There's a £60m Bitcoin heist going down right now, and you can watch in real-time

Sheep Marketplace closed down over the weekend after someone got away with 96,000 bitcoins - and angry users are chasing him around the internet.

One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins - that’s roughly £60m as of the time of writing - was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

Here's what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site's administrators realised what was happening and shut everything down.

Originally it was thought that only 5,200BTC - or £3m - was taken, with a message posted on Sheep's homepage blaming a vendor called "EBOOK101" for finding and exploiting a bug. However, over the weekend it became clear that the amount stolen was much, much larger.

In a normal robbery that money would be gone by now, but it isn't. Bitcoin is pseudonymous, not anonymous, and bitcoins can’t just disappear. It works because each and every transaction is public and visible to each and every other person using the Bitcoin network, and a person is only as anonymous as their link to their wallet.

A couple of reddit users realised that the sheer size of the heist makes “tumbling” the coins - the normal method of laundering bitcoins - impossible, as long as they kept on their toes. Someone with bitcoin can send some to a tumbler like bitcoinfog, where it will be split into smaller subdivisions and mixed with other bitcoins from other places, recombining and splitting again several times over until the whole amount eventually comes out the other end, theoretically in such a way that it’s impossible to track. Silk Road’s in-built tumbler successfully foiled the FBI, allegedly.

However, reddit user TheNodManOut managed to track where the first bunch of transfers out of Sheep went, and from there and silkroadreloaded2 worked out which tumbler that the thief was using. Here’s how silkroadreloaded2 describes what’s happened since (“Tomas” is the alleged owner of Sheep, and one of the suspects for many users):

All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind "Tomas".

He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I "666"ed him - sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.

Shit!

He was tumbling our stolen bitcoins a second time, and a tumbler is unbeatable....

Unless you guess which one it is, nearly all the coins belong to the person you're tracking, jump in with him, and get jumbled up through the same wallets using the same algorithm. I was hopping from foot to foot shouting "come on!" at my laptop, waiting an age for 6 blockchain confirmations to get 0.5 btc into "bitcoin fog". My half a bitcoin got sliced and diced through loads of wallets and I followed the biggest chunk with blockchain.info - along with 96,000 stolen ones!

Or, in other words:

He gathered 96,000 in one pot, then split it into about 50 smaller ones. then he saw me 666ing them all. Imagine a sports stadium with 96,000 people in it, each with $1000.

He sent them all via different routes all over the world, but the same 96,000 people then arrived at a different stadium and he went to bed.

Now there are 96,001, and I just phoned you on my mobile to tell you where the stadium is.

A major problem with tumblers is that they only work with lots of bitcoins coming and going from a lot of different sources - if a tumbler is taking in 96,000 bitcoins, those will massively outnumber all other bitcoins being tumbled and it’ll be easy to spot them coming out the other end. Mix in a little of your own with all those other ones and you'll find out the wallet addresses that the tumbler uses, and it should be easy to spot large transactions splitting off from there.

The fascinating consequence of this is that you can see the stolen bitcoins on the public blockchain, and as long as there are people keeping tabs on it there’s going to be no way for the thief to cash in on their haul. Considering how people rely on tumblers to maintain anonymity when buying illegal stuff online, this unusual loophole is something of a revelation.

Right now, as you’re reading this, you can watch as the the thief starts trying to move their bitcoins on again - it’s currently down to 92,000 bitcoins and dropping as smaller chunks begin going out. Selling those bitcoins and turning them into cash is going to be extremely difficult, as the major Bitcoin exchanges all demand proof of identity (specifically to avoid charges that they're involved in money laundering), and if they're broken down into smaller quantities to sell via a site like localbitcoins.com a paper trail will still be generated. As soon as it's possible to link one real-life bank account or identity to any bitcoins from that stash, it will be possible to work out their real-life identity.

This counts as one of the largest robberies in history at Bitcoin's current market value, ranking in the same company as real-life thefts like the $108m diamond theft at the Harry Winston store in Paris in 2008. 96,000 bitcoins also places the thief as one of the wealthiest Bitcoin millionaires on the current rich list (but bear in mind that few serious Bitcoin players keep their currency in just one wallet) - and all without having to go to the trouble of wearing balaclavas or threatening someone with a gun.

Let's watch and see what happens next.

Some fan-made physical bitcoins. (Photo: antanacoins/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Flickr: woodleywonderworks
Show Hide image

Lol enforcement: meet the man policing online joke theft

A story of revenge, retweets, and Kale Salad. 

A man walks into a bar and he tells a joke. The man next to him laughs – and then he tells the same joke. The man next to him, in turn, repeats the joke. That bar’s name is Twitter.

If you’ve been on the social network for more than five minutes, you’ll notice that joke theft is rampant on the site. Search, for example, for a popular tweet this week (“did everyone just forget about the part of 2016 when literal clowns would chase people with knives in public and nobody really did anything” – 153,000 retweets) and you’ll see it has been copied 53 times in the last three days.

One instance of plagiarism, however, is unlike the others. Its perpetrator is the meme account @dory and its quick Ctrl+C, Ctrl+V has over 3,500 retweets. This account frequently copies the viral posts of Twitter users and passes them off – word for word – as its own. Many similar accounts do the same, including @CWGirl and @FatJew, and many make money by promoting advertising messages to their large number of followers. Twitter joke theft, then, is profitable.

