The IRS and FBI have caught a hacker responsible for stealing millions of dollars in digital assets from a hardware wallet that law enforcement authorities had seized in another case.
The heist is notable because the theft occurred from a bitcoin wallet created by a hardware device that was in physical custody of law enforcement officials.
The accused hacker, Gary Harmon, allegedly stole back bitcoin involved in a separate case brought against his brother, Larry Harmon. Government agents say he ran some through coin mixers. Finally, he deposited some into BlockFi in order to take out loans, including one USD loan for $1.2 million that BlockFi approved.
Impossible to take possession of a bitcoin hardware wallet
Of course, neither bitcoin nor bitcoin wallets exist physically. All bitcoin remain on the distributed ledger and have no physical form — not even as files on a hard drive. Only devices that create public/private keypairs exist physically.
However, once a device creates a secure keypair that can interact with a wallet on Bitcoin’s network, it allows the user to export a seed phrase: typically 12 or 24 words that represent the cryptography of the private key. This seed phrase, and the public/private keypair that it authenticates, can allow a user to move bitcoin to anywhere on the ledger from anywhere in the world.
For this reason, hardware wallets used to be called “signing devices.” This old name more accurately reflects the purpose of the device: to sign transactions, not to store bitcoin.
In summary, so-called “Bitcoin hardware wallets” are not actually wallets. These physical devices simply create and store the public/private keypair which can sign transactions for moving bitcoin around on the ledger.
Feds allege that Harmon used his seed phrase to remotely siphon money out of a wallet that was originally created by a device in their custody.
BlockFi’s many bad disbursements
BlockFi once raised funds as a “unicorn,” a company that achieves a valuation above $1 billion. BlockFi’s Series E fundraise attempted to raise $500 million at a valuation of $4.5 billion in June 2021. It ended up raising only $225 million in that round.
Since then, BlockFi has suffered a sharp reversal of fortunes. It had to claw back an erroneous withdrawal of 700 bitcoin instead of $700 when paying out a March 2022 trading bonus, and made no friends by threatening legal action against at least one user who withdrew USDC from a separate deposit.
It also got into hot water with the SEC and state regulators over its interest-bearing accounts when it was accused of offering unregistered securities. Later, it reached a settlement with the SEC, agreeing to pay over $100 million in fines. It was on a payment schedule for that fine when it hit a liquidity crisis that ended up wiping out most of its equity investors.
Read more: New Jersey bans BlockFi interest accounts, CEO denies they’re securities
BlockFi ended up signing a bailout deal with FTX. The deal included a revolving line of credit and an option for FTX to acquire BlockFi for as much as $240 million, depending on performance metrics.
Gary Harmon allegedly sent the stolen funds through a mixer to BlockFi. BlockFi then approved the fiat loan and Harmon allegedly used that loan to buy a luxury condo in Cleveland, Ohio.
Hardware wallet seized in a darknet case
Larry Harmon faces accusations of money laundering conspiracy, operating an unlicensed money transmitting business, and conducting money transmission without a DC license. The Department of Justice also alleges that he operated the darknet cryptocurrency mixing service Helix from 2014 to 2017.
Larry also allegedly operated a search engine called Gram, which enabled searches for illegal goods and services. Users could pay its fees using bitcoin through the Helix mixer. However, that mixing service could not stop Chainalysis from tracing transactions which helped crack the case.
Law enforcement authorities allege that Helix laundered $311 million worth of digital assets. Law enforcement took control of at least one hardware wallet that held funds for Helix.
Read more: Binance wants you to think crypto money laundering isn’t an issue — it is
Gary might have had access to the seed phrase
Law enforcement seized a Trezor hardware wallet holding funds related to the Helix coin mixer case. Investigators couldn’t access the Trezor wallet directly because they didn’t know the passphrase. However, they could look at data on the blockchain and trace funds to addresses allegedly controlled by Larry Harmon.
Trezor wallets, like all hardware wallets, generate a seed phrase that can be transferred to any other device. Gary could have used that seed phrase to revive his access to at least some of their ill-gotten funds and drained it away.
In a 2020 court appearance, Larry denied that he knew anything about the wallet. The presiding judge expressed skepticism of his claims and it was thought that Larry could have handed the seed phrase off to Gary at some point. The judge ordered him to provide the passphrases. Larry later claimed that Gary had stolen the money.
The court returned a guilty verdict in Larry Harmon’s case. The verdict came with $60 million in civil penalties and up to 20 years in prison.
Larry also agreed to testify against his brother and other darknet operators. The case against Gary Harmon will go to trial in February 2023.
For more informed news, follow us on Twitter and Google News or listen to our investigative podcast Innovated: Blockchain City.
Source: https://protos.com/explained-why-the-feds-couldnt-secure-a-crypto-hardware-wallet/