tainted bitcoins

[Gabi]

Remember that it's very easy to transfer the "stolen btc" to other addresses. Once it's done, there is no way for someone to tell if the btc he receive are from the "thief" or not.

So what mtgox, and in general blocking tainted btc, makes no sense at all.

[1713581303]

1713581303

[1713581303]

1713581303

[julz]

1. obtain "tainted" coins
2. send a small amount to every donation address you see
3. infinite griefing!

No, It would only cause problems for those who use wallets which don't subscribe to taint-lists.
Taint-list subscribed wallets could keep tainted coins separate so they're not inadvertently used as inputs along with other coins.

Your taint-aware wallet would let you know that the 'tainted' coins might be taxed or confiscated at the various government audited control points.
(e.g  major merchants, exchanges)

You can use a mixing service if you want - but you'll just be increasing the likelihood of getting tainted coins.

Multiple such tainting overlays could one day exist - and it seems to me that if the community were to develop protocols to allow wallets to subscribe to such lists, it may in fact speed up legal/governmental acceptance of bitcoin.  At the moment - some organisations are even scared to accept them as donations due to 'legal uncertainty'.

Taint overlays wouldn't stop you from accepting coins that governments considered 'tainted'.. you'd just be limited as far as who else would accept them.
The tainted coins would perhaps trade at a slight discount if they are merely taxed at control-points, or, if confiscated at control-points, they would trade at a heavier discount and be useful for the black market only.

[RandyFolds]

Yes but suppose I send 10 100% tainted coins to an address which already has 90 0% tainted coins, then you might consider that this new address now has 100 10% tainted coins.

Having worked in and with the UK regulatory industry for a long time it would not surprise me at all that building a large piece of machinery to track such trails would be high on their list of priorities.

You are putting way too much credit into the government's hands. They don't have the time or infrastructure to actually pull this off, and the value is so low that I doubt any would try.

It'd be like sending out the swat team to shake down a kid selling schwag in high school.

Coin tumbler...that is all that's needed. Silkroad aggregates all coins into a pool such that the likelihood of receiving the coins that your purchaser paid is incredibly low. The software could easily be taken a step further and prevent that occurrence. It might already exist, but I don't know. I am not into silkroad. I can get everything on there much cheaper locally without worrying about the postmaster general doing a controlled delivery.

[FreeMoney]

strictly philosophically, if Mt. Gox wants to question someone for coins sent to them that they recognize as originally being stolen from them, I don't see that the same thing as playing sheriff, no differently than if someone presents me cash as payment whose serial numbers I recognized as being stolen from me.  If you present cash to a bank for deposit and it happens to be colored with a spray of red dye (the kind from time-delay exploding dye packs given to bank robbers), you should expect questions and not be surprised.

I also don't believe that just because Bitcoin is cash-like and often anonymous, that laws are irrelevant.  In practice, Bitcoin certainly puts the law out of reach of a lot of things, but I don't think laws simply cease to apply in theory just because of that.

In the case of a bank detecting stolen serial numbers or dyed notes, the investigation will be handed over to law enforcement - the bank's role is one of informant.  That's not quite the same thing as Mt Gox freezing someone's account for containing "tainted" coins.  It's possible that they're exceeding their legal authority in doing that, but it's also unlikely that anyone is going to launch costly international litigation in order to have that issue determined.  To a large extent, Mt Gox and the other exchanges can do whatever the fuck they want as long as it's not criminal because it's just not very likely that anyone is going to seek civil remedies against them.

People can just stop using them. It's not like there are enormous barriers to entry.

[FreeMoney]

The more I think on this the more terrible it seems. So terrible that I don't think it will survive.

What if I send coins to Gox that are clean now (maybe I just stole them and even the victim doesn't know yet) I sell them and get paid. Later the theft is reported, now Gox doesn't have enough clean coin to back deposits.

I think I would only store the most badly tainted coins. Anything else is prone to become less valuable at any time. Clean one minute and then Bangcock police department links one of the addresses used in an input to an input to my address to some crime or 'crime' and I lose value.

If a lot of people do the same there won't be much difference in value anyway.

