The Penny drops: $611 Million in cryptocurrencies stolen

[leadeater]

2 hours ago, The Unknown Voice said:

https://en.wikipedia.org/wiki/List_of_security_hacking_incidents

 

What relevance does this have to bank computer systems though? All you've done is link to an incomplete list of hacks in general (not bank specific). The only recent one btw in that list is 2016 in Bangladesh and the majority of the money was recovered, which was my point.

 

Other than this more recent one there are only 3 in your provided list, 2 explicitly mention the money as being recovered. The third, 1988 Bank of Chicago, was conducted by employees of the bank and money also recovered.

 

So this lists totals 4 events with all 4 having recovered all or almost all of the money, one carried out directly by bank employees (i.e. not really hack). So between 1988 and 2021 there have been 4 computer system hacks according to your list with nearly 100% recovery of money. Do crypto exchanges have a similar track record?

[lostcattears]

YEa sureeee..... Hacked... Its gone and will be transfered a few more times and then no one will know where the money is

[tikker]

8 hours ago, lostcattears said:

YEa sureeee..... Hacked... Its gone and will be transfered a few more times and then no one will know where the money is

Well one beauty of public blockchains is that you know exactly where the money is. The harder part is tying those wallets to a person if they've done it right and getting it back. $260M seems to have been returned already, so who knows what'll happen.

[Arika]

47 minutes ago, The Unknown Voice said:

But, not in the list is many ATM currency robberies, and the whole machine being ripped out of different gas stations, in many states.

i don't know what kind of magic ATMs exist in your country, but there's not going to be even $200,000 in most ATMs.

 

that's also not stealing money from people, hell it's not even stealing money from the Bank, there's a reason all cash holdings are strictly recorded so it can be claimed on insurance if something happens to it.

[wanderingfool2]

18 hours ago, leadeater said:

What you describe are all clerical errors though, and lack of following required processes

I was actually curious one of the times, and asked why they didn't check my ID...they stated that it was up to the discretion.  That along with the story of a bank using Win95 in 2007, doesn't give me much confidence in the back end banking system.  It was wrong of me to say it's frequent (in terms of computer hacks), but it's also likely hard to judge because banks/credit unions will be less likely to come forward with some details unless it becomes necessary.

 

18 hours ago, leadeater said:

These should all be old problems anyway, unless your banks are horrifically stupid or incompetent. Here the humans have been removed from the chain and you cannot just call up or go in to a bank branch and claim to be somebody and gain access or do a money transfer, you will be directed to a computer terminal in the branch or to the ATM and told to do it there.

Business account, with withdrawals of $10,000+ cash...so that part is still dealt primarily with humans.

 

Side note:

An example of how banks can have some of their systems

Chase Bank software says "NOT FOR PRODUCTION USE" - and they USE IT ANYWAY! - YouTube

 

 

 

[cj09beira]

20 hours ago, tikker said:

Fun tidbit: the hacker did a "Q&A" on the blockchain as can be read on https://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0 (view more -> input data -> view as UTF-8; address matches the one mentioned in the tweet)

 

  

True. One should even consider it more risky, as it's completely your own responsibility with nobody backing you up. This is why it's so tricky to make this mainstream and why I think perhaps it should never be. You don't want people to have this level of control over their funds or, conversely, lack thereof.

 

I do think it's worth highlighting the other side of the coin: the hacker is instantly "known" due to the blockchain's public nature, so anything happening to and from this address can immediately be traced and flagged as suspicious.

have there been a part 2 yet?,

for the others

https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963

there are a bunch more to see here^, some people asking for part of the eth, others giving advice to launder the eth etc.

[tikker]

20 minutes ago, cj09beira said:

have there been a part 2 yet?,

for the others

https://etherscan.io/address/0xc8a65fadf0e0ddaf421f28feab69bf6e2e589963

there are a bunch more to see here^, some people asking for part of the eth, others giving advice to launder the eth etc.

He sent a number of messages. Just browse to the transactions coming from his address. I haven't bothered to collect them all.

[cj09beira]

8 minutes ago, tikker said:

He sent a number of messages. Just browse to the transactions coming from his address. I haven't bothered to collect them all.

i know, didn't find other parts to the Qand A though

[derr12]

On 8/11/2021 at 5:28 AM, MageTank said:

According to every bank heist movie ever, all of them?

 

"I'm bypassing the mainframe, converting the IP to hexadecimal... IM IN"

its a unix system, i know this!

[Arika]

8 hours ago, The Unknown Voice said:

Snip

Yes I know how atms work and what they cost, I work in a bank. 

I also know that atms are never completely full, their levels are managed based on the location and how much it gets used. 

 

8 hours ago, The Unknown Voice said:

If a Gas Station owns an atm, yes, It is Stealing from people

It's stealing from the gas station, which again would have insurance.

