Cryptocurrency Stolen Between Mid 2016 to Late 2017 Put Into Perspective
Let’s make some initial comparisons
One of the most shocking aspects of my case has always been the number of victims who were hacked by the same attacker and the size of the losses. I know of at least 20 people who were T-mobile or Verizon customers who were hacked and had their cryptocurrency stolen from them and the most recent one was only a few months ago. In many instances we know that a large number of us are related based upon news reports and comparing details of the incidents. When talking to reporters who have investigated these incidents they have told me they believe the number of victims to be greater than 100 people. The evidence we have points to a single thief or group of thieves which carried out most if not all of these incidents.
that puts the total losses for the top 10 victims easily above 8 million dollars in value given the current prices of ETH, REP, and BTC. I’m somewhere in the top 10 and I lost 1.5 million USD (the price of ETH being 400 USD). Given a bell curve distribution where the average victim lost the equivalent of 500 ETH or 25 BTC (equivalent to approx 190,000 dollars by today’s value) I can confidently say that our total losses far exceed $20 million USD and if I had to guess I’d say it’s likely much closer to $40 million USD.
Let me put that in perspective for you. There has never been a cash robbery in US history that has been larger that $20 million USD.
- Sept. 1997 Dunbar Armored robbery $18.9 million The largest cash heist in U.S. history
- March 1997 Loomis Fargo robbery $18.8 million The second largest cash heist in U.S. history
- October 1997 Loomis Fargo robbery $17.3 million The fourth largest cash heist in U.S. history
Apparently 1997 was a good year for bank robberies. Again it is believed that most of the cryptocurrency thefts which started in Oct. / Nov. of 2016 were carried out by a single person or group of people who were most active the six months between Oct. of 2016 and March of 2017.
Treatment of Bitcoin Under U.S. Property Law
In this white paper, the authors analyze the treatment of bitcoin under applicable U.S. property law. The authors conclude that property interests should exist in bitcoin under such law.
This paper makes many arguments for why cryptocurrency should be treated as property. I will only be highlighting a single argument from their paper which I feel provides the strongest basis for their claim. The argument I find most persuasive from this paper is that cryptocurrency represents ownership of the blockchain in the same way that domain names represent ownership of the protocols which underpin the internet. To be clear, the described court case didn’t use language which describes the internet as a protocol suite and domain names as ownership of a part of this protocol, but it’s not a stretch to make such a claim on the basis of established case law. The court case does however establish legal precedent which affirms that ownership of domain names is ownership of a form of digital property. For this reason it provides a great opportunity by which we can establish ownership of cryptocurrency as ownership of digital property.
In 1992, the U.S. Court of Appeals for the Ninth Circuit distilled three criteria that remain the prevailing standard for when California law will recognize a property right: “First, there must be an interest capable of precise definition; second, it must be capable of exclusive possession or control; and third, the putative owner must have established a legitimate claim to exclusivity.”
This standard was used as the basis to establish ownership of a domain name as being classified as ownership of digital property.
In a widely cited 2003 case, Kremen v. Cohen, the Ninth Circuit concluded that Internet domain names are a form of intangible property under California law. In reaching this outcome, the court applied the prevailing three-part test as follows: first, like a “corporate stock or a plot of land, a domain name is a well-defined interest”; second, “ownership is exclusive in that the domain registrant alone makes” the decision as to what is on the associated webpage; and third, there is a legitimate claim to exclusivity given the act of registering a domain name and the investment involved in developing and maintaining a webpage.
To summarize the details of this case Steven Cohen stole the domain name sex.com from Gary Kremen by writing a letter to network solutions making the false claim that Mr. Kremen gave the domain name to Mr. Cohen. If you want to find out more about the details of this case I recommend you listen to season 6 episode 2 of the Gimlet Media Startup podcast where Gary Kremen relates the story himself. Or you can also watch this youtube video from today I found out. This is from the sex.com entry in wikipedia:
Cohen was ordered to pay $25 million into court; in April 2001, the California District Court awarded Kremen an additional $40 million for lost earnings, for a total judgment of $65 million.
This is $65 million dollars for the single most infamous domain name on the internet. Additionally Kremen settled his lawsuit against Network Solutions for an undisclosed amount said to be in the millions of dollars, enough for Kremen to retire by his own account.
Continuing with the whitepaper they make this observation:
Given the requirement to have the correct private key to transfer ownership of UTXOs, bitcoin ownership is much more analogous to the domain address at issue in Kremen, where the domain registrant could fully control the site associated with an address.
