There's a £60m Bitcoin heist going down right now, and you can watch in real-time

Sheep Marketplace closed down over the weekend after someone got away with 96,000 bitcoins - and angry users are chasing him around the internet.

One of the largest heists in bitcoin history is happening right now. 96,000 bitcoins - that’s roughly £60m as of the time of writing - was taken from the accounts of customers, vendors and administrators of the Sheep Marketplace over the weekend.

Sheep was one of the main sites that came to replace the Silk Road when it closed in October, but it too has now closed as a result of this theft. It’s a little hard to work out exactly what’s happened, but Sheep customers have been piecing it together on reddit’s r/sheepmarketplace.

Here's what happened: someone (or some group) managed to fake the balances in peoples’ accounts on the site, showing that they had their bitcoins in their wallets when they’d actually been transferred out. Over the course of a week the whole site was drained, until the weekend when the site's administrators realised what was happening and shut everything down.

Originally it was thought that only 5,200BTC - or £3m - was taken, with a message posted on Sheep's homepage blaming a vendor called "EBOOK101" for finding and exploiting a bug. However, over the weekend it became clear that the amount stolen was much, much larger.

In a normal robbery that money would be gone by now, but it isn't. Bitcoin is pseudonymous, not anonymous, and bitcoins can’t just disappear. It works because each and every transaction is public and visible to each and every other person using the Bitcoin network, and a person is only as anonymous as their link to their wallet.

A couple of reddit users realised that the sheer size of the heist makes “tumbling” the coins - the normal method of laundering bitcoins - impossible, as long as they kept on their toes. Someone with bitcoin can send some to a tumbler like bitcoinfog, where it will be split into smaller subdivisions and mixed with other bitcoins from other places, recombining and splitting again several times over until the whole amount eventually comes out the other end, theoretically in such a way that it’s impossible to track. Silk Road’s in-built tumbler successfully foiled the FBI, allegedly.

However, reddit user TheNodManOut managed to track where the first bunch of transfers out of Sheep went, and from there and silkroadreloaded2 worked out which tumbler that the thief was using. Here’s how silkroadreloaded2 describes what’s happened since (“Tomas” is the alleged owner of Sheep, and one of the suspects for many users):

All day, we've been chasing the scoundrel with our stolen bitcoins through the blockchain. Around lunchtime (UK), I was chasing him across the roof of a moving train, (metaphorically). I was less than 20 minutes, or 2 blockchain confirmations, behind "Tomas".

He was desperately creating new wallet addresses and moving his 49 retirement wallets through them, but having to wait for 3 or 4 confirmations each time before moving them again. Each time I caught up, I "666"ed him - sent 0.00666 bitcoins to mess up his lovely round numbers like 4,000. Then,all of a sudden, decimal places started appearing, and fractions of bitcoins were jumping from wallet to wallet like grasshoppers on a hotplate without stopping for confirmations.


He was tumbling our stolen bitcoins a second time, and a tumbler is unbeatable....

Unless you guess which one it is, nearly all the coins belong to the person you're tracking, jump in with him, and get jumbled up through the same wallets using the same algorithm. I was hopping from foot to foot shouting "come on!" at my laptop, waiting an age for 6 blockchain confirmations to get 0.5 btc into "bitcoin fog". My half a bitcoin got sliced and diced through loads of wallets and I followed the biggest chunk with - along with 96,000 stolen ones!

Or, in other words:

He gathered 96,000 in one pot, then split it into about 50 smaller ones. then he saw me 666ing them all. Imagine a sports stadium with 96,000 people in it, each with $1000.

He sent them all via different routes all over the world, but the same 96,000 people then arrived at a different stadium and he went to bed.

Now there are 96,001, and I just phoned you on my mobile to tell you where the stadium is.

A major problem with tumblers is that they only work with lots of bitcoins coming and going from a lot of different sources - if a tumbler is taking in 96,000 bitcoins, those will massively outnumber all other bitcoins being tumbled and it’ll be easy to spot them coming out the other end. Mix in a little of your own with all those other ones and you'll find out the wallet addresses that the tumbler uses, and it should be easy to spot large transactions splitting off from there.

The fascinating consequence of this is that you can see the stolen bitcoins on the public blockchain, and as long as there are people keeping tabs on it there’s going to be no way for the thief to cash in on their haul. Considering how people rely on tumblers to maintain anonymity when buying illegal stuff online, this unusual loophole is something of a revelation.

Right now, as you’re reading this, you can watch as the the thief starts trying to move their bitcoins on again - it’s currently down to 92,000 bitcoins and dropping as smaller chunks begin going out. Selling those bitcoins and turning them into cash is going to be extremely difficult, as the major Bitcoin exchanges all demand proof of identity (specifically to avoid charges that they're involved in money laundering), and if they're broken down into smaller quantities to sell via a site like a paper trail will still be generated. As soon as it's possible to link one real-life bank account or identity to any bitcoins from that stash, it will be possible to work out their real-life identity.

This counts as one of the largest robberies in history at Bitcoin's current market value, ranking in the same company as real-life thefts like the $108m diamond theft at the Harry Winston store in Paris in 2008. 96,000 bitcoins also places the thief as one of the wealthiest Bitcoin millionaires on the current rich list (but bear in mind that few serious Bitcoin players keep their currency in just one wallet) - and all without having to go to the trouble of wearing balaclavas or threatening someone with a gun.

Let's watch and see what happens next.

Some fan-made physical bitcoins. (Photo: antanacoins/Flickr)

Ian Steadman is a staff science and technology writer at the New Statesman. He is on Twitter as @iansteadman.