[repentance]

People can just stop using them. It's not like there are enormous barriers to entry.

I pretty much agree.  The exchanges won't change how they operate until there's a financial imperative to do so.  People stick with Mt Gox because it has the biggest volume, but it only has the biggest volume because people stick with it despite its pretty awful flaws.  To a large extent, exchange users are the authors of their own misfortune.  Whining about those flaws on messageboards will change nothing - people need to vote with their BTC/dollars.

[tonto]

I'll take some tainted coins!!!

Deposit tainted coins here: 1Ghg4qAnpSEwVYWfqLDVbi5p4nsasGfg27

Crap I was gonna say that I'd gladly take tainted coins as well.    You beat me to it!

[netrin]

You can use a mixing service if you want - but you'll just be increasing the likelihood of getting tainted coins.

Not if local mixing and scrambling services were more common and used.

[MagicalTux]

Just for information, we have until now shut down only a couple of accounts for stolen bitcoins, after confirming whoever stole the coins was indeed the owner of those accounts and confirming with law enforcement agencies in charge. There have been no suspended accounts for stolen bitcoins in the past 3 months.

I cannot give much details on the "tainting" process, however before coins are marked tainted, we need an official police report, and we need access to proof the coins were stolen. A simple government decision (let's say, to take something likely, "hey, let's taint wikileaks") would not be enough to cause the coins to be considered stolen, even if it comes from a Japanese court (we can refuse if no proof is given to us that there is indeed an illegal acquisition of coins).

There have been recently, however, moves of stolen coins we were tracking. It caused a few accounts to be temporarily suspended, and after investigation all those accounts were unblocked.


With time, the Bitcoin community is becoming better at protecting itself, with reports of stolen coins being less numerous each month. This is a good thing, and maybe means there won't be a need for this kind of system much longer.


There are two reasons why we do this. One is because it seems wrong to us to be allowing bad guys to steal from new bitcoin users who are not expert enough to protect their own computers. The other reason is because we are a legal entity, and we cannot ignore the law. While we can challenge requests for tracking as being unlawful (if, for example, we were ever required to follow coins for - say - wikileaks), refusing all requests would mean we are encouraging theft and become active part of a crime.


Now, if you could give us a ticket number with your inquiry if your account is "still blocked", we can look it up and confirm with you, however if you lose access to your account recently, there are no chances it would be because of tainted coins.

[cypherdoc]

Just for information, we have until now shut down only a couple of accounts for stolen bitcoins, after confirming whoever stole the coins was indeed the owner of those accounts and confirming with law enforcement agencies in charge. There have been no suspended accounts for stolen bitcoins in the past 3 months.

can u elaborate a bit on how u make these confirmations?

[MagicalTux]

Just for information, we have until now shut down only a couple of accounts for stolen bitcoins, after confirming whoever stole the coins was indeed the owner of those accounts and confirming with law enforcement agencies in charge. There have been no suspended accounts for stolen bitcoins in the past 3 months.

can u elaborate a bit on how u make these confirmations?

Unfortunately I cannot give much details on this part, however I can confirm the risk of false positive is really low.
One of the common points between all the blocked accounts so far is that when we contact the owner of the account by email, we never get any reply.

[cypherdoc]

Just for information, we have until now shut down only a couple of accounts for stolen bitcoins, after confirming whoever stole the coins was indeed the owner of those accounts and confirming with law enforcement agencies in charge. There have been no suspended accounts for stolen bitcoins in the past 3 months.

can u elaborate a bit on how u make these confirmations?

Unfortunately I cannot give much details on this part, however I can confirm the risk of false positive is really low.
One of the common points between all the blocked accounts so far is that when we contact the owner of the account by email, we never get any reply.

thats interesting.  i guess there's no harm in blocking someones acct if they're not going to complain about it.

[cypherdoc]

Just for information, we have until now shut down only a couple of accounts for stolen bitcoins, after confirming whoever stole the coins was indeed the owner of those accounts and confirming with law enforcement agencies in charge. There have been no suspended accounts for stolen bitcoins in the past 3 months.

can u elaborate a bit on how u make these confirmations?

