BkkCoins
|
|
March 03, 2012, 05:28:05 AM |
|
So thief puts coins on CryptoXchange to sell. The price is driven down as buyers flock over to get some cheap coins - arbitrage. Then they hear that the coins are coming from the theft and start to avoid because they're worried they'll be held up and don't want the hassle. So the volume dries up and CryptoXchange realizes that to stay liquid and competitive with other exchanges they need to watch for stolen coins like MtGox.
|
|
|
|
99Percent
Full Member
Offline
Activity: 410
Merit: 101
🦜| Save Smart & Win 🦜
|
|
March 03, 2012, 05:28:53 AM |
|
I don't know how much cryptoxchange is involved but whomever's account sold the coins is a good spot to start the investigation. There are posts all over the forum about the stolen BTC and where a good portion are right now.
An investigation that would lead to what exactly?
|
|
|
|
Raoul Duke
aka psy
Legendary
Offline
Activity: 1358
Merit: 1002
|
|
March 03, 2012, 09:19:16 AM |
|
uh oh
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
March 03, 2012, 11:30:14 AM |
|
They will not confiscate the bitcoins
i wouldn't be so quick to assume that. i'm sure that assumption is based on the amount, 7 btc, right? what if it had been 7000 btc or 43000 btc? would mtgox confiscate them then? i'm thinking 'yes'. Of course they wouldn't confiscate them, if they were satisfied that you weren't the thief. This account suspension occurs more often than you think it does, and as far as I know gets rectified reasonably quickly. Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity. Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
BkkCoins
|
|
March 03, 2012, 12:53:36 PM |
|
Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.
Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep.
|
|
|
|
muyuu
Donator
Legendary
Offline
Activity: 980
Merit: 1000
|
|
March 03, 2012, 12:59:39 PM |
|
Sorry, but this is MtGox self-appointing themselves as BTC police. Beats me how can they require anything outside of their ToS on the spot and without any warnings. The truth of the matter is that they cannot prove these coins got to this user legitimately or not while we preserve anonymous transactions in the system. The only way would be to enforce identification for all transactions and even then it's possible to fake an identity.
Now I'm keeping my public keys as private as I can, lest someone "donate" coins to me out of the blue and taint me.
But it is in their TOS. And I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself. So pretty much all coins get tainted over time. That isn't at all what MtGox is looking at. I'm pretty sure they're looking at ones where investigating may help trace how they got to the member. To be useful at all this would limit it to just a few transactions in depth. Maybe even just one deep. MtGox is looking at the closest tainted coins I guess. Taint (properly calculated) wouldn't be binary. Over time that would grow exponentially, as you said. But you can have likelihood measures of taint, in proportion to the size and length (sequential number) of transactions. This doesn't stop anyone from randomly giving you a significant amount of stolen coins, just because you have some already, making you immediately highly suspicious.
|
GPG ID: 7294199D - OTC ID: muyuu (470F97EB7294199D) forum tea fund BTC 1Epv7KHbNjYzqYVhTCgXWYhGSkv7BuKGEU DOGE DF1eTJ2vsxjHpmmbKu9jpqsrg5uyQLWksM CAP F1MzvmmHwP2UhFq82NQT7qDU9NQ8oQbtkQ
|
|
|
finway
|
|
March 03, 2012, 03:16:25 PM |
|
Watching.
|
|
|
|
Bro
|
|
March 03, 2012, 03:17:36 PM |
|
So thief puts coins on CryptoXchange to sell. The price is driven down as buyers flock over to get some cheap coins - arbitrage. Then they hear that the coins are coming from the theft and start to avoid because they're worried they'll be held up and don't want the hassle. So the volume dries up and CryptoXchange realizes that to stay liquid and competitive with other exchanges they need to watch for stolen coins like MtGox.
this.
|
|
|
|
malevolent
can into space
Legendary
Offline
Activity: 3472
Merit: 1724
|
|
March 04, 2012, 12:31:30 AM |
|
I don't know how much cryptoxchange is involved but whomever's account sold the coins is a good spot to start the investigation. There are posts all over the forum about the stolen BTC and where a good portion are right now.
An investigation that would lead to what exactly? If he used his own pc without tor or proxy or used the account for usd deposits/withdrawals, locating him might be possible.
|
Signature space available for rent.
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 04, 2012, 06:56:11 AM |
|
I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.
That was me. It's 100k addresses, and 8 of mine, but you were close. http://bitcoin.stackexchange.com/a/2900/659
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
BkkCoins
|
|
March 04, 2012, 07:14:02 AM |
|
I saw a post here yesterday where the user explored the trail of the allinvain heist of 25,000 BTC. Since that occurred (what, 9 months ago or so?) it can now be traced into almost a million addresses including 9 of the poster himself.
