$7.5B In Stolen Bitcoin from 2016 Bitfinex Hack has just been moved (opens in new tab)

That's an interesting angle to cash out... just start sending to 1,000s of addresses - who's to say which addresses are owned by the criminals, and which are owned by other people?

They'd get less than cashing it all out themselves obviously, but it would take forever to unravel what actually happened (if possible ever)

Pretty sure what they mean is 'do you refuse it as payment?' - i.e. should you provide the thing someone is paying for or send the payment back and ask for untainted coins?

> […] but I would imagine your address would be forever tainted by a number of illicit address/transaction tracking algorithms.

Not if those algorithm are any good.

In Bitcoin, you can’t taint an address just by sending funds to it, since all transactions to the same address create separate “outputs” that must be redeemed separately.

If I send you a stolen iPod in the mail, do I forever taint your home address? Are you forced to accept it? No, of course not. You can return it to the police, throw it out, or return it to the sender. If you keep it and use it, then it becomes your problem. The same is true for Bitcoin. You can refuse any transaction output. You are not your address.

Edit: This post is being downvoted by people who don't want it to be true. Sorry folks, it is. Bitcoin is UTXO-based, and every output sent to your address is a unique piece of mail. If you don't like that, use an account-based system where it all gets mixed together.

I saw something like this happen when I was younger (this was pre-web, in the 80s or 90s, so I unfortunately haven't been able to find any online references to it): there was a big bank heist, and the stolen banknotes were new notes which hadn't been put into circulation yet. The ranges of their serial numbers were widely distributed by the press, and for instance cashiers at supermarkets were supposed to verify whether the serial numbers of the banknotes they received matched any of these ranges (since the banknotes hadn't been put into circulation, they were treated similar to counterfeit money: they officially didn't have any value). The country's currency has changed since then (it was the hyperinflation times), so that whole banknote series is no longer valid nowadays.

If someone pays you in cash, do you really look up the serial numbers of all the bills you receive?

I don’t think the “confiscate” part is categorically true.

If the police arrest suspected criminals and find money that can be traced back to criminal activity, they’ll confiscate it (permanently only after a trial). “Traced back” typically need not even involve checking serial numbers. If you’ve a lot of cash, but no regular job that explains how you could have that much money or why you would keep it in cash, that’s enough to confiscate it.

If, on the other hand, they find John Doe in possession of a banknote that was paid out in a ransom or stolen from a bank, and cannot link John Doe to any crime, John Doe can keep the money (they’ll ask him whether he knows where he got it and may be able to force him to exchange it for untainted money, but that’s it)

(Counterfeit money is different. If the police finds you in possession of it they’ll confiscate it, even if they know that you’re a victim)

Which is why thieves prefer used notes.

That both does, and doesn't solve this problem. If someone pays for services with stolen assets the ideal scenario is that the criminal is apprehended, the service provider doesn't lose money, and the funds can be returned to their rightful owner.

Monero protects the service provider, but doesn't solve the other problems.

The mere fact a distributed exchange has a central compliance team tells me it isn't very distributed...

Whats the point of a distributed exchange if you can just deny any exchanges at will? Doesn’t that defeat the core idea of an distributed exchange?

What stops them from just sending it to an intermediate address first?

exchanges keep lists of stolen coins and probably use taint analysis https://arxiv.org/pdf/1906.05754.pdf

Not an answer to your question but BTC does not really have wallets. Someone just signs a number of BTCs with his private key and your public key so the only way to sign it again is with your private key. This is essentially how it "moves" to "someone". Some other DTLs (blockchains) actually have wallets/accounts with properties where you can disable incoming funds/add a name/change the password and such stuff.

Unlike Ethereum, Bitcoin addresses are just a hash of a public key. The sent Bitcoins are unspent outputs that you can selectively (depends on the wallet) decide not to use.

iirc, a number of wallets allow you to specify which unspent TX outputs you use.

So if you got tainted coin sent to your address, you could avoid using that UTXO in future TXs.

That might protect you from some scrutiny.

