|Image by Лечение Наркомании from Pixabay|
A hacker identified only as Individual X had been sitting on a cryptocurrency gold mine for seven years before the IRS came knocking.
MORE THAN SEVEN years have passed since Ross Ulbricht was arrested in the science fiction section of a San Francisco library and charged with running the sprawling, dark web drug bazaar known as the Silk Road. But when the Feds laid hands on Ulbricht's laptop that day, they found keys to unlock only a fraction of the bitcoins that he had amassed over the Silk Road's years of bustling black market drug trade. Today the Justice Department finally revealed where a billion-dollar tranche of the Silk Road's treasure ended up: stolen by a mysterious hacker, and now seized by the US Treasury.
The DOJ today filed a civil forfeiture complaint over 69,370 bitcoins—and other variants of the cryptocurrency—seized on November 3 from an unnamed person who court documents refer to only as Individual X. According to the IRS's criminal investigation unit, Individual X successfully hacked the Silk Road sometime between May of 2012 and April of 2013, stealing that abundance of drug money from the dark web site's bitcoin addresses before Ulbricht's downfall in October of 2013. The IRS says it has finally tracked down the hacker who stole the Silk Road's nearly 70,000 bitcoins—now worth more than $1 billion—and allowed law enforcement to take control of those funds.
"The successful prosecution of Silk Road’s founder in 2015 left open a billion-dollar question. Where did the money go?" wrote US attorney David Anderson in a statement announcing the seizure. "Today’s forfeiture complaint answers this open question at least in part. $1 billion of these criminal proceeds are now in the United States’ possession.”
Cryptocurrency analysts first spotted the movement of the $1 billion collection of coins on the night of November 3. The wallet had long been visible on bitcoin's blockchain and discussed on hacker forums but had remained unmovable for anyone who didn't have the secret keys to spend it. Though it was far from clear at the time who the coins belonged to or why they'd been moved on Tuesday, Blockchain analysis firm Elliptic at the time connected the wallet to the Silk Road: In May 2012, the 70,000 coins had been moved from the Silk Road addresses to two other addresses.
By April of 2013 those coins had been consolidated at a single address, where they largely sat dormant until this week. Even then, it was unclear whether Ulbricht had simply been moving some cryptocurrency around. Later that year, though, 101 coins moved from the address to the now defunct bitcoin exchange BTC-e. By then, Ross Ulbricht was in jail. Even if it the money was his, he wouldn't have had access to the keys necessary to move it.
The government's forfeiture complaint offers an answer to that mystery: The address the coins had been moved to in 2013 belonged not to Ulbricht but to a hacker who had stolen them. With the help of blockchain analysis firm Chainalysis, IRS investigators found 54 transactions moving 70,000-plus bitcoins from Silk Road addresses—transactions that Elliptic says occurred in 2012—to the two other addresses Elliptic had flagged on Tuesday. The transactions were for round amounts of currency, and none appeared in the Silk Road's own logs as purchases or vendor withdrawals, suggesting that they were likely the work of Individual X transferring stolen loot.
In fact, the forfeiture complaint states that it found evidence that Ulbricht managed to identify the online persona of the person who had somehow hacked the Silk Road and taken the funds—worth $354,000 at the time—and threatened Individual X to try to coerce them to return the money. (The complaint doesn't explain how the Silk Road breach occurred or where investigators learned of those threats, but both may have been documented on Ulbricht's seized laptop or on the Silk Road's seized server.) Individual X seems to have ignored Ulbricht's threats and held onto the coins long after Ulbricht was arrested, tried, and convicted, quietly watching them explode in value in the years since.
Somehow, however, the IRS has now found Individual X and demanded the forfeiture of the funds, which Individual X agreed to on November 3. It's far from clear how the IRS tracked down the hacker, why the investigation took more than seven years, or exactly what legal means the IRS used to persuade Individual X to turn over the money. Elliptic cofounder Tom Robinson speculates that the 2015 transfer of 101 bitcoin to BTC-e may have helped: BTC-e's operators were indicted in 2017, and the business was seized, perhaps offering account information that put the IRS onto Individual-X's trail. "It’s likely they got access to the exchange's records then and got access to that individual's information," Robinson says.
The billion-dollar cryptocurrency seizure, Robinson argues, may be a sign of things to come. The potential to seize 10-figure funds provides an enormous incentive for law enforcement to invest time and money in tracking down the owners of illicit cryptocurrency stashes. "We've already seen an uptick in law enforcement agencies purchasing blockchain analytic tools," says Robinson. "We might see a lot more law enforcement activity on cryptocurrency now that it’s been demonstrated that very large sums can be retrieved."
When the Silk Road was seized, after all, the roughly 144,000 coins seized from the drug market at the time were worth only a tiny fraction of the more than $2 billion in value they would be worth today. The US Marshals auctioned them for around $48 million in 2014 and 2015. Individual X, on the other hand, was a more disciplined investor. And thanks to the person's fiscal conservatism, the US government stands to be about a billion dollars richer.
Think your friends would be interested? Share this story!