Zhong was caught because he made basic operational security errors, like address reuse (which is how he was caught by linking fraud wallet to exchange wallet) , static IP, using a KYC exchange in 2017 to convert BCH into BTC, etc. Not because Bitcoin was cracked. After being caught, Zhong voluntarily relinquished his passwords to encrypted wallets and other bitcoin, not that the crypto was cracked.
I wonder how the feds bypassed the statute of limitations on this. He was not identified until almost a decade after the theft. I am guessing his attempts at laundering the money and spending, reset the clock.
Very broadly speaking if you're hiding and law enforcement is actively looking for you the statute of limitations pauses, because the delay is morally your fault. (And actively looking has a generous definition) That could be what happened here.
that's where case law comes in, probably there's some test for it made up by a few judges (like was there an active warrant, or named as person of interest in an active case, etc..)
I assume people involved in this sort of activity would convert to Monero first (can be done without KYC in a 100 different places). Then they would go to localmonero or a site like it and select cash in the mail. They would round to the nearest XMR at a time when transacting on localmonero so that even if the exchangers they used were compromised the government wouldn't be able to link them to the initial BTC->XMR swap based on transaction amounts.
Not at this scale. You can do many transactions in the way that you describe and perhaps withdraw a million dollars, but you can't launder a billion dollars this way.
There is a reputation system on basically all p2p exchange sites, they wouldn't be able to scam for long.
> running into a sting
This was the basis of Operation Dark Gold. They had a ton of other evidence against the people they rounded up, I think it just helped them find targets. Receiving cash in the mail is not illegal.
Many ways. Dark valley exchanges. Flying to Dubai and exchanging any amount with draft fleeing Russians. Sending to a Lightning Network wallet, doing a few rounds within the LN and then depositing to an exchange.
by simply using a third wallet that does not link the two? HIs mistake was a rookie move that could have been avoided but he got lazy. Lazy criminals make law enforcement's job easier.
I don’t understand what the third wallet does. If the first wallet is tainted, anybody can just look to see what destination wallets it sends to and follow the trail. Adding an extra wallet doesn’t help.
This is just part of the Bitcoin sales process: any time a case gets attention showing that a common marketing claim is wrong, the sales guys come up with a reason to say it was the victim’s fault rather than a weakness of the system they’re trying to get you to buy into.
You can, but this is the kind of thing which is very easy to get wrong in ways which are significant legal risks on their own.
For example, if you were some random cryptobro buying personal quantities of drugs in 2015 there’s some risk but the FBI probably isn’t going to spend time on something that small. If you do anything which reveals funds going to or from a tumbler, however, the risk isn’t just KYC but also questions like who else used that tumbler - if you were participating at the same time the North Koreans or a big ransomware ring were laundering something, that traffic might be a lot more likely to get analyzed and in the worst case scenario some agents show up trying to get you to convince them that you were unwitting small fry and not hiding more. Lying to them is a federal crime, too, so even if you nothing other than tumble coins for ideological reasons you’d want to be very careful about what you say – and think about how hard it could be to prove you didn’t know the other parties in a transaction.
>Lying to them is a federal crime, too, so even if you nothing other than tumble coins for ideological reasons you’d want to be very careful about what you say – and think about how hard it could be to prove you didn’t know the other parties in a transaction.
This is true. However, I'd present a few caveats:
1. Even though it's a felony to lie to Federal (and some state/local) law enforcement in the US, you can just not speak to them. In fact, you should mostly not talk to the police under any circumstances. There are many reasons for this. Too many for me to list here. However, this attorney and a former police officer[0] (48 minute video, but well worth it. Share it with your friends and family too!) provide all those reasons.
2. Law enforcement aren't superhuman. They're just as dumb (or smart, but the really smart ones end up in corner offices rather than police stations like police and more common criminals) as the next guy. Their big advantage, especially in a circumstance like this, is that they only have to get it right (i.e., find some evidence) once. The alleged perpetrator of a crime needs to get it right (in covering their tracks, destroying evidence, etc.) every single time to make sure they aren't identified and caught.
So, unless you're prepared to cover your tracks (in this case, it was bitcoin transactions) over and over forever, you run the risk of being caught -- eventually.
I'll say it again, because it's an important point: If you're in the US (not just a citizen, anyone present within its borders), DON'T TALK TO THE POLICE!
I'm sure things are different elsewhere (perhaps someone could expound on that?), but in the US, just STFU.
> So, unless you're prepared to cover your tracks (in this case, it was bitcoin transactions) over and over forever, you run the risk of being caught -- eventually.
This is really the main thing I was thinking about: it’s been bizarre how the salespeople kept going on about bitcoin being anonymous when it’s more like “if you do everything perfectly, you probably won’t be tracked. As far as we know now.”, which is just incredibly fragile.
You're referring to the risk of getting chased down for the "bad deeds" of others after funds are co-mingled. You're not explaining that it's prohibitively risky or not possible.
Further, I'm only aware of tumbling blacklisting [0], where the exchange gets blacklisted for co-mingling known dirty funds. AFAIK, there are still sizable tumbling vectors.
My point was simply that your options with Bitcoin for converting it into real currency or goods are either easily tracked (mainstream exchange following KYC laws) or push you into riskier activities. As with most things, the odds of getting caught aren’t certain but one somewhat unique risk to most cryptocurrencies is that you have to estimate the risk of retroactive punishment since the ledger is irrevocably public.
That’s already stressful and expensive but consider also that you’re probably only having that conversation if they already have evidence for at least one crime (disclosure and/or taxes). That is likely going to be grounds for a search warrant to examine everything else, and even if that’s ultimately fruitless it’d be an ordeal and could lead to professional consequences as well as things like losing your devices to a forensic lab.
I don't like that. Opsec burden on users is the fault if the protocol. I see this thinking being pervasive in many areas. If it was monero address reuse is not a concern or using kyc exchange logs if the other currency was zcash for example.
Bitcoin is not a cipher it's the whole system so it is valid to say a weakness in bitcoin was used to find the person.
> I wonder how the feds bypassed the statute of limitations on this.
I don’t think they did; if the BCH transaction was in 2017 was the subject of fraud, it was within the statute of limitations when he was publicly charged.
> I am guessing his attempts at laundering the money and spending, reset the clock.
They didn’t “reset the clock” on the fraud involved in obtaining the bitcoin initially, but they were likely generally, on their own, fraudulent transactions.
According to info from another comment, he waved the statute of limitations as part of a plea deal. Not really sure how a plea deal was on the table after the statute of limitations, but there you are.
I wonder how the feds bypassed the statute of limitations on this. He was not identified until almost a decade after the theft. I am guessing his attempts at laundering the money and spending, reset the clock.