Bankless - 164 - The FBI Agent Who Took Down the Silk Road with Chris Tarbell
Episode Date: March 27, 2023Chris Tarbell is a former FBI Agent specializing in cyber investigations. While at the FBI, Chris led some of the most high-profile cybercrime investigations in the world, including the arrest of memb...ers of the hacker group LulzSec, as well as the founder of the Silk Road, Ross Ulbricht, which resulted in the largest seizure of bitcoins to date. ------ ✨ DEBRIEF | Unpacking the episode: https://www.bankless.com/debrief-the-fbi-agent-who-took-down-the-silk-road ------ ✨ COLLECTIBLES | Collect this episode: https://collectibles.bankless.com/mint ------ Rarely do we have the opportunity to pick the brain of a cybercop, but this was our opportunity to see through the eyes of the FBI agent who took down the Silk Road in the largest crypto seizure ever recorded. In today’s episode, Chris shares the story of crypto, Ross Ulbricht, and the Silk Road as told by the FBI agent who took it down. We also dig into the eternal cat-and-mouse game between Cybercriminals and Cyberpolice, how to protect yourself from people who want to take your crypto, and if the FBI wants your private keys, how they get them. ------ 🚀 JOIN BANKLESS PREMIUM: https://www.bankless.com/join ------ BANKLESS SPONSOR TOOLS: ⚖️ ARBITRUM | SCALING ETHEREUM https://bankless.cc/Arbitrum 🐙KRAKEN | MOST-TRUSTED CRYPTO EXCHANGE https://bankless.cc/kraken 🦄UNISWAP | ON-CHAIN MARKETPLACE https://bankless.cc/uniswap 👻 PHANTOM | #1 SOLANA WALLET https://bankless.cc/phantom-waitlist 🦊METAMASK LEARN | HELPFUL WEB3 RESOURCE https://bankless.cc/MetaMask ------ Topics Covered 0:00 Intro 9:10 Bitcoin Predictions 10:08 FBI’s Crypto Impression 11:15 Chris’s Crypto Aha Moment 16:11 FBI’s Institutional Knowledge 17:00 Silk Road Story 21:25 FBI Divisions 27:14 Growth of the Silk Road 30:39 Purchasing on the Silk Road 31:36 Why End the Silk Road? 34:17 Ross Ulbricht 37:38 Timeline of the Investigation 39:00 Dread Pirate Roberts 42:20 Ross Ulbricht as a Martyr 43:27 What Ross Was Charged With? 44:05 Chris’s Thoughts on Ross? 46:30 Sabu vs. Ross 48:05 Other Charges 50:53 Silk Road Principles 52:45 Silk Road Bitcoin Vault 54:53 Seizing the Laptop 56:04 The Black Marketplace Wave 57:32 FBI Adapting 1:00:52 Cyber Police 1:03:26 What Chris Sees in Crypto 1:06:30 Bursting the Crypto Utopia 1:10:59 Crypto Tools 1:12:11 Steelmanning the Crypto Case 1:15:39 Tornado Cash 1:17:58 Hive Ransomware 1:21:05 Profile of a Hacker 1:22:21 The New Frontier of Ransomware 1:22:38 Nationstate Actors 1:25:04 Honeypots for Hackers 1:27:49 How to Protect Yourself 1:32:06 Prioritizing Targets 1:36:00 zkProofs & Privatization 1:39:32 Missing Silk Road Bitcoin Story 1:43:46 Chris’s Podcast 1:45:10 Closing & Disclaimers ------ Resources: Hacker and the Fed https://podcasts.apple.com/us/podcast/hacker-and-the-fed/id1649541362 Naxo https://www.naxo.com/ ----- Not financial or tax advice. This channel is strictly educational and is not investment advice or a solicitation to buy or sell any assets or to make any financial decisions. This video is not tax advice. Talk to your accountant. Do your own research. Disclosure. From time-to-time I may add links in this newsletter to products I use. I may receive commission if you make a purchase through one of these links. Additionally, the Bankless writers hold crypto assets. See our investment disclosures here: https://www.bankless.com/disclosures
Transcript
Discussion (0)
Cyber criminals are opportunistic. They're going to find the cracks. They're just like water. They're going to seek into the lowest cracks and they're going to exploit it for themselves. And unfortunately, crypto is too ripe with that right these days.
Welcome to bankless where we explore the frontier of internet money and internet finance. This is how to get started, how to get better, how to front run the opportunity. I'm Ryan Sean Adams and I'm here with David Hoffman and we're here to help you become more bankless. Guys, fantastic episode today. A former
FBI agent, Chris Tarbell on the episode. We don't often get to see through the eyes of law enforcement,
but this is our opportunity to do it. This is the FBI agent who took down the Silk Road,
which was the largest crypto seizure ever recorded to date. A few things to look out for in this
episode. Number one, we start with the story of Ross Albrecht and the Silk Road, as told by Chris,
the FBI agent who took it all down. Number two, we talk about the eternal cat and mouse game
between cybercriminals and cyber police.
Number three, we talk about how to protect yourself
from people who want to take your crypto.
What does that crypto hacker even look like?
Would you know one if you saw them?
Number four, what does Chris actually think about crypto?
Is it good? Is it bad?
Number five, if the FBI wants your private keys
and you don't want to give them up, how would they get them?
We asked these types of questions to Chris on the episode today.
David, what were your thoughts going to this episode?
Chris, it seems just as far,
along the frontier of innovative technology as most people in the bankless nation. And so it's
really refreshing to get the perspective of someone who's been faced with the crime consequences
that new technology brings to the table, that crypto is brought to the table, as well as being
able to articulate opinions about like tornado cash and ZK technology, which is a subject matter that
we bring up in the show. And so this is really about the frontier of internet security and
crypto with law enforcement and all the crime surface area that that creates. And overall, Chris is just
a really fun guy to talk to. Guys got a sense of humor and also a good head on his shoulders. And this
is a perspective that we don't usually get to have when we interview our guests. But what is it
like on the other side of the fence? And that fence being just like nation state crime and law
enforcement. So pretty unique perspective and just an overall, a very fun episode.
Yeah, you know what's interesting is I don't think this is an episode for like a
seeing crypto through the eyes of the FBI, because this is more than that. We have to remember
going to this episode, Chris Tarbell is an FBI agent. He is an individual. He's a person. He's got a
family. He's a citizen. He has values. And so this is not necessarily how the kind of the nebulous
cloud of the FBI sees crypto. This is how one individual, former FBI, Chris Tarbell, sees crypto.
And I do also think that there will be some controversy about this episode.
You know, why is bankless talking about the Fed?
Ross Albrecht, Silk Road, they were heroes.
Early crypto pioneers, they push crypto adoption.
Also, libertarian values and isn't the war on drugs bad and all of these things?
And isn't it unfair for Ross to be locked up in jail for as long as he is locked up?
David, what are your thoughts on those critiques and that controversy as we go into this episode?
Historically, I've definitely found myself in the Ross Oldbrose.
is a martyr camp, although I do understand that there are details and nuances about how Ross came to
be arrested that are worth considering. There are the ideas and ideals that Ross Oldbrook stood for,
and then there were his actions, which those two things aren't necessarily the same things.
But also, Chris keeps those opinions at arm's length, I'd say, and he really stuck to his ground
of, like, I had a job to do, there was crime happening, and I stopped the crime, and really doesn't
really have a political opinion about Ross Oldbrick either way. And that really wasn't the subject
matter of this episode. It was really about the intersection of frontier, dissident technologies,
and law enforcement. And so I think the philosophical questions of, like, is the Silk Road good,
does Ross Ulbrick deserve to be in jail for two life sentences and 40 years? These are
adjacent to the topics at hand and not really what we were going after here. Yeah. And let's also
remember that Chris doesn't get to decide how long Ross Albrecht stays in jail. That was not his
job and it was not part of his duties. That is the legal system and the court system that
actually executed on that. But we'll have lots to talk about during the debrief. Of course,
guys, our debrief episode is the episode after the episode. And David, I want to ask you a bit more
about that. You're kind of the Free Ross campaign. I know you said that before and whether this
episode changed your mind. So if you are a bankless citizen, you can catch a link to that on the
premium RSS feed. And if you're not, you can subscribe, click the link and upgrade to a bankless
citizenship and get that episode. Guys, we're going to get right to the episode with Chris,
but before we do, we want to thank the sponsors that made this possible, including Cracken,
our recommended exchange for 2023. Cracken has been a leader in the crypto industry for the last
12 years. Dedicated to accelerating the global adoption of crypto, Cracken puts an emphasis on
security, transparency, and client support, which is why over 9 million clients have come
to love Cracken's products. Whether you're a beginner or a pro, the CrackenUX is simple, intuitive,
and frictionless, making the Cracken app a great place for all to get involved and learn about
crypto. For those with experience, the redesigned Cracken Pro app and web experience is completely
customizable to your trading needs, integrating key trading features into one seamless interface.
Cracken has a 24-7-365 client support team that is globally recognized. Cracken support is
available wherever, whenever you need them by phone, chat, or email. And for all of you
NFTers out there, the brand new Cracken
NFT beta platform gives you
the best NFT trading experience possible.
Rarity rankings, no gas fees,
and the ability to buy an NFT straight
with cash. Does your crypto exchange
prioritize its customers the way that Cracken
does? And if not, sign up with Cracken
at crackin.com slash bankless.
Hey, Bankless Nation. If you're listening
to this, it's because you're on the free
Bankless RSS feed. Did you know that there's
an ad-free version of Bankless
that comes with the Bankless Premium subscription?
No ads, just straight to the content.
But that's just one of many things that a premium subscription gets you.
There's also the token report, a monthly bullish, bearish, neutral report on the hottest tokens of the month.
And the regular updates from the token report go into the token Bible.
Your first stop shop for every token worth investigating in crypto.
Bankless premium also gets you a 30% discount to the permissionless conference,
which means it basically just pays for itself.
There's also the Airdrop Guide to make sure you don't miss a drop in 2023.
But really, the best part about bankless premium is hanging out with it.
with me, Ryan and the rest of the Bankless team in the Inner Circle Discord only for premium members.
Want the Alpha?
Check out Ben the analyst's DGENPIT, where you can ask him questions about the token report.
Got a question?
I've got my own Q&A room for any questions that you might have.
At Bankless, we have huge things planned for 2023, including a new website with login with your Ethereum address capabilities,
and we're super excited to ship what we are calling Bankless 2.0 soon TM.
So if you want extra help exploring the frontier, subscribe to Bankless Premium.
it's under 50 cents a day and provides a wealth of knowledge and support on your journey west.
I'll see you in the Discord.
The Phantom wallet is coming to Ethereum.
The number one wallet on Solana is bringing its millions of users and beloved UX to Ethereum and Polygon.
If you haven't used Phantom before, you've been missing out.
Phantom was one of the first wallets to pioneer Solana staking inside the wallet and will be offering
similar staking features for Ethereum and Polygon.
But that's just staking.
Phantom is also the best home for your NFTs.
Phantom has a complete set of features to optimize your wallet.
your NFT experience. Pin your favorites, hide your uglies, burn the spam, and also manage your
NFT sale listings from inside the wallet. Phantom is of course a multi-chain wallet, but it makes
chain management easy displaying your transactions in a human readable format with automatic warnings
for malicious transactions or fishing websites. Phantom has already saved over 20,000 users from
getting scammed or hacked. So get on the Phantom waitlist and be one of the first to access the
multi-chain beta. There's a link in the show notes or you can go to phantom.app slash waitlist
to get access in late February.
Bankless Nation, excited to introduce you to our next guest.
Chris Tarbell is a former FBI agent who specialized in cyber investigations.
While at the FBI, Chris led some of the most high-profile cybercrime investigations in the world,
including the arrest of some members of the hacker group, Lulls SEC.
I think I got that one right, as well as the arrest of the founder of the Silk Road,
which I know all of crypto is familiar with, Russ Albrecht.