 

But let's be generous and use the highest figures from your post. Assuming every atm had $280,000 and cost $8000 to replace, 2121 atms would need to be attacked to hit the numbers stolen in this hack. But again atms and the money inside isn't stealing from people.  Money in my bank account doesn't go missing if an atm gets taken. 

[leadeater]

13 hours ago, The Unknown Voice said:

But, not in the list is many ATM currency robberies, and the whole machine being ripped out of different gas stations, in many states.

And how is that computer system hacking?

[leadeater]

1 hour ago, Arika S said:

But let's be generous and use the highest figures from your post. Assuming every atm had $280,000 and cost $8000 to replace, 2121 atms would need to be attacked to hit the numbers stolen in this hack. But again atms and the money inside isn't stealing from people.  Money in my bank account doesn't go missing if an atm gets taken. 

And all the note(s) serial numbers are known and flagged as invalid/stolen so if they appear anywhere then they are removed from circulation and the investigation starts to trace back the note(s).

 

Notes in an ATM are essentially unissued, to the public, so when they get stolen it's just a bunch of administration work and back end insurance write offs with no "real loss" to anyone at all. #JustPrintMore lol (yea super crude joke I know).

 

Hell even crypto currencies could work like above but they don't right now, and that's a really big problem. Also to invalidate and re-issue funds is incurability high network effort which can be veto voted out.

[Heliian]

8 hours ago, wanderingfool2 said:

bank using Win95 in 2007,

The bank may have had outdated systems but the banking system that 100s of millions of people use everyday is quite robust, triple redundant and extremely traceable.  

 

When crypto can back itself with something tangible it might be useable.  Until then it's smoke in the wind. 

[mr moose]

10 hours ago, leadeater said:

And how is that computer system hacking?

 

"I'm about to force a buffer overflow and put the ATM's working cache into invalid memory",  he said as he shackled the 10T winch strap to the back of his F250.

[tikker]

1 minute ago, The Unknown Voice said:

Another good question, as ATM Skimming has been a thing for over 10 years:

 

https://krebsonsecurity.com/all-about-skimmers/

 

Not a direct computer hack, but a terminal hack.

 

But your example was ripping ATMs from the wall, which isn't remotely close to hacking.

10 hours ago, Heliian said:

When crypto can back itself with something tangible it might be useable.  Until then it's smoke in the wind

<insert fiat currencies aren't backed by anything tangible either argument> What sort of "tangible" thing would that be? One would be for it to become legal tender. It won't be stable for a long time I think. It's simply too fresh for that.

[tikker]

25 minutes ago, The Unknown Voice said:

A comment was made that taking money from an ATM was not stealing:

So, that means the Wells Fargo heist in 1983 was not stealing as well. The FBI says otherwise.

Currency whether it is crypto or regular  can be traced as both have numbers on them.

The comment was aimed at your stealing of ATMs and  that comment was about hacking that not being hacking? The stealing argument seemed to clarify you're not stealing money directly from people. It is of course still stealing because that money is not yours.

[12345678]

On 8/11/2021 at 11:08 PM, tikker said:

Fun tidbit: the hacker did a "Q&A" on the blockchain as can be read on https://etherscan.io/tx/0x1fb7d1054df46c9734be76ccc14fa871b6729e33b98f9a3429670d27ec692bc0 (view more -> input data -> view as UTF-8; address matches the one mentioned in the tweet)

 

  

True. One should even consider it more risky, as it's completely your own responsibility with nobody backing you up. This is why it's so tricky to make this mainstream and why I think perhaps it should never be. You don't want people to have this level of control over their funds or, conversely, lack thereof.

 

I do think it's worth highlighting the other side of the coin: the hacker is instantly "known" due to the blockchain's public nature, so anything happening to and from this address can immediately be traced and flagged as suspicious.

there are several other ways to clean it up

such as:

 

using monero and similar cryptos, giftcards or reselling goods

 

transferring some money to some random other account, including yours, so if you pick like 10k of account, they'll have 1/10k probabilities to catch you

 

anyway I heard that the money was given back, the hacker did made it for fun and refused a prize cause he wasn't interested to money

 

I didn't check the source though

 

 

 

[tikker]

3 hours ago, 12345678 said:

there are several other ways to clean it up

such as:

 

using monero and similar cryptos, giftcards or reselling goods

 

transferring some money to some random other account, including yours, so if you pick like 10k of account, they'll have 1/10k probabilities to catch you

All true, but since it didn't start with Monero or a privacy coin it's all tracable to an origin. For gift cards or other things you'll need to cash out at some point, which will be hard to do for 10k I assume let alone 600M or they will in most if not all of the cases require identification.

 

People would (should) be wary of randomly receiven sums of money and thus report it. You can then see they all come from the same address.

 

The age old conundrum of the ease of stealing millions vs suddenly spending them.

