Stolen Bitcoins Returned

The US has returned $154 million in bitcoins stolen by a Sony employee.

However, on December 1, following an investigation in collaboration with Japanese law enforcement authorities, the FBI seized the 3879.16242937 BTC in Ishii’s wallet after obtaining the private key, which made it possible to transfer all the bitcoins to the FBI’s bitcoin wallet.

Tags: , , , , ,

Posted on December 22, 2021 at 10:20 AM39 Comments

Comments

martin December 22, 2021 10:48 AM

So what are FBI’s policies for its BC wallet? Do they cash out or hold to transfer back to rightful owners (quickly). Etc.

M@ December 22, 2021 11:06 AM

While not considered currency, BTC, etc. are considered property, and are dealt with in much the same matter. If ownership can be established, it will be returned, if not, it will be auctioned.

Len December 22, 2021 11:44 AM

According to the article text (not its misleading headline), no bitcoins were stolen. The theft was of old-fashioned money, which was later used to buy bitcoins.

me December 22, 2021 5:42 PM

@Andy
So how did FBI obtain the private key?

They used the FBI backdoor, duh. No seriously that is the good question I would have wanted answered as well.

lurker December 22, 2021 5:50 PM

@Andy: So how did FBI obtain the private key?

From the articles: “with the assistance of Japanese [LEAs]”. Maybe Japanese methods of obtaining the key would be inadmissable in a US court, but once the FBI have the key they seem not to need to prove that Ishii was the “owner”, so long as the key accesses BtC bought with funds from Ishii’s bank acct.

Seems to me Ishii’s first mistake was the transfer to an acct in his own name at a bank in La Jolla CA. For all the freedom that money sloshes around the USA, the FBI has become quite skilled at tracking down wire fraud, which should have been known to somebody at Ishii’s level in an international life insurance Co.

Clive Robinson December 22, 2021 6:42 PM

@ Andy, lurker, mr, ALL,

So how did FBI obtain the private key?

There are many ways, the simplest is via the modern equivalent of a “keylogger” on a “wiretap”. But also grabing “plaintext over the wire”

Thus the question you should be asking is “When and how did they know it was Ishii?”

The thing about “over the wire” activities is the difficulty of “attribution” thus the ease of creating “false flags”…

And people wonder why I don’t connect my computers to any type of external communications, and advise people that as a minimum they should have a “two computer” policy.

That is where one computer is used for private activities and is fully issolated, or as near fully issolated towards being “energy gapped” as possible and hopefully locked in a safe when not in use.

The second computer is used for public activities such as wrb browsing and “has no semi-mutable storage” that is it is all RAM and real ROM. That is no Flash ROM, Battery backed RAM, hard drives etc, where malware might lodge. Which can be more than quite difficult to do with modern hardware these days. Preferably have it run it’s OS in RAM off of a CD or DVD that is “write once and closed” not off of a USB memory device, convenient though it might be it is “mutable” thus vulnerable to malware.

Private information should never ever be taken off of the private computer except in “encrypted form” and the “gap crossing” method should be not by electronic means.

I’ve mentioned in the past on this blog how to do all of these things.

veritas December 22, 2021 7:02 PM

@Clive Robinson
That is where one computer is used for private activities and is fully issolated

But wouldn’t your “private activities” nowadays involve online activities?

chris neglia December 22, 2021 7:22 PM

Did the FBI ask the NSA to crack the wallet using their texas cryptologic facility or prism supercomputers (or something much newer like their dwave quantum computers)? Or did Japan’s NSA do it? Or was it something more simple like waterboarding the perp to get the private key? This needs to be answered, because I think people need to understand that the agency that created cryptographic algorithms might know a thing or two about precisely how to break the cryptographic algorithms. Or they may have more powerful quantum computers that can do it and have greatly understated their agency’s capabilities in this direction (have greater qbit capacity than CNN or the Atlantic wants to tell us they have). This could be one of those, they don’t want to reveal their space lasers because then russia china and the whole world want to get their own space lasers moment. Replace space laser with whatever is in your imagination of an advanced technology.

