There's a £60m Bitcoin heist going down right now, and you can watch in real-time

Sheep Marketplace closed down over the weekend after someone got away with 96,000 bitcoins - and angry users are chasing him around the internet.

One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins - that’s roughly £60m as of the time of writing - was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

Here's what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site's administrators realised what was happening and shut everything down.

Originally it was thought that only 5,200BTC - or £3m - was taken, with a message posted on Sheep's homepage blaming a vendor called "EBOOK101" for finding and exploiting a bug. However, over the weekend it became clear that the amount stolen was much, much larger.

In a normal robbery that money would be gone by now, but it isn't. Bitcoin is pseudonymous, not anonymous, and bitcoins can’t just disappear. It works because each and every transaction is public and visible to each and every other person using the Bitcoin network, and a person is only as anonymous as their link to their wallet.

A couple of reddit users realised that the sheer size of the heist makes “tumbling” the coins - the normal method of laundering bitcoins - impossible, as long as they kept on their toes. Someone with bitcoin can send some to a tumbler like bitcoinfog, where it will be split into smaller subdivisions and mixed with other bitcoins from other places, recombining and splitting again several times over until the whole amount eventually comes out the other end, theoretically in such a way that it’s impossible to track. Silk Road’s in-built tumbler successfully foiled the FBI, allegedly.

However, reddit user TheNodManOut managed to track where the first bunch of transfers out of Sheep went, and from there and silkroadreloaded2 worked out which tumbler that the thief was using. Here’s how silkroadreloaded2 describes what’s happened since (“Tomas” is the alleged owner of Sheep, and one of the suspects for many users):

All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind "Tomas".

He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I "666"ed him - sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.


He was tumbling our stolen bitcoins a second time, and a tumbler is unbeatable....

Unless you guess which one it is, nearly all the coins belong to the person you're tracking, jump in with him, and get jumbled up through the same wallets using the same algorithm. I was hopping from foot to foot shouting "come on!" at my laptop, waiting an age for 6 blockchain confirmations to get 0.5 btc into "bitcoin fog". My half a bitcoin got sliced and diced through loads of wallets and I followed the biggest chunk with - along with 96,000 stolen ones!

Or, in other words:

He gathered 96,000 in one pot, then split it into about 50 smaller ones. then he saw me 666ing them all. Imagine a sports stadium with 96,000 people in it, each with $1000.

He sent them all via different routes all over the world, but the same 96,000 people then arrived at a different stadium and he went to bed.

Now there are 96,001, and I just phoned you on my mobile to tell you where the stadium is.

A major problem with tumblers is that they only work with lots of bitcoins coming and going from a lot of different sources - if a tumbler is taking in 96,000 bitcoins, those will massively outnumber all other bitcoins being tumbled and it’ll be easy to spot them coming out the other end. Mix in a little of your own with all those other ones and you'll find out the wallet addresses that the tumbler uses, and it should be easy to spot large transactions splitting off from there.

The fascinating consequence of this is that you can see the stolen bitcoins on the public blockchain, and as long as there are people keeping tabs on it there’s going to be no way for the thief to cash in on their haul. Considering how people rely on tumblers to maintain anonymity when buying illegal stuff online, this unusual loophole is something of a revelation.

Right now, as you’re reading this, you can watch as the the thief starts trying to move their bitcoins on again - it’s currently down to 92,000 bitcoins and dropping as smaller chunks begin going out. Selling those bitcoins and turning them into cash is going to be extremely difficult, as the major Bitcoin exchanges all demand proof of identity (specifically to avoid charges that they're involved in money laundering), and if they're broken down into smaller quantities to sell via a site like a paper trail will still be generated. As soon as it's possible to link one real-life bank account or identity to any bitcoins from that stash, it will be possible to work out their real-life identity.

This counts as one of the largest robberies in history at Bitcoin's current market value, ranking in the same company as real-life thefts like the $108m diamond theft at the Harry Winston store in Paris in 2008. 96,000 bitcoins also places the thief as one of the wealthiest Bitcoin millionaires on the current rich list (but bear in mind that few serious Bitcoin players keep their currency in just one wallet) - and all without having to go to the trouble of wearing balaclavas or threatening someone with a gun.

Let's watch and see what happens next.

Some fan-made physical bitcoins. (Photo: antanacoins/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Show Hide image

“A cursed project”: a short history of the Facebook “like” button

Mark Zuckerberg didn't like it, it used to be called the “awesome button”, and FriendFeed got there first. 