Show Hide image

Connected - to save time, money and lives

Businesses and the public sector in the UK are increasingly exploring new ways they can work with the help of connected technology – and the benefits this will bring.

We live in a world that’s increasingly connected. EE was born three years ago and has spent this time creating one of the fastest and most reliable 4G networks in any country. The effect of this growth means more for the British population as a whole, along with its critical infrastructure and emergency responders, than it does for individuals and consumers.

Why? Mobility, according to analysts CCS Insight, is “the fulcrum of digital transformation”. In the short time that mobile networks have existed – and the even shorter and more profound growth arc of 4G – mobility has moved from being about faster speeds and more services on our phones to a whole new world of possibilities for the way we live and work.

The latest mobile technologies can make small companies look big. And, the experts warn, they can make big companies look unintentionally small.

Over 500,000 businesses in the UK use our network and services to increase productivity and save money. Much of the public sector uses it to save money too – and save lives. We’d like to walk you through the stories emerging from this new world – sharing some examples of what happens when workers, customers and machines become truly connected.

Connected Vehicle

Businesses in the UK have long treated their cars, vans and other vehicles as their mobile offices, workshops or command centres, whether for field engineers, sales reps or dozens of other roles. But it’s not always been easy. 

That’s changing. Take utility Northumbrian Water. It is responsible for 55,000km of pipelines, many in rural parts of the UK. It has found a solution in the Connected Vehicle service from EE that is based on transportgrade equipment. External antennae on a van connect to a ruggedised router that deals with extreme temperatures and can handle vibrations from road surfaces. 4G becomes a shared WiFi connection for workers and devices out in the field, increasing their efficiency significantly as workers can stay connected on site, rather than having to travel back to the office.

And is it effective?

“The business case writes itself,” said Alan Sherwen, head of IS service and operations at Northumbrian Water, which is now looking at a wider rollout.

Beyond the private sector, the public sector is throwing off its image as a technology laggard. Blue-light fire, police and ambulance services are doing more than just seeing the potential.

East Midlands Ambulance Service’s head of IM&T, Steve Bowyer, describes his experience with 4G’s “reliable, consistently fast data connections” as “quite transformational”.

The ambulance service knows that every second counts, especially when accidents occur in remote locations.

Bowyer calls the use of 4G-connected vehicles “an extension of our control room” – for example, 4G-equipped ambulances allow paramedics to send vital information to hospitals ahead of arrival.

And it’s a similar story with the police. Officers collect and submit evidence from the scenes of crimes and accidents. Staffordshire Police has started to use connected vehicles and more broadly estimates its 4G devices provide the equivalent of 250,000 additional hours of policing time on the beat each year. That’s the equivalent of 100 extra officers.

Rapid Site

The technology we’re talking about – fast, robust, often rural connectivity – isn’t always about being on the move. Industries such as construction that occupy a location sometimes for a matter of months are also employing high-speed, managed services to serve those on site.

Jackson Civil Engineering used to have to wait three months to get a line installed. It was holding back the business.

“The challenges I face are making sure the guys on site get connectivity and transmit information from laptops, mobile phones and tablets,” said Justin Corneby, the company’s IT manager. “If there’s no connectivity for our guys on the ground it almost stops them working completely.” Now setup at a new location takes under three days, and speeds tend to be up to 60Mbps where, before, a fixed line gave the company 8Mbps.

Housing association Green Square faces a similar challenge in its efforts to supply about 400 homes every year in the west of England.

Mark Gingell, ICT service manager at Green Square, said: “[We have] some challenges about how do we get our staff access to the internet. What we want is a seamless process for them to be able to log on and have the information at hand. The ultimate goal is to make great places where people can live.”

Public WiFi – in a box

Other types of business are on this connected journey too. Richardson’s operates 310 holiday boats on the Norfolk Broads and 4G Public WiFi from EE means not only coverage and simplicity for customers wanting internet access but knowing that compliance and online safety for families, through web filtering, is taken care of. In fact a whole range of businesses are now possible, many employing mobile payments systems which through their security and 4G connections open up a world of pop-up possibilities to businesses big and small.

Connected Health 

And lastly, the NHS is showing us that innovation can be built on even relatively simple technology. ‘Did not attend’ – or DNAs – cost the health service around £900m every year. That breaks down as £137 for every missed hospital appointment, £45 for each at a GP’s surgery. 

Intelligent messaging from EE means patients get a text message and simply reply to cancel or confirm an appointment. DNAs have been reduced by 67 per cent in one case, freeing up slots for others. That means there is the potential to save the NHS over £500m annually, just by improving the booking and scheduling service for patients with intelligent messaging. Meanwhile healthcare professionals get to target groups by demographics – for example, elderly people when it’s flu jab season. In short, this approach saves time, saves money and even saves lives.

Now you can

When we were the first to launch 4G in the UK, we had a simple message: Now you can. Most people took that to mean simply that smartphones, tablets, laptops and upcoming smart devices could get a faster network connection. But it’s been about much more than that.

Today, being connected in this way is a vital component for business and Britain’s vital public services. Our recent research of 1,000 UK businesses shows that 50 per cent of customers say 4G is critical to their business success. They report a 10 per cent uptick in productivity when adopting 4G – and gains can be greater in the public sector.

And we’re nowhere near finished. Now any organisation in the private or public sector can share in this connected story, employing new technology and innovative approaches as a managed service or in any way that best works for them. We are just as excited about the next three years as the last three.