[12345678]

11 minutes ago, tikker said:

All true, but since it didn't start with Monero or a privacy coin it's all tracable to an origin.

trade them with monero, use two wallets to trade to yourself the coin and clean them, and then do whatever you like with it or keep obscuring the money source

Quote

For gift cards or other things you'll need to cash out at some point, which will be hard to do for 10k I assume let alone 600M or they will in most if not all of the cases require identification.

nobody says that you need to apply only one of this methods, you can chain them

 

Quote

People would (should) be wary of randomly receiven sums of money and thus report it. You can then see they all come from the same address.

not everyone, with 600m you have some space, besides you can also use blacklisted wallet to also make the tracking less likely, or apply some social engineering

[tikker]

22 minutes ago, 12345678 said:

trade them with monero, use two wallets to trade to yourself the coin and clean them, and then do whatever you like with it or keep obscuring the money source

The source won't be obscured. You'll have to cash out to fiat and buying Monero or trade your crypto for Monero on an exchange, both of which leave a trail.

25 minutes ago, 12345678 said:

nobody says that you need to apply only one of this methods, you can chain them

Of course you can. Doesn't mean the weaknesses disappear. You cash out lots of fiat, you'll raise flags. You suddenly start buying loads of stuff with crypto, you raise flags. I would hope that if you walk into Target and ask to buy 500 gift cards for $10k total that'd raise some flags as well. It'll take you a long arduous time to get that 600M out.

26 minutes ago, 12345678 said:

not everyone, with 600m you have some space, besides you can also use blacklisted wallet to also make the tracking less likely, or apply some social engineering

What do you mean "you have some space"? If you got 10k transferred to your account randomly you wouldn't just go "oh, 10k just appeared; guess I'll buy a car". With crypto this is an even worse idea, because you cannot take it back. It's a one way street, no takebacksies, no refunds, no chargebacks.

[12345678]

9 minutes ago, tikker said:

The source won't be obscured. You'll have to cash out to fiat and buying Monero or trade your crypto for Monero on an exchange, both of which leave a trail.

you can trade without using an exchange platform

9 minutes ago, tikker said:

Of course you can. Doesn't mean the weaknesses disappear. You cash out lots of fiat, you'll raise flags. You suddenly start buying loads of stuff with crypto, you raise flags. I would hope that if you walk into Target and ask to buy 500 gift cards for $10k total that'd raise some flags as well. It'll take you a long arduous time to get that 600M out.

you don't walk in to a target store to buy 500 gift cards, nor you do need to do that in the us. besides store's clerks can be corrupted

9 minutes ago, tikker said:

What do you mean "you have some space"? If you got 10k transferred to your account randomly you wouldn't just go "oh, 10k just appeared; guess I'll buy a car". With crypto this is an even worse idea, because you cannot take it back. It's a one way street, no takebacksies, no refunds, no chargebacks.

obviously some of that money will be lost

let's say you want to cash out only 20k, you can use 30k wallets, and if you even futher split the money not equally, you can increase even more wallets, it's matter of probably

 

this is gonna be an endless discussions, I'm out of it

[tikker]

10 hours ago, 12345678 said:

you can trade without using an exchange platform

If you want to exchange one currency for another you need an exchange platform, it can be decentralised or centralised, but you can't send BTC to someone's Monero wallet and have it magically and untraceably turn into XMR. The other option is you send someone some BTC and they send you XMR, but that again leaves your trail of BTC going to that wallet.

10 hours ago, 12345678 said:

you don't walk in to a target store to buy 500 gift cards, nor you do need to do that in the us. besides store's clerks can be corrupted

Fine, yes anyone can be corrupted, social engineerd or whatever. Gift cards are still arduous. Now you have "anonymously" used you crypto to buy $10k in target gift cards. You'll need to sell those to other people for fiat again to actually get your $10k.

10 hours ago, 12345678 said:

obviously some of that money will be lost

let's say you want to cash out only 20k, you can use 30k wallets, and if you even futher split the money not equally, you can increase even more wallets, it's matter of probably

See the fisrt point. You can make as many wallets as you want, all of them will be traceable. Yes it will be harder to notice (also to orchestrate) if 600M gets taken out to 30k wallets  vs 10 wallets, but they'll notice the hack and analyse all the transactions in the relevat time period.

 

I'm not saying it's impossible to do fraud with crypto or to steal money with it. Just that it's harder than people want to believe.

[mr moose]

21 minutes ago, tikker said:

 

I'm not saying it's impossible to do fraud with crypto or to steal money with it. Just that it's harder than people want to believe.

And yet there has been a marked increase in ransomware all demanding to be paid in bitcoin.  For whatever reason they can and do successfully obscure where the money goes.  It may not be impossible, but it certainly is hard enough that most get away with it.

