Share this page!

Taylor Monahan Profile picture
Twitter logo
28 Apr, 22 tweets, 7 min read
Dude they got bitcoin fog

wired.com/story/bitcoin-…
I think we all know by now that anyone who knew about btc before 2013 is a villainous kingpin in the irs's eyes.

Feels to all the real kingpins out there who had to work hard irl for that title. 😂
Thanks Amy for the actual docs so I can stop thinking about clickbait headlines and the feelings of real kingpins. 😅

Numbers. I do very much appreciate they are using the btc value *at time of transaction.* (That's why it's both 1.2m BTC and $336M USD. 1.2m BTC=$336M at time of tx)
On the internet no one knows youre an IRS-CI SA operating in an online undercover capacity
....or do they? 😈
Alright so how they tracked him down.

1. Get email addresses from publicly available bitcoin talk. Confirm email but and get nothing new from subpoenas to twitter and microsoft (hotmail).
2. Get new fake email + fake name + payment details (liberty reserve) from subpoena to host of domain.

Use Liberty Reserve data from previous investigation to link back to Aurum Xchange account.

Subpoena Aurum (?) to determine received from Mt Gox 3?
***Note: I dont know what data IRC-CI has on hand from Mt. Gox? Or Aurum?

I do know they have a fuckton of Liberty Reserve stuff. Attached: *unrelated* other case that does a better job of showing how IRC-CI uses on-hand Liberty Reserve info.
3. So now they have the Liberty Reserve acccount and know LR account received from this random Aurum Xchange account they somehow figure out that Aurum account received from Mt Gox Acct 3.

Then Mt. Gox 2.
Then self-hosted (onchain) addy.
Then Mt Gox 1.
3b. They mention three new email addys and his name here.

in reality they would have the:
Name
Email
Sometimes an irl addresses
BTC addys in and out

from:
Liberty Reserve
Aurum
Mt Gox 3
Mt Gox 2
Mt Gox 1

That's a lot of (fake) info to sift thru to determine whats real.
3c. Oh and don't forget IP addresses, telephone numbers, other exchanges that sent and received from mt gox 1, 2, 3, aurum, liberty reserve, and the data from those exchange.....
!!!

They buried this little detail in that mass above but I'm pretty sure that IRS-CI now has BTC-E records on hand.

This data allows them to fill in the gaps. You know. Gaps that allow them to up their budget by $̶1̶B̶ $4.2B

cc @EileenOrmsby @lamoustache @mmviii_2008
Here's how they talk about how they got the various bits of information from WhoIs, Highhosting, Liberty Reserve, Mt Gox, BTC-E, Google:

Publicly available
Records from…reveal
…'s records show
records from…
records from…
…pursuant to a lawfully authorized search warrant

🤔
I mean so far theres no blockchain shit.

They started with the host to link thru to a bunch of data obtained from previous investigations/arrests/seizures/other US alphabet agencies seizures/French prosecutors and a search warrant to get a pile of real and fake information....
...and then stumbled upon a fucking goldmine in the Google Drive. Up until this point the only difference between real and fake is the real name crops up more. But now they are all definitively linked and you HAVE A 10 YEAR OLD DOC IN YOUR GOOGLE DRIVE TALKING BOUT IT CMON.
Finally some actual fucking blockchain shit.

Their narrative: if you look at the earliest Bitcoin Fog TX's you see they also link to the Mt Gox account we connected separately

Reality: From Mt. Gox data we found these txs that are to Bitcoin Fog before it was public
This really annoys me.

10/13/11:
2 BTC from Mt Gox 1 -> cluster 12NSB5
0.41 BTC->1KWMex
1.57 BTC->1NeWNP

"12NSB5 looks like a mixer"

"investigators traced the outflow of the balance of
1.57 BTC from wallet 1NeWNP to BITCOIN FOG."

Hide behind perceived complexity more bro.
1NeWNP = 1NeWNPH7sxkCoHjvvKwWqLLFjRjLLJJiMP

12NsB5 = 12NSB5HE8VUjK44cQPJgtLUgj6YXLeUyU4

1KWMex = ????? (It's *not* 1KwmEXW5hMKAcVV5r34xc2ZWyFq9CodqKF which receives/sends 1.00000001 BTC on 10/01/2014)
> The transaction pattern within cluster 12NSB5 is consistent with mixing/tumbling transactions,
including those seen from BITCOIN FOG.