And this resulted in the largest seizure of Bitcoins to date ever.
It was something like 133K Bitcoins, which is worth $4.2 billion as of the time of recording.
And rarely do we have a time and opportunity to pick the brain of somebody who was formerly at the FBI.
So, Chris, we're going to do that today.
Welcome to Bankless.
Thanks so much for having me.
You sort of undersold me a tad.
It was 177,000 Bitcoins once we got the Bitcoins off of Ross's laptop too.
So that was just was it really?
Yeah, it was 177,000 in total, a little over 177,000.
Do you ever look at that number and you're like, like, okay, so at the time, could you ever
imagine that 10 years later this would be worth billions of dollars?
I mean, when you added those 5,000 extra Bitcoin, it's like we're getting closer to
$5 billion that you seized that day.
Yeah, so, no, I would have predicted the crash of bitcoins after that.
That was my thing.
So we had been looking at cryptocurrency for quite some time.
There was a guy in my squad named Ilwan Yom.
He had brought it to us in late 2010, kind of the idea of cryptocurrency and what it was.
And we started mining just to kind of know what was going on back in our lab.
The FBI was mining.
Yeah, Ilwan and I and Tom Kearinen were mining.
You know, just a simple PC computer.
It was, you know, just chugging away, kind of learning things.
I made a lab in the back.
The Lab 1A is where we named it.
And so it sat back there and it chugged away.
And we learned about Bitcoins.
And I'm sure it's sitting on a hard drive somewhere on a shelf somewhere right now.
What did you guys make of Bitcoin at the time in cryptocurrency?
I know obviously at the time it very much had the reputation of like crypto anarchists,
probably a little bit, and then like drug money.
Was that the impression of the FBI at the time?
I can't speak for the FBI.
So I was on a squad called CY2 in New York.
And so we were kind of on the forefront of hacking and we investigated hacking crimes
and all that.
And so you had the older guys who had been there for a while.
And then the younger guys, I was pretty fresh to the squad.
Ilwan was there right before me.
And so, you know, we wanted to live.
learn about technology and what was going on. It wasn't really used in crime too much at that point.
We weren't seeing it using crime. But then we did Lulsec. They had 500,000 followers on Twitter and they
started taking donations. So this was a hacking crew that was taking donations through crypto.
So something we had been looking at for a couple of years and now we're like, wait a sec, this seems
weird. And then came the rise of ransomware. Really that we've had cryptography for a long, long time.
It wasn't until cryptocurrency came along that kind of made, you know, ransomware what it is today.
So when you were investigating crypto, when was the aha moment, if there was one about just like,
oh, this is going to become a problem for me?
Yeah, I ran the Losec investigation when we knew bad guys was using it for funding their infrastructure.
And like, how did you imagine that that would go?
It's like, oh, this is a new frontier of the internet.
Now there's money on the internet.
Like, what did your brain think of at the time?
Well, put yourself in a mindset back in 2011, 2011, 2012, when we didn't have like,
analysis and these other tracking tools. It was a wild, wild west. I mean, this was cash on the
internet. And just like you can't trace cash, you could do anything with these. I mean, it was a whole
brand new thing to us that, you know, it was hard at the time wrapping our mind around Tor and how we
can't track IPs. You know, in cybercrime, there's two things you track, you know, IP addresses and
money. But now we had some two things coming together at the same time. It was like, oh, shit, what are we
going to do? And, you know, you adapt. Yeah, and I'll probably ask the bankless listener to put
themselves back into the shoes of 2012, 2013. When we get our hands on Bitcoins or Ether or Crypto
nowadays, we do it through a decently regulated crypto exchange who takes KYC information. That wasn't
not true back then, but the proportionality of people who got their hands on Bitcoin via mining,
via non-identifiable information, was much, much, much higher. And so the pseudo-anonymous nature
that chain analysis gives us is much more modern. Going back into 2013, like a Bitcoin transfer,
there was no way to link that to an identity in the same way that there is today.
And so I would imagine, Chris, when you're stumbling upon, especially the intersection of Tor,
which is going to be a reoccurring theme in this podcast, along with Bitcoin,
it probably just looks like a rat's nest of unidentifiable, illicit transactions on the internet.
I'm guessing that's how it looks like to you, Chris.
Yeah, I mean, we had to invent our own tools.
We had to invent our own way of coming up with doing things and our own ideas
and how we're going to possibly combat this.
You know, fast forward to even the Bureau after I took down Silk Road,
I had that 177,000 bitcoins on a thumb drive.
You know, I brought it back to the office.
And at the time, it was like 200 million or 200-some-on-million.
And there's a vault inside the office.
And it only opens on Tuesdays and Thursdays.
Or when something special happens.
Well, I came back on a Friday, and I said, I've got this 200 million in my pocket.
What are we going to do with it?
And they couldn't understand.
That's a thumb drive.
It's not $200 million.
What are you talking about?
And so I had to walk around all weekend with that thumb drive in my pocket.
You know, luckily I had a gun at the time, too, and a machine gun.
But no, it knew.
Wait, wait, wait.
When was this?
so you had $2 million on a thumb drive.
$200 million.
$200 million on a thumb drive of Bitcoin.
The Silk Road, yeah.
The Silk Road.
This was the Silk Road bus.
The Silk Road.
And you were walking around with this on a thumb drive.
I couldn't do anything with it because I had to put it in the vault.
So it's a valuable property.
And so FBI rules, I have to put it in the vault.
But the vault didn't open until Tuesday morning.
But here's what's crazy, though, is like, you could have taken that thumb drive
and made a copy of that thumb drive before you put it in the vault.
I mean, like, are there, I mean,
what's kind of the process?
I think somebody might have found out about that eventually.
I suppose so.
But like, what are the processes for, you know,
I'm sure the FBI has all these processes
when you seize gold bars or, like, cocaine or something like this
or like, you know, bags full of money?
But did they take this as seriously?
Because a thumb drive at that time just doesn't look like $200 million to anybody.
And that's the point.
I couldn't explain to anybody what the hell it was.
Like, what are you talking about it's worth $200 million?
It's not worth $200 million.
I was like, no, it really is.
that's the difference.
If I walked up with the bricks of cash,
that vault would have been opened in the middle of the night on Friday and put it in there.
But because I couldn't explain it properly to the right people,
they wouldn't let it didn't fit the protocol.
So they weren't going to open it.
Isn't that cool, though, Chris?
Isn't that so wild and cool?
It was cool at the time, but it was also nerve-wracking.
You know, I didn't want to be in charge of $200 million.
Like, you know, what happens if I break it or something?
So, yeah, no protocols.
There was a free-for-all back then.
We actually, we did the transfer.
So there was a really smart guy named Matt Edmund.
He's a PhD computer science guy.
He's helped me on all the crypto stuff from the very beginning.
And we did it in his apartment.
We transferred it.
We started a transfer.
Then we walked across the street and we had barbecue all night.
And then we went back to his apartment and it finished running.
So, you know, that was the time we transferred all the crypto in chunks of 324.
Well, people now consider the bankless podcast kind of a crypto-O-G podcast.
Okay.
But I think, Chris, you know, you were using Bitcoin before probably...
Yeah, he beat us by a number of years.
98% of the listeners of this.
podcast for sure. So, well done. Yeah, it went Satoshi, Ilwan Yom, and then me. So that was the order.
Well, so, Chris, the knowledge that the FBI currently has about Bitcoin and crypto, you were probably
the pinnacle of that, as then you were the one who was being faced with having to learn about
this system, and you probably pass on that information to the FBI. You were like patient zero in the FBI
as it relates to crypto. So I'll say I was the face of it. Like, I had some smart guys. Ilwan was behind me.
Matt Edmund was behind me.
was the face of it. But yeah, but that's really kind of the problem with the FBI. Institutional
knowledge doesn't really kind of get passed on too well. Interesting. I don't know why.
It should. That's one improvement as I was walking out the door of the FBI is that I told them that
we really need to make sure that we don't make the same mistakes. We need to learn our lessons
moving forward. And unfortunately, that's something that they're not that good at.
Well, let's rewind for a minute here, Chris, because we've just gotten in. There's so much,
you know, juice to squeeze out of this episode. We are so excited to talk to you today.
But let's rewind to the story that we've been alluding to all along. And so we played this out at some point you get 177,000, correction that time, Bitcoin, now worth $4.5 billion, let's call it. But the story starts well before that. Can you tell us the story of the Silk Road from your perspective and maybe start at the beginning? So how did it pop on your radar?
So the beginning goes way back. So we did an investigation of anonymous Lulsec when I ended up arresting the sat down.
Abu, the leader of anonymous, a guy named Hector Montsegore. So we arrested Sabu. He was the head of the
organization. And when was this? This was in June of 2011. Okay. So this was around the 50 days of
Lulsec. Some of your listeners probably might know about it. And it's a long time ago. So one of the
things we arrested the head guy, when you arrest the head guy, the people under him,
normally you're an investigation for like mafia. You started a street guy and work your way all up
to the head of the organization. Well, we got the head of the organization. So what are we going to do?
Real quick, Chris, LullSec versus Anonymous for listeners?
Are they tied together?
They different?
Anonymous is the collective group.
Lulsec was the hacking group with inside Anonymous.
Sure of the guys with a skill set and sort of a private channel.
Okay, okay.
So the muscle behind Anonymous at the time.
And so we got intelligence from having Hector there.
He didn't know anybody.
Like people call him a rat and all that sort of thing.
He wasn't because he didn't know who people were.
But one of the guys that was reaching out to him was a guy named Anar Chaos.
And he quickly became our number one cyber target.
because he was hacking into all the police departments around the world
and releasing very sensitive police information,
including addresses and police techniques and, you know,
where informants lived and that sort of thing.
But he was using Tor.
So he was on tour and hiding his identity that way.
He stayed on for about six months and we kind of finally figured out who he was after, you know,
he told things.
He told too much about his life.
He gave away too much information.
And we put the pieces together,
the guy named Jeremy Hammond in Chicago.
So we kind of got this tour thing.
And around that same time, after LLSEC was done, we started seeing a lot of cases come up.
Like, you know, investigated this IP, IP came back to tour, case close.
It was happening all the time in FBI investigations.
Anytime an IP comes up in your investigation, you go to that thing you always see in the movies where they type into the FBI computer and it's got everyone's profile and everyone's FBI record, which is not true.
And you look for the eye.
Is it kind of true, though?
It's in there.
But if you don't have a reason to look at it, which, you know, I learned don't look up D.B. Cooper or,
they're going to call you and say, why are you trying to look at the DB Cooper file?
So you look for an IP address that's associated with their case.
And it was always coming up Tor around that time.
So we started thinking we just had a good success on LLSEC.
Let's take a look at Tor, what we can do with Tor.
So like I said, we were the hacking squad in New York, the criminal's hacking.
So we needed to find a nexus to hacking.
So we went on Tor and we found 26 different sites that offered hacking services or hacking tools,
hacker for hire, and Silk Road happened to be the number six site. And so we added that to the case.
We called it Operation Onion Peeler, and we opened the case. It took a lot of explaining to management
to do this, because remember, law enforcement is very reactive. So something happens and we react
to it. A hack happens, and we investigate it. This is sort of a more of a proactive, like,
hey, bad things are happening, and we want to look at a protocol. Well, protocol didn't do anything bad,
so you can't really investigate it. So we needed to find those 26 sites.
But we knew that Silk Road was sort of the golden ring within Onion Peeler because, you know, that would bring the most publicity. That was the biggest one out there. Senator Schumer was talking about it on the floor of Congress. It was in Wired Magazine. So we knew that if we wanted to sort of make a splash and tour, that Silk Road would be the one.
I don't mean to back us up even further, but Chris, I think the average image that people have of the FBI are people in jackets with guns that show up at people's homes.
But I think what you're familiar with and your part of the FBI is like the mental model might be like cyber police, like, you know, fighting cyber crime, like stuff on the internet.
