“Safari could not load the page because it could not establish a secure connection to the server” and the archive service URL doesn’t reveal what the original link might have been.
posted by thedaniel at 10:19 AM on February 15, 2022 [2 favorites]

You have to wonder how Agatha Christie or Arthur Conan Doyle would have navigated a world where the premiere forum for fraud and criminality is a single write-only spreadsheet visible to the entire world and people post rap-video confessions to their crimes on YouTube. I mean:

Watson: "Who could have committed an crime this fiendishly clever?"
Watson’s nephew: "Well, here’s a video of the the theft. Looks like they livestreamed it, they just re-used this guy's passwords from a dating site and emptied his wallet. There's a trapwave edit blowing up on TikTok. Kinda overproduced to be honest, this is pretty cornball stuff."
Holmes, deerstalker cap askew and coked off his gourd: "FUCK"
posted by mhoye at 10:20 AM on February 15, 2022 [66 favorites]

The Adventure of the Beryl Coronet meets The Adventure of the Dancing Men.
posted by clavdivs at 10:31 AM on February 15, 2022 [1 favorite]

could not establish a secure connection to the server

how ironic
posted by saturday_morning at 10:36 AM on February 15, 2022 [1 favorite]

The original URL is https://www.nytimes.com/2022/02/13/nyregion/bitcoin-bitfinex-hack-heather-morgan-ilya-lichtenstein.html

thedaniel are you on an older device? The archive.fo site uses a Let's Encrypt security certificate signed by the ISRG Root X1 cert, which may not be trusted on some devices without an update.
posted by axiom at 10:41 AM on February 15, 2022 [3 favorites]

Was there a cat or not? I need closure
posted by condesita at 10:42 AM on February 15, 2022 [9 favorites]

The agents had to wrest the phone from Ms. Morgan’s hands. Court records provided no further information about the cat.

Agreed we need more info on the cat! What is the point of court records if they don't tell us if this cat exists or not!
posted by cirhosis at 10:45 AM on February 15, 2022 [13 favorites]

Here is a “gift article” NYTimes link that will hopefully resolve a paywall issue.
posted by AgentRocket at 10:48 AM on February 15, 2022 [2 favorites]

What is the point of court records if they don't tell us if this cat exists or not!

The solution to whether the cat exists or does not exist may require philosophy and/or quantum physics
posted by otherchaz at 10:54 AM on February 15, 2022 [11 favorites]

We're already discussing this case over here in a thread from Feb 8.
posted by Nelson at 10:58 AM on February 15, 2022 [1 favorite]

Prosecutors say they found evidence that Mr. Lichtenstein and Ms. Morgan were sophisticated criminals, including encrypted devices, false identities and books with secret compartments cut into the pages.

apologies for employing a sophisticated secret internet cipher here, but, lol
posted by taz at 11:00 AM on February 15, 2022 [26 favorites]

an American businesswoman and would-be social media influencer with an alter ego as a satirical rapper named Razzlekhan.

Good ol' NYT, letting Razzlekhan off the hook by promoting her work as "satire"
posted by chavenet at 11:02 AM on February 15, 2022 [13 favorites]

Aside from newly minted coins, is there any Bitcoin left that is actually able to convert to fiat?

Increased know-your-customer requirements and the ability to trace and follow tainted coins kind of means it's all over, right?
posted by JoeZydeco at 11:02 AM on February 15, 2022 [2 favorites]

Increased know-your-customer requirements and the ability to trace and follow tainted coins kind of means it's all over, right?