Clive Robinson December 22, 2021 8:54 PM

@ veritas, ALL,

But wouldn’t your “private activities” nowadays involve online activities?

Increasingly so, yes, if you play “their” game.

But this has only been the case for a part of this century. Society arguably worked better last century when the Internet was justva curiosity.

There is a curious fact that few realise, which is computers are actually “anti-efficiency”. We make the mistake of seeing some part of an given activity happening faster and incorrectly assume it is somehow more efficient. Mostly it turns out it is not. By nearly all useful measures “Office efficiency” was highest around 1973. I can give the reasons for this but consider three things,

1, We still communicate by paper but we add so much wasted effort in “image”. We once used to have expert typists in typing pools, that would take the voice off of a tape faster than it was recorded and type the words up very quickly. Now we have non experts doing their own typing which interferes with their thinking. The result a document takes three to four times as long to produce.

2, Because Email and Messaging is so fast we end up using it “interactively” rather than spend a little time and send just one or two letters we can send many tens of emails. Worse we start detailing minutiae in depth. The result is it takes a lot lot longer than when we sent letters out by first class post.

3, Many believe their are hidden truths in large amounts of data. That is there must be precious signals hidden in there Actually most of the time with human activity whilst there is structure there are no regular signals. So it’s mainly noise grouped around a structure. So as you “average” the signal you get reflects the structure which is known already. If you don’t believe me consider the image patterns people see in the noise on old analog television receivers… It is truely just noise put in a regular structure of the line and frame frequencies. It’s almost the same with seeing images in clouds.

We don’t realise it but computers are very very bad for our health as well. They cause us to “be faster” not “better” our lives have become pointless “Red Queen Races” because of computers and always connected communications. I could go on about what they do to other asspects of our health. But just look on them as knocking back an espresso every 15mins, for the first half hour you feel good, then you end up being manic but without real purpose.

I try where ever possible not to play the “online” game for as many things as possible.

My Doctor is shocked that I don’t do email, texting, or speak over the phone. And instead give them hand written letters. As I point out they can read a letter five times faster than I can tell them and I can think things through in advance and give precice information rather than half remembered vague answers. Also I don’t have the issue of trying to lip read what they are saying, which is heavily contexted based which can take time to establish which is not just their but my time being wasted as well.

The biggest lie of this century so far is “Computers increase productivity” they don’t in all but a few specialized cases that humans just wouldn’t do anyway.

Clive Robinson December 23, 2021 7:23 AM

@ Canuck,

Why was office efficiency highest around 1973?

Well it goes back to Hut 8 at Bletchley Park during WWII.

A young “civilian” got put in charge of a small section that very rapidly grew. His name was Gordon Welchman.

He realised that “optomising s process” was actually detrimental to organising a system.

He was not unique in his views about spliting jobs into small processes and sub processes Henry Ford knew it as did pin makers in France hundreds of years before,

https://www.johnkay.com/2019/12/18/adam-smith-and-the-pin-factory/

What Welchman brought to the party that the famed Adam Smith did not in his work of fiction book the wealth of nations was actual insight from being not just a “real observer” but one who was “part of the system”.

But before all of that nature had evolved processess that were based first on resilience then system efficience then process efficiency.

If you try doing it the other way you always end up with a very fragile system thst lacks stability.

What Welchman did after the war was start “systems analysis and application” to business. The result by the 1970’s were resilirnt and efficient systems.

The introduction of the business personal computer with the Apple ][ and VisiCalc had a very very unfortunate result. It made sub process efficient at the expense not just of processes but systems and caused chaotic systems to exist and become increasingly chaotic and less stable.

The result of chaotic systems is sometimes things are very good sometimes they are very bad. If you ride the good but not the bad, or atleast appear to you look like some kind of guru…

The simple fact is chance is random, and though chaos can look random it is not it had structure… If you can spot the structure you can ride it like a surfer does a wave. But the ability to ride a wave to success does not mean you control the wave…

The thing is as production systems became chaotic due to computers some gurus thought adding more computers was the solution and to pay for it they ripped out processes in the middle. Because they did not realise that whilst senior managment might be like a pilot of a vessel set the direction, they did not work the vessel to keep it ship shape and seaworthy and importantly ensure the ship gets through not just storms but also when it is becalmed.