Can you explain like this part of the FBI?
I don't know if you call it a division or whatnot, but just like the cyber police side of the FBI.
like this must have arisen out of just a need to track some of this stuff, right?
Just talk about that part of the FBI.
Sure.
So, I mean, we're all special agents.
We all go to Quantico and become FBI agents with guns and badges and the same training.
We're all doing knuckle pushups.
We're all breaking down doors and that sort of thing.
But during the Wednesday of week six, this is what I in.
I don't know if they change it by then now.
But you're given orders week.
And that is when you are given your field office and your career path.
So you kind of get to order the offices you want to go to.
and your career path, and it's rare to get what you want.
Most guys want criminal and they want some place close to home or something like that.
I picked cyber and New York, and I got both of those.
So I got lucky on that one.
But everyone throws in 20 bucks, and the person that gets the worst office, the lowest one they rank, gets the pot.
So they get to take that home.
So we all started off as, you know, trained 21 weeks at the FBI Academy, shooting guns, all the same qualifications.
But then we kind of break up into our career pass.
That doesn't mean much if you end up in a very small office.
I had classmates that ended up in, let's say, Santa Fe.
They were on the SWAT team as soon as they got there because the older guys don't
wanted to be the SWAT team.
I ended up in New York.
New York has the most agents.
So there's resident agencies within the FBI, like the satellite offices.
The New York office has a satellite office as an RA in Brooklyn.
If that office was a standalone office, it'd be the fifth largest FBI office.
So just kind of give you a perspective of how big the New York office is.
So, you know, I jokingly say a lot of times, like when there's a bank robbery in New York, they ask, well, is it right-handed or left-handed?
Because, you know, there's a left-handed bank robbery squad and a right-hand-a-bank robbery squad.
That's not true, but it just shows how specialized we are.
So, yeah, our squad in New York was very specialized.
We did criminal cyber intrusions.
There was a national security cyber intrusion squad.
But at the smaller offices, you know, cyber guys might be doing, you know, bank robberies.
They might be doing CT.
So it really depends on, you know, every FBI, there's 56 FBI offices and it's 56 different FBI ways of doing things.
So it really depends on the office.
But yeah, we were very specialized, only looked at 18 USC 1030, cyber intrusions.
And, you know, it really depends on your career on what that looks like.
Okay, what is that legal code?
18, would you say?
18 USC 1030.
Okay.
It's computer intrusions.
Got it.
And then so like back to kind of David's question, too.
is like, so there's over 50 FBI offices, you have a specific legal code looking for kind of
intrusions in computer systems, that sort of thing. But like, you know, my impression is the FBI
sort of broken up by geography as well. And what's interesting about the internet is it's very,
like, not geographic, right? So a high level understanding is FBI, it deals with federal
domestic issues, right? So it's not dealing with national security issues in the context of another
nation state attacking the U.S.
At least that's what I think, although maybe there's some involvement.
But even the internet, it's like not, you know, city by city or state by state.
Like the internet is everywhere.
It almost doesn't have geographies.
So how do you partition that out to a particular part of the FBI?
So I'll correct you a little bit.
The FBI does have a reactionary for state-sponsored hacking against U.S. infrastructure.
It does.
Yeah, the FBI would investigate that.
So that's the national security side of the FBI.
It's sort of two different sides of the house, a criminal side and the national security
side. And you were on the criminal side. I was on the criminal side. Got it. So, you know, the FBI is
investigating anything against the U.S., whether it's criminal or nation state, just depends on where it comes
into. And again, like I said, the smaller field offices, they don't have their cyber intrusion guys are
doing national security and criminal intrusions. So it just really depends on where you are. The way it kind of
works with the wild, wild west of the internet and how it comes across is you need to pair up with a
decent prosecuting office. That's why some of the bigger prosecuting office, I've seen cases done
in smaller field office. Mariposa was a botnet, a huge botnet. That was done out of Hawaii. The case agent,
it was a great guy in Hawaii. But the prosecuting office out there, they didn't really have
prosecutors that could handle a global botnet. So he got a prosecutor out of the DC out of headquarters
to work on the case, which is really a pain in his ass that every time he wanted to have a conversation
with the prosecutor, he had to, you know, wake up early in the morning so he could talk to people
in D.C. And that's really what it boils down to. So it's pretty easy in New York, in L.A. San Francisco
has a big cyber office because the traffic just has to pass through the server to get jurisdiction.
You know, it's pretty easy. And then in the FBI, we fly out to a place. I can get a search warrant out in San Francisco.
I just have to go to a judge in San Francisco to get that search warrant if the server's out there.
So it's nice being a law enforcement agent that has, you know, all across the nation has powers.
So it's helpful. Well, that was a quick side quest. Yes, that's all right. I'm sure we'll talk more about the
a little bit later, but let's continue the story, the Silk Road. So now it's popped on your
radar as maybe this marketplace for hackers, and it seems to be gaining some steam. And so this
onion peeler project, which I'm guessing you guys codenamed because, like, you know,
tore onions and you're peeling back. Okay, yes. You're smiling, so yes. You'd be surprised how
much time goes into naming the case. Yeah. What's a good name? Okay, so you guys are
peeling back the onion. You discover this Silk Road thing. Then what happens? So we start looking
into it, start putting things together. There's a prosecutor over at the Southern District of New York,
Saran Turner. He's sort of headlining a case with the DEA. And they're trying their traditional way of
doing things. They're arresting dealers. They're addressing people having drugs delivered to their
house and trying to work their way of the chain. But people just don't know each other. It's not like
they're going on a street corner and say, I bought the drugs here. And, you know, this is where I got
them. They're just saying, this is the envelope that it came and that's all I know. This is the
website I went on. And this, we took sort of more of a cyber approach. What could we
do to look into, you know, what's on the server, what's going on the server, what can we find out
about this site? You know, and then we found out there was a dot com. So there was an IP at a real site
for a forum where they described on how to package your drugs and send your drugs, sort of a
customer service type approach. Any little crack we could find in the electronic approach
was where our investigation was going. Could you illustrate just the growth of the magnitude of the
Silk Road case? Like, was it a big deal for what you stumbled upon as soon as you stumbled upon? As
soon as you just stumbled upon it or like how did the magnitude of what you were diving into
grow over time and what did it take to realize all of that it really took some time going on the
site and learning what it was doing what it was moving what you could get you know they really
was a rule there was only two things you couldn't get and that was fake college degrees and guns
and really the reason you couldn't get guns is because that was on a different site at the time
so you know it was the scariness of what you could get on there that kind of push things up
the chain on, you know, how aggressive we're going to be towards getting this site versus, you know,
the 25 others that were part of an impaler. We put the same effort into the other ones, but, well,
I won't say the same effort. It became very quickly realized that Silk Road was going to be
the main target for this entire investigation. And just to be clear, you found Silk Road because
Silk Road was distributing hacker technology or other tools that also made the FBI's life difficult.
And so in an effort to stop all of those other things, you found the Silk Road and it's like, oh, this is like the Nexus of it all. Is that right?
I mean, we knew about the Silk. I knew about the Silk Road beforehand. Like, you know, staying ahead of your cryptocurrency when it first came out, just knowing technologies. You know, when you live in such a small bubble of cyber intrusions, you kind of think everybody knows about it. You know, you pass people on the street, but everybody knows that Silk Road is. But we were living in a world. So it had been unwired and we were aware of it. I wasn't fully engrossed in it until I got on the site and started going around.
and figuring out what was going on there.
I think my impression of the Silk Road is mainly, like, you know, drugs.
And I'm sure that was a lot of the volume, but there's more than drugs that could be purchased there.
Is that right?
Or can you characterize, like, what sorts of things could be purchased?
You said almost anything.
I guess that's anything aside from guns and university diplomas that one can imagine.
But was that common, or was it just, like, mostly drugs?
It was mostly drugs.
I mean, there was sections for hackers for hire or other services,
hackers, you know, hacking services, you could buy, you know, fake IDs, really anything that you
would think that you'd have to go to like a street corner to buy. It was there. And you could ask for
things. You could propose things and someone could connect you to it. So, you know, I've said in
the past, you know, you could go on there and you could buy like baby parts. That's the most
extreme. I don't think I've ever saw that, but it was an example of something that are on some of
these black markets. So what was happening on Silk Road that the FBI really didn't like? Was it
the drugs? Like, what was the part of Silk Road? I know, like, the whole thing was offensive,
but what was, like, the thing that was like, okay, that has to end? Yeah. I guess it the totality
of all the circumstances, really. There wasn't one thing. I mean, in order for my squad to take a look at it,
my SAC to sign off on us opening his squad, it was the hacking tools and hacking for service.
You know, if we could also take out all the drugs on there, great. Big win for everybody.
But, yeah, I mean, again, the Nexus, we were very charged towards the hacking.
tools and hacking services. Okay, so you've got this online black market marketplace that seems to be
doing a lot of volumes, getting pretty big, published in Wired, so more notoriety, more visibility,
more traffic, I imagine, more commerce that's happening. So then what did you do? How did we get to the seizure
of the Bitcoin at the end of this story? Oh, you want to fast forward there for it? No, no, no,
don't fast forward there. Take us through it slowly, if you will, Chris. Yeah. All right. All right.
So, you know, subpoenas, search warrant traditional, you know, investigative techniques, building out a map.
You know, the cliche of the, you know, pictures with the red string that goes to each one of them connects it all.
You know, I didn't use red.
You guys do that?
I used a green marker.
I used a big rollout piece of paper.
It's in my closet right there.
I still have it.
No way.
Yeah.
So I haven't brought that out in a long time.
But, yeah, I still have it.
So it's a picture connecting all the dots, all the, you know, because you get lost with IP addresses and dates and times and numbers.
And you kind of have to connect things together.
So, you know, maybe it's a cliche that I took it from Hollywood.
But maybe the FBI never did that.
I just saw Hollywood doing it.
I was like, well, like, shit, I got to do it.
I got a big case.
I got to do it.
So who knows?
Who knows?
Chicken or egg?
What came first here?
But so put all that picture together.
Started seeing some patterns.
We started monitoring online about, you know, people talking about things, about
misconfigurations and that sort of thing.
Explored that whole setup and was able to find and locate the server in Iceland.
Flew over to Iceland with the prosecutor took Sarah Turner.
And we met with Icelandic prosecutor.
prosecutors and Icelandic police officers, and they opened up a parallel investigation,
which makes it a lot easier and faster to do things. So now they're investigating Silk Road,
too, and we're telling them, hey, it may be sitting here over in Kekleovic. So let's go over to
the data center and see what can happen. So that was the next move. Okay. And so you find
the data center where it's happening. Where did Ross Ulbricht enter the story?
So we get the server, it comes back to a copy of it. You know, the way the server is configured,
it was in Raid Zero.
So I don't know if people know where Raid Zero is.
So if you're running a server, it has two hard drives.
So if one hard drive is to fail, your server doesn't fail.
But the bad thing for that is all we have to do is pull out one of the hard drives
and we have a full copy of it and then plug another one in it makes an own copy of itself.
So the bad guy really never knows that anything happened to his server the way it's configured.
So probably a bad security move.
I'm definitely not making a roadmap for your listeners on how to commit crime.
But if you're going to run a server, don't do it with Raid Zero.
Our listeners don't commit crime, Chris.
Perfect.
That is perfect.
They wouldn't dream.
And the other thing is the server was completely unencrypted.
Another thing you might not want to do if you're committing crimes.
Really?
Yeah, it's wide open.
It was ones and zeros could see everything.
How egregious of a mistake was that by Ross?
That's horrible.
That's horrible.
Again, I'm not telling how to commit crime, but that's an easy one.
I know that one, deal.
So, okay.
You know, I talk shit here, and I'm saying I'm saying all that.
But think about back in 2012, 2012, 2013, how slow tour was.
add encryption on top of it.
Maybe you're not going to get the customer base then.