Along those lines, I saw a good comment somewhere around here that said "If you have $1000 in Bitcoin, you have $1000. But if you have $10,000,000 in Bitcoin you have $0."
posted by AgentRocket at 11:13 AM on February 15, 2022 [15 favorites]

My completely uninformed speculation: Boris and Razzlekhan here got sold access to one of these wallets at a steep discount by the actual Bitfinex hackers, because the ones who actually pulled off the heist are smart enough to know the only way to launder this money is by selling it to people dumb enough to think they can safely launder it.
posted by ook at 11:22 AM on February 15, 2022 [40 favorites]

I think that assuming that Bitfinex was substantially smarter than these guys is unwise. I would not be surprised if they were robbed via a simple social hack, you don't have to be a high level technical hacker to steal stuff.
posted by tavella at 11:27 AM on February 15, 2022 [7 favorites]

I'm with ook, because I haven't seen anything to date that explains how the hack happened and how these two are involved with it.

decrypt.co: "It’s worth reiterating that Lichtenstein and Morgan have not been charged with participating in the 2016 Bitfinex hack itself."
posted by JoeZydeco at 11:31 AM on February 15, 2022 [1 favorite]

Prosecutors say they found evidence that Mr. Lichtenstein and Ms. Morgan were sophisticated criminals, including encrypted devices, false identities and books with secret compartments cut into the pages.

Encrypted devices? Ok, maybe kinda suspicious. False Identities? Absolutely suspicious. Books with secret compartments cut into the pages? Gasp! lock them up forever!
posted by nubs at 11:31 AM on February 15, 2022 [1 favorite]

Encrypted devices? Ok, maybe kinda suspicious. False Identities? Absolutely suspicious.

"I said yes when Windows asked me about Bitlocker, and my XBox Live handle isn't the same name I use on Tinder."
posted by mhoye at 11:41 AM on February 15, 2022 [16 favorites]

Here's a David Gerard post that's the closest I've seen to an explanation of the hack: Could Morgan and Lichtenstein have done the 2016 Bitfinex hack? I’m not ruling it out

BitGo had built an API for Bitfinex to use. This was not a public interface — only the two companies knew about it.

Bitfinex would pass transactions to BitGo via the private API. BitGo checked the transaction against their policy for that address, and signed if it was OK.

The API allowed policy changes — but a bug in the API meant you could set global limits, that applied to all customer addresses, without it being flagged for human review.

The hacker somehow got into Bitfinex’s systems, got access to an account that could change global limits, set the limit very high … and drained 2000 customer addresses into a single address.

posted by ectabo at 11:42 AM on February 15, 2022 [8 favorites]

books with secret compartments cut into the pages.

In which to hide the coins...when they eventually...err...picked them up...from the bank?
posted by Insert Clever Name Here at 11:48 AM on February 15, 2022 [1 favorite]

hot new cryptocurrency: Bookcoin
posted by taz at 11:54 AM on February 15, 2022 [4 favorites]

Boris and Razzlekhan here got sold access to one of these wallets at a steep discount by the actual Bitfinex hackers, because the ones who actually pulled off the heist are smart enough to know the only way to launder this money is by selling it to people dumb enough to think they can safely launder it.

Is there any sign that they had that kind of money? Even at a steep discount and years ago when BTC was lower, this seems like more money than they would have had unless they were already very wealthy.

Along those lines, I saw a good comment somewhere around here that said "If you have $1000 in Bitcoin, you have $1000. But if you have $10,000,000 in Bitcoin you have $0."

That has a nice sound to it, but ten million in BTC would not be that hard to sell. Last year, inflows to BTC were more than $6B, so selling $10M in BTC would not be difficult. If you have $10M in legitimate Bitcoin that you want to sell, you can soon have reasonably close to $10M in cash.
posted by ssg at 12:15 PM on February 15, 2022 [2 favorites]

Is there any sign that they had that kind of money?

The actual value of these particular unlaunderable BTC is literally zero, so even at a vertiginous discount the Bitfinex hackers are better off selling to wannabes than sitting on their imaginary and valueless hoard.

Someday we're going to look back and wonder at the collective insanity that led us as a society to look at a monetary system where literally every transaction is recorded in perfect publicly available detail, traceable back to the very origin of the currency, and tell ourselves "you know what this would be perfect for? crime"
posted by ook at 12:41 PM on February 15, 2022 [21 favorites]

Aren't there hundreds of millions missing? Seems like someone may have already laundered a significant amount, though we'll see if it remains laundered in the long term.
posted by ssg at 12:44 PM on February 15, 2022