What's wrong with simply returning it? Any "tainted coin tracker" could easily build in a mechanism for detecting that

what is tracked is outputs and inputs, not addresses. addresses are derived from a public key or a script.

when a block is mined, an output is created, outputs can only be spent once. a bitcoin transaction is just a list of existing outputs (inputs) and new outputs to create (outputs). each output is created with a lock script, to spend the output you must provide the unlock script which normally contains at least a signature and a public key

returning the output that corresponds to the unwanted transaction should do

Knowingly receiving then spending stolen money or property is a crime in many jurisdictions. In many cases it may be phrased like "or ought to have known" so wilful ignorance isn't a defence.

Even unknowingly receiving stolen money or property leaves you on the hook, potentially. If the rightful owner tracks it to you they can go "that's mine!" and the courts will order you to give it to them. The loss you incur here is yours; the law treats it as an incentive to be diligent and to not deal in stolen goods.

You can of course then try to recover the value you are owed from the person who sent you the stolen goods/money, if you want/can. And they from whoever sold them the stolen goods/money. And so on, all the way back to the original thief. The whole chain is tainted. (Pun intended, maybe.)

FIFO would mean that non-tainted funds added after tainted are also locked.

Finding money and using miney that your know is stolen are totally different situations.

'finding' is ofcourse situational, but abandoned property can be 'found' and claimed

all it takes is for one president in 2030s to create a new branch of gov that pays Google style salaries. would attract the best and brightest to write some powerful tools for all that, no?

Banks are the most law breaking entities in the United States. They constantly have to make enormous settlements for the insane number of laws they break. These are just the settlements for Bank of America:

https://www.fool.com/investing/general/2014/10/01/the-comple...

A better summary wouldn't be "they make plenty of money legally." It would be they make plenty of money illegally after paying the settlements.

And when a corrupt federal agent asks a bank to delete records, because they’re allegedly part of a secret investigation, they also comply. This happened in the Silk Road case, but the immutability of the Bitcoin blockchain revealed their transactions.

If they want to launder the funds all they have to do is used a decentralized exchange to convert the bitcoin into something like monero. Monero has an encrypted blockchain and a bunch of other anonymization features. So once you convert it to monero, poof, the funds simply disappear into the ether just like that without a trace. They can then convert it back into bitcoin if they want as well.

There's also wrapped bitcoins as an etf on etherum. Would they be able to detect or reject stolen bitcoins. Would you be able to trade the ETF coins instead without knowing?

The US has regulations around banks knowing their customers and being responsible about things like this. For better or worse, those regulations have in many ways "leaked" into the regulations of other countries, because the US makes many of them mandatory in order to get access to the US financial system, which most countries see as essential.

Sure, there might be places where you could convert that Bitcoin into a local fiat currency, but then what? You have US$7.5B denominated in some random fiat currency that is likely mostly cut off from the "main" transactable currencies of the world. You'd have to find ways to slowly launder it and convert it into something else. Doable, I guess, and maybe worth the time and effort considering you can't do anything with the money otherwise, at least not without getting caught. But doing all that is risky as well... make a mistake and you could get caught.

I'm pretty sure there's no bank in the world that would be willing to make a transaction in the billions and not keep a record of it.

They just shuffle coins around. Still possible to track. It's also obvious to everyone watching that the shuffling service was used. Exchanges have already started to refuse coins that passed through these services. They might as well be tainted.

The real solution is to drop bitcoin and use better technology. Monero looks like the best option right now. Private transactions, concealed amounts, fungibility, low fees and fast transaction processing. It's everything bitcoin was meant to be.

You have to find some clean bitcoins to tumble them with .... why would someone with clean coins tumble theirs with dirty ones?

Tumblers don't hide transactions, they just obfuscate them. Afaik the coins can still be easily traced programmatically.

A hashpower majority is not needed. For the latter, if a single digit percentage of the hashpower decides to enforce the ban, other miners in the network have an economic incentive to join the ban as well.

