There's a £60m Bitcoin heist going down right now, and you can watch in real-time

Sheep Marketplace closed down over the weekend after someone got away with 96,000 bitcoins - and angry users are chasing him around the internet.

One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins - that’s roughly £60m as of the time of writing - was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

Here's what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site's administrators realised what was happening and shut everything down.

Originally it was thought that only 5,200BTC - or £3m - was taken, with a message posted on Sheep's homepage blaming a vendor called "EBOOK101" for finding and exploiting a bug. However, over the weekend it became clear that the amount stolen was much, much larger.

In a normal robbery that money would be gone by now, but it isn't. Bitcoin is pseudonymous, not anonymous, and bitcoins can’t just disappear. It works because each and every transaction is public and visible to each and every other person using the Bitcoin network, and a person is only as anonymous as their link to their wallet.

A couple of reddit users realised that the sheer size of the heist makes “tumbling” the coins - the normal method of laundering bitcoins - impossible, as long as they kept on their toes. Someone with bitcoin can send some to a tumbler like bitcoinfog, where it will be split into smaller subdivisions and mixed with other bitcoins from other places, recombining and splitting again several times over until the whole amount eventually comes out the other end, theoretically in such a way that it’s impossible to track. Silk Road’s in-built tumbler successfully foiled the FBI, allegedly.

However, reddit user TheNodManOut managed to track where the first bunch of transfers out of Sheep went, and from there and silkroadreloaded2 worked out which tumbler that the thief was using. Here’s how silkroadreloaded2 describes what’s happened since (“Tomas” is the alleged owner of Sheep, and one of the suspects for many users):

All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind "Tomas".

He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I "666"ed him - sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.

Shit!

He was tumbling our stolen bitcoins a second time, and a tumbler is unbeatable....

Unless you guess which one it is, nearly all the coins belong to the person you're tracking, jump in with him, and get jumbled up through the same wallets using the same algorithm. I was hopping from foot to foot shouting "come on!" at my laptop, waiting an age for 6 blockchain confirmations to get 0.5 btc into "bitcoin fog". My half a bitcoin got sliced and diced through loads of wallets and I followed the biggest chunk with blockchain.info - along with 96,000 stolen ones!

Or, in other words:

He gathered 96,000 in one pot, then split it into about 50 smaller ones. then he saw me 666ing them all. Imagine a sports stadium with 96,000 people in it, each with $1000.

He sent them all via different routes all over the world, but the same 96,000 people then arrived at a different stadium and he went to bed.

Now there are 96,001, and I just phoned you on my mobile to tell you where the stadium is.

A major problem with tumblers is that they only work with lots of bitcoins coming and going from a lot of different sources - if a tumbler is taking in 96,000 bitcoins, those will massively outnumber all other bitcoins being tumbled and it’ll be easy to spot them coming out the other end. Mix in a little of your own with all those other ones and you'll find out the wallet addresses that the tumbler uses, and it should be easy to spot large transactions splitting off from there.

The fascinating consequence of this is that you can see the stolen bitcoins on the public blockchain, and as long as there are people keeping tabs on it there’s going to be no way for the thief to cash in on their haul. Considering how people rely on tumblers to maintain anonymity when buying illegal stuff online, this unusual loophole is something of a revelation.

Right now, as you’re reading this, you can watch as the the thief starts trying to move their bitcoins on again - it’s currently down to 92,000 bitcoins and dropping as smaller chunks begin going out. Selling those bitcoins and turning them into cash is going to be extremely difficult, as the major Bitcoin exchanges all demand proof of identity (specifically to avoid charges that they're involved in money laundering), and if they're broken down into smaller quantities to sell via a site like localbitcoins.com a paper trail will still be generated. As soon as it's possible to link one real-life bank account or identity to any bitcoins from that stash, it will be possible to work out their real-life identity.

This counts as one of the largest robberies in history at Bitcoin's current market value, ranking in the same company as real-life thefts like the $108m diamond theft at the Harry Winston store in Paris in 2008. 96,000 bitcoins also places the thief as one of the wealthiest Bitcoin millionaires on the current rich list (but bear in mind that few serious Bitcoin players keep their currency in just one wallet) - and all without having to go to the trouble of wearing balaclavas or threatening someone with a gun.

Let's watch and see what happens next.

Some fan-made physical bitcoins. (Photo: antanacoins/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Getty
Show Hide image

“Stinking Googles should be killed”: why 4chan is using a search engine as a racist slur

Users of the anonymous forum are targeting Google after the company introduced a programme for censoring abusive language.

