Hacker News Re-Imagined

Hamilton teen embroiled in FBI probe, fingered in $46M cryptocurrency theft

  • 97 points
  • 10 hours ago

  • @x1ph0z
  • Created a post
  • • 132 comments

Hamilton teen embroiled in FBI probe, fingered in $46M cryptocurrency theft


@Jerrrry 9 hours

Replying to @x1ph0z 🎙

another bitcoin bandit bites the dust.

I bet he bought an xbox gamertag from the most recent exploit.

These kids really do think the 3 letter agencies arent watching, no matter how many of their close friends get v&.

The blockchain is forever, and the statue of limitations no longer applies.

That verizon/att employee from 2018 will get caught, he will give up an alias, and the feds are interested, now that the coins have value.

and assuming the feds arent dirty (they are), you have 5 years to run. If the fed assigned to your case decides he wants the coin personally, you have 5 monthes.

Reply


@NicoJuicy 6 hours

Replying to @x1ph0z 🎙

> "Just the fact that everyone on earth thinks that Bitcoin is crazy, and no one is telling me why, doesn’t matter,”

Says the biggest known victim of a crypto heist in a private person.

Ain't this ironic.

I guess I should spell out that centralization is a feature?

Reply


@vmoore 9 hours

Replying to @x1ph0z 🎙

So some exchanges use TOTP 2FA (which is more secure than SMS). And some people like to copy their 2FA 'seed' which is usually a QR code that they store somewhere securely. Amazing how a simple QR code (or even a recovery code) can be worth so much.

Reply


@jaywalk 9 hours

Replying to @x1ph0z 🎙

If you're going to steal a large amount of Bitcoin, you should probably have a plan on what you're going to do with it that doesn't include buying a gaming username that can be trivially traced back to you once you use it.

Reply


@323 9 hours

Replying to @x1ph0z 🎙

It's easy to steal bitcoin (for some definition of easy).

The hard part is cashing it out. As Breaking Bad used to say, what criminals want is to pay taxes on their criminal proceeds.

Reply


@jrootabega 9 hours

Replying to @x1ph0z 🎙

If you own a lot of crypto and it's still protected by SMS auth, you need to disable that (edit: in favor of OTP). If you can't, you need to buy a dozen prepaid sim cards and use them randomly. Or pay someone to do it for you. Very cheap in comparison to a theft.

Reply


@glofish 9 hours

Replying to @x1ph0z 🎙

When random teen can easily steal $46M from a "Bitcoin pioneer" what hope is that for regular folks could make safe use of said value store?

Reply


@WFHRenaissance 2 hours

Replying to @x1ph0z 🎙

Does his name happen to be Freddy?

Reply


@walrus01 3 hours

Replying to @x1ph0z 🎙

This is a fine example why nobody should rely on SMS "2FA" for anything.

SMS "2FA" is not actual 2FA

SS7/PSTN are horribly broken. People need to stop using them entirely, whenever possible, and stick to that as a firm principle. For the same reason why scam calls and fake caller ID are epidemic. Just disregard the existence of the PSTN, even if your phone has a DID, never give it to anyone or use it for anything. I say this as someone who's worked in telecom for 20 years.

Social engineering mobile phone operator customer service departments to execute a SIM swap attack is trivially easy if you already possess some basic personal info about the target.

You should never rely on having something important that's only protected behind a SMS-based password reset/login authentication module.

Reply


@ChrisArchitect 5 hours

Replying to @x1ph0z 🎙

Is this Hamilton, Ontario, Canada?! Unclear

Also, Josh Jones, the founder of DreamHost? wow. heh

Edit: Sorry, because I read it on outline/archive I didn't see the glaring Hamilton Spectator logo at top and related Canada nav. Thanks

Reply


@n3dm 9 hours

Replying to @x1ph0z 🎙

Ugh, paywall.

Reply


@ashconnor 9 hours

Replying to @x1ph0z 🎙



@hsnewman 9 hours

Replying to @x1ph0z 🎙

This, along with the energy requirements of crypto is why I don't/won't put any money in it.

Reply


@ziddoap 9 hours

Replying to @x1ph0z 🎙

For those without subscriptions. https://outline.com/3CRjpe

>That post has since been taken down, but many comments included criticism for leaving such a large amount of Bitcoin accessible on a phone.

Not to victim blame, but it really is odd to me that someone would leave any amount of BTC on their phone, let alone millions of dollars worth.

>The Hamilton teen faces charges of theft over $5,000 and possession of property or proceeds of property obtained by crime

I've always wondered why the line is drawn at $5,000. It's mildly interesting that stealing $46M and stealing $5,000 result in equivalent charges.

Reply


@amatecha 5 hours

Replying to @x1ph0z 🎙

"leaving such a large amount of Bitcoin accessible on a phone"

"A SIM swap attack [...] gives the hacker access to the victim’s phone"

Is it just me or this article massively misrepresenting what a SIM swap attack actually does? Unless there's more to the story, no one got access to Jones' phone. They intercepted 2FA SMSes so they could get access to a wallet service or whatever.

Reply


@bhouston 3 hours

Replying to @x1ph0z 🎙

He should have run just a failed ICO and pocketed the funds as fees to related parties. I understand this is how Metakoven, the NFT king, got his start? https://www.reuters.com/investigates/special-report/finance-...

Better to claim incompetence than it is to actually steal.

Reply


@misiti3780 8 hours

Replying to @x1ph0z 🎙

Honest question:

We are all the bitcoin multi-millionaires storing their coins? It seems like in an ideal world, you would use https://trezor.io and put that in a safety deposit box, or maybe use Coinbase Vault, but I am generally curious what is the current consensus on the safest ways to store these piles of digital money.

Reply


About Us

site design / logo © 2021 Box Piper