None of it's "missing", every bitcoin ever mined is still sitting on the blockchain and fully traceable back to its origin. Some of it is no longer usable because the owner lost their passphrase, some of it is unusable because it's the known result of crime and any attempt to turn it into real money will attach that crime to a human.
posted by ook at 12:51 PM on February 15, 2022 [4 favorites]

Is anybody following up fragments of stolen coins that get spent? Or is there any way to check addresses for having received stolen BTC? I've gotten a few dollars in BTC but have no idea where it came from, nor any idea how to tell if some of it is stolen. (The amount is so low that probably nobody cares, but it would be interesting to know how to check.)
posted by spacewrench at 1:03 PM on February 15, 2022

all I can think of right now is Stewart from Letterkenny repeatedly saying "The Dark Web!"
posted by scruss at 1:13 PM on February 15, 2022 [5 favorites]

That has a nice sound to it, but ten million in BTC would not be that hard to sell.

The problem is not being able to sell it. The problem is that the combination of write-only ledgers and KYC laws means that turning any bitcoin associated with a crime into cash makes you an immediate and trivial target for law enforcement. Cryptocurrencies and anonymity cannot coexist, that was always an obvious lie.
posted by mhoye at 1:16 PM on February 15, 2022 [4 favorites]

There's kind of an interesting question there. Say you accept a small amount in Bitcoin as legitimate payment from someone who accepted it is a legitimate payment themselves and so on back through a number of people for a few years. Then it is discovered that that particular Bitcoin was stolen years ago.

Is the government going to step in and force you to give it back to whomever it was stolen from? Are you going to be able to then force the person who paid it to you to pay you back? Is some kind of financial regulator going to step in and cause this all to happen or would each step have to be pursued in the courts? And what about the Bitcoin that has been intentionally mixed, is someone going to try to get back their Bitcoins that were mixed and split up from 100 different chains of people?

All of this would essentially make Bitcoin unusable as currency or store of value or really anything you want to use it for. I'm not sure that means Bitcoin is doomed and people haven't realized it yet or maybe that this kind of scenario isn't that likely.
posted by ssg at 1:19 PM on February 15, 2022 [3 favorites]

...statute of limitations? Doesn't that play a role here? They just wait for that to elapse and, you know, your mother's brother's name is Richard. As they say.
posted by From Bklyn at 1:22 PM on February 15, 2022

Bitcoin, where every bill is marked! How is that not the conventional wisdom? Not that I'm interested in improving the scam, but it did occur to me.
posted by rhizome at 1:25 PM on February 15, 2022 [4 favorites]

Someday we're going to look back and wonder at the collective insanity that led us as a society to look at a monetary system where literally every transaction is recorded in perfect publicly available detail, traceable back to the very origin of the currency, and tell ourselves "you know what this would be perfect for? crime"

It’s just security through obscurity but it does seem to have worked for the better part of a decade before authorities got the hang of tracing it routinely.
posted by atoxyl at 1:48 PM on February 15, 2022 [1 favorite]

Some wallets are being locked up for having "tainted" coins in them; the results of coin mixing operations. It's a disease, any dirty coin (stolen, e.g.) that comes into contact with a clean coin via a mixing transaction will irrevocably soil it, which will then soil others and so on. It's like trying to disguise shit with chocolate; no matter how much chocolate you add, the result is always shit.

I've been generally positive about artists who can actually turn their work into cash via this circle-jerk, but more and more it's just all about the hype, the rake and the out-and-out theft via bizarre "smart contracts" or co-opted infrastructure, or any of a hundred other hacks. I can't recommend it any more.

I've been writing code for over 40 years and I know way too much about software and security and how basically impossible it is to write secure software. The exact point that made me say "no, just fuck no" was when I read that some absolute dipshit made this "money" Turing complete. OH GOD no. P!=NP means there's no way to guarantee that computer code will do what it's written to do, much less what it's intended to do, much less what someone says it does. SMART MONEY NOOOOO FUCKING WAY.
posted by seanmpuckett at 2:08 PM on February 15, 2022 [20 favorites]

That's the funniest thing about all these "DAOs" governed by "smart contracts." Congratulations, you took something that was formerly governed by legal standards like "would a reasonable person think this should happen?" and made it irrevocably hackable because you don't understand how software security works.
posted by Mr.Encyclopedia at 2:56 PM on February 15, 2022 [11 favorites]

That's what I can't understand about "smart contracts". We've spent the past thirty years trying to fix browsers because it turns out having a platform that diligently executes whatever code is embedded in a document opened by it is a bad idea.......and now people are earnestly promoting that as a feature for money that's sent to and from your wallet?