So they ripped out the most important part of any organisation the “experience” held in “middle managment”. This disastrous process that started in the 1980’s and went through to “crash on the rocks” in the 1990’s was “Business Process Reengineering”.

It’s a lesson that should bee beaten into the heads of those at the Chicargo School with industrial grade sledge hammers…

But they won’t change because they are paid not to change, thus the Upton Sinclair observation applies.

But who is paying them you might ask. Well remember I said chaos has structure, so although you can not control it you can ride it?

Well theres lots of money to be made if you know when to jump on and then jump off… Some go by the name of Hedge Fund Managers, and their sole source of income is extracting resillience out of systems in the good times then jumping away before the ship hits the rocks…

I hope that helps answer your curiosity.

Clive Robinson December 23, 2021 9:01 AM

@ Anonymous, ALL,

There’s always https://xkcd.com/538/

It obviously only works if,

1, The user knows the valid key or passphrase.
2, The key or passphrase are still valid.

I designed a system that I’ve given details on here in the past that stopped those two from being true.

Importantly though for legal reasons the user had no control over it in any way, and could demonstrate that,

A, They had no control.
B, Those –plural– that have control not only have it anonymously, but they are in other –plural– jurisdictions.

So not only would the $5 wrench be usless, so would threats of “contempt”[1]. But it can also make provable deniability at trial more clear cut and that can be quite adventageous in some cases, but not all[2].

Though this might all sound “crazy impossible” it’s actuall not that difficult and all the crypto primatives to do it have been around for quite some time.

[1] The rules of contempt of court are complicated, but if it can be shown that the person can not comply the “wilfull” aspect colapses to zero thus they are not in contempt by deductive logic. Which makes detaining them unlawful on contempt (though they could be held on remand pending trial[2]).

[2] In many jurisdictions you have a right to a speedy trial, though time scales are not in the legislation. Sometimes it’s worth pushing for this as it limits what the prosecution can do, and forces them to show their hand earlier than perhaps they are ready to do.

Scam Coin December 23, 2021 9:13 AM

M@ writes, “While not considered currency, BTC, etc. are considered property”

One of the most ridiculous legal fictions ever to exist. You can exchange bitcoins for cash at the bank teller.

https://www.bitcoin.com/bitcoin-atm/

Name me any other “non-currency property” where one can do that? If it walks like a duck and quacks like a duck it’s duck.

What is especially galling is that if the government ever does regulate bitcoin you can bet all your bitcoin that the owners of it are going to squawk like plucked chickens about how the government is robbing them of their “property” under the 5A.

Fuck bitcoin. It’s a trashy low life scam that a degradation of humanity.

Nick December 23, 2021 11:49 AM

The question of most interest to readers of this blog is “How exactly did the FBI obtain the private key?

And nowhere is there an answer.

Ted December 23, 2021 12:19 PM

@Nick

“How exactly did the FBI obtain the private key?”

Does Coinbase have any ability/requirement to expose a private key? I really don’t know.

12) Coinbase, Inc., the company that operates Coinbase and Coinbase Pro in the United States, is registered as a Money Services Business with the United States Treasury’s Financial Crimes Enforcement Network and is a financial institution, as defined in Title 31, United States Code, Section 5312(a)(2).

https://s3.documentcloud.org/documents/21165768/us_vs_rei_ishii_bc_forfeiture.pdf

Clive Robinson December 23, 2021 1:38 PM

@ Nick, Ted, ALL,

“How exactly did the FBI obtain the private key?”

A clue might be found in the documrnt @Ted linked to.

Look for the bit about the account pin, being “sent to the phone” where the phone was the alledged perpertrator’s “personal phone” registered with Sony HR and having been used by the alledged perpetrator.

If that “account pin” was sent in “plain text” then it would be easily recoverable. If the person controling the account did not change the pin, then “game over”.