That was me. It's 100k addresses, and 8 of mine, but you were close. http://bitcoin.stackexchange.com/a/2900/659Ah, yes. I really scrambled them up. I was mixing pizza and allinvain figures. Still shows how they really permeate the currency. I was too lazy to go find the link so very good you posted here.
|
|
|
|
Cryptoman
|
|
March 04, 2012, 07:36:27 AM |
|
I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority. Care to explain?
|
"A small body of determined spirits fired by an unquenchable faith in their mission can alter the course of history." --Gandhi
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 04, 2012, 08:03:50 AM |
|
I'm not sure I understand the significance of a transaction being an exact number of bytes, other than a smaller transaction having a higher priority. Care to explain? The exact number was 1337. http://www.urbandictionary.com/define.php?term=1337http://en.wikipedia.org/wiki/LeetThe digits look like "LEET", as in "elite".
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
phelix
Legendary
Offline
Activity: 1708
Merit: 1020
|
|
March 04, 2012, 10:43:02 AM Last edit: March 05, 2012, 09:24:22 AM by phelix |
|
while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art. edit: it was only coincidence, read below
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 04, 2012, 11:03:21 AM |
|
while I hope they catch the guy I have to pull my hat to this move - it's almost blockchain art. I was just looking at it. I recently made a post on stackexchange explaining how to calculate the size of a transaction before you send it: http://bitcoin.stackexchange.com/a/3011/659( "if your transaction has in inputs and out outputs, the transaction size, in bytes will be: in*180 + out*34 + 10 plus or minus 'in' ) It turns out that if your transaction has 7 inputs and 2 outputs, then the transaction size is 1338 plus/minus 7, but with a binomial distribution. This means that 1338 is the most common size (21% of 7-in, 2-out transactions), then 1337 and 1339 are the next most common (18.3% each), etc. Over 94% of 7-in 2-out transactions have a size between 1335 and 1341 inclusive. So perhaps the 1337 *was* just a coincidence. It's not a rare transaction size. Looking at the first ten 7-in 2-out transactions made by the thief while laundering his spoils, we see a random distribution of transaction sizes: size 1337 - tx d9804de366aa4c2a01565c3a3c8aa2ea20baafc276dc875f80b9044841205333 size 1337 - tx 4533991cd3072d04ffbae4bc97ac0d69c4111d2266a99a2a3853eb28acf87315 size 1340 - tx d396e1f3117c7516270e68041f50183540aeece29860a8d8bb4ca00b4dd5b202 size 1336 - tx afea4f38c1a6c42303e41462df5671aaeb439f047808cc330b911668446d3b9a size 1340 - tx eaa4390039b8c31fe8e2c7af80494eb47ccbd4456906b461c20e58bea7a38aff size 1339 - tx 50fe1017ea020e0f20f45cb71d855dc8f935e5db654824f7355ae0258d5fc897 size 1337 - tx 3472d8d9bcda865fbf3c34f68e4c87dc85b8fac0d37495cf2d29e887fb033532 size 1340 - tx ea49f5cd1998a218023a4f1b9f6eff6fe3a5ce41e2c3cb71640e1205b92dc44d size 1336 - tx 8c05029e5d2b49d1cf7881f29fc3978632f858620efaeb58fb5cb5abc5ec4611 size 1338 - tx d5c18faaa0f4daf8440b20905ef8a6eba49f09aa6178af115b51b35110eb34d6
Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
Matthew N. Wright
Untrustworthy
Hero Member
Offline
Activity: 588
Merit: 500
Hero VIP ultra official trusted super staff puppet
|
|
March 04, 2012, 12:43:28 PM |
|
Wouldn't a 'leet' thief modify their bitcoin client to make all the 7/2 transactions use a size of exactly 1337?
Agreed wholeheartedly. Seems coincidental. If I had done it, they would have all been 8008135 bytes each.
|
|
|
|
|
dooglus
Legendary
Offline
Activity: 2940
Merit: 1333
|
|
March 05, 2012, 02:41:40 AM |
|
I saw how BlockExplorers shows that a single address ( 1NRy8GbX56MymBhDYMyqsNKwW9VupqKVG7 ) shows twice as inputs in that transaction so was thinking this was some script-fu to cause the length to be 1337. The client won't do that on its own though, right?
No, wrong. That's exactly what the client will do on its own. If I send you 2 separate payments to the same address, they stay as two separate payments to that address. And if you spend them both at once, they'll show up as two inputs from the same address in the transaction. That's the only time that separate payments ever get 'mixed'.
|
Just-Dice | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | Play or Invest | ██ ██████████ ██████████████████ ██████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████████████ ██████████████████████ ██████████████ ██████ | 1% House Edge |
|
|
|
Stephen Gornick
Legendary
Offline
Activity: 2506
Merit: 1010
|
|
March 05, 2012, 03:27:29 AM |
|
No, wrong. That's exactly what the client will do on its own. If I send you 2 separate payments to the same address, they stay as two separate payments to that address. And if you spend them both at once, they'll show up as two inputs from the same address in the transaction. That's the only time that separate payments ever get 'mixed'.
I should have known that. Thanks for clarifying! I found in the wiki a little more explanation: - https://en.bitcoin.it/wiki/Transactions#Input
|
|
|
|
|