Maybe that's a business decision that you think you're going to protect it through the internet immunity of TOR.
It's the UX security tradeoff, right?
Yeah, exactly.
So, you know, we get it back, but there's a funny story there.
So the Icelandic sent it to Saren, and Saren walks it over to my office, and I say, I'll get to it in a few minutes.
He walks away, and I take it back into Lab 1A, and we plug it in, and it's encrypted.
I can't see shit.
I'm like, oh, fuck.
The whole thing's done.
Case closed. I can't go any further. And so I screw around with it for a little while. Tom Kiernan comes back and helps me to be that he's, yeah, it's encrypted. I can't do anything. So I call Sarah and say, yeah, he must have been encrypted. So we got to come up with a new plan, new way of going. Let's get a PRTT up on it, get some traffic analysis, see what's going on. He's like, oh, they sent a password. The Icelandic had encrypted it. So if it got lost in the mail, other people couldn't find it. So Sarah had forgot to tell me that they put it in a true crypt volume. So throw that quick password in there and voila, it's wide open.
everything's there. Amazing. So from there, we were able to find some network stuff going on.
There was a backup server in Philadelphia, so copies of the server for a sense it had started.
We're sitting in a guy's data center in like his garage on a computer sitting on the ground.
And that's well within FBI jurisdiction, obviously Philadelphia, right? But like,
Yeah, we got a search warrant. Does it take special permission to go to another government to go to
Iceland and crack open a server there? We didn't do that. Iceland opened a parallel investigation.
and then through intelligence, they shared a copy of the server with us.
They had their own case.
Got it.
So they got a search warrant for the Icelandic server based on information that we provided to them.
So yeah, we got a search warrant for Philadelphia, which, yeah, right, in the U.S. territory,
take it and all that, we're good to go.
So I think if bankless listeners really want to dive down into the fullest story of there's a Netflix
documentary, there's an Amazon Prime documentary, and so I think we really just want to zero in
on some of the focal points here.
Sure.
I want to also take a moment to zoom back out and just ask like the timeline of this whole thing.
Like, how long was this investigation?
Because, like, my next area of inquiry is going to be, like, how you got to know Dread Pirate Roberts, aka Ross Oldbrick.
Like, because I would assume investigating him from afar starts to create some sort of, like, character arc, if you will.
So, like, how long was this Silk Road investigation?
And, like, where are we in the story so far with this server talk?
Yeah, so we opened to the case in the winter, late, or was it, 2012?
And we're in the story now.
We're into like late summer of 2013.
Okay.
And then when is ultimately Rossolberg arrested?
October 2nd or 3rd of 13.
Okay.
So this was roughly a one year endeavor.
And so when we got that Philadelphia server, again, we had all the backups from everything.
And so we had every chat log that DPR had been a part of.
So from that, I got 600 some odd pages printed out of DPR conversations.
So I got to know DPR pretty well.
Wait, wait.
DPR, Dred Private Roberts, akaa.
Right.
Okay.
Ross Oldbricks.
That is the name that Ross Oldbricks gave.
There's actually a funny backstory to that.
I'm sure you can tell that story, Chris.
Can you talk to us about how the Dred Private Roberts name came to be?
Well, he had a guy that was working with a guy named Variety Jones or Roger Clark who ended up
being, he was in England, then he was in Ireland, but now that he was dressed in Thailand.
He gave him that information to kind of, so the story behind Dread Private Roberts is it's
not really a person, it's an entity.
And if someone goes away, anyone can be Dread Pirate Roberts.
So Dreadd Pryorabert's story, it can live forever.
It comes from the Prince's Bride, the movie.
Well, the book.
Oh, yeah, it's a classic.
Right.
And it's just like a franchise of Dredd Pirate Roberts, right?
Well, also, it's a name to hopefully throw people off of your trail.
Because if you aren't Dread Pirate Roberts, dread pirate Roberts, is an idea.
So, like, kind of in a way, it's like, you know, don't chase Dread Pirate Roberts.
You're chasing a headless brand, even though it's not actually true.
Is that right?
Yeah, it's sort of the idea behind it.
It could be anybody at any time.
But it wasn't.
It was just one guy.
It was just one guy the whole time.
And I'm assuming that fact is relatively obvious from the GICA.
Yeah.
I mean, it has, you know, from the start, the chat logs are the same, and it all goes back.
And he had a diary on his computer.
And he literally from the time he started to all the way he ran through, not to fast forward
too far.
But, yeah, we got his laptop and he had a diary of all his activity on Silk Road.
And it was obvious that Dread Pirates Roberts, because this was on the public forums,
Dread Pirate Roberts referred to himself as Dread Pirate Roberts, the operator of Silk Road, correct?
Oh, correct.
Yeah.
And he also, many times that I'm the cat.
captain the ship. If you don't like the rules, get the hell off the ship. So that it was,
he was the leader. He was the, you know, he made of the rules. So like I said before, I arrested
Hector Monsecure and he was Sabaabu. I quickly realized, Sabu with ruthless. People hated him.
People were fearful of him. He was a mean guy online. Hector Monsigur, the real guy,
sweetest guy you'll ever know. He'll give you his last dollar if you need help and all that.
So I read the DPR chats knowing that, you know, I had that institutional knowledge that, you know,
just because you're a persona online doesn't mean that's who you are.
So, you know, before I wouldn't.
If I didn't have that experience with Sabu, that I would have gone and said, oh, DPR is this guy,
you know, but it's just an online persona.
And for reference, for bankless listeners, just to back that up.
So, Chris, you now do a podcast with Hector.
The guy that you arrested, the hacker that you arrested, his codename was Sabu.
You said was just an absolute, like, dick, asshole, like online is online persona.
But in real life is like, date.
David, to me. Is it like your podcast co-host and somebody that you're partnered with in some way?
Yeah. I am a dick online, though. On Twitter, everyone is, okay? Yeah, so am I. I mean,
ask half the internet. But yeah, so there's not many people that have arrested their podcast
co-hosts. So it's an interesting dynamic between the two of us. Yeah, we haven't gotten there
in our podcast relationship yet, David, but someday. You should at least risk him. I mean, at least,
you know, I don't want to be the only podcast co-host that's frisked my co-host. So, you know.
Chris, I want to ask you, taking a slight turn away from frisking my co-host,
Ross Ulbricht.
Oh, my God, you're flustered.
Ross Ulbricht in the crypto world is considered a martyr by most, I'd say.
I've met Ross's mom at Bitcoin 2019 in San Francisco.
She was getting petitions to free her son from jail from double life in prison, I believe.
Double life plus 40 years.
Double life plus 40 years.
So can you just reflect on Ross Oldbrick as a martyr for many, not all, but many in the
crypto space. Do you agree with that? How does that ring with you? I mean, I really don't go public
have my personal feelings on the whole thing. My job was to bring down Silk Road, bring whoever it had
to justice. There was 12 jurors that came up with the verdict. There was a judge that came up with
the sentencing. I have my own personal feelings, but I don't really go public with what those are.
So, sorry. Okay. All right. I think that's fair. So can we talk about what Ross was actually charged
with, though? So what are his crimes? Is it the operation of this?
website in general? Or what did he get the double lifetime sentences plus 40 years for?
So it's basically he got a, it was one of the biggest charges. It was like a drug czar charge,
kind of like there's certain amounts of each drug that the site meant the volume, at least $10 million
in sales and having, I think, three or more employees and maybe four or more employees.
So, you know, it's a drug czar status is really what the biggest charge was.
What was your understanding of the person of Ross Lelbrick? So you mean, you
met him. I'm sure you also frisked him, but you did, you know, are not now doing a podcast with him,
of course, a different circumstance. I would. You would. Okay, well, so, so tell us about him. And I think
listeners should know that Chris is basically acting in your duties as an FBI special agent, of course.
But what is the person like when you met him? You said you read his diaries. Can you get us in his
head? Why do you think he created this? Because part of sort of the martyr thing that David was
reflecting on is I think there is this libertarian, crypto anarchist type of ideology that is,
I think, at the bottom, at the base layer of crypto. And it's most pure forms, I think a lot of
people would probably disagree with it, including me myself. But there are elements of it
that are necessary and are helpful and are good and are kind of almost embody the spirit of the
United States and, you know, self-sovereign individuals pursuing happiness. So where did Ross go
off track in your mind. And what was the person like? So like I said, I know DPR the most. I read all
his chats and what he acted online. I met Ross. I spent an afternoon with him. I had breakfast
with him next morning. And that's the only time I've ever spent with him. He seemed like, and again,
I read his diary and his emails. So, you know, whatever you can glean from that, if you can judge a person
based on their writings and spending, you know, maybe five hours with them. I'll say that I don't think
that's a fair assessment to tell you guys who he was as a person. It would have.
his ideology was. I do believe he did truly believes in the libertarian way that you should make your
own choices about, you know, what you ingest in your own body and that, in those choices along the
line. So, I mean, that's really, I thought he was a nice guy. I thought it was very nice. I wish I
could have more conversation. I know he told other agents after his arrest that he thought he and I
were going to be like friends. But, you know, once he be, you know, asked for a lawyer, there's very few
things I could talk to him about, you know, legally. So, you know, we didn't really delve into that
too far. Chris, how come it went a different direction with Sabu versus Ross?
Ross went to jail. Right. But so did Sabu for a period of time. Did he not go to jail for something like
nine months or something? But he was, I believe, cooperating, working with you to maybe take down
other targets that the FBI had. Was that just not an option for Ross? I'm wondering about
the contrast here that you see. It was. He decided not to. I mean, so we arrested a Ross in a library.
I took him outside and set him in a covert FBI van that was across the street. And
and we sat there and I showed him the arrest warrant.
It was an arrest warrant, which is very eye-opened to a lot of people to see, you know,
United States government versus, you know, Ross Albrecht, A.K.A. D. D.P.R. A.k.A.
D.R.R. So, you know, there's, what, maybe five, six people in the world that knew that
Ross Alberg was Dred Pirate was DPR. And so for him to see that, that the United States
governments now knew it is sort of like that eye-opening moment. I let him sit there and kind of
reflect on it for five, ten minutes. And I came back.
And he asked for a lawyer. And so from that point on, I mean, until he sits to talks with his lawyer,
you know, I can't ask him to cooperate and do all that thing. I offered it to him if he wanted
to talk to me and all that. And he decided to have a lawyer, which is perfectly within his right.
And he made that choice. And anyone that's been arrested, you know, you get to make that choice,
whether you want to sit there and talk to the FBI agent that's arrested you or, you know,
your legal rights.
My understanding of this story, and I haven't been super close to it, is that there were other
possible charges. I don't know if these charges were ever relayed beyond kind of the drug czar charge.
It may be some payment for assassination, some of this. Is there any substance to that? Or what can you
tell us about that side of things? So the dirty side or the Ross side, what are you looking for on this
one? Because I would like kind of like both sides so that people can sort of make up their own minds and
investigate further. Sure. So there was an investigation out of Baltimore. There was a task force put together
with DEA service and HSI that was looking into Silk Road long before our case he was ever opened.
And they were doing undercover and doing these other things. And they arrested a guy named Curtis Green,
who was an admin on the site. And part of that arrest of Curtis Green, two agents, a Secret Service agent and a DEA agent,
stole cryptocurrency from the Silk Road. They stole it through Curtis's access to it, which Ross then changed right after that,
where the cryptocurrency was on a different server that only he had.
access to that the other admins. It wasn't on the Silk Road server anymore. It sat someplace else.
But part of that is then the DEA and the Secret Service, the whole task force, developed a plan to
go to talk to Ross that, hey, Curtis is trying to steal from you. We can kill him for you. And so they faked Curtis's
murder, and Ross paid for that. And then another guy named Red and White out of Canada came through,
and he was also sort of the strong arm and offered to pay to kill other people for DPR that had stolen from him.
You know, it's sort of the first time that Ross paid, you know, I'll say quote, paid for these murders.
