Hacker took pains to hide $3.36B of stolen bitcoin. Feds found it anyway

The haul, the second biggest in DOJ history, shows the difficulty of hiding cryptocurrency.

 

Federal prosecutors have recovered $3.36 billion in bitcoin that was stolen a decade ago from Silk Road, the dark web bazaar responsible for distributing massive quantities of illegal drugs and other illicit goods and services to people worldwide.

Last November, federal agents executing a search warrant on a then-defendant’s Gainesville, Georgia, house seized a little more than 50,491 bitcoin that was stashed in an underground floor safe and on a “single-board computer” that was submerged under blankets in a popcorn tin stored in a bathroom closet, the Justice Department said on Monday. During the same search, agents recovered $661,900 in cash, 25 Casascius coins (physical bitcoin) with an approximate value of 174 bitcoin, 11.1160005300044 additional bitcoin, and four one-ounce silver-colored bars, three one-ounce gold-colored bars, four 10-ounce silver-colored bars, and one gold-colored coin.

Enter your email to get the Ars Technica newsletTop of Form

A $3.3 billion mystery

At the time, the haul was the biggest cryptocurrency seizure in US Justice Department history and today remains the department’s second-largest financial seizure ever, behind a ​​$3.6 billion seizure prosecutors made earlier this year from a married couple charged with money laundering.

The $3.36 billion belonged to James Zhong, 32, of Gainesville and Athens, Georgia. On Friday, Zhong pled guilty to one count of wire fraud, an offense that carries a maximum sentence of 20 years in prison.

“James Zhong committed wire fraud over a decade ago when he stole approximately 50,000 bitcoin from Silk Road,” Damian Williams, US Attorney for the Southern District of New York, said in Monday’s release. “For almost 10 years, the whereabouts of this massive chunk of missing bitcoin had ballooned into an over $3.3 billion mystery. Thanks to state-of-the-art cryptocurrency tracing and good old-fashioned police work, law enforcement located and recovered this impressive cache of crime proceeds.”

Prosecutors said Zhong executed a sophisticated scheme to defraud Silk Road of what was about $650,000 worth of bitcoin, based on the value of the cryptocurrency when the fraud took place in September 2012. To execute the plan, prosecutors said Zhong created about nine Silk Road accounts and funded them with an initial deposit of 200 to 2,000 bitcoin. Zhong then triggered 140 transactions in rapid succession to trick the Silk Road withdrawal-processing system into releasing about 50,000 bitcoin into the accounts.

“As an example, on September 19, 2012, Zhong deposited 500 bitcoin into a Silk Road wallet,” prosecutors said. “Less than five seconds after making the initial deposit, Zhong executed five withdrawals of 500 bitcoin in rapid succession—i.e., within the same second—resulting in a net gain of 2,000 bitcoin.”

One of Zhong’s other fraud accounts made a single deposit and more than 50 withdrawals before the account ceased its activity. Within a few days of the transactions, Zhong moved the bitcoin out of Silk Road and consolidated them into two high-value amounts.

When bitcoin performed a hard fork coin split in August 2017, Zhong’s 50,000 bitcoin windfall received a matching number of bitcoin cash coins. Zhong used an overseas exchange to convert the bitcoin cash to about 3,500 bitcoin, bringing his total take to roughly 53,500 bitcoin.

Starting earlier this year, Zhong started voluntarily surrendering a little more than 1,004 bitcoin to federal authorities.

Silk Road operated from 2011 to 2013 and was used to trade illicit goods around the world. The platform’s founder, Ross Ulbricht, was sentenced to life in prison in 2015.

IRS Criminal Investigation Special Agent in Charge Tyler Hatcher said that once Zhong completed the heist, “he attempted to hide his spoils through a series of complex transactions which he hoped would be enhanced as he hid behind the mystery of the ‘darknet.’” In reality, the bitcoin blockchain provides a history of every single transaction, which forensic investigators can use to trace stolen coins even when they pass through tumblers and other tools designed to obscure their origins.

Even cryptocurrencies with stronger privacy assurances, however, aren’t automatically safe from government seizures. Some of the $3.6 billion recovered in March, for instance, was in the form of monero, a cryptocurrency designed to obfuscate the trails of funds within its blockchain by mixing up the payments of multiple users. Using techniques that still aren’t clear, the IRS was able to recover the monero funds anyway.

Zhong is scheduled to be sentenced on February 22, 2023.

https://arstechnica.com/information-technology/2022/11/feds-seize-3-36-billion-in-bitcoin-stolen-10-years-ago-in-hack-of-silk-road/