As far as I can tell from the document all the evidence against the alleged perpetrator appart from the phone is at best circumstantial and could have been carried out by his supervisor.

It’s just the use of the phone that appears to be more than maybe circumstantial.

It’s entirely possible that the supervisor had access to the alledged purpetrators personal phone for various reasons (leaves it in desk at lunch etc). So could have used it or just “pulled the SIM”.

Which suggests there is other evidence out there we have yet to find out about…

So pop some more Popcorn in the microwave and get comfy in the LazyBoy for the next episode 😉

Ted December 23, 2021 2:19 PM

@Clive, Nick, Andy, ALL

Which suggests there is other evidence out there we have yet to find out about…

Yes @Clive. I’m tending to agree with you. First let’s look at Coinbase.

Coinbase is a hosted wallet service, which means we manage your private keys for you, securing your funds with a password, device confirmation and 2-factor authentication. We take security very seriously at Coinbase and utilize our secure cold-storage technology to protect our customer’s funds. 

https://help.coinbase.com/en/coinbase/privacy-and-security/other/is-a-crypto-address-safe-to-display-publicly

Did this apply to Ishii?

and then…

Ted December 23, 2021 2:33 PM

… and then

Didn’t @veritas mention Colonial Pipeline?

Well, it looks there was speculation about how the FBI obtained the private key for this ransomware payment.

Here was one person speculating (by tweet):

More info from the warrant here. So it looks like I was right. The FBI did not obtain the private keys. Instead, they took legal action against an exchange or some kind of custodial wallet that has servers in N California (Coinbase, lol?). These “hackers” were grossly incompetent [picture of the warrant]

https://twitter.com/JordanSchachtel/status/1401996717394960389

That tweet and more speculation about this incident are discussed in this article. What do you all think?

https://protos.com/fbi-didnt-hack-bitcoin-but-it-wont-say-how-it-got-darksides-private-key/

Max December 23, 2021 3:22 PM

@Max

Provide a link to where I can find an ATM that allows me to deposit cash and spits out gold. Or the inverse.

Who? December 24, 2021 7:40 AM

I would have moved these BTC to a cold (i.e. “hardware”) wallet and keep the seed phrase out of any electronic device always. There are steel devices designed to reliably store BIP39 24-word sequences; these are small enough to be easy to hide.

Modern HD wallets support key derivation and extended public keys making tracing a bit harder. Some HD wallets (e.g. Ledger’s ones) allow creating a 25th word (technically not a word, but a passphrase) giving access to an entirely different set of addresses. These hidden addresses provide plausible deniability.

@ martin

So what are FBI’s policies for its BC wallet? Do they cash out or hold to transfer back to rightful owners (quickly). Etc.

The FBI does not cash out its BTC wallet, of course their policy is hodl.

Sorry, it was an easy joke. 🙂

Who? December 24, 2021 7:52 AM

@ Max

Who wants an ATM that spits out gold when we have ATMs that spit out BTC right now?

hxxps://www.bitcoin.com/bitcoin-atm/

It would be great having more entries in the blog focusing on the risks of BTC ATMs and, in general, risks associated with both the technology used in this new field and some misconceptions (like buying a cold wallet to store cryptoactives, and lose them a few days later after typing the seed phrase on a computer infected with malware).

Our world is moving to this new paradigm, and people needs to understand the basics before it is too late.

Zorro December 26, 2021 7:25 PM

As to this question
So how did FBI obtain the private key?

If Coinbase wanted to, would it not be relatively easy for them to include a mechanism into their Coinbase-web-app to expose a private key when needed?

I mean, the web-app has some interface through which user enters/selects/creates a “private key” for their account. It should not require much to copy that also to some other table in the back-end DB.

For extra security, send it through SMTP (one-way traffic) to some receiver that copies the data to a NoSQL DB that is only accessible from inside the company.

Brian January 4, 2022 2:56 PM

“Returned” seems an odd word. Nothing in the article suggests that the money has been returned to Sony. From the article it seems that the coins were seized by the FBI and remain with the FBI.