The reasoning is explained here https://juraj.bednar.io/en/blog-en/2020/11/12/how-could-regu...

In short, if a miner chooses to include banned transactions in its block, it means that block cannot be built off of by fully regulatory compliant miners. Fully compliant miners will be still building off the previous block in the chain. If fully compliant miners win the hash race and mine the next 2 blocks, the original miner's block will not be part of the longest chain, and they will lose all their block reward.

Of course they can't start orphaning blocks yet, but they can once it is more popular. It wouldnt take much government pressure, obviously governments will want to stop people from processing illegal transactions, and miners won't care

The new breed of users doesnt care at all about such things. Usually the price goes up as it becomes less cypherpunk and more of a regulated surveillance instrument - speculators will argue that it increases legitimacy and encourages institutional investment. It will still be a scarce asset that hedges against inflation

That article has been debunked for years, it is very old

https://www.getmonero.org/2018/03/29/response-to-an-empirica...

It's not, that analysis is from 2017 and the issues described have been mitigated. The Monero team updated mixin sampling algorithm to better reflect real world usage. They increased the ring size from a minimum of 4 in the paper to 11. The team is working on increasing the ring size from 11 to 64, and possibly 128 (provided there is enough block chain space).

Its pretty easy to from a tech perspective to tumble and swap coins or use a combination of both. Not only that but you can swap into different blockchains which have fully anonymous layers. So tracing a path is completely impossible. But there is one significant problem, tumbling and swapping 7.5 Billion is hard to do without creating huge market waves and that will be noticed. So you would spread it over 3-4 years and use a variety of swap/tumblers and it can be done. Eventually you have to cash it out and some off ramps might raise some flags.

> swap into monero without using any KYC exchange

How? Links on this being done?

No one is going to pay you interest unless they can use your deposit while they are doing so (loaning it out to others at a higher interest rate)

It would be easy to use satellites to find the person with hundreds of Tesla's in their front yard.

Unless it’s the same owner just rotating addresses

Case law on Bitcoin is still new. No guarantees depending on the jurisdiction, but I would figure most common law regions would not see it that way. The obvious analogy is moving the stolen funds between your accounts and publishing info about that. The limitation period on the fraud would still be from when the fraud was initially discovered by its rightful owner.

Actually, yes. Nice call on the -time- also ...

  re: reporting, if -anything- this will get them more attention, not less? (I'd think ...)

Considering the whole thing was ... what? 2016? It really is.-

(Maybe their are tryin' to get "some" shares ... :)

Memorize your private keys. Destroy any physical or digital copies of the keys in a “boating accident”. Tell the authorities you can’t recover the funds. Wait 25 years or so. Move to somewhere outside jurisdiction or extradition from the relevant authorities. Cash out.

>1GVR2qbKgT4uVUQMYVgPhQxFcKRJBVYMo4

A 1xxx addie?

In 2021?

Come on dude.

Or bc1qtl0s05gxxnv9xskkyzrd7k5epwr4esqdhpcvfx

:pray: :)

The loss became tradable on their exchange, the swap for equity was optional, their was also a token for for representing the return of the stolen funds that was trading as well. Eventually the tokens representing the losses were trading for an equal value to the loss so if you were a little patient you were reimbursed. Alternatively if you took the gamble to buy the debt tokens at below dollar parity you made a nice return. Meanwhile MtGox users are still waiting for legal proceedings to conclude and get their money back.

Seems to me the root problem is when people decide to use Bitcoin outside of it's original intended use, and centralize it.

I love Tether.

3 Billion printed this week, back then they should've just printed 72 mil USDT.

This seems to be the best solutions for the hackers?

"In order to confirm the identity of the hackers, we will request that 1 Satoshi is sent from the wallet address responsible for the hack to a wallet address specified by Bitfinex. We will work to ensure this can be done safely, thereby protecting the identities of all parties, and Bitfinex reserves the right to impose conditions on any transfers in order to verify claims and ensure a secure process."

Get $2.3B, no jail

Seems about right... Crypto is awesome until it is terrible.