Hacker who stole 120,000 bitcoins wants a second chance—and a security job

Crypto theft was "the worst thing I had ever done."

See full article...

 

[Fatesrider]

Well, good for him. Especially if he helped recover all the assets. Not many take a lesson from something like that and those who do usually spend they lives being way more useful to their surroundings and the society. Hope the same for him.

While that's a great humanitarian point of view, and kudos for still having one, my take is a bit different.

I was reading exactly what a sociopath would say to try to get back into influence, money and power.

Two very different perspectives, yes, and yours is the high road. I've just lived a life where I see people like this, who did things to other people without a single thought about the consequences, "turn a new leaf" to get ahead again, when they actually feel no regrets at all.

His turn-around doesn't really sound like a guilty conscience. It sounds like an opportunistic way to get out of planned, self-dug hole. And could well have been a planned exit strategy in case he was caught. A psychopath does take into account the personal consequences of their actions. Even if it doesn't MITIGATE them, they have a plan in case things go south. Given the short interval of timing, this sounds like that.

Yes, I'm a cynic and believe the worst about human nature - especially for someone who crossed so many lines to get where he is now. All past history shows that true remorse and redemption are the exceptionally rare events. It's typically opportunism from a psychopath who knew they'd be caught and had a ready exit strategy.

I mean, more simply, it's the application of the adage, :"Burn me once, shame on you. Burn me twice, shame on me." I don't think he's done burning people.

 

[Mute999]

I’ve been secretly hoping that one of his type would figure out how to hack DJT’s crypto kickback empire and hurt him where he cares most. Looks like it’s up to the Ruskis, the North Koreans and the Chinese to take that on.

I hope that too, but it won't be from Russia, NK or the Chinese. Trump is a gold mine of good fortune for them. He unknowingly (or knowingly) does everything they want him to do and then some. He's the gift that keeps on giving to them. Single-handedly destroyed NATO (yes, Greenland is currently off the table, but the fact he threatened to take it is the final, dirty stab wound in the back of his allies that will fester slowly, gangrene will set in and it can't be stopped. NATO is dead because of him, it just doesn't know it yet).
No, hacking him, his cabinet, his crypto thing, the whole US government, it's got to come from a state or actor that actually wants to do good in this world...

 

[timeline404]

Hiring the fox to guard the henhouse is a bold strategy, but I guess when the henhouse is made of straw, it doesn't matter much anyway.

 

[Emilio Kléber]

Steal some shitcoins, go to jail. Steal a country, become a great statesman. -Jafar or Zhuangzi or someone idk

 

[morlamweb]

If you don't hear the tone, then I don't know what to tell you. I don't see honesty here. YMMV

How is it even possible to hear tone from written text?

 

[sonicanatidae]

Another clown for the DOGE crime syndicate. Weeeeeeeeeeeee

 

[JohnCarter17]

Reminder for me to tell you all to read Mitnick's Ghost in the Wires if you havent already. The non-jaded part of me hopes Lichtenstein is sincere and wishes him well

I am looking around on HPB. How is Mitnick as a writer?

I see there is also The Art of Intrusion, The Art of Deception and The Art of Invisibility. The last 2 being educational.

 

[Geebs]

I’d hire the guy for a song, have him make suggestions on all major company policies, and then make sure to do the exact opposite.

It’d probably be as effective as retaining legal counsel and definitely be cheaper.

 

[scrimbul]

As he says his life was “upended” while his victims were just “affected,” it doesn’t sound like an ascending order was his intent.

I hope he has reformed, but I’d be profoundly skeptical if looking to hire.

I'd be profoundly skeptical as well, but corporate key loggers and big brother endpoint protection/MDM are even more prolific now than when he hacked that exchange.

Few people can boast his CV and you can cut his salary on account of being a convicted felon security risk, relative to what a pure white hat with equivalent credentials would cost. (This shouldn't be the case forever but you can slowly raise his salary back to the appropriate glassdoor level without keeping it so low you force him into recidivism)

It's definitely a roll of a dice keeping a dog supposedly cured of rabies around to fight coyotes.

 

[numerobis]

How did this guy get 60 months while members of anonymous got 10 years for a measly DOS attack, and SBF got 25 years for failing a business???

Bitfinex included smallhodlers, so the punitive punishment alone should be bigger than SBF's.

What kind of unfair fake legal mobsters run the system?

He pled guilty and flipped to help the state, unlike SBF who committed a variety of crimes and still claims he’s innocent.

Similar reason to why several of SBF’s accomplices got significantly lighter sentences despite being high up in that criminal conspiracy.

 

[numerobis]

NATO is dead because of him, it just doesn't know it yet

NATO very much knows it’s a dead alliance meeting.

 

[scrimbul]

While that's a great humanitarian point of view, and kudos for still having one, my take is a bit different.

