Cointime

Download App
iOS & Android

Here’s Some Bitcoin: Oh, and You’ve Been Served!

From krebsonsecurity January 10, 2024

A California man who lost $100,000 in a 2021 SIM-swapping attack is suing the unknown holder of a cryptocurrency wallet that harbors his stolen funds. The case is thought to be the first in which a federal court has recognized the use of information included in a bitcoin transaction — such as a link to a civil claim filed in federal court — as reasonably likely to provide notice of the lawsuit to the defendant. Experts say the development could make it easier for victims of crypto heists to recover stolen funds through the courts without having to wait years for law enforcement to take notice or help.

Ryan Dellone, a healthcare worker in Fresno, Calif., asserts that thieves stole his bitcoin on Dec. 14, 2021, by executing an unauthorized SIM-swap that involved an employee at his mobile phone provider who switched Dellone’s phone number over to a new device the attackers controlled.

Dellone says the crooks then used his phone number to break into his account at Coinbase and siphon roughly $100,000 worth of cryptocurrencies. Coinbase is also named as a defendant in the lawsuit, which alleges the company ignored multiple red flags, and that it should have detected and stopped the theft. Coinbase did not respond to requests for comment.

Working with experts who track the flow of funds stolen in cryptocurrency heists, Dellone’s lawyer Ethan Mora identified a bitcoin wallet that was the ultimate destination of his client’s stolen crypto. Mora says his client has since been made aware that the bitcoin address in question is embroiled in an ongoing federal investigation into a cryptocurrency theft ring.

Mora said it’s unclear if the bitcoin address that holds his client’s stolen money is being held by the government or by the anonymous hackers. Nevertheless, he is pursuing a novel legal strategy that allows his client to serve notice of the civil suit to that bitcoin address — and potentially win a default judgment to seize his client’s funds within — without knowing the identity of his attackers or anything about the account holder.

In a civil lawsuit seeking monetary damages, a default judgment is usually entered on behalf of the plaintiff if the defendant fails to respond to the complaint within a specified time. Assuming that the cybercriminals who stole the money don’t dispute Dellone’s claim, experts say the money could be seized by cryptocurrency exchanges if the thieves ever tried to move it or spend it.

The U.S. courts have generally held that if you’re going to sue someone, you have to provide some kind of meaningful and timely communication about that lawsuit to the defendant in a way that is reasonably likely to provide them notice.

Not so long ago, you had track down your defendant and hire someone to physically serve them with a copy of the court papers. But legal experts say the courts have evolved their thinking in recent years about what constitutes meaningful service, and now allow notification via email.

On Dec. 14, 2023, a federal judge in the Eastern District of California granted Dellone permission to serve notice of his lawsuit directly to the suspected hackers’ bitcoin address — using a short message that was attached to roughly $100 worth of bitcoin Mora sent to the address.

Bitcoin transactions are public record, and each transaction can be sent along with an optional short message. The message uses what’s known as an “OP RETURN,” or an instruction of the Bitcoin scripting language that allows users to attach metadata to a transaction — and thus save it on the blockchain.

In the $100 bitcoin transaction Mora sent to the disputed bitcoin address, the OP RETURN message read: “OSERVICE – SUMMONS, COMPLAINT U.S. Dist. E.D. Cal. LINK: t.ly/123cv01408_service,” which is a short link to a copy of the lawsuit hosted on Google Drive.

“The courts are adapting to the new style of service of process,” said Mark Rasch, a former federal prosecutor at the U.S. Department of Justice. “And that’s helpful and useful and necessary.”

Rasch said Mora’s strategy could force the government to divulge information about their case, or else explain to a judge why the plaintiff shouldn’t be able to recover their stolen funds without further delay. Rasch said it could be that Dellone’s stolen crypto was seized as part of a government asset forfeiture, but that either way there is no reason Uncle Sam should hold some cybercrime victims’ life savings indefinitely.