How do smart contracts even work? Presumably there's some crypto magic which gets around the whole trusting-clients-to-execute-code issue and prevents blockchain update thingamabobs from being valid unless a desired post-execution state is verified, but how do they work in a practical sense? Is there some sort of platform? An API? How are errors handled? How are they debugged? Where are they even executed? On the crypto-wallet-platform-thing? On your computer?
posted by RonButNotStupid at 2:59 PM on February 15, 2022 [2 favorites]

Someday we're going to look back and wonder at the collective insanity that led us as a society to look at a monetary system where literally every transaction is recorded in perfect publicly available detail, traceable back to the very origin of the currency, and tell ourselves "you know what this would be perfect for? crime"

There was a time when nobody was enforcing KYC because Bitcoin wasn't considered money by governments. Even today, one can convert relatively small amounts pretty trivially (but expensively) by doing it in small increments. The Bitcoin ATM will ask you for a phone number, but burner accounts are cheap enough that it's not a huge obstacle. If you need a larger amount, an army of smurfs is always an option.

That's not going to help if you stole your Bitcoin in a widely reported heist, but if you're a penny ante drug dealer or you extort a bunch of non-public companies for individual amounts small enough that it never gets reported, you can still convert your ill gotten gains in a way that doesn't make it a near certainty you'll get caught.
posted by wierdo at 3:29 PM on February 15, 2022

...statute of limitations? Doesn't that play a role here? They just wait for that to elapse and, you know, your mother's brother's name is Richard. As they say.

...Robert?
posted by saturday_morning at 3:44 PM on February 15, 2022 [9 favorites]

P!=NP means there's no way to guarantee that computer code will do what it's written to do, much less what it's intended to do, much less what someone says it does.

While I respect your premise that writing big free code is very hard, this sentence doesn’t make a lot of sense.
posted by mhoye at 4:28 PM on February 15, 2022 [11 favorites]

I think From Bklyn just called my uncle a dick.
posted by ssg at 4:39 PM on February 15, 2022 [3 favorites]

P!=NP means there's no way to guarantee that computer code will do what it's written to do, much less what it's intended to do, much less what someone says it does.

While I respect your premise that writing big free code is very hard, this sentence doesn’t make a lot of sense.

I took it to mean that "verifying code does what it's intended to do" is pretty easy, while "verifying code only does what it's intended to do" is much, much harder.
posted by Mr.Encyclopedia at 4:44 PM on February 15, 2022 [6 favorites]

...statute of limitations? Doesn't that play a role here? They just wait for that to elapse and, you know, your mother's brother's name is Richard. As they say.

Congratulations, you've just described an ongoing conspiracy which will be prosecuted instead. If they want you, they'll get you.
posted by explosion at 5:14 PM on February 15, 2022 [1 favorite]

How do smart contracts even work? Presumably there's some crypto magic which gets around the whole trusting-clients-to-execute-code issue and prevents blockchain update thingamabobs from being valid unless a desired post-execution state is verified, but how do they work in a practical sense? Is there some sort of platform? An API? How are errors handled? How are they debugged? Where are they even executed? On the crypto-wallet-platform-thing? On your computer?

My understanding:

They are executed by the blockchain. Or rather, the majority of machines validating the transactions (the "miners") each must run the code and agree on the results. So despite running on thousands of computers, the entire system has the computing power of say, an Atari 2600.

Errors are handled by giving all your money to whoever finds the error, in a sort of Randian bug bounty.
posted by justkevin at 5:42 PM on February 15, 2022 [11 favorites]

a tontine of git blame
posted by clew at 6:03 PM on February 15, 2022 [9 favorites]

After reading that David Gerard link, I 90% believe these two were the actual thieves. Especially

But I will say that they have the minimal skills needed to even try this. And definitely the bull-headed persistence.