I was reading exactly what a sociopath would say to try to get back into influence, money and power.

Two very different perspectives, yes, and yours is the high road. I've just lived a life where I see people like this, who did things to other people without a single thought about the consequences, "turn a new leaf" to get ahead again, when they actually feel no regrets at all.

His turn-around doesn't really sound like a guilty conscience. It sounds like an opportunistic way to get out of planned, self-dug hole. And could well have been a planned exit strategy in case he was caught. A psychopath does take into account the personal consequences of their actions. Even if it doesn't MITIGATE them, they have a plan in case things go south. Given the short interval of timing, this sounds like that.

Yes, I'm a cynic and believe the worst about human nature - especially for someone who crossed so many lines to get where he is now. All past history shows that true remorse and redemption are the exceptionally rare events. It's typically opportunism from a psychopath who knew they'd be caught and had a ready exit strategy.

I mean, more simply, it's the application of the adage, :"Burn me once, shame on you. Burn me twice, shame on me." I don't think he's done burning people.

I largely agree with you, but in this specific case even if I know he is either going to fuck his wife or someone else over again in the future, it depends if we actually believe the bitcoin he stole would really have been 'worth' 10bn regardless of whether it's valued that highly today or not.

If he could have taken the bitcoin to other exchanges and withdrawn it piecemeal to go fuck off to an island and never show his face again in his late 20's/early 30's at a low cost of living with organized crime lurking by the time he was caught, then sure, imprison or execute him for all the reasons you just cited.

But psychopathy and sociopathy are a sliding scale and it's impossible that bitcoin was ever worth anywhere close to 10 billion USD after various taxes. Though it's not as if embezzling 500 million USD is any better but it probably wasn't even worth that. The valuations such as they are can't be trusted.

As said in the thread, he's done his time, needs some kind of way to not starve, he would be dirt cheap compared to a gray or white hat with similar credentials, and even a psychopath can learn from touching a hot stove. As with the vast majority of the cyber security industry since it was ever conceived, every employee in it and most of IT for that matter, is a calculated risk.

 

[Ganz]

The quality of mercy is not strained, my man.

I'm not sure why my comment has brought out comments like this. I didn't say this guy should rot in prison. I said he's a douche, and implied that he's unrepentant. Guy can live his life all he wants. I think it's fair to point out that, to my eye, he's an unrepentant douche.

 

[Ganz]

How is it even possible to hear tone from written text?

WHAT?!?

 

[BananaBonanza]

NATO very much knows it’s a dead alliance meeting.

But saying it out loud would just be an invitation.

They better be making new arrangements behind the scenes.

 

[gosand]

One notable example is the late Kevin Mitnick, who was convicted of multiple phone and computer crime cases in the 1980s and 1990s. Mitnick eventually started his own security consulting company and became a penetration tester and public speaker for many years before his death in 2023.

Mitnick was a what one might term a sport-hacker. I can't imagine his rehabilitation would have proceeded the same way had he stolen millions (let alone billions) of dollars from financial institutions.

Absolutely, I am not sure I'd classify crypto exchanges as "financial institutions". Although compare what Mitnick did to today's standards, and it might not even be a crime.

Just peruse https://www.web3isgoinggreat.com/ and see that it doesn't seem that difficult to steal millions these days. Just the fact that there are billions in these exchanges is scary.

 

[you goddamn idiot.]

I largely agree with you, but in this specific case even if I know he is either going to fuck his wife or someone else over again in the future, it depends if we actually believe the bitcoin he stole would really have been 'worth' 10bn regardless of whether it's valued that highly today or not.

If he could have taken the bitcoin to other exchanges and withdrawn it piecemeal to go fuck off to an island and never show his face again in his late 20's/early 30's at a low cost of living with organized crime lurking by the time he was caught, then sure, imprison or execute him for all the reasons you just cited.

My friend, Lichtenstein was ultimately convicted of money laundering conspiracy. He tried to convert the bitcoin to other currencies and exchanges. He could indeed have gotten off scot-free for this if he hid his tracks well enough. The only reason he and his wife (who was an accomplice) were caught was because the investigators were fractionally more competent than they were.

 

[numerobis]

But saying it out loud would just be an invitation.

They better be making new arrangements behind the scenes.

Here's a speech saying it out loud:

View: https://www.youtube.com/watch?v=btqHDhO4h10

 

[MilanKraft]

Well, good for him. Especially if he helped recover all the assets. Not many take a lesson from something like that and those who do usually spend they lives being way more useful to their surroundings and the society. Hope the same for him.

Agree, but almost sounds like he wants to go into the "stop ____ coin theft" world. While better than stealing, it's a little disappointing. One hopes he would use his tech knowlege and skills to help companies and individuals — either through the development of more secure tech or finding holes in widely used tech not related to blockchain / crypto — to avoid the next huge data breach or ransomeware attack. Like, if you can be protecting actual banks, or hospitals, or companies on your local power grid from being hacked and sewing literal societal chaos....... take the anti-chaos job, dude!