He did pay.
He got pictures that the murder had happened.
Again, it was fake.
And he did pay the cryptocurrency thinking that the murder had happened.
The ones in Canada, the guy sent him, you know, said, hey, this kid that stole from you, he's got three roommates.
We can't kill him with the other.
roommates around, and Ross was just like, we'll kill the roommates too. So he became more callous
as it went on. And he paid for those. He thought they happened. Really, this guy had just tricked him,
you know, into sending the cryptocurrency for payments for hire. So there was a total of six murders
for hire. They had all been used to trick Ross. But, you know, looking at it from our side of the
things, Ross paid for murders that he thought he had happened and ordered. And Ross was a very
principled individual. And he built the Silk Road on the certain libertarian principle.
And one of the reasons I believe, I think your memory will probably serve you better than mine, is that you can't buy, like, a doctor's license on the Silk Road because that will potentially do harm to humans.
And so this idea of Ross paying for assassinations goes directly against the principles that he espoused as Dread Pirate Roberts publicly on the Silk Road, correct?
Yeah, I mean, but I go in further.
I mean, I'm a parent.
And, you know, giving children access to heroin, I think could also be harmful.
But that kind of goes against the libertarian, you know, mind.
said, the one, what I know of libertarian, I mean, certainly somebody in your audience could correct me.
I might be wrong that there is a principle that says children shouldn't be able to ingest anything
they want, but, you know, the general scope of things, you know, heroin straight off the block
out of Afghanistan can be pretty powerful stuff. So I would definitely invite listeners to go do some more
reading about that. So these charges, the murders for higher charges were not actually brought
in a court system. That's not why Ross is in jail. But nonetheless, there is,
kind of evidence of this that people can go research. Is that correct, Chris? Sure, yeah. I mean,
the murders for hire were right in his diary. They were on a file, controlled by him, by a password that he
didn't share with us or anything like that. So, I mean, he proclaimed at trial that his computer
had been hacked into and files were placed there. I didn't find any evidence to any of that.
And so we arrested him with his unlocked computer and his fingers on the keyboard at the time.
So it was a computer in his control, and there was a diary that discussed all of these murders.
So, Chris, where was the Bitcoin when all of this was happening? So there was some sort of vault.
Is the way the Silk Road worked that they just took a transaction fee for a purchase?
Like, was that the business model? And they took it in Bitcoin. And so Bitcoin was accruing in some vault somewhere. Tell us about where the Bitcoin was in this whole time and how the FBI, you guys actually seized it.
So the Bitcoin was sitting in another server in Iceland. And Il-Wan, the guy who taught me about Bitcoin's, Matt Edmund, and another agent named Pat Hoffman.
went to Iceland. So the Silk Road
Arrest, or takedown, was a three-pronged
approach. Arrest Ross Albrecht,
the DPR, put a splash screen up
for the Onion site to show that, you know, we had
access to it and all that, and then seize all the
cryptocurrency. Those guys in Iceland,
they did a great job. They timed it perfectly,
and they had two of the prongs. They got the
crypto all moved over to an FBI-controlled
wallet, and they were able to put up the
splash screen that was hosted at a data
center in the United States site. It may still
be there. If you go to the original Silk Road
Onion site, the splash screen still may
I'm up. I'm not sure. I don't want to get on a list here, Chris.
100%. There's not a list. I know exactly where it is. But I'm going to say that probably no one's
paying that bill anymore. I'm sure that that server isn't being run anymore. Okay, so that's
how you acquired the Bitcoin. And then that was the bulk of it. That was maybe the 173K. And then
there was 5,000. No, so that was like 130 something. Okay. And then there was another 29 and some
change on Ross's laptop. Just sitting on his laptop, kind of unencrypted.
No, encrypted. It was all encrypted. Everything was protection.
and all that. The problem is, is he would copy and paste his password. And so Tom Kiernan found the
password in his bash history. And so it was pretty easy to get past his encryption. So he didn't have
to give you any of his private keys in order to seize that Bitcoin. You basically could derive
them yourselves. Yep. Well, importantly, a part of the operation for arresting Ross involved
seizing the computer in its unlocked state, correct? Correct. That was the, when I gave the
execute command to arrest him, I said, let him run if you want, just get the laptop. Like we
We had a plight of getting a laptop.
He was running the Silk Road, you know, his drug empire, from a table at the library.
And we had put an undercover FBI agent, a female agent sitting at the table across from him reading a magazine.
Wow.
Right.
And so the important point was actually you were after the laptop more than you were the human.
If Ross ran, you would just, you know, you can catch him tomorrow.
We'd get him.
That's easier.
But you can't get the laptop in its unencrypted state.
And so it was about seizing the laptop while he was logged into it live, right?
Yeah, correct.
And that was the hard point.
Yeah.
When we arrested Jeremy Hammond, I mentioned that case, like he closed his laptop and locked it up, even
though we had him in a communication talking, we sent a SWAT team into his house. And as the SWAT team
going in to the left, where there's a bunch of kids smoking pot in the family room. So that's kind of
where the SWAT team went. The last two SWAT guys through the door watched Jeremy close the laptop.
It was encrypted. So it took us quite a long time to get that laptop open.
Uniswap is the largest on-chain marketplace for self-custody digital assets.
Uniswap is, of course, a decentralized exchange. But you know this.
because you've been listening to bankless.
But did you know that the Uniswop web app
has a shiny new Fiat on ramp?
Now you could go directly from Fiat in your bank
to tokens in Defi inside of Uniswap.
Not only that, but Polygon, Arbitrum,
and Optimism, Layer 2s are supported right out of the gate.
But that's just Defy.
Uniswap is also an NFT aggregator,
letting you find more listings for the best prices
across the NFT world.
With Uniswap, you can sweep floors
on multiple NFTs,
and Uniswap's universal router will optimize your gas fees for you.
Uniswap is making it as easy as possible
to go from bank account to bankless assets across Ethereum,
and we couldn't be more thankful for having them as a sponsor.
So go to app.uniswap.org today
to buy, sell, or swap tokens and NFTs.
Arbitrum 1 is pioneering the world of secure Ethereum scalability
and is continuing to accelerate the Web 3 landscape.
Hundreds of projects have already deployed on Arbitrum 1,
producing flourishing defy and NFT ecosystems.
With the recent addition of Arbitrum Nova,
gaming and social daps like Reddit are also now calling Arbitrum home.
Both Arbitrum 1 and Nova leverage the security and decentralization of Ethereum
and provide a builder experience that's intuitive, familiar, and fully EVM compatible.
On Arbitrum, both builders and users will experience faster transaction speeds with significantly lower gas fees.
With Arbitrum's recent migration to Arbitram Nitro, it's also now 10 times faster than before.
Visit arbitram.io where you can join the community, dive into the developer docs, bridge your assets, and start building your first app.
With Arbitrum, experience Web3 development the way it was meant to be.
Secure, fast, cheap, and friction-free.
How many total airdrops have you gotten?
This last bull market had a ton of them.
Did you get them all?
Maybe you missed one.
So here's what you should do.
Go to Earnify and plug in your Ethereum wallet, and Earnify will tell you if you have any unclaimed air drops that you can get.
And it also does Po apps and mintable NFTs, any kind of money that your wallet is.
can claim Earnify will tell you about it. And you should probably do it now because some
airdrops expire. And if you sign up for Earnify, they'll email you anytime one of your wallets
has a new air drop for it to make sure that you never lose anirdrop ever again. You can also
upgrade to Earnify premium to unlock access to air drops that are beyond the basics and are
able to set reminders for more wallets. And for just under $21 a month, it probably pays for itself
with just oneirdrop. So plug in your wallets at Earnify and see what you get. That's eA-R-N-I-F-I.
and make sure you never lose another air drop.
Learning about crypto is hard.
Until now, introducing Metamask Learn,
an open educational platform about crypto, Web3, self-custody,
wallet management, and all the other topics
needed to onboard people into this crazy world of crypto.
Metamask Learn is an interactive platform
with each lesson offering a simulation for the task at hand,
giving you actual practical experience for navigating Web3.
The purpose of Metamask Learn is to teach people
the basics of self-custody and wallet security
in a safe environment,
Metamask Learn always takes the time to define Web3 specific vocabulary, it is still a
jargon-free experience for the Crypto-Curious user. Friendly, not scary. Metamask Learn is available
in 10 languages with more to be added soon, and it's meant to cater to a global Web3 audience.
So, are you tired of having to explain crypto concepts to your friends? Go to learn.menomask.io
and add Metamask Learn to your guides to get onboarded into the world of Web3.
Chris, one of the after effects of this taking down of the Silk Road was that 10,000 carbon copies of it just like cropped up in its place.
And so I remember hearing a quote from you on a different podcast saying, like, we gave them the playbook.
Yeah.
The playbook of combining Bitcoin with Tor.
What was your reaction to this after this result after the fact?
Well, I mean, so after the first arrest, the first wave of black market websites, I don't even know how old you guys were at that time.
And the first ones that came around was this like a place called Sheep Marketplace.
And really all that was was to steal crypto.
They put up this marketplace and you put your money in escrow and all that.
And the guy ran off and stole all the crypto.
So that was sort of the first wave after Silk Road because Silk Road now's in the news and people
are like, oh shit, I can go on to Tor and I can get crypto and I can buy whatever the hell I want.
I'm going to do this.
So these guys set up these fake marketplaces and then nothing.
And then after that sort of came the wave of Alpha Bays and sort of the sites and it just grew.
I would have never thought that if someone was sentenced to two life sentences plus 40 years,
that someone would have the balls enough to start another one of these.
But people have, I mean, again, the guy running Alpha Bay, he ended up hanging himself in a
foreign jail after he got arrested.
But they're still out there.
There's still tons of them out there.
I'm not going to tell you where they are or the names of them because I don't want
people to go in there, but they're not hard to find.
Yeah.
How has just cyber police and cyber crime, how is the efforts of the FBI had to adapt
as a result of this. I mean, there's a cryptocurrency department of justice.
Young Choi runs that out of D.C. I mean, that would be unheard of. I mean, again, I went from
carrying around $200 million in crypto in my pocket because people didn't know what the hell I was talking
about to now there's a whole division within the Department of Justice just for that. So, I mean,
talk about the change in the last 10 years. It's been insane. So one of the questions I have is like
this Friday weekly roll up, Ryan and I do every single week where we cover the news in crypto.
And throughout 2022, it was like bridge hack after exploit, after like vulnerability and hundreds and hundreds of millions of dollars falling into hackers.
Like a decent number of time that would be like North Korea, et cetera.
And so like I was talking around.
It's like at some point we just need cyber police.
We need police to be going after these bad guys in these internet landscapes.
Is that what the FBI is?
Like who are the cyber police?
Is that the job of the FBI?
I think the FBI is doing a good job.
IRS, the Criminal Investigating Division, they're doing a good job.
But, you know, they're kind of motivation behind wanting to do a good job, you know,
taxation, you know, so they want the piece of it and all that.
You know, HSI is doing a great job in this space, in dark markets and all that.
What's HSI?
Homeland Security.
They're Homeland Security investigators.
They're the 1811s.
In 1811 is a special agent, is the code in the government for special agents.
But, yeah, I mean, so you mentioned hackers, though.
I mean, you look at the crypto space in the end of 2022, there's a lot of, you know, let's call it market
manipulation.
There's a lot of old stock things that are happening, you know, a way people used to trick people
with stocks and that sort of thing happening from like the 80s and 90s.
I think the crypto space could use some of those, you know, some Wall Street police too.
I'm not saying bringing regulators.
I'm not always pro-regulation.
But, you know, the same things that we already had, you know, in stock manipulations are now
happening in the crypto space.
So, you know, lessons learned.
That's why I say, I mean, even the FBI, we talked about early on, institutional knowledge is lost.
Yeah.
We need to bring some of that institutional knowledge from Wall Street over into the crypto space.