“The government doesn’t need the crypto as evidence, but in a forfeiture action the money goes to the government,” Rasch said. “But it was never the government’s money, and that doesn’t help the victim. The government should be providing information to the victims of cryptocurrency theft so that their attorneys can go get the money back themselves.”

Nick Bax is a security researcher who specializes in tracing the labyrinthine activity of criminals trying to use cryptocurrency exchanges and other financial instruments to launder the proceeds of cybercrime. Bax said Mora’s method could allow more victims to stake legitimate legal claims to their stolen funds.

“If you get a default judgment against a bitcoin address, for example, and then down the road that bitcoin gets sent to an exchange that complies with or abides by U.S. court orders, then it’s yours,” Bax said. “I’ve seen funds with a court order on them get frozen by the exchanges that decided it made sense to comply with orders from a U.S. federal court.”

Bax’s research was featured in a Sept. 2023 story here about how experts now believe it’s likely hackers are cracking open some of the password vaults stolen in the 2022 data breach at LastPass.

“I’ve talked to a lot victims who have had life-changing amounts of money being seized and would like that money back,” Bax said. “A big goal here is just making civil cases more efficient. Because then people can help themselves and they don’t need to rely solely on law enforcement with its limited resources. And that’s really the goal: To scale this and make it economically viable.”

While Dellone’s lawsuit may be the first time anyone has obtained approval from a federal judge to use bitcoin to notify another party of a civil action, the technique has been used in several recent unrelated cases involving other cryptocurrencies, including Ethereum and NFTs.

The law firm DLAPiper writes that in November 2022, the U.S. District Court for the Southern District of Florida “authorized service of a lawsuit seeking the recovery of stolen digital assets by way of a non-fungible token or NFT containing the text of the complaint and summons, as well as a hyperlink to a website created by the plaintiffs containing all pleadings and orders in the action.”

In approving Dellone’s request for service via bitcoin transaction, the judge overseeing the case cited a recent New York Superior Court ruling in a John Doe case brought by victims seeking to unmask the crooks behind a $1.3 million cyberheist.

In the New York case, the state trial court found it was acceptable for the plaintiffs to serve notice of the suit via cryptocurrency transactions because the defendants regularly used the Blockchain address to which the tokens were sent, and had recently done so. Also, the New York court found that because the account in question contained a significant sum of money, it was unlikely to be abandoned or forgotten.

“Thus the court inferred the defendants were likely to access the account in the future,” wrote Judge Helena M. March-Kuchta, for the Eastern District of California, summarizing the New York case. “Finally, the plaintiff had no alternative means of contacting these unknown defendants.”

Experts say regardless of the reason for a cryptocurrency theft or loss — whether it’s from a romance scam or a straight-up digital mugging — it’s important for victims to file an official report both with their local police and with the FBI’s Internet Crime Complaint Center (ic3.gov). The IC3 collects reports on cybercrime and sometimes bundles victim reports into cases for DOJ/FBI prosecutors and investigators.

The hard truth is that most victims will never see their stolen funds again. But sometimes federal investigators win minor victories and manage to seize or freeze crypto assets that are known to be associated with specific crimes and criminals. In those cases, the government will eventually make an effort to find, contact and in some cases remunerate known victims.

It might take many years for this process to unfold. But if and when they do make that effort, federal investigators are likely to focus their energies and attention responding to victims who staked a claim and can support it with documentation.

But have no illusions that any of this is likely to happen in a timeframe that is meaningful to victims in the short run. For example, in 2013 the U.S. government seized the assets of the virtual currency Liberty Reserve, massively disrupting a major vehicle for laundering the proceeds of cybercrime and other illegal activities.

When the government offered remuneration to Liberty Reserve account holders who wished to make a financial loss claim and supply supporting documentation, KrebsOnSecurity filed a claim. There wasn’t money much in my Liberty Reserve account; I simply wanted to know how long it would take for federal investigators to follow up on my claim, or indeed if they would at all.