BREAKER February 3, 2022 10:54 AM

They got his key because like all stealthy cybersecurity hacks that the FBI have run, they found a person of interest, developed a file on his illegal activities, filed for a warrant to hack his communications devices, and got themselves into his computer and watched him key the code into his own wallet.

Then the games of suspicion were begun online, people started chatting, forgot about basic vulnerability factors of their own computers, and then began talk of potential losses of their personal funds.

Mark Chitopher December 13, 2023 8:37 AM

most recovery companies will take your money again, loosing money online is very common in our days, I was a victim of investment scam. I contacted several recovery companies online..it was all tragic story. I didn’t tell my wife I invested online but at that point I couldn’t hold it. I told my wife and believe me she was the solution to my problem..Her friend had same problem and have someone who helped her figure it out..At first I thought it was all going to be crap as always, but to my greatest surprise it was a job well done. I wouldn’t have believed if someone told me because of my experience with different recovery companies with series of unfulfilled promises. Now I’m convinced from experience. I recommend: recoverydarek@gmail.com to anyone in need of similar help. Mark.

thomas mel February 12, 2024 12:24 AM

TheHackerspro’s cryptocurrency recovery services comprise a comprehensive process designed to identify, trace, and recover stolen or lost funds.
The recovery process involves multiple steps, beginning with an initial assessment and consultation to determine the feasibility of recovering the funds.
Subsequently, TheHackerspro’s team of investigators conducts a thorough investigation and analysis, tracing the stolen funds and identifying potential money laundering schemes.
TheHackerspro’s recovery services also involve collaborating with blockchain miners and smart contract experts to ensure a higher chance of recovering the stolen funds.
Once the assets are successfully identified and retrieved, TheHackerspro assists in returning the recovered funds to the rightful owners from the leveraged outsourced wallets.
The types of cryptocurrency recovery cases handled by TheHackerspro are diverse. These cases include stolen cryptocurrency from hacked wallets or exchanges, scams and frauds,
and even the recovery of frozen or seized crypto assets. Through their expertise in blockchain analysis and tracking,TheHackerspro can navigate complex transactions and identify the paths taken by stolen fund increasing the potential for recovery.
TheHackerspro utilizes various techniques and tools to aid in the recovery process.
Advanced blockchain analysis tools are used to analyze transactions and identify suspicious activities. By following the money trail,
open a detailed case with their 23/7 customer support or with a detailed message to proh4ckz@protonmail.com. you will also be required to provide the wallet adresses involved and the transaction hashes generated in every of the transactions
TheHackerspro’s smart contract experts can trace stolen funds to specific addresses or individuals’ have been able to detach the first part of my 474 btc back into my ledger nano from the outsourced wallets

Winter February 12, 2024 3:29 AM

@moderator

comment-429799 Mark Chitopher • December 13, 2023 8:37 AM

comment-432254 thomas mel • February 12, 2024 12:24 AM

Unsolicited advertising

Jet Sayer April 4, 2024 6:39 AM

GEARHEAD ENGINEERS; USDT, BTC, and ETH RECOVERY EXPERT

Investing in cryptocurrency means taking on risks, but getting scammed shouldn’t be one of them. Reports to the FTC’s Consumer Sentinel suggest scammers are cashing in on the buzz around cryptocurrency and luring people into bogus investment opportunities in record numbers. Since October 2020, reports have skyrocketed, with nearly 7,000 people reporting losses of more than $80 million on these scams. Their reported median loss? $1,900. Compared to the same period a year earlier, that’s about twelve times the number of reports and nearly 1,000% more in reported losses. Cryptocurrency enthusiasts congregate online to chat about their shared passion. Among them, how to curb and solve crypto scams. GearHead Engineers appears to be the most talked about solution. The company comprises of tech geeks who joined forces to help scam victims by tracking their oppressors, revealing their identity, and recovering the funds they lost. Based on the praises online, they have played a vital role in their quest by recovering a significant amount over the years. With bitcoin’s value soaring in recent months, new investors may be eager to get in on the action. All of this plays right into the hands of scammers. With that, it is wise to contact the experts to assess whether or not the trading platforms are legit. For those who have already been victimized, visit their website gearheadengineersorg to submit your case. On that note, crypto asset traders will be able to avail themselves of fraud on the market only if they can establish measures to prevent scams by doing thorough assessments.