But again, I'm not saying, like, the SEC or some regulators stepping in is the answer.
But, you know, at least to combat, you know, the good guys need to combat the bad guys in this one.
Certainly.
And I hope bankless listeners don't think that we are just like these naive, like Uber optimists about crypto.
After this 2022 crash, and especially after FTX, the FTC exchange insolvency, I
went down the 1929 stock market crash rabbit hole. And like the comparisons is like, oh,
these are the same events. And like, we're doing the same thing over and over and over again.
But Chris, I want to get your perspective. Early in your FBI days, you see the combination of
Tor and Bitcoin. And that was probably like, uh, uh-oh. Like that's complex and hairy.
When I look at the world of crypto, I am like a crypto optimist, right? I see a bunch of bright
future ahead. I see the world of self-sovereign finance, of permissionless, be your own bank.
I see good stuff. I'm optimistic about crypto. When you look at crypto, like, what do you see?
All the bad sides. Unfortunately. Yeah, just the world I live in. I mean, we get, I mean,
they started a cybersecurity company called Naxo, and we do a lot of like crypto recovery and
crypto fraud. I mean, we are being contacted, you know, 10, 15 times a day of people being
defrauded out of their crypto. And it's easy fraud. It's, you know, computer takeovers. Oh,
I allowed them to enter my screen and I gave them permission. So it's not the complex stuff.
that we're seeing. It's the low-hanging fruit. You know, people losing their retirements.
I'm seeing all that. And it's really kind of sad to me because, I mean, I like crypto.
I'm a technologist. I like things moving forward. I want to see us come up with new things,
new inventive things and all that. But, you know, I'm faced with victims every single day.
And it makes me sad because, you know, cyber criminals are opportunistic. They're going to find the
cracks. They're just like water. They're going to seek into the lowest cracks and they're going
to exploit it for themselves. And unfortunately, crypto is too ripe with that right.
these days. Why does crypto give more surface area to that? Is it because it's digital? It's because,
you know, briefcases full of money are just hard to transport and you have to be there, you know,
physically. Is it because there's more surface area for attack? Why do you think this is the case with
crypto? Is it people not protecting their private keys? People not understanding the technology.
There's a lot of that. People to get into it. Think about, we talk about ransomware. I mean,
we've had cryptography for 75 years, but now, you know, when I locked up somebody's computer and
information in the past, they'd have to give me a big briefcase full of money, and then I have to go
pick that up physically. Now with crypto, I don't have to do that anymore. So there's that attack
vector. And now it's valuable. Like, let's say I'm a hacker in the 90s. I hack into something,
I take some information and I sell it. That takes a couple different people. I need to know who to
sell it. I need to know where to go and do and all that. With crypto, if I just steal that,
which is the same as stealing an electronic file or someone's information, it's just stealing ones and
zeros, that's much easier to move. I don't have to go through a middleman. I don't have to,
you know, only take 40% of it. If I steal it, I got 100% of it. You know, as long as, you know,
someone's not tracing it and I, you know, don't try to use an exchange in the U.S. or something along
those lines. But, you know, also having all this stolen crypto, you know, nowadays, it's kind of
tough. It's getting harder at least. They're making it much harder for you to be, you know,
a crypto thief millionaire. Yeah, this is what's so interesting about crypto and why we wanted to
have your perspective on because your lens is just, you know, former FBI. And the FBI is the agency
people call when they get hacked. When their bridge gets stolen from hundreds of millions of dollars,
who are they calling? They're not going to go trace down the funds themselves. They're literally calling
the FBI. And you yourself, you work in security and you can see all of the ways that crypto
has allowed surface area for hackers and criminals and thieves and scammers to actually
exploit people. And so you're seeing that side of things. You know, what David and I see,
with bankless what many in the crypto community see is like the freedom, self-sovereign, good side of
crypto, you know, not quite the utopia, because we need those that are going to help protect
our security and those that will, you know, go chase after the criminals and prosecute them.
But at some level, we don't necessarily have to deal with the consequences of that, you know?
And so part of the reason we wanted to get into this episode content with you, Chris, is to sort
of help us break outside of our bubble a little bit, you know, in that like, hey, these are
private keys that actually have to be secured by individuals. And if you live in a country where you can't
trust your physical security, and bankless is over here telling you to be your own bank, but somebody can
find you using your on-chain data and break into your apartment and beat you with a wrench until you
give up your private keys, it's not too fun being your own bank. And you sure would like to have
some sort of nation-state level, local governmental security, some sort of force to protect against
that. And, you know, this is the origination of governments in the first place. Like, they carry a
bigger stick than the bad guys. And sometimes I think the crypto-utopians, us included, maybe,
I'll throw us under the bus in this episode. We forget that. We're like, oh, be your own bank.
Don't worry about the bad guys. And I think you're coming at it probably from a perspective of,
that's all you see. You are the person receiving the call about some bad guy taking off with the
crypto. I'm wondering if you could just kind of reflect on that and maybe help us bust out of our
crypto utopian bubble a little bit and paint that reality for us. Well, I mean, it seems like
you're not going to this very, be very naive. You understand that, you know, something can be beaten
to death or beaten close. You don't want to beat them to death because if you've been dead, then you're not
getting their private keys. But you want to beat them close to death or at least a loved one and let them watch.
This is dark.
Yeah. Unfortunately, that's the world I live.
live in. You know, I talk about insider threats and all that. And I tell people that, you know,
the biggest insider threat is your kids because you're letting them on your network. They're
inside your house already. So, you know, as a parent, that's a dark thing for me to think about
and say, but that's the world I live in. And I can see where, like, local cops become, you know,
a little bit, you know, calloused over because you're only seeing the bad side of things.
You're only being called out to someone's house when they're in their lowest moments. And that's
sort of the way I am with crypto. I mean, I'm not, you know, it is nice. I will say once in a while,
we'll find somebody's crypto or we'll unlock their crypto for them or we'll get a piece of it back.
And that is a very good feeling. These people are getting part of their retirement savings back or,
you know, their life savings back in some cases. But there's a dark world where, like you said,
people are trying to target you all the time. Even if you just have a computer on the internet,
you're trying to be targeted because they want to use your computer as a hot point to the next
attack. So when the FBI investigates the attack, it comes back to you. So, you know, yeah,
like you say, if you advertise that you have crypto and that you're storing your passwords,
and a lot of people in crypto, the lower level people in crypto, don't understand the importance
of those private keys or those seed phrases. They don't understand how much that just possessing
of those means that you own the Bitcoin. You can't go back and call somebody and say, you know,
get the money transfer back. You know, oh, the money went to a bank in London. We need to get that money
back. It's gone once those seed phrases are gone. And so a lot of people don't understand that,
unfortunately. And that's what I deal with on a daily basis. The immutable and also traceable nature
of crypto has that made your life or the FBI's life more difficult? Or is the actual traceable
nature of Bitcoin property that the FBI has been able to leverage more than it has been something
that's made their life more difficult? I think it's getting better. I think it was very, very
difficult to start and it's become better, some of the tools. But the problem is a lot of people
are now becoming very tool-centric. You know, it kind of goes to the way where the computer
forensic went back in the early 2000s where, you know, people had to know exactly how computers
work to understand how to investigate computers and then everything went to push button.
We're kind of going to push-gutton and relying on these tools and not understanding how
crypto works. That's sort of my fear with some of the crypto investigators these days. Too much relying
on the tools and not knowing exactly how it works. And so let's say we go to a shit coin that's not on
one of the tools and you're jumping chains. You're kind of screwed then if you don't understand
how it works and you don't understand how the laundering is happening. Chris, you know, for my part,
I actually appreciate a little bit of this cat and mouse game, you know, and that there is a cat
and there is a mouse and that the cats aren't completely in charge of things. That is sort of
the dark world that we see, kind of the crypto community sees. If we move to a world of
a whole bunch of central bank digital currencies that are implemented by the nation state and tied
into maybe a credit system that access to your funds, property can be seized for a political
dissent tweet on Twitter. That is a very, very dark world. And I feel like humanity is
marching into it with the advent of everything's becoming digital. We have many of these freedoms
preserved in the analog world, but as we're marching into the digital, they're kind of slowly,
eroded away, right? We just talked about cash. And there's the common trope in the crypto community
that if Congress tried to vote on the idea of cash money today, it would never pass. What you're
talking about like money that is completely peer to peer? It can't be traced. Like this could be in
the hands of pedophiles and terrorists and criminals, all of these bad people. And yet, and yet,
for some reason, Chris, and I know you're an American patriot because I've heard you talk about it before.
And yet this is very core to the idea of freedom in America and in the Constitution and embodied in our Bill of Rights.
I'm wondering if you might be able to, because I sort of gave the steelman case for your position on crypto,
or maybe the FBI's position on crypto or security experts position on crypto, which is that, man, this is such a hassle.
It's harder to track down the bad guys.
But can you steal man the crypto case?
Have you ever thought about that?
I really haven't put too much thought into it.
But to be honest with you, I'm fairly in line with you, you know, for my personal feelings that, you know, just because I say the wrong thing or I say what isn't the popular opinion, you know, I can lose my job.
The next stage is my money can be seats.
I won't have access because my bank account is frozen.
That's a scary, scary thought.
That's a scary, scary thought that I can't, you know, feed my family or do anything because I said the wrong thing.
And we are going towards that sort of path and that scares the shit out of me.
And so the idea of being in my own bank and controlling my own crypto and.
Having a network of people that's willing to trade with me, you know, the crypto community,
goods and services for that, well, what we value as, you know, whether a Bitcoin or any sort
of cryptocurrency is nice. And the government, I think, is going to push back on that because,
you know, how does the government, you know, how do they do things? Taxation. They haven't
quite figured out a great way of taxing these trades. If you do something for me and I pay you
in crypto, well, you're supposed to owe the government a portion of that. How do they figure out
what that portion looks like, what does it do? We're starting to see that with like saying, like,
oh, all of our transactions on Venmo. I think we saw it last year. You're starting anything over
$600, a Venmo's going to notify the IRS and all that. So to me, it boils down to taxation.
So if they can't tax it, they're scared of it. Chris, are you familiar with tornado cash?
Yeah. How do you feel about tornado cash as a technology? It's scary, man. I've always said,
And I don't think this is case. I don't know. But if I was to run an undercover operation, the first thing I'd want to do is have the U.S. government say, don't use this. It's too bad because you're giving credibility to all the criminals going there. So that's exactly my playbook. If I was running an undercover crypto sting is to have the U.S. government say, man, don't go here. This is way too bad. But I don't know. That's my personal feelings on it.
But you don't have any sort of like philosophical, like, oh, yeah, this should be a legal piece of technology.
have any, like, opinions of that nature. I mean, I can tell you, let me be a politician for a second.
Sure. You know, there are people out there that rent their children. They literally take, you know,
six months old. I've seen it. I've worked cases in the FBI, six months, a year old, and you can rent
them to people. Do we want to have a place where I can't trace who those people are? That's the
worst thing I can think of. I can't think of anything worse than someone renting out their
child's body for sexual gratification to other people. That's disgusting. It's beyond belief.
And tornado cash can aid in a bed in them getting away with that.
I mean, again, I'm picking the worst possible scenario and throwing it at you. And that's sort of what politicians do with this sort of thing. But, you know, I understand privacy. I understand anonymity. I strive for it myself. You know, I, you know, will buy things in an LLC that's not traceable back to me in order to have, you know, some privacy and that sort of thing. So I see both sides. I want the anonymity for myself, but it scares me with other people have it, I guess. You know, just like anybody else. Sort of a hypocrite in that sort of fashion.
Yeah, yeah. I mean, I would imagine that, like, you know, the internet facilitates a bunch of bad activity, and you're not a fan of banning the internet, of course. So I guess it all boils down to just like facts and circumstances and the nature of who's using what. And perhaps if only 5% of people are using it for privacy and 95% of people are using it for bad things, then perhaps it's justifiable that we deem this thing to be illegal.