Contains examples of racist language and memes.

“You were born a Google, and you are going to die a Google.”

Despite the lack of obscenity and profanity in this sentence, you have probably realised it was intended to be offensive. It is just one of hundreds of similar messages posted by the users of 4chan’s Pol board – an anonymous forum where people go to be politically incorrect. But they haven’t suddenly seen the error of their ways about using the n-word to demean their fellow human beings – instead they are trying to make the word “Google” itself become a racist slur.

In an undertaking known as “Operation Google”, some 4chan users are resisting Google’s latest artificial intelligence program, Conversation AI, by swapping smears for the names of Google products. Conversation AI aims to spot and flag offensive language online, with the eventual possibility that it could automatically delete abusive comments. The famously outspoken forum 4chan, and the similar website 8chan, didn’t like this, and began their campaign which sees them refer to “Jews” as “Skypes”, Muslims as “Skittles”, and black people as “Googles”.

If it weren’t for the utterly abhorrent racism – which includes users conflating Google’s chat tool “Hangouts” with pictures of lynched African-Americans – it would be a genius idea. The group aims to force Google to censor its own name, making its AI redundant. Yet some have acknowledged this might not ultimately work – as the AI will be able to use contextual clues to filter out when “Google” is used positively or pejoratively – and their ultimate aim is now simply to make “Google” a racist slur as revenge.


Posters from 4chan

“If you're posting anything on social media, just casually replace n****rs/blacks with googles. Act as if it's already a thing,” wrote one anonymous user. “Ignore the company, just focus on the word. Casually is the important word here – don't force it. In a month or two, Google will find themselves running a company which is effectively called ‘n****r’. And their entire brand is built on that name, so they can't just change it.”

There is no doubt that Conversation AI is questionable to anyone who values free speech. Although most people desire a nicer internet, it is hard to agree that this should be achieved by blocking out large swathes of people, and putting the power to do so in the hands of one company. Additionally, algorithms can’t yet accurately detect sarcasm and humour, so false-positives are highly likely when a bot tries to identify whether something is offensive. Indeed, Wired journalist Andy Greenberg tested Conversation AI out and discovered it gave “I shit you not” 98 out of 100 on its personal attack scale.

Yet these 4chan users have made it impossible to agree with their fight against Google by combining it with their racism. Google scores the word “moron” 99 out of 100 on its offensiveness scale. Had protestors decided to replace this – or possibly even more offensive words like “bitch” or “motherfucker” – with “Google”, pretty much everyone would be on board.

Some 4chan users are aware of this – and indeed it is important not to consider the site a unanimous entity. “You're just making yourselves look like idiots and ruining any legitimate effort to actually do this properly,” wrote one user, while some discussed their concerns that “normies” – ie. normal people – would never join in. Other 4chan users are against Operation Google as they see it as self-censorship, or simply just stupid.


Memes from 4chan

But anyone who disregards these efforts as the work of morons (or should that be Bings?) clearly does not understand the power of 4chan. The site brought down Microsoft’s AI Tay in a single day, brought the Unicode swastika (卐) to the top of Google’s trends list in 2008, hacked Sarah Palin’s email account, and leaked a large number of celebrity nudes in 2014. If the Ten Commandments were rewritten for the modern age and Moses took to Mount Sinai to wave two 16GB Tablets in the air, then the number one rule would be short and sweet: Thou shalt not mess with 4chan.

It is unclear yet how Google will respond to the attack, and whether this will ultimately affect the AI. Yet despite what ten years of Disney conditioning taught us as children, the world isn’t split into goodies and baddies. While 4chan’s methods are deplorable, their aim of questioning whether one company should have the power to censor the internet is not.

Google also hit headlines this week for its new “YouTube Heroes” program, a system that sees YouTube users rewarded with points when they flag offensive videos. It’s not hard to see how this kind of crowdsourced censorship is undesirable, particularly again as the chance for things to be incorrectly flagged is huge. A few weeks ago, popular YouTubers also hit back at censorship that saw them lose their advertising money from the site, leading #YouTubeIsOverParty to trend on Twitter. Perhaps ultimately, 4chan didn't need to go on a campaign to damage Google's name. It might already have been doing a good enough job of that itself.

Google has been contacted for comment.

Amelia Tait is a technology and digital culture writer at the New Statesman.