I posted a quote the other day on social media, remembering the old bank robber in America, Willie Sutton. You may not have heard of him, as it is almost a century ago but, during his forty-year robbery career, he stole an estimated $2 million. Today that would be around $35 million. He then spent more than half of his adult life in prison. When asked why he did it, the famous quote is:
Police: “Why do you rob banks?”
Willie Sutton: “Because that’s where the money is.”
This is such a basic answer that you need to bear in mind. In fact, it amazes me how often people forget this. The fact that you might lose money … because that’s where the criminals focus.
This is something that continues today and was brought home to me by a recent headline about an Oxford PhD student. The student stole over £2 million of cryptocurrencies and has been jailed for over four years.
What struck me about this particular case is the ingenuity and creativity, versus the stupidity and idiocy.
This is like a rocket scientist bucking the crypto system using crayons and a paint brush.
First, this Oxford student - Wybo Wiersma – managed to steal over £2 million from the iota cryptocurrency, a currency I was involved with in the past and has issues. As The Times reports:
“He was eventually caught after a series of schoolboy errors, including submitting obviously fake ID documents and using his course name.”
What?
To start with, the iota network works with an 81 character seed password. Wybo worked out a way to break that and divert it.
Iota is a type of cryptocurrency and anyone can view transactions made using it online, Julian Christopher KC, for the prosecution, told the court. “Anyone who knows the seed [an 81-character password] can access, and so can transfer and trade the Iota crypto at the relevant internet address,” he said.
Iota owners used Wiersma’s website to generate what they believed to be random strings of 81 characters. However, the strings were not random but predetermined, because an “additional programme” had been hidden within the site that “unwrote” the random numbers.
This enabled Wiersma to carry out the thefts because funds were transferred from accounts that had generated their “seed” password using his website on January 19, 2018, into accounts he had created for himself on the cryptocurrency exchange website Bitfinex.
The thing is that the way in which Wybo was moving so money out of iota and onto Bitfinex that Bitfinex, to give them credit, became suspicious and froze his account. Bitfinex then realised that his identity checks were not creditable – a guy in Belgium with a not with a Belgium background – thjey continued the freeze.
So Wybo then opened a new account on Binance to transfer iota into Monero, but he messed up because his original site that attracted the iota crowd, iotaseed.io, was registered to someone called Norbert van den Berg, a pseudonym that Wybo, from Het Weike, Goredijk, in the Netherlands, had chosen.
Detectives continued investigating and found that the name Norbert van den Berg had featured in his university coursework. They also tracked his virtual private network, used to transfer the stolen Iota, and linked it to the payment in Bitcoin for the iotaseed.io website.
Bringing it back to where I started:
Police: “Why do you rob banks?”
Willie Sutton: “Because that’s where the money is.”