing is that people dont read services 'privacy policies' they just read the first paragraph and take the tone of the first paragraph to judge if they should 'trust' a service

take coinbase.
first paragraph

We at Coinbase (defined below) respect and protect the privacy of visitors to our websites and our customers.

sounds nice right. seems trusting.. seems like they wil protect you and hide you from other businesses right.. well  read on

Device type and unique device identification numbers;

Device event information (such as crashes, system activity and hardware settings, browser type, browser language, the date and time of your request and referral URL);

Other technical data collected through cookies, pixel tags and other similar technologies that uniquely identify your browser.

yep even if you use tor for one account and clearnet for another. they can link the accounts using pixeltags and device ID stuff even if different browsers and IP addresses are used. .. hmm not so preserving privacy right?

Information we collect from our affiliates and third parties. From time to time, we may obtain information about you from our affiliates or third party sources as required or permitted by applicable law. These sources may include:

    Our Coinbase Family of Companies: Our “family of companies” is the group of companies related to us by common control or ownership (“Affiliates”). In accordance with applicable law, we may obtain information about you from our Affiliates as a normal part of conducting business,

in short coinbase is part of the https://dcg.co/portfolio/ family. and all of these businesses listed on that link share your info between each other

[Jason Brendon]

\
lessons to learn.
when apple says your personal data is safe on their cloud. dont be dumb. it obviously isnt
when money service businesses say they dont exchange information with other entities.. dont be dumb. they will

That's totally against the philosophy of bitcoiners — trustless. And yet they trusted Apple's words. They actually got themselves f***ed.

i wouldn't categorise the thieves as "bitcoiners". they are just immoral opportunists that used and abused crypto to get 'value' which enriched their FIAT lifestyles.

Right I agree. But everyone in front of BTC shall be equal, whether he's a Russian, a hacker, or anyone. Because we're decentralized thus we don't reject anything. They had had the ability to hack and eventually made it which showed their skills and how flawed the security system was.
Nevertheless, they probably didn't want to enrich themselves as I can guess back in 2016 there weren't too many merchants or companies that took BTC as payments.
If it were to happen these days or in the future when BTC is widely adopted, I guess they won't want to cash it out.

(No right or wrong, no hates, just a piece of my personal opinion.....)

[Lucius]

Smart people like Lichtenstein couple couldn't figure out a way to wash the coins? through coinjoins or converted them into monero and then converted them back.(through localmonero or anything like that)

You start from the completely wrong assumption that these are intelligent people, because if they were as intelligent as you think, they would still be free and enjoying life. You don't have to be very intelligent to steal something or hire someone to do it for you, but where most thieves slip up is what comes next.

Yesterday you only had enough money to survive, and today you have millions at your disposal, and if you start spending like a drunken millionaire, sooner or later you will be on someone's radar. @stompix explained what they were doing, but they were far from ready to play the game at such a high level, especially if they thought that Bitcoin could provide them with a sufficient amount of anonymity.

Basically, if the two would have never tried to exchange the coins to fiat through centralized exchanges they would have probably never been caught, or at least it would have been that easy for the investigators.

Which proves that they wanted to launder money quickly, and that they didn't understand the risk of using CEX, even with fake identities. Let no one be fooled that CEX does not cooperate with the authorities, perhaps even more than we think.

[Betwrong]

but the thing is they used exchanges to do this where they messed up by using ID/email/devices that could then link accounts and see amounts deposited matched even when taint of coin addresses were not the same inbetween

How come smart people like these two failed to such junior issues? They could have used some decentralized monero exchanges to launder the tainted coins.

They did a lot of exchanges, that's the answer. Yes, they were smart, so in most cases they were doing everything properly, but if you are doing multiple tasks at the same time, it is quite possible to fail at some, and in a case like this, one fail is enough.

My post might look like I'm sympathizing them ... I'm not. There's nothing romantic in taking other people's money without their consent. It's a disgusting act, and such a plan should have been abandoned at the very beginning if there was a sane person in the team. There wasn't, apparently.

[franky1]

Nevertheless, they probably didn't want to enrich themselves as I can guess back in 2016 there weren't too many merchants or companies that took BTC as payments.

they didnt cash it all out. but in the same respect they didnt hoard it all.
they just took out enough to pay for their lifestyle. but didnt put much effort in concealing their services used to do those cashing out or hoarding

its not a fault or flaw of bitcoin utility/function. nor other crypto. the thieves issues was the thieves issue. they didnt think about what information they were linking to the services they used.

but the thing is they used exchanges to do this where they messed up by using ID/email/devices that could then link accounts and see amounts deposited matched even when taint of coin addresses were not the same inbetween

How come smart people like these two failed to such junior issues? They could have used some decentralized monero exchanges to launder the tainted coins.

They did a lot of exchanges, that's the answer. Yes, they were smart, so in most cases they were doing everything properly, but if you are doing multiple tasks at the same time, it is quite possible to fail at some, and in a case like this, one fail is enough.

they did not perform all the tasks in a short time. thus its not an excuse of 'being rushed so made mistakes' it was the fact of using services that promote themselves as 'privacy' and 'trusted' but they didnt do the research or think about if the service really was privacy guarding.

as my previous post examples 'coinbase' that makes people think they should trust it as a privacy guard, but the details later in the same policy show the opposite of privacy.

EG imagine using coinbase. then using say Gyft to buy giftcards..
both services are sister companies and share info so expect your gift card purchase to be a known destination of your coinbase funds

[DaveF]

In addition to all above, they also did not move the coins enough and use other people (mules) to do it.
Not a lesson in crime here but if money goes from A to B to C to D to E before going back to A it's a more difficult to prove.
It also costs time and money.

-Dave

[jackg]

There'd be issues still with pricing how they got so much money and where they came from (if you conjoined with that much money - or even moved it around quite a bit like turning it into altcoins - you are likely still quite easy to trace).

Even in cash you're going to find companies astounded by how much is randomly there if you don't normally have much wealth/money stored in accounts (they'd've been better mixing multiple times via coin join and mixing and only cashing out small amount of funds when they needed it - but then they still wouldn't have gotten to use the majority of the funds they stole unless they found a more sophisticated technique to be able to withdraw it.