The "like" button is perhaps the simplest of the website's features, but it's also come to define it. Companies vie for your thumbs up. Articles online contain little blue portals which send your likes back to Facebook. The action of "liking" something is seen to have such power that in 2010, a class action lawsuit was filed against Facebook claiming teenagers should not be able to "like" ads without parental consent. 

And today, Facebook begins trials of six new emoji reaction buttons which join the like button at the bottom of posts, multiplying its potential meanings by seven: 

All this makes it a little surprising that Facebook CEO Mark Zuckerberg spent a good portion of the noughties giving the like button a thumbs down. According to Andrew Bosworth, Vice President of Advertising and Pages at Facebook (and known simply as "Boz") it took nearly two years to get the concept of an approval button for posts off the ground.

In a fascinating Quora thread, Boz explains that the idea of a star, plus sign or thumbs up for posts first came up in July 2007, three years after "TheFacebook" launched in 2004. Throughout these initial discussions, the proposed bursts of positivity was referred to as an "awesome button". A few months later someone floated the word "like" as a replacement, but, according to Boz, it received a "lukewarm" reception. 

The team who ran the site's News Feed feature were keen, as it would help rank posts based on popularity. The ad team, meanwhile, thought "likes" could improve clickthrough rates on advertisements. But in November 2007, the engineering team presented the new feature to Mark Zuckerberg, and, according to Boz, the final review "[didn't] go well". The CEO was concerned about overshadowing the Facebook "share" and comment features - perhaps people would just "awesome" something, rather than re-posting the content or writing a message. He also wanted more clarification on whether others would see your feedback or not. After this meeting, Boz writes, "Feature development as originally envisioned basically stops". 

The teams who wanted the button forged ahead with slightly different features. If you were an early user, you might remember that News Feed items and ads collected positive or negative feedback from you, but this wasn't then displayed to other users. This feature was "ineffective", Boz writes, and was eventually shut down. 

So when Jonathan Piles, Jaren Morgenstern and designer Soleio took on the like button again in December 2008, many were skeptical: this was a "cursed project", and would never make it past a sceptical Zuckerberg. Their secret weapon, however was data scientist Itamar Rosenn, who provided data to show that a like button wouldn't reduce the number of comments on a post. - that, in fact, it increased the number of comments, as likes would boost a popular post up through the News Feed. Zuckerberg's fears that a lower-impact feedback style would discourage higher value interactions like reposting or commenting were shown to be unfounded. 

A bigger problem was that FriendFeed, a social aggregator site which shut down in April 2015, launched a "like" feature in October 2007, a fact which yielded some uncomfortable media coverage when Facebook's "like" finally launched. Yet Boz claims that no one at Facebook clocked onto FriendFeed's new feature: "As far as I can tell from my email archives, nobody at FB noticed. =/". 

Finally, on 9 February 2009, "like" launched with a blogpost, "I like this", from project manager Leah Pearlman who was there for the first "awesome button" discussions back in 2007. Her description of the button's purpose is a little curious, because it frames the feature as a kind of review: 

This is similar to how you might rate a restaurant on a reviews site. If you go to the restaurant and have a great time, you may want to rate it 5 stars. But if you had a particularly delicious dish there and want to rave about it, you can write a review detailing what you liked about the restaurant. We think of the new "Like" feature to be the stars, and the comments to be the review.

Yet as we all know, there's no room for negative reviews on Facebook - there is no dislike button, and there likely never will be. Even in the preliminary announcements about the new emoji reactions feature, Zuckerberg has repeatedly made clear that "dislike" is not a Facebook-worthy emotion: "We didn’t want to just build a Dislike button because we don’t want to turn Facebook into a forum where people are voting up or down on people’s posts. That doesn’t seem like the kind of community we want to create."

Thanks to the new buttons, you can be angry, excited, or in love with other people's content, but the one thing you can't do is disapprove of its existence. Championing positivity is all well and good, but Zuckerberg's love of the "like" has more to do with his users' psychology than it does a desire to make the world a happier place. Negative feedback drives users away, and thumbs-down discourages posting. A "dislike" button could slow the never-ending stream of News Feed content down to a trickle - and that, after all, is Facebook's worst nightmare. 

Barbara Speed is a technology and digital culture writer at the New Statesman and a staff writer at CityMetric.