In 2020 KrebsOnSecurity was contacted by an investigator with the U.S. Internal Revenue Service (IRS) who was seeking to discuss my claim. The investigator said they would have called sooner, but that it had taken that long for the IRS to gain legal access to the funds seized in the 2013 Liberty Reserve takedown.

Comments

All Comments

Recommended for you

  • U.S. consumer confidence improves again in November, reaching a two-year high

    Dana M. Peterson, Chief Economist of the World Large Enterprises Federation, said, "US consumer confidence continued to improve in November, reaching the highest level in the past two years. The growth in November was mainly due to consumers' more positive assessment of the current situation, especially in the labor market. Compared with October, consumers' optimism about future employment opportunities has also greatly increased, reaching the highest level in nearly three years. At the same time, consumers' expectations for future business conditions have not changed, while their optimism about future income has slightly declined." Earlier, the US Conference Board Consumer Confidence Index for November recorded 111.7, a new high since July 2023.

  • Starknet: Phase 1 of STRK staking is now live on the mainnet

    Starknet announced that the first stage of STRK staking has officially launched on the mainnet.

  • CZ: Not trying to end the meme craze, just encouraging more builders

    CZ posted on X platform today, saying: "I am not against Meme coins, but Meme coins have become 'a little' strange now. Let's use blockchain technology to build practical applications." Some community users said that even Musk is a supporter of Meme coins, and it is very difficult to end this frenzy. CZ responded that "there is no attempt to end anything, everyone has the right to choose to invest or hold what they want. Just encourage more builders."

  • Talus Network Completes $6 Million Strategic Round of Financing with a Valuation of $150 Million

    decentralized AI protocol Talus Network raised $6 million in a strategic financing round led by Polychain Capital, valuing the company at $150 million. This funding will help further develop the Talus ecosystem, including the Protochain, Nexus framework, and "AI dating experience" application.

  • AXIOS: Trump is considering appointing a secretary of state for artificial intelligence

    according to AXIOS, Trump is considering appointing an AI minister to coordinate federal policies and government use of emerging technologies.

  • Coinbase International has launched COW perpetual contracts

     Coinbase International has launched COW perpetual contracts. COW-PERP market limit, market, stop loss, and stop loss limit orders are now all available.

  • Schuman Financial Completes $7.36 Million Seed Round, Led by RockawayX

    Schuman Financial has completed a $7.36 million seed round of financing, led by RockawayX, with participation from Lightspeed Faction, Kraken Ventures, Nexo Ventures, Gnosis VC, Delta Blockchain Fund and Bankless Ventures. In addition, Schuman Financial has launched a euro stablecoin, EURØP, which complies with the MiCA standard.

  • QCP: BTC's path to $100,000 has stalled, and ETH implied volatility has turned to put options

    QCP Capital has published an analysis indicating that the recent drop in the price of Bitcoin has resulted in long liquidations exceeding $430 million. This drop coincides with the end of five consecutive days of net inflows for spot ETFs, which recorded a outflow of $438 million on Monday, while MicroStrategy fell by 4.4%. With the US holiday approaching and no immediate catalyst to push prices higher, BTC's path towards $100,000 has stalled. In addition, the implied volatility of ETH has turned to bearish options rather than bullish options, and market concerns about downside risks may intensify, especially with the release of the FOMC meeting minutes and PCE data. However, in the long run, this market decline is not an excessive correction. Bitcoin has only retreated to last week's level. Since Trump's election, the market has become extremely overbought and leveraged, so a pause is inevitable.

  • Binance will delist GFT, IRIS, KEY, OAX, and REN

     Binance will delist the following trading pairs on December 10, 2024: GFT/USDT, IRIS/BTC, IRIS/USDT, KEY/USDT, OAX/BTC, OAX/USDT, REN/BTC, and REN/USDT. Additionally, Binance Futures will close all positions and automatically settle the KEYUSDT and RENUSDT USDⓈ-M perpetual contracts on December 3, 2024 at 09:00 (UTC). After the settlement is completed, the contracts will be delisted.