I mean....I guess I see it if I close my eyes really tightly? 😝
I'm going to work out and process this before I keep on. The overarching narrative is totally bland: the US alphabet soup has all the power and data, on hand or via subpoena. Duh.

The question for me is why this arrest *now*???

*All* this is from 2011-2013…



It's 2021.
Continued here:

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Taylor Monahan

Taylor Monahan Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @tayvano_

Taylor Monahan Profile picture
28 Apr
Reminder: Bitcoin is NOT private. Bitcoin CAN be traced. The ways to link onchain tx's and ultimately tie them to your IRL identity are increasingly sophisticated and the efforts are increasingly led by US agencies. The blockchain is forever.

But.....
As far as I can tell the tracing of on-chain BTC transactions played ~zero part in tracking down/confirming Bitcoin Fog's alleged operator's id.

The narrative the govt, Wired, etc are pushing on this (that bitcoin is not anonymous) is true. But it's also pretty irrelevant here.
The reality is that w/o 4 separate, centralized, key data sources the govt wouldn't have been able to track him down. Only one of those data sources came from a lawful subpoena: Google.

The rest came from Mt Gox + Liberty Reserve + BTC-E data that the IRS-CI just...has?
Read 21 tweets
Taylor Monahan Profile picture
22 Sep 20
understand the power of a telegram group. Even a tele full of non-devs who can't even register a domain name. 🤫
Ffs I get some work done and it went from like 20 ppl without a token name or a domain name or a fucking clue to 600+ people begging for drops.

This is for sure the future of finance folks.

🤫 ImageImageImageImage
The F U T U R E of finance folks. 😂😂😂 ImageImage
Read 48 tweets
Taylor Monahan Profile picture
21 Sep 20
Since I...uh...was having too much fun sharing insane attack vectors with you, I should probably calm my ass down and clarify a thing:

You should be far LESS scared of @metamask_io and far MORE scared of the other shit you're doing + your own opsec.
@Ledger and @Trezor are safer and more trusted than MM. Ice cold paper airgapped machine storage is even moreso.

But your random no-name mobile wallet, the port tracker that wants your full admin exchange API keys, and the rotting DeFi food you keep throwing $ at are WAY WORSE.
Flashy new wallet that's never endured a bull run? Yeah, no thanks lol.

Entering your private key directly into a website/dapp? Fuck off.

Centralized "recover with your phone number" shit? Hope you are bribing all the $1/hr support agents in the Philippines to NOT sim swap you!
Read 9 tweets
Taylor Monahan Profile picture
19 Sep 20
Oooh fun one. Okay so let's start with literally MetaMask. Meaning your actual legit MetaMask extension is actually used in order to get the keys, rather than the keys that you generated with MetaMask or use in MetaMask are compromised without MetaMask involvement.
1. Attacker gets physical access to your device.

e.g. Evil maid attack. Theft. Leaving it unlocked at starbucks.

MetaMask takes measures in how they store secrets + auto lock state. But honestly if someone targeting you and your crypto gets your physical device, RIP. ☠️⚰️🥀
2. Full remote access to your device.

Most commonly, Teamviewer. Hacker walks thru the door you left open & grabs your shit.

Here's an old example of exactly that. Bonus insights into securing a product like MetaMask/MyCrypto/MEW in full reddit thread.

Read 43 tweets
Taylor Monahan Profile picture
29 Aug 20
Apparently the scammer impersonator doesn't look at Twitter. 🤔

do you want to play a game? 😈 Fake Scammer Alex Impersonator
Well you've left me no option now honey. 😂 Image
Image
Read 7 tweets
Taylor Monahan Profile picture
28 Aug 20
I love Dan and folks like @mcutler who take the time to write this shit up in glorious detail.

Another lesson: people w deep niche expertise don't get crazy loud w what they know to be true. It can be weird bc they do yell about theoretical specs. Inverse them both. Then, run 😂 ImageImageImage
Related readings bc this topic is endlessly fascinating.

Read 4 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Too expensive? Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal Become our Patreon

Thank you for your support!

Follow Us on Twitter!

Like this author's thread?

Get emails when @tayvano_ has new unrolls!

Check out other threads from @tayvano_!

Read all threads by @tayvano_