Security
Headlines
HeadlinesLatestCVEs

Headline

IRS Seizes Another Silk Road Hacker’s $3.36 Billion Bitcoin Stash

A year after a billion-dollar seizure of the dark web market’s crypto, the same agency found a giant trove hidden under a different hacker’s floorboards.

Wired
#vulnerability#web

The legendary dark-web market for drugs known as the Silk Road was designed to be an anarchic underworld economy that evaded all government control. Instead, years after it was torn offline, it’s proven to be the IRS’s gift that keeps on giving.

On Monday, the US Department of Justice announced that a Georgia man named James Zhong has pleaded guilty to wire fraud nine years after stealing more than 50,000 bitcoins from the Silk Road. As part of his plea agreement, Zhong has forfeited that massive stash of bitcoins to the DOJ—a sum that, at the time of the coins’ seizure in late 2021, would have been the biggest-ever Justice Department seizure not only of cryptocurrency but of currency of any kind. The bitcoins were ultimately found stored on what’s described in court records as a “single-board computer” hidden in a popcorn can, along with more than $600,000 in cash and precious metals, all held in a safe under the floorboards of a bathroom closet in Zhong’s home.

The newly revealed case represents yet another notch in the belt for IRS Criminal Investigations, or IRS-CI, which over the past several years has used—very often in partnership with blockchain analysis firm Chainalysis—cryptocurrency tracing techniques that have led to record-breaking troves of ill-gotten bitcoins and to the alleged hackers and money launderers who amassed them. In fact, Zhong is the second Silk Road hacker to turn over a billion-dollar cache of coins to the IRS-CI, after another unnamed individual agreed the previous year to forfeit nearly 70,000 bitcoins he’d stolen from the drug market—a record-breaking, even larger collection of coins that was worth $1 billion at Bitcoin’s lower exchange rate at the time. Both those records were again broken earlier this year by IRS-CI’s case against two alleged money launderers in New York accused of pocketing $4.5 billion in cryptocurrency stolen from the Bitfinex exchange.

“Thanks to state-of-the-art cryptocurrency tracing and good old-fashioned police work, law enforcement located and recovered this impressive cache of crime proceeds,” wrote US Attorney Damian Williams, a prosecutor for the Southern District of New York, in a statement about the latest indictment and 10-figure seizure. "This case shows that we won’t stop following the money, no matter how expertly hidden, even to a circuit board in the bottom of a popcorn tin.”

The hidden safe where investigators found a popcorn tin containing a storage device with Zhong’s $3.36 billion in Bitcoin.

Photograph: Department of Justice

According to an IRS-CI affidavit detailing Zhong’s theft of the 50,000-plus bitcoins from the Silk Road, he appears to have found a vulnerability in that dark-web market that in 2012 allowed him to somehow pull more coins out of accounts he created there than he had deposited. The affidavit describes how he registered a succession of accounts on the site with names like “thetormentor” and “dubba,” deposited a sum of coins into the Bitcoin wallets for each account, and then made repeated withdrawals of the entire sums held there within a single second to multiply his money several times over. This apparently exploited a bug in the Silk Road that allowed those rapid-fire withdrawals without first confirming that the requested money still existed in a user’s account. “In this fashion, [Zhong], using each of the fraud accounts, moved at least approximately 50,000 Bitcoin out of Silk Road in just a few days,” reads the affidavit, which was signed by IRS-CI special agent Trevor McAleenan.

Over the nine years that followed, Zhong appears to have left that massive windfall almost entirely unspent—perhaps for fear that cashing it out into traditional currency would attract the attention of law enforcement. But even that epic restraint appears to have been in vain, as IRS-CI investigators nonetheless traced Zhong’s coins to his accounts on an unnamed cryptocurrency exchange, which revealed his identity. Zhong’s case closely mirrors the story of the earlier Silk Road hacker, referred to in court documents only as Individual X, who similarly exploited a vulnerability in the Silk Road to take nearly 70,000 bitcoins from the site and hold them for more than seven years. But, perhaps due to the vagaries of negotiations over massive cryptocurrency fortunes, no charges against Individual X have been publicly revealed. Zhong, by contrast, now faces a wire fraud conviction that carries as much as 20 years in prison.

The Silk Road was torn down by a massive law enforcement operation in late 2013, leading to the arrest of Ross Ulbricht, the site’s creator, who was sentenced to life in prison and ordered to pay $183 million in restitution. In yet another bizarre twist, however, a portion of the seized 70,000 bitcoins taken from the Silk Road by Individual X were applied toward Ulbricht’s debt, paying it off in full in exchange for his agreement not to lay any claim to the remaining money.

Using bitcoins stolen from the Silk Road to pay off the restitution of that site’s creator may seem like a strange turn of events. But in an era when IRS-CI cryptocurrency seizures regularly pours billions of dollars into the US Treasury, there seems to be plenty to go around.

Wired: Latest News

Bitfinex Hacker Gets 5 Years for $10 Billion Bitcoin Heist