> Where do you find employees, even $500K/year ones, you would trust not to pick up $300m just sitting there in the open for the taking?
As with any crime, you rely on the risk (and potential punishment) being higher than the reward. In this case, because it's based on blockchains that are public, immutable and very easy to trace, it'll be hard to impossible for the one doing the drain to actually get away with it. They can try to go to a exchange to get actual money out of it, but the exchange will most likely have blacklisted the addresses involved. They can try to tumble it, but the exchanges will mostly likely blacklist your account if they see any tumbling involved as they can't fulfill the KYC/AML laws then. They can try to sit on it for the future, but eventually they are gonna want to cash out somehow, and then the two previous issues get in the way again.
How are "Coinjoined" transactions [1] able to be definitively traced to any one individual?
Every coin-mixing event can be interpreted 1,496 different ways. With each cycle increasing interpretations exponentially. "Every Whirlpool is structurally sound with 100% maximum entropy; Never cycling with yourself; Never cycling previously seen coins together; Never any deterministic links between inputs and outputs; And never any address reuse."
The authors of this coinjoin protocol use Boltzmann analysis to determine 1,496 possible linkages.
> If everyone starts doing this, will all coins eventually become tainted? I don't see a way out of this problem.
Indeed, if everyone started doing this (or everyone started using Zcash with z-addrs), then you might be able to get away with it. But that's not where we're at today.
Try signing up to Coinbase and funnel $320M worth of ETH via that account. They will 100% lock your account and ask for proof of where it comes from. If it comes from after doing a bunch of tumbling, they will go harder against you to prove where it comes from. Any big exchange will do the same diligence as otherwise they themselves will get into trouble with the law.
> Try signing up to Coinbase and funnel $320M worth of ETH via that account. They will 100% lock your account and ask for proof of where it comes from. If it comes from after doing a bunch of tumbling, they will go harder against you to prove where it comes from. Any big exchange will do the same diligence as otherwise they themselves will get into trouble with the law.
So cryptocurrencies are decentralized and free of regulation ... right until they aren't?
To be fair, if I walked into my local bank with $320M in cash I'd face the same problem.
Cryptocurrencies[1] are trying to be decentralized and free of regulation. But it turns out the world is run by people who like regulation.
[1]: There are so many people in crypto with such diverse views that it doesn't really make sense to say cryptocurrencies are X for any non-tautological value of X. Some people are 'code-is-law' crypto-anarchists, and some people are actually sane and can't wait for the law to get its shit together so they can build their cool decentralised prediction market without accidentally losing the ability to take international flights or something.
Since 1 wallet != 1 unique individual; it could be done. The points you bring up are fair, yes. But I'd also imagine if you were able to pull off a $350 million heist, you'd have some sense about obfuscating your withdrawls.
Not to mention, converting your initial crypto tokens into another currency, and then another currency, and eventually making it to Fiat. For example, converting to Monero and back to BTC would be near impossible to trace.
On top of this, there is Paxful which you can utilize for cash payments.
There are many, many ways if you are determined. I don't think anyone would be silly enough to attempt a $350 million withdrawal from Coinbase.
I have heard of people doing very unorthodox things, such as, buying virtual currency via BTC in an online MMORPG and then selling that virtual "gold" for a slight loss to a different vendor who pays out in Monero.
> For example, converting to Monero and back to BTC would be near impossible to trace.
You still have the problem of justifying where you got the initial crypto if anyone audits you. "I just remembered about some crypto I mined in 2010" will not cut it.
With that much at stake, it seems easier to try a public spectacle like the guy who is digging up a landfill to find an old hard drive with a btc wallet.
Actually, I think it is easier than ever. You can move your stolen crypto to tornado.cash which pools your crypto together with everyone else's and then allows you to anonymously pull it out from the pool in .1/1/10... increments allowing you to effectively wash it. From there, you just need to launder it to legitimize it which you could do by creating some BS coin or NFTs with your real name attached to it which just so happens to get a bunch of "investors" (really just you investing the coins you stole).
I thought it is all decentralized. I thought that it the whole point of Web3. Dou you want to tell me it is not. That there are central instances, which I can control? Wow.
I made no arguments for/against decentralization, I didn't mention web3 nor that there is no central instances or that no one controls nothing in the cryptocurrency world. What are you even doing here on HN if you can't actually reply with a good faith argument? Please save that for Reddit or wherever that happens normally.
As a user, you don't get equal access to the Blockchain. You can't make any transactions unless someone wins the mining/staking lottery and then writes a block for you, an operation that is incredibly expensive to achieve. While the Blockchain itself is a distributed ledger, your access to it is not decentralized.
As with any crime, you rely on the risk (and potential punishment) being higher than the reward. In this case, because it's based on blockchains that are public, immutable and very easy to trace, it'll be hard to impossible for the one doing the drain to actually get away with it. They can try to go to a exchange to get actual money out of it, but the exchange will most likely have blacklisted the addresses involved. They can try to tumble it, but the exchanges will mostly likely blacklist your account if they see any tumbling involved as they can't fulfill the KYC/AML laws then. They can try to sit on it for the future, but eventually they are gonna want to cash out somehow, and then the two previous issues get in the way again.