In 2015, Twitter promised to clamp down on the unchecked plagiarism on its site. “This Tweet from [user] has been withheld in response to a report from the copyright holder,” read a message meant to replace stolen jokes on the site. It’s likely a message you’ve never seen.

Dissatisfied with this solution, one man took it upon himself to fight the thieves. 

“I'm a like happy internet kind of guy,” says Samir Mezrahi, a 34-year-old from New York who runs the Twitter account @KaleSalad. For the last six months, Mezrahi has used the account to source and retweet the original writers of Twitter jokes. Starting with a few hundred followers at the end of December 2016, Mezrahi had jumped to 50,000 followers by January 2017. Over 82,000 people now follow his account.  

“I've always been a big fan of like viral tweets and great tweets,” explains Mezrahi, over the sound of his children watching cartoons in the background. “A lot of people were fed up with the meme accounts so it’s just like a good opportunity to reward creators and people.”

Samir Mezrahi, owner of @KaleSalad

I had expected Mezrahi to be a teen. In actual fact he is a father of three and an ex-Buzzfeed employee, who speaks in a calm monotone, yet is enthusiastic about sharing the best content on Twitter. Though at first sourcing original tweets for Kale Salad was hard work, people now approach Mezrahi for help.

“People still reach out to me looking for vindication and just that kind of, I don’t know, that kind of acknowledgement that they were the originals. Because all so often the meme accounts are much larger and their tweets do better than the stolen tweet.”

But just why does having a tweet stolen suck so much? In the grand scheme of things, does it matter? Did everyone just forget about the part of 2016 when literal clowns would chase people with knives in public and nobody really did anything?

Meryl O’Rourke is a comedian and writer who tweets at @MerylORourke, and now has a copyright symbol (©) after her Twitter name. In the past she has had her jokes stolen and reposted, unattributed, on Facebook and Twitter and hopes this symbol will go some way to protecting her work.

“It’s hard to explain how it felt... as a struggling writer you’re always waiting for anything that looks like recognition as it could lead to your break,” she explains. “When your work gains momentum you feel like your opportunity ran off without you.

“Twitter is a test of a writer’s skill. To spend time choosing exactly the right words to convey your meaning with no nuance or explanation, and ensure popularity and a chuckle, in the space of only 140 characters – that’s hard work.”

However, Mezrahi has found not everyone is bothered by their tweets being stolen. I found the same man I reached out to with a stolen tweet who said he didn’t want to speak to me because it felt too “first world problems” to complain. Writers like O’Rourke are naturally more annoyed than random teenagers, who Mezrahi says are normally actually pleased about the theft.

“If you go to [a teenager’s] timeline it’s always the same thing. They’re replying to all their friends saying like ‘I’m famous’, they’re retweeting the meme accounts saying like ‘I did it’… they don’t mind as much it seems. It’s kind of like a badge of honour to them.”

Sometimes, people even ask Kale Salad to unretweet their posts. College students with scholarships, in particular, might not actually want to go viral – or some viral tweets may accidentally include personal information. On the whole, however, people are grateful for his work.

Yet the Kale Salad account does have unintended consequences. Mezrahi has now been blocked by the major meme accounts that frequently steal jokes, meaning he had to create alternate accounts to view their content. But just because he can’t see them doesn’t mean they don’t see him – and he has noticed that these accounts now actually come to his profile to steal jokes he has retweeted, in a strange role-reversal.

“There are definitely times when they're picking up things that I just retweeted, like I know they're like looking at me too,” he says. “It feels like vindicated or validated that they come to me.”

Mezrahi now works in social media on a freelance basis, but would be open to making Kale Salad profitable. Earlier this year he set up an account on Patreon – a site that allows fans to pay their favourite creators. Some people didn’t approve of this, tweeting to say he is “just retweeting tweets”. So far, Mezrahi has three patrons who pay him $50 (£39) a month.

“I mean I spend a certain amount of time on this and I think it’s a pretty good service, so I've been thinking about monetisation and thought that might be a route,” he explains. He believes he is providing an important service by “amplifying” creators, and he didn’t want to make money in less transparent ways, such as by posting sponsored advertisements on his account. Yet although many online love Kale Salad, they don’t, as of yet, want to pay him.

“Twitter should buy my account because I’m doing a good thing that people like every day,” he muses.

Many might still be sceptical of the value of a joke vigilante. For those whose jokes aren’t their bread or butter, tweet theft may seem like a very minimal problem. And although it arguably is, it’s still incredibly annoying. Writing in Playboy, Rob Fee explains it best:

“How upsetting is it when you tell a joke quietly in a group of friends, then someone else says it louder and gets a huge laugh? Now imagine your friend following you every day listening for more jokes because people started throwing money at him every time he repeated what you said. Also, that friend quit his job because he made enough to live comfortably by telling your jokes louder than you can. Odds are, you’d quickly decide to find new friends.”

For now, then, Kale Salad will continue his work as the unpaid internet police. “As long as people like the service, I don’t mind doing it. If that's a year or two years or what we'll see how the account goes,” he says.

“Twitter is fun and I like the fun days on the internet and I like to help contribute to that.

“The internet is for fun and not all the sadness that’s often there.”

Amelia Tait is a technology and digital culture writer at the New Statesman.

0800 7318496