Yeah, exactly. I mean, I couldn't say it better than that.
Speaking of which, we read the chain analysis report that just came out last week, I believe, and they report that point.
0.3% of all crypto transactions are, quote, unquote, illicit. It's just quite a low number considering. I have to imagine, like, physical cash is a lot higher than 0.3%. Do you have any thoughts on this?
So I didn't read it. Is it 0.3% of all transactions or of all value?
Good point. That's a good question. I think it's transactions.
Because, I mean, the FBI just took down Hive. And Hive, they literally can trace $100 million in crypto being sent to Hive, the ransomware group in the last year.
So can you tell us about that story? So what is the Hive story? So Hive is a ransomware group that would break into, started breaking out. I think it was like October of 21 they started. And ransomware for your listeners that don't know, is ransomware is simply you break in and encrypt people's files and then demand a payment and to order unlock them. We've done pretty well. I say we, the site of community, done pretty well with that. And an easy way to defeat that is just have good backups. And if you just restore your system from the night before, whatever you lost.
So now these guys are also doing data exaltration.
So they'll lock up your information.
Then they'll take your information.
And if you don't pay, they'll embarrass you by publishing that information online.
And Hive was one of these groups.
The FBI working with the Germans and the Dutch who, man, the Dutch cybercops, you do not want to mess with them.
Those guys are good.
They have some skill sets.
They were able to find where these guys were located on their private servers using legal
process in those countries.
They broke into the computers, took the private keys, and then she,
shared the private keys for the encryption with, I think it was, 1,500 different companies in order
to unlock their data. So the FBI found, I think they found 1,500 companies that had been
affected by Hive, and only 20% actually replied back to them. So most of these companies that were
facing ransomware would not even reply back to the FBI. But they had found that Hive had
received over $100 million in crypto payments for these ransomware attacks in the last two years.
So what is Hive? And, like, what is the profile of a hacker? So Hive is probably a group. It's a
collective of people that are working together. You know, they're essentially a hacking crew,
just like we talk about Lulsec. Certain guys have certain skillsets and they can, you know,
I'm sure there's some crypto guys in there. There's some guys that can find O'Days and find the
systems running the O'Days and then they get in and they spread the malware. Mostly through a
fishing campaign if they can't get in themselves. Are these like, I mean, there's the Hollywood
portrayal of a hacker. Elizabeth Warren likes to call people in crypto shadowy supercoters, right?
So there's that, you know, black hood, of course, over your head and you're just, you know, on a keyboard.
Is that what a hacker actually looks like?
No.
No.
Okay.
What's the profile of a hacker?
There is no profile of a hacker.
If I was to tell you, I one time said something at a corporate event or something,
and somebody got very upset that if someone on the Internet tells you they're a female, they're really a cop.
So I've learned my lesson to say that because they came up and said, you know,
there's a lot of good female hackers out there.
And there really are.
I've met a lot of good female hackers.
And actually, they may be better because I've never arrested a female.
I never caught a female hacker.
So they've gotten away with it.
So that's how good females are.
That's how good they are.
Exactly.
Exactly.
They're so good.
They stay free.
So I've learned my lesson.
There is no profile of a hacker.
It could be anybody.
There's a lot of hackers that have professional careers.
You know, they do their thing.
And then at night, they sit around and they hack into things.
I knew an FBI agent, probably one of the best hackers I ever knew when he was a kid.
He was a really good hacker.
And now he's an FBI agent.
But I'll never say his name.
Yeah.
I'm sure there's always this forecast.
the road. It's like, oh, I'm really good at hacking into systems. Do I do this for evil or do I do
this for good? Well, that's what they call it, black hat, white hack. Yeah, and then there's gray hats,
the ones that kind of walk that line. Mercenaries. Yeah. Chris, is this the modern frontier of
online cybercrime, like ransomware? Or like, what's the current new thing? If it's not online
drug marketplaces, not to say that that's been solved, but like, what's the new frontier of
cybercrime and the cyber police? Like, if this is a cat and mouse game, where's the end of this
game. So I think ransomware is the sort of the last couple of years. Now it's going back into
data extradration. Recently on our podcast, Hacker and the Fed, Hector says that 2023, he's predicting
it would be the year of the insider threat. And he's saying that because look at all the tech
layoffs. You have a lot of people with a lot of skill sets that are pissed off that they just lost
their job. And so we're already starting to see some. We just talked about a story of Credit Suisse had
an insider who released all their information just last week. And so we're kind of tracking to see
what it is. But he's saying it's going to be the insider threat is going to be the big thing this
year. The idea of being just like specialists are no longer beholden to the organization that they
have specialized in and now they have other incentives to apply their skills towards and perhaps
those incentives are nefarious. Yep. I think that's the idea. Sick. That's peak drama,
I will say. How about nation state actors? So we mentioned some of the massive
of hacks that happened in crypto this year. Here's a headline from CNBC. This is North Korea
link tackers behind the $100 million crypto heist. The FBI says this is the Lazarus group, which I
believe is kind of the code name. So, yeah, nation state level actors making a lot of money from this.
There's reports that North Korea made hundreds of millions of dollars last year from crypto.
Like, how did these enter the story, nation state actors? And like, whose jurisdiction is this? Is this
FBI or is this beyond FBI? Is this now national security? Well, FBI does not some national security.
Remember that. But yeah, I mean, we're going to have to put together, you know, it's going to have to be
sanctions in order for them to not get paid out in the crypto. You're like, where are they cash in their
crypto? Where are they, you know, who are they trading for goods for crypto? I mean, I guess China,
I mean, we can't really tell China what not to do, not to accept the crypto. I think China's kind
of against crypto these days. I don't really know what publicly, I think they're kind of wishy-wash
you back and forth themselves. So, you know, this is.
is a global problem that we're going to have to lock down if, you know, and North Korea is good
about it. They're connected to a lot of different schemes that involve crypto stealing or crypto payments.
We had thought about this. So if you're in the FBI issues or some national security agency
issues and you're seeing all of these hacks happen, you're probably asking your questions,
not only how do I, you know, stop it via sanction on the other side, but how do I even prevent it
from happening? How do we be proactive about this? And I'm wondering if there's ever been any
effort to actually audit code in some of these smart contracts, for instance, that are housing
hundreds of millions of dollars and pointing out security flaws to projects before they get hacked.
Is there any ability for law enforcement to actually kind of step into the defense perimeter
side, or is that completely left up to private individuals and projects?
Private individuals. Law enforcement, it can't go in. It's reactionary. Something bad has to happen
and then investigation. You can't preliminarily go in there. But yeah, we're finding it even at Naxo, none of these guys. So they're coming to us and asking us maybe what does it look like? What does it cost to do a security review? And they're not really wanting to do it because it is costly. I mean, it takes a little bit of money to secure yourself. But, you know, we're pushing people towards this that you need to get a security person in here to review it. You need someone from like a Wall Street background to see whether it fits in some sort of the frauds, you know, look for fraud investigation from old Wall Street scams. So a technical,
review and a manipulation review is what we're prescribing for some of this stuff. And
unfortunately, you know, law enforcement can't do it until that manipulation or that hack has
already happened. It's just the nature of the way the system's set up. What are some of the big
honeypots for hackers these days? Is it all information? Or now that there's crypto, it must be
not just information and kind of secrets that are out there, but also like there's literally
money on the internet that you can go and steal and it's vaulted somewhere. Like you think about a
Coinbase and how many hundreds of millions of dollars, billions of dollars it holds inside of a
vault. What are the big honeypots and targets for hackers these days? Well, in our world,
honeypot means something different. Honeypot is like a trap. Oh, that's right. That's right.
So people set up fake traps on the internet for the hackers to go into. But why go after Coinbase?
Coinbase has probably spent a lot of money securing their stuff and all that. Why not go after
mom and pop that I can trick them into clicking on a link and then I have full access to their seed phrases?
I mean, there's a $200,000 hit. I mean, that's a $200,000. I mean, that's a $1,000.
That's really where they're going, is the low-hanging fruit, the people that not understand security and can click on something. It's great if I could get into Coinbase. I'm sure I could access a lot of things, but there's no need to. There's a lot of money out there just sitting around on the end users. Can you talk about that then? How do end users protect themselves? There's a lot of people listening. Obviously, we're all citizens of the internet right now. We all use the internet. And there are lots of places where that can be unsafe. But we have a lot of listeners that do hold their own private keys in some way.
Do you have any thoughts for them on how to protect themselves?
Sure. First, they have to understand that they are a target.
A lot of people don't think they're a target or could be a target.
You know, I know there was a recent court filing of something.
There's a lot of, you know, crypto stuff going defunct and there's some court filings
that probably shouldn't go public that include like addresses and names of people connected
to that.
Well, those people now are being targeted with fishing scams and that sort of thing.
Just to understand and have a heightened awareness that maybe your name somewhere, you bought
crypto somewhere and your name was leaked from a third-party vendor that you didn't want to.
People now know. How's that work, Chris? Do hackers have like the same thing that the FBI has,
some sort of like profile on individual people? Like is David's name, my name, somewhere in a
hacker's database with a whole bunch of my stats, things that they know, maybe my social
security number, date of birth, all of these things. How does that work?
1,000 percent you're sitting in a database somewhere. So yeah, this is sold on the black market.
information about you. Databases are expanded. Databases, you know, are built, just like Google's
building a database about you, Apple's building a database about you, criminals are building a database
about you. They are keeping every information they can about you in order to maybe exploit it in
the future. Anything that's broken into, hashed passwords, lists of your passwords, you know,
data aggregation is huge. It's been huge for years. You know, everyone's selling it and selling
that information, you know, selling bulk information. So, Chris, since starting the bankless
podcast and becoming a very, very public
crypto person, I have lived in
three different cities. And so my address
has changed, my IP address
has changed, the computer
that I used has changed. I've built my computer
from scratch. How much of my
data am I able to, like, jettison
with this sort of activity, this sort of behavior?
And how much of that data
just doesn't matter. It's just about me, who I am.
I mean, do you pay an electric bill
at all three of these addresses? I have
previously, yeah. So your stuff's out there.
I mean, if you don't think that power comes...
Yeah, but I don't really
care about my old address.
You don't, but what about like those questions that your credit report or something,
like list your last three addresses, you know, the ones that verify you, like Equifax?
Mm-hmm.
Mm-hmm.
That information is probably.
Your mother's maiden name.
Pretty popular.
Your dog's first name, you know?
That's one thing.
I never answer those questions truthfully.
Right.
Like, never answer those security questions as truth.
Come up with something different that someone wouldn't know.
As a joke, I know, like, one of my questions on one time, this isn't in use anymore.
It was like, where'd you get your first kiss?
And I said, like, on my grandpa's lap.
It was a joke.
But I figured no one would ever guess that.
I'm reminded of, I can't remember her name.
Maybe you guys remember her name.
Is Dick Cheney's running mate for presidency?
She was like, her email was hacked.
Wait, Dick Cheney.
I don't think, Dick Cheney.
That's vice president.
Are you talking about John McCain?
John McCain.
John McCain.
John McHen.
Sarah Palin, yes.
She was hacked because, like, all of her security questions were like
like stuff you could Google. It's like, what's your mom's last name? What's your dog's name? Like, all of
this stuff was available that she just posted on the internet. Like, oh, my dog, Rover. Turns out that's
like her password. And so like, I always think that's a funny story. Yeah. So every time a site is hacked
into that you put a password into, your username is most likely at the beginning of your email or your
entire email. Those passwords are all collected into a database. And they start to find patterns of how you
make passwords. You know, whatever you do you do lead speak or do you add some sort of ending to it or
like that. Like, your pattern making is now being sold on the internet of how you design your passwords.