The whole coin mining and crypto currency thing is so full of holes as a concept, the best way to deal with it is to let it sink. If enough people who stupidly invest in it lose their money and tell their stories, that industry will tank all by itself. Trying to "secure crypto" reminds me of the Fight Club line "polishing the brass on the Titanic"... it's all going down anyway. Focus your efforts where it really matters.

 

[JMTronicHobbyist]

Theft is wrong, but... I just got done flushing something that provides more actual value to the world than 120,000 bitcoins.

Hehe, I read this right after taking a dump. Me too, CatBus.

 

[cerberusTI]

I largely agree with you, but in this specific case even if I know he is either going to fuck his wife or someone else over again in the future, it depends if we actually believe the bitcoin he stole would really have been 'worth' 10bn regardless of whether it's valued that highly today or not.

If he could have taken the bitcoin to other exchanges and withdrawn it piecemeal to go fuck off to an island and never show his face again in his late 20's/early 30's at a low cost of living with organized crime lurking by the time he was caught, then sure, imprison or execute him for all the reasons you just cited.

But psychopathy and sociopathy are a sliding scale and it's impossible that bitcoin was ever worth anywhere close to 10 billion USD after various taxes. Though it's not as if embezzling 500 million USD is any better but it probably wasn't even worth that. The valuations such as they are can't be trusted.

As said in the thread, he's done his time, needs some kind of way to not starve, he would be dirt cheap compared to a gray or white hat with similar credentials, and even a psychopath can learn from touching a hot stove. As with the vast majority of the cyber security industry since it was ever conceived, every employee in it and most of IT for that matter, is a calculated risk.

While denying him the ability to make a living would be improper, I do not get the impression this was his career (beyond the theft), or that he has any special security skills. He appears to have written marketing software before he turned to theft as the income from that project did not allow him to maintain his chosen lifestyle.

Looking at the public details, it appears he somehow got access to a server (how is not disclosed), then realized it was misconfigured such that transactions could be approved just from that server, without gaining access to anything else. Finding and exploiting that kind of issue is technical, but it is the kind of thing many could do if they spent time on it. It was not the kind of thing which requires specialized knowledge or is technically impressive on its own such that it is hard to find someone who can work in that area (for example basic cryptography or protocol flaws in standard algorithms or protocols, speculative execution issues, etc.)

It is not clear he really has any existing credentials, aside from one partially successful theft. He has an interest certainly, but it is operational and not in terms of research. He also has a demonstrated willingness to use whatever knowledge he does have improperly when things go slightly wrong for him, so a position which is mostly about exposure to sensitive systems, or how to use tools to gain access, is maybe not the best fit for his new career.

I could see thinking the publicity over this could lead to a new career, but from the other side it seems like a very poor risk.

 

[thedoctorstatic]

I was so sure Mitnick wasn't really dead, and it was all part of some project/book that would later detail how easy it is, or something like that.
Now, more willing to believe it, but not 100%
Also, what Mitnick did was nowhere near as financially damaging or life impacting than this guy. But I'm sure Mitnick had it tougher in jail, as they treated him basically like Magneto

 

[shodanbo]

So, what then ? He should be barred from ever touching an eletronic device again ? He doesn't have a chance a rehabilitation ? His galaxy brain shouldn't be used by the good guys ?

Agreed he did pay his debt to society. And this is where his talents appear to lie.

So unless we all decide to put people away for life with no chance for rehabilitation, if he can contribute with a gig helping to bring justice rather than avoid it that would be a good next step for him.

 

[trevor_darley]

Theft is wrong, but... I just got done flushing something that provides more actual value to the world than 120,000 bitcoins.

You flushed the key to a wallet with 120,001 bitcoins???

 

[Arzach]

As he says his life was “upended” while his victims were just “affected,” it doesn’t sound like an ascending order was his intent.

If someone invest in crypto (an unregulated, highly volatile market) all their savings... sorry but not sorry.

"Upended" is the right word, as investing in crypto naturally comes with a high risk of loosing everything, whatever it's a theft or simply a market volatility. If you don't understand this you're a moron, and I have little or no sympathy for morons.

 

[iquanyin]

The order in which he lists those things is telling.

it's the order most would list them in. not unique to thieves to be most concerned with what is closest. it's how many societies set up (family, community, country, world), and so on. its how most folks vote (sane ones, anyway). its how news is properly reported: leads with local, then broadens out. its how we learn things, start specific then move to the general--often, not always of course. it's just how typical brains work.

the few who reverse that are called saints, visionaries, neurodivergents, wise, and so on. those folks are rare.