 

https://www.forbes.com/sites/andreatinianow/2020/07/01/bitcoin-demand-drives-14-billion-ransomware-industry-in-the-us/?sh=263a682d32d8

https://www.nasdaq.com/articles/bitcoin-passes-the-ransom-test-2021-05-14

 

 

Also on a side note,  when you read that ransomware attackers target hospitals knowing they are more likely to get paid because "people die" if they don't,  makes me want to see the entire crypto thing die in a fire and have anyone caught enabling it hung drawn and quartered.   It's hard enough getting the human race to embrace the best parts tech can bring without shit heads like this fucking us over.

[tikker]

6 minutes ago, mr moose said:

And yet there has been a marked increase in ransomware all demanding to be paid in bitcoin.  For whatever reason they can and do successfully obscure where the money goes.  It may not be impossible, but it certainly is hard enough that most get away with it.

 

https://www.forbes.com/sites/andreatinianow/2020/07/01/bitcoin-demand-drives-14-billion-ransomware-industry-in-the-us/?sh=263a682d32d8

https://www.nasdaq.com/articles/bitcoin-passes-the-ransom-test-2021-05-14

For sure it's a viable outlet. It's rightfully an area of concern, especially the privacy coins, and I agree about regulations that are looked into. Most of the however it shows a gross misunderstanding of crypto because apparently crypto == Bitcoin, it's anonymous and only used for crime; none of which are true. All non-privacy coins are pseudonymous at best, crime is a minority in crypto and is less than illicit activity with the USD.

11 minutes ago, mr moose said:

Also on a side note,  when you read that ransomware attackers target hospitals knowing they are more likely to get paid because "people die" if they don't,  makes me want to see the entire crypto thing die in a fire and have anyone caught enabling it hung drawn and quartered.

I'm still of the opinion that this is a skewed perspective, because by bringing it that way you are saying that crypto is the reason e.g. hospitals are targeted. For sure crypto has driven an increase in ransomware, because it's new. We weren't capable of dealing with it properly yet and are just starting to get analysis down. Don't ingore the criminal crypto busts that have happened. It's also natural to go for easy targets like hospitals that can't afford long negotiations or investigations. Combined with its novel nature, your sources also touch on the underlying issue: it's unregulated. If you were to now invent a new "True Canadian Dollar" and started distributing it unregulated, people using it unregulated etc. you'd have the same problem.

 

I guess we have to hang the global population by your reasoning then, because all we've done is continously enable numerous channels for illicit activities by inventing computers, allowing money laundering through expensive art auctions, inventing our current fiat money having cash that can't be traced in transactions, money that funds terrorism causing numerous losses of live.

26 minutes ago, mr moose said:

It's hard enough getting the human race to embrace the best parts tech can bring without shit heads like this fucking us over.

Exactly. So keep cracking down on the 1% that keeps fucking you over by doing illegal shit and acknowledge the other 99% that behaves.

[mr moose]

50 minutes ago, tikker said:

 

I'm still of the opinion that this is a skewed perspective, because by bringing it that way you are saying that crypto is the reason e.g. hospitals are targeted.

 

When it hardly happened before and now happens en masse, one can only determine from the data available that without crypto much of the ransoms would not exist.

 

 

Quote

For sure crypto has driven an increase in ransomware, because it's new. We weren't capable of dealing with it properly yet and are just starting to get analysis down. Don't ingore the criminal crypto busts that have happened. It's also natural to go for easy targets like hospitals that can't afford long negotiations or investigations. Combined with its novel nature, your sources also touch on the underlying issue: it's unregulated. If you were to now invent a new "True Canadian Dollar" and started distributing it unregulated, people using it unregulated etc. you'd have the same problem.

When crypto becomes manageable like current fiat currency, then it will hold zero value and likely cease to exist.   What would it offer over the $ or the pound when it has to be accounted for exactly the same way?

 

Quote

I guess we have to hang the global population by your reasoning then, because all we've done is continously enable numerous channels for illicit activities by inventing computers, allowing money laundering through expensive art auctions, inventing our current fiat money having cash that can't be traced in transactions, money that funds terrorism causing numerous losses of live.

Exactly. So keep cracking down on the 1% that keeps fucking you over by doing illegal shit and acknowledge the other 99% that behaves.

 

That's a bit of an illicit major (all crypto is illicit and all computers enable crypto, therefore all computers are illicit).    Which is not true and does not follow anything that I claimed or formed the opinion of.   Crypto by its very existence has spawned a deluge of ransomware attacks that have serious repercussions on society.  Therefore the consequences of its existence seriously out weigh  the benefits.   

 

EDIT: just to clarify, basically crypto is unnecessary,  If the only consequence of killing it is saving a shit ton of energy that could be used warming houses or cooking food instead and reducing large scale ransomware then sign me up, I'll happily pull the trigger.