And really — how much social engineering skill do you need to fox crypto people? I mean, they already bought cryptos.

posted by 3j0hn at 9:09 PM on February 15, 2022 [5 favorites]

*slaps forehead*
posted by From Bklyn at 11:50 PM on February 15, 2022

“Being smart in no way stops you from being stupid,” as I said to the Financial Times.

Thanks for the David Gerard link.
posted by Bella Donna at 3:29 AM on February 16, 2022 [3 favorites]

I still don't understand any of this. How is crypto anything but a headless Ponzi scheme, where the only way to make actual money on it is by selling it someone who is stupid enough to pay more for it than you did?

Sure, you can use it to buy goods and services from other people who think crypto is cool, but how does that make it any better than or different from real money? I feel like an old man yelling at cloud.
posted by Ben Trismegistus at 7:55 AM on February 16, 2022 [2 favorites]

That's exactly what it is, Ben. A "greater fool" scam, where every chump who has a pile of garbage has to find an even dumber chump to buy their garbage at an even more inflated price. Everything derives from there. It's not even tulips (which are pretty flowers) or Beanie Babies (which are cute stuffed animals). It's just, literally, meaningless digital garbage.
posted by seanmpuckett at 8:01 AM on February 16, 2022 [6 favorites]

Sure, you can use it to buy goods and services from other people who think crypto is cool, but how does that make it any better than or different from real money?

It's actually worse than using actual money to buy goods and services because the transaction takes a long time to process. Crypto is not a solution to any real problem that I'm aware of, only an alternative and a worse one.
posted by nubs at 8:25 AM on February 16, 2022 [6 favorites]

Thanks seanmpuckett and nubs. Glad to know I'm not missing something important.
posted by Ben Trismegistus at 8:56 AM on February 16, 2022 [1 favorite]

It's not even tulips (which are pretty flowers) or Beanie Babies (which are cute stuffed animals). It's just, literally, meaningless digital garbage.

Part of the tulip bubble was that people were going crazy for plants that were produced via viral mutation that didn't propagate to subsequent generations (so it didn't have value as breeding stock). They specifically got scammed by their purchase not be able to breed true. A similar scam happens now in succulent plant sales where some plants are deliberately dwarfed or variegated through the use of chemicals and hormones and upon purchase lose their distinctiveness due to withdrawal of the mutagens and don't breed true to the sale displayed form. These cases were/are more fraud (inadvertent before tulip viruses were understood and intentional nowadays) than a greater fool bubble.

Crypto is just a really awkward currency that is plagued with lots of problems. The big one being it's lack of liquidity. You can't easily turn crypto into other things without significant hassle and transaction costs. Then you have the lack of regulation, the volatility, lack of trust, security problems, and durability issues. I do suppose it is better than giant stone coins in that it is more portable.
posted by srboisvert at 6:17 AM on February 17, 2022 [1 favorite]

I do suppose it is better than giant stone coins in that it is more portable.

Yeah, but once you get your giant stone coins to market, you can just flatten inflation.
posted by nubs at 7:40 AM on February 17, 2022 [3 favorites]

Your mention of the giant stone coins made me remember them, I was fascinated by the idea of them as a kid - so I looked them up. I think they were perhaps the earliest known form of the blockchain:

The stones were highly valued by the Yapese, and used for important ceremonial gifts. The ownership of a large stone, which would be too difficult to move, was established by its history as recorded in oral tradition, rather than by its location. Thus a change of ownership was effected by appending the transfer to the oral history of the stone...

...Although the ownership of a particular stone might change, the stone itself is rarely moved due to its weight and risk of damage. Thus the physical location of a stone was often not significant: ownership was established by shared agreement, and could be transferred even without physical access to the stone. Each large stone had an oral history that included the names of previous owners. In one instance, a large rai being transported by canoe and outrigger was accidentally dropped and sank to the sea floor. Although it was never seen again, everyone agreed that the rai must still be there, so it continued to be transacted as any other stone.
posted by nubs at 7:53 AM on February 17, 2022 [12 favorites]