Unfortunately I cannot give much details on this part, however I can confirm the risk of false positive is really low.
One of the common points between all the blocked accounts so far is that when we contact the owner of the account by email, we never get any reply.

just theoretically for us technically curious; A>B>C>D, if coins are stolen from A, get transferred to B, then end up at mtgox in D, how can you prove B and D are related?

am i even constructing this question correctly?

[phillipsjk]

just theoretically for us technically curious; A>B>C>D, if coins are stolen from A, get transferred to B, then end up at mtgox in D, how can you prove B and D are related?

am i even constructing this question correctly?

Don't follow addresses; follow the money. If the same, exact amount moves from address to address (especially if it is a weird one), it would be hard to come up with legitimate transactions to explain the funds.

To truly steal bitcoin and disappear without a trace, you need to not spend them. Not quite as fun.

[cypherdoc]

just theoretically for us technically curious; A>B>C>D, if coins are stolen from A, get transferred to B, then end up at mtgox in D, how can you prove B and D are related?

am i even constructing this question correctly?

Don't follow addresses; follow the money. If the same, exact amount moves from address to address (especially if it is a weird one), it would be hard to come up with legitimate transactions to explain the funds.

To truly steal bitcoin and disappear without a trace, you need to not spend them. Not quite as fun.

what if 20 btc moved from A>B>C>D and the owner of D, when questioned by mtgox and the police, says he got those 20 btc from a guy off the street (whom he never bothered to identify) who bought a random object from him.

[phillipsjk]

As long as the random object was really worth about 20BTC, that would be plausible deniability IMO.

Edit: That does not mean any investigation is automatically closed. If you make a habit out of buying random objects for exacly 20 BTC, regardless of the exchange rate, the police would likely still be suspicious.

[cypherdoc]

As long as the random object was really worth about 20BTC, that would be plausible deniability IMO.

but D could just make anything up like "i sold him an old radio and i didn't bother with a receipt".

edit:  i guess what i'm getting at is this; as long as there's one address btwn where the stolen coins are sent and the address at mtgox, how can the authorities prove anything?

[phillipsjk]

They can't. They are relying on the thief making a mistake. That is why MagicalTux doesn't want to comment, other than to say they won't respond to e-mail. Silence in itself is not incriminating either, but prevents the thief (if the the correct account has indeed been frozen) from making further mistakes.

[cypherdoc]

They can't. They are relying on the thief making a mistake. That is why MagicalTux doesn't want to comment, other than to say they won't respond to e-mail. Silence in itself is not incriminating either, but prevents the thief (if the the correct account has indeed been frozen) from making further mistakes.

give me an example of a mistake at this stage of my scenario that would implicate the owner of D.

[Gavin Andresen]

give me an example of a mistake at this stage of my scenario that would implicate the owner of D.

Ok, here are three:

Authorities gather enough circumstantial evidence to get a warrant.  They raid the guy's house/office, and find a wallet on an unencrypted hard disk with private keys corresponding to "B".  That should be enough evidence to convict.

Or the guy thinks he's being clever by breaking up his 10,000 BTC into 50 BTC chunks and slowly, over time, transfers them to new wallets C, then D.  Then deletes B and C.
But he doesn't realize that the graph of transactions he is creating would be IMPOSSIBLE to happen by chance if wallets B and C belonged to innocent bystanders (what are the chances that, say, 10,000 stolen bitcoins were broken up into a bunch of pieces and then just happened to end up later in the SAME wallet?)

Or somebody with lots of connections to the bitcoin network is figuring out (with pretty good precision) what IP address each transaction is coming from. The guy doesn't use a proxy to hide his IP address, and the transactions from A->B->C->D all appear to come from IP addresses allow assigned by the same Internet Service Provider in the guy's town. The authorities subpoena the ISP and find out the guy was assigned those IP addresses when the transactions hit the network.

----

All of the above is why I say it is hard to be anonymous when using Bitcoin, and I'd urge you not to do anything with bitcoins that would prompt The Authorities to bother getting subpoenas/warrants to try to figure out who you are.