Emiliano Richard April 7, 2024 11:05 AM

If you’ve fallen victim to a cryptocurrency scam or have had your Bitcoin stolen, you’re not alone. With the rising popularity of cryptocurrencies, cybercriminals have been targeting individuals and businesses to steal their digital assets. Thankfully, there is a solution – Trust Geeks Hack Expert is a trusted name in cryptocurrency recovery, with a proven track record of success in recovering lost funds. Contact them today to get started on the path to recovering your stolen BTC. To reclaim stolen Bitcoin, having a skilled team that comprehends the nuances of the cryptocurrency market is essential. With extensive experience in handling crypto scams and fraud, Trust Geeks Hack Expert is your ideal ally in recovering your funds. By utilizing state-of-the-art technology and advanced forensic methods, their team of experts can effectively trace and retrieve stolen assets, ensuring your Bitcoin is secure and giving you peace of mind. Choose Trust Geeks Hack Expert for a reliable and effective solution to protect your investments. When you reach out to Trust Geeks Hack Expert, you’ll be assigned a dedicated case manager who will guide you through the entire recovery process. They’ll start by gathering information about the scam or theft, including transaction details, wallet addresses, and any other relevant information. From there, their team will use advanced tracking methods to trace the stolen Bitcoin and identify the perpetrators. Trust Geeks Hack Expert promises to diligently track down your stolen funds and ensure they are safely returned to you. With a history of successfully recovering lost assets, you can have confidence in their abilities to handle the task with expertise and efficiency. Trust us to retrieve what is rightfully yours. Do not allow a cryptocurrency scam or theft to prevent you from accessing your Bitcoin earnings. Connect with Trust Geeks Hack Expert today through website. www://trustgeekshackexpert.com/ And Telegram: Trustgeekshackexpert? to converse with a committed case manager who can assist in recovering your stolen funds. With their esteemed reputation and history of successful outcomes, you can trust that your Bitcoin is secure with them. Do not wait any longer – contact with Website www://trustgeekshackexpert.com/ immediately and commence the journey to reclaiming your lost BTC.

Anderson Gibson April 18, 2024 8:01 PM

Over the years, I had made significant investments totaling more than $92,000 in the Bitcoin cryptocurrency. When I checked my digital wallet one day, I was shocked to see that hackers had taken all of my Bitcoin investment. When I realized that my life savings were vanished overnight, I felt sick to my stomach. I went into panic mode trying to figure out how to get my stolen cryptocurrency back when the immediate shock subsided. I got in touch with the Bitcoin exchange I had previously used to ask for assistance. Regretfully, they were powerless to take any action. I then began searching anxiously for information on “how to recover stolen Bitcoin” online and discovered Lee Ultimate Hacker, a business that specialized in doing just that. When I was out of options, I contacted Lee Ultimate support staff, who were very helpful and confident, and guided me through their proprietary process and technology to track where my stolen funds had transferred to. Ultimately, using their sophisticated crypto tracking methods, Lee Ultimate successfully recovered and returned my $92,000 in stolen Bitcoin. I was ecstatic to receive back my life savings, which I had assumed were lost forever. My stolen cryptocurrency was saved by the LEE ULTIMATE HACKERS team, who I felt were heroes. I learned from this experience to secure digital assets with more caution and that decent individuals are putting a lot of effort into helping victims of cryptocurrency theft. I have no words to express my gratitude to Lee Ultimate for their valiant efforts and for returning my misplaced money when all appeared lost. You may relax knowing that Lee Ultimate Hacker’s team of professionals is working nonstop to assist you in getting your hard-earned money back. Speak with a representative by using: LEEULTIMATEHACKER@ AOL. COM or Support@leeultimatehacker.com. telegram:LEEULTIMATE or wh@tsapp +1 (715) 314 – 9248 https://leeultimatehacker.com Thank you.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.