Third, users have a “legitimate claim to exclusivity” in their UTXO ownership interests. In Kremen, the court cited two factors underlying a “legitimate” claim to exclusivity for purposes of property rights. We address these as follows:
One factor discussed in Kremen is that a domain name owner’s address is publicly registered, “like staking a claim to a plot of land at the title office,” thus informing others “that the domain name is the registrant’s and no one else’s.” Similarly, in a proposed bitcoin transaction, the transaction is broadcast to the entire bitcoin network to determine the validity of the underlying UTXO ownership interest so as to ensure that there is no fraudulent transfer of interest. Once the transaction is validated, the transferred ownership interest is irrevocably recorded in the form of the new, output UTXOs that correspond to specific public addresses on the blockchain (which is available for anyone to see).
The court documents asserted that a domain name was property analogous to a brand or a trademark. A domain name is non-physical (digital) property in a way that transcends a brand or a trademark. A brand or a trademark may require an initial investment to promote an idea, product or service but ownership of intellectual property such as a trademark doesn’t imply ownership of the underlying protocol used to issue trademarks. By contrast a domain name is a share of ownership of the internet itself. In order to register a domain name one must use the DNS system to resolve a domain name. The very system of domain names allows one to navigate the internet to claim ownership to the digital property of a domain name. The internet isn’t owned by any one government, nation state, or corporation. The system of trademarks, patents and copyright is entirely enforced by governments and nation states. The internet transcends these boundaries.
Here is a ridiculous analogy, what if owning a gas station provided you with ownership of part of the highway connected to the gas station? This analogy reinforces how physical objects have a lower degree of interconnectedness than internet protocols. In the world of internet protocols owning a part of that protocol entitles you to some partial ownership of the internet itself. Owning a gas station never implies ownership of any property in the vicinity of the gas station i.e. the road that leads to it.
I highly recommend you listen to the Gimlet Media Startup podcast episode because it reinforces the point that Mr. Kremen did nothing to make the property sex.com more valuable over time. He did not build the brand sex.com but simply used it to redirect traffic to other sites on the internet. As more people used the internet there were more porn sites competing to pay for the privilege to have traffic redirected to their site. Mr. Kremen did nothing to make sex.com valuable as a brand, he simply watched as the internet became more and more valuable. Unlike a brand where value is completely dependent on the work you do to build your brand, the value of this specific domain name was instead dependent on how many people valued the internet and used it.
The internet is composed of multiple protocols the sum total of which is a symbol for the most valuable protocol suite the human race has ever created to communicate and publish content. Domain names therefore are ownership of the most valuable protocol the human race has ever created, and this will continue to be true so long as people continue to use the internet.
The paper concludes this section by saying:
Kremen also emphasized the public policy interest in recognizing that domain name registrants “invest substantial time and money” to develop websites, and that protecting property interests in domain names therefore “promote the growth of the Internet overall.” Similar policy interests underpin the legitimacy of bitcoin owners’ property interest in their UTXOs. A great deal of risk, innovation, and investment has gone into the creation of the bitcoin/blockchain ecosystem since its inception, and it has already yielded numerous business use cases and promises more in the future. Moreover, bitcoin owners themselves have developed and sought robust protections for their bitcoins — including “cold storage” and back-up mechanisms, multi-signature arrangements, paper wallets, and insurance — and have gravitated toward vendors who provide such protections. Protecting the investment-backed expectations of bitcoin owners is essential to promoting the further growth of this system, just as protecting domain name ownership interests was critical to promoting Internet development.
For the above reasons, we believe that an intangible property right should exist in bitcoin under California law.
UPDATE: THE FBI CATCHES THE CRIMINALS
Krebs on security — More Alleged SIM Swappers Face Justice
I was wrong for criticizing the FBI. The wheels of justice move slowly but they eventually do catch up to the criminals (at least the slow and careless ones). Still if they had moved a bit faster there would have been fewer victims.
Co-Conspirator #1 Thank you for ratting out Ahmad Wagaafe Hared and Matthew Gene Ditman. Although you were a total jerk to me over the phone, I think I can find it in my heart to forgive you, if you reform yourself. But at the very end of your life you’ve got to live with what you’ve done, both good and bad. And if the bad outweighs the good then it will drag you down into the abyss.
NEVER CONTACT ME AGAIN. If you do I will enlist the authorities to track you down for extortion. Then they will put you in prison, in a cell with your two friends. I know which FBI officers you worked with and I have them on speed dial. No hard feelings, best of luck.