So hackers have this data repository. Let's say they have a brief on David. They have a profile
on David that they're building. They might know his address. They might know his social security,
his date of birth, his password style, all of these things. Then what do they do? Do they sort of
then prioritize their targets based on lowest hanging fruit or highest value target? And are they
specifically going after, like, an individual in this case? Would they be going after David? Or
do they just go after, like, cohorts of tens of thousands of different people that fit specific
filter criteria? I mean, one of the things they might do is go after if they find out,
who are your listeners? If they all registered with an email account, there's an attack,
because most likely those people have cryptocurrency or associate with cryptocurrency. There's an
attack vector. Why go after people, if you're looking for crypto, why go after people that have no
interest or no knowledge of crypto. So that little insight gives them information that, oh,
these people are interested in crypto, they listen to it. Maybe they have some. I'll send my
phishing emails at them. You know, I'll specifically target them to click on something.
They'll maybe send some sort of message that looks like it's coming from David. Oh, hey,
you want something from the podcast. I know you're a listener. They'll be like, oh, how'd they know?
It must be David, because nobody else would know that I'm a bankless listener. You know, maybe it's
Apple and David. They're the only two people that know. And so they'll fine tune their attack.
that sort of way. Again, not a road mob how to commit crime here, but that's one way they'd do it.
Bankless listeners, fun fact, Ryan will know this. If you ever get an email from me, I don't even check my email.
You're not getting an email from it. One time I got an email from David, and it was definitely a scam.
He was trying to frisk you. So I guess some advice from this is, look, a lot of people in crypto listening to this have had their data leaked before.
You know, Ledger, do you know the hardware wallet, Ledger? Have you ever seen those?
the modern version of your USB key type of thing,
their entire database was breached a couple years ago,
names, addresses, all sorts of information
about people who purchased Ledger wallets, right?
Not a good thing to have leaked.
And so people in crypto are, they get text messages all the time,
they get emails all the time.
And I guess the best advice is like,
do not click the thing.
Like, be very careful to make sure that the person
on the other side of that message
is the person you think it is.
take a few more seconds to like double check and then triple check that particular correspondence.
Is that good general advice, Chris? Are we onto something?
At least hover over the link and see if the link matches what's there.
You know, it'll give you a little preview. And if you got an email from Ledger,
then maybe just go to Ledger.com and see if there's an announcement or making some sort of public
announcement, hey, we're sending out emails to people that may have been affected by this hack
or Google it and see if there's a news or press release about it or something like that.
I've always said, like if your bank calls you, just hang up.
and look on the back of your debit card and call that number.
It's the same way with all of these emails you get.
If they're trying to contact you, find a good contact that you know can't be manipulated and reach out to them.
Google their phone number.
So the hardest part is being an FBI agent, you would be surprised, is to call up and say,
hey, I'm an FBI agent.
People are like, fuck you, you're not an FBI.
I said, Google any number you want for FBI and ask to talk to me and call me.
And I'd pick up, say, Chris Tarbo, FBI, and they say, oh, shit, you are an FBI agent.
So the same thing.
No, you've got to respect that, don't you?
It's not offensive.
If somebody wants to be a little bit miscarrier, yeah, yeah.
So, you know, do the same thing.
Just understanding that you are being targeted, just being online, you are being targeted for something.
Chris, are you familiar with zero knowledge technology, zero knowledge proofs?
Sure, yeah.
The implication for ZK Tech in the crypto world is that basically everything will become private on the internet.
The internet itself will become private.
Now there's a big is-aught gap between where we are now with ZK Tech and where it will
be in the future. But this is the promise of ZK Tech is that anything about anything will become private.
Like your transactions will become private. Your existence can be made private. Does it scare you?
No, but I don't know how it's going to be implemented. Like I buy my internet service or an internet
service provider. How are they not going to know what I'm doing or have the ability to know what I'm
doing? You know, you can do encryption, but they'll still know basic metadata about me when I'm on,
when I'm not on, when I'm using traffic, when my traffic goes up and when traffic goes down.
I mean, so, you know, maybe I'm just not smart enough to understand how it's going to be implemented.
Sure. I'm also not smart enough to understand. I just wanted to bring up the subject matter of ZK.
Everyone is, everyone is super bullish on the fact that ZK proves can be integrated into absolutely everything.
And so my general understanding is that it is a huge shift of power towards the individual, which as a privacy person, I'm like, great.
But then as like a crime start per person, I might be like, uh-oh.
I mean, it sounds good. Let's take the small steps first. Like, I'll suggest to your users.
Start looking into like FIDO devices.
We're talking about passwords and all that.
Fido devices are little token-based devices that do end-dem encryption.
You have to set them up.
It takes a long time to set them up because you set up a connection with everything you share a password with, but it gets rid of passwords.
So it's a physical token that creates Google allows it.
There's a lot of stuff out there.
Let's take that stuff.
All the major exchanges allow it too.
Pracken does.
You can sign in rather than 2Factor A.
You can sign in with a Fido key.
Do you recommend the Bluetooth ones or the ones that are USB?
I say agnoxid all of it.
If you switch to Fido, that's fantastic.
I'll just leave it at that.
I like the USB ones personally.
That's what I use.
But not having Fido, if the Bluetooth is the only one you want to use, then fantastic.
Yeah, I was just worried about, you know, the FBI truck sitting in my front yard
and being able to pick up that Bluetooth connection and intercept me.
You know, that's the...
You got to buy property where they have to be at least 30 feet away from you,
then you've defeated them.
If the actual device is compromised, is that a risk?
Like, what's the security around that?
Well, if somebody grabs your device, yeah.
The Fido device?
It's like your car keys.
Yeah, if somebody steals my device from me and my aft.
You still have to authenticate to it.
It's not just like a plug and play.
It's good to go.
You authenticate to it.
And then once you authenticate to the FIDO device, then it keeps all your connections.
Another key advice, if you get a FIDO device, get a second one.
Make a copy of it.
Don't lock your stuff out.
You lock yourself out.
You're screwed.
So always have a second one that wherever you put your seed phrases, put it there.
Put all your eggs in one basket.
That's what they say.
and security's best, right?
Yeah, you know what?
I think that everybody's going to have to level up
their security this decade, right?
Like, everyone, this is not just a crypto thing.
This is what we said.
It's a skill for the 2020s and 2030s
is everyone's going to have to get better
at private key management because passwords are going away,
I think, and I hope.
And we're going to need to kind of embrace this future.
Chris, this has been a lot of fun.
Yeah.
Just as we close, one thing that we noticed this year,
I didn't get a chance to ask you.
So the Silk Road story actually continues.
So this is the story that we mentioned on our weekly roll-up from November 2022.
And it's a CNBC article again.
The feds announced the seizure of $3.36 billion in Bitcoin,
stolen a decade ago from illegal Silk Road marketplace,
the second largest crypto recovery.
That just happened within the last few months.
I think this guy had maybe $50,000 Bitcoin or something,
and the FBI 10 years later tracked him down.
I believe he was, like, keeping the private keys somewhere, I don't know, under a floorboard,
somewhere hidden in his house, basically?
Yeah.
What happened here?
Like, how is this story ongoing?
Are there still missing funds from the Silk Road?
Do you want to know how he fucked up?
What he did?
Yes.
Yes.
He took his forked Bitcoin cash and converted it over Bitcoin.
And so the 10-year statute of limitation had passed on the theft of the original Bitcoin,
but since he exchanged it, it restarted the clock.
And so he was able to be tracked because of his Bitcoin.
Wait a second. Why didn't restart the clock?
But there is a clock? There's a statute of limitations.
So if you commit a crime, the government can't come after you after a certain amount of time,
except for like murder and rape and all that sort of crazy stuff.
So if I steal billions of dollars, all I have to do is wait for 10 years and I'm good?
There might be other things. There might be tax evasion and stuff like that,
but I don't know all the rules of limits, statute of limitations.
But there is a certain amount of time that the government has to prosecute you.
Why did the clock reset when he swapped currencies?
Because he did it in 2017 or 2018.
Bitcoin cash fork, remember this?
Yeah, so he got Bitcoin before it forked.
It forked, and then he had the same amount of Bitcoin cash.
And so they were able to seize that and get his information, his K-Y-E-C information,
where he exchanged it out after the fact.
So he stole it back in the day, like I said, 2011, 2013, when, you know, people couldn't trace it.
He should have just left the Bitcoin cash, left it alone.
They wouldn't have found him.
But he got greedy and wanted to switch that out.
And how did they find him?
Is it like just the KYC information using something like?
Yeah, an exchange.
Okay.
Some sort of on-chain tracer.
It went to the exchange and like, hey, who is this character?
Oh, my.
Where's his address and its address was just home?
Oh, my.
How did you get this in the first place?
Was he part of the Dread Pirate Roberts crew or was he just an opportunist?
No, he tricked Dredd Private Roberts out of repayment.
He manipulated the system.
Wow.
Again, the Silk Road was not configured properly.
I've been saying this for years.
People don't believe that.
He stole it out of the system because of a misconfiguration.
All right, Chris.
But if I'm this guy and the FBI shows up at my house and I have private keys and the FBI wants to get it from me and I don't want to give it to them. How does the FBI get it from me?
Cut you a deal. Turn over your $3.3 billion and you're not going to go to jail.
And so you have to decide how much like the jail time versus the money.
Can I only turn over $3.2 billion?
That's basically it. That's the method.
That's all it comes out to. Yeah. I mean, so we can't force you to give your password. I mean, that's all. Now if you're overseas, I mean, places like England and
all that. There's like another crime if you don't turn your password over. That's another crime,
but still... That's an additional charge. They'll lock you in jail until you cough up the private keys,
basically. They don't lock you in jail that long over there. They're pretty convenient.
So the Lollset guys, 125 years over here, over there, they got, you know, slap on the wrist in jail
for like maybe a year. Same crimes. So the systems are very different. The U.S. is pretty tough on
cybercrime. This has been so fascinating, Chris. This has been, ask everything you've wanted from an FBI,
special agent. So we appreciate your time here today. And I'm sure the rest of the crypto community does too.
Yeah, it was good. It was good. So thanks for having me on. I appreciate it. Again, just to pimp the product one more time. Hacker in the Fed, new episode every Thursday. Hector and I are out there. We answer your questions. We email questions. We do whole episodes of nothing but questions for, you know, if you want two different perspectives from a hacker and a former FBI guy.
Let me say something about the show. First of all, it's crazy cool. So this, again, is where Chris has partnered up. It's like a David Ryan combo.
Chris has partnered up, except David is a former hacker, right, that Chris arrested. Oh, I'm the criminal?
Basically, yeah, well, I mean, if you had to pick what between us. And you guys do kind of a show that reminds me of our weekly roll-ups, which is basically go through once a week and you do kind of like the news, things that are happening in the security industry, and you talk about them. So it's a really cool show. And the dynamic you have is really neat. Is there enough news in this world to cover it every single week? Yeah, this week was tough inside. We, I think we had nine stories this week of, and it's stories just, I mean, so we go through. It's just things that we're passionate about talking about.
or that maybe we have a difference of opinions.
So cyber is blowing up, fellas.
It was a thick one this week.
Yeah.
We say the same things about crypto.
Yeah, exactly.
It's the roll-up except for the security.
That's exactly what it is for bankless listeners.
So go check that.
I enjoy it.
Chris, thanks a lot for coming on.
Thanks so much.
Great opportunity,
and I really appreciate talking to you guys.
Action items for you, Bankless Nation.
Of course, you'll see a link to the hacker
in the Fed, which is the podcast.
You can also search in Spotify,
Apple, wherever you get your podcasts.
and look that up and start subscribing to it. Also, we'll include a link in the show notes to Chris's
company, Naxo. That's Naxo.com. Casey, you have a security question, maybe a crypto security question.
You want to get some help on. You can go do that there. As always, got to end with these risks and
disclaimers. Crypto is risky. So is holding your own private keys and being your own bank.
Watch out for hackers. So is being a criminal. That's right. You could lose what you put in,
but we are headed west. This is the frontier. It's not for everyone, but we're glad you're with us on the
thankless journey. Thanks a lot.