cover of episode 147: Tornado

147: Tornado

2024/7/2
logo of podcast Darknet Diaries

Darknet Diaries

AI Deep Dive AI Chapters Transcript
People
G
Geoff White
J
Jack Ryder
Topics
Jack Ryder:本期节目讨论了 2022 年 Axie Infinity 发生的数字资产盗窃案,这是有史以来最大的数字资产盗窃案之一。该事件突显了数字资产所有权的模糊性以及加密货币的风险。Jack Ryder 还讨论了数字资产的拥有权问题,以及如何区分个人设备上的数字资产和互联网上的数字资产。他认为,像有声书这样的数字资产,我们并不真正拥有。 Jack Ryder 还探讨了暗网域名和加密货币钱包的数字所有权问题,认为它们代表了真正的数字所有权,因为它们基于去中心化的区块链技术,不受任何中心化机构的控制。 Geoff White:Axie Infinity 的成功源于其加密货币机制、游戏本身的吸引力以及疫情期间的封锁。游戏中的所有物品都可以买卖,这使得其成为一个巨大的加密货币市场。然而,这种模式也导致了安全风险,吸引了大量的诈骗者和黑客。 Axie Infinity 黑客攻击利用了社会工程学手段,目标是 Sky Mavis 的工程师。黑客通过控制 Ronin Bridge 窃取了价值 6.25 亿美元的加密货币。该事件突显了去中心化网络的安全风险以及加密货币洗钱的难度。 Tornado Cash 作为一种隐私工具,被黑客用来洗钱。美国政府对 Tornado Cash 实施制裁,并逮捕了其创建者,引发了关于隐私、言论自由和监管的广泛讨论。Geoff White 认为,制裁隐私工具会损害普通民众的利益,并对加密货币社区产生负面影响。

Deep Dive

Shownotes Transcript

Translations:
中文

All right, let's randone recording. He or tony look great today, still right? And I see, see here in my studio, which is just my closet.

I have a picture on the wall made by Edward many, and it's a picture of a fine looking gentleman sitting at a table writing something down. I call him tor tony, but that's not as name. This picture has captured my imagination and curiosity for countless hours.

I stare into IT, and I just fall into in a bss. But to think about this picture is that it's not the content or even who made IT is that this picture was stolen from the isabela toward garden museum back in nineteen ninety, and it's never been recovered. I don't have the original ized have a print of IT, but the thieves didn't just steal this picture.

They took a bunch of others too, and this was the big, single heist of all time. They estimated that the art that was stolen, it's with five hundred million dollars and is still remains unsolved. I'm looking at this picture on my wall right now.

There's a ten million dollar reward for IT yet mine I just got from my printer for like five hence. It's always been weird to me how art has just so much value. Now I just don't see how this picture, which is not that much bigger than a regular sheet of paper, is worth more than a mansion.

But that's no longer the biggest, highest ever because in twenty twenty two, a digital highest end, which set a new record high. These are true stories from the dark side of the internet. I'm jack ryder. This is dark net dies.

This episode, sponsored by a threat locker, ran somewhere supply chain attack and zero day exploited, can strike without warning, leaving your businesses sensitive data and digital assets vulnerable. But imagine a world where your cyber security strategy could prevent these threats, that the power of threat locker, zero trust and point protection platform robot cyber security is a non negotiable to safeguard organizations from cyber attacks.

Threat locker implements a proactive, denied by default approach to cybersecurity, blocking every action process and user, unless specifically by your team. This least privilege strategy mitigates the exploitation ation of trusted applications and ensures twenty four, seven, three, sixty five protection of your org ization. The core of threat locker is its protect to sweet, including application allow listing, ring fencing and networking rol.

Additional tools like the threat locker detect E D R, storage control, elevation control and configuration manager enhancer cyber security posture, and streamline internal IT and security Operations. To learn more about how threat locker can help mitigate unknown threats in your digital environment and allowing your organization with respect and complain frameworks, visit threat locker dot com. That's threat locker dot com.

This episode is sponsored by vta. Whether you're starting or scaling your company's security program, demonstrating top notch security practices and establishing trust is more important than ever. Fanta automates compliance for sock two.

I saw twenty seven one and more, saving you time and money while helping you build customer trust. Plus you can streamline security reviews by questionaire and demonstrating your security posture with a customer facing trust center, all powered by vta A I. Over seven thousand global companies like at last in flow, health and cora, use venta to manage risk and prove security and real time.

Get one thousand dollars of vta. When you go to vta dark com, flash dark net. That website is vta that spelled V A N T A banta dot com.

Slash dark net and get a thousand dollars off. Digital assets are fascinating to me. I'm no economist, but they behave in ways that don't make sense to me.

Like let's take audio books for example. IT takes a lot of work to make the first one, but then infinite copies can be made at zero cost after that. So I don't know what happens when supply goes to infinity.

Seems like Price would go down to nothing, but it's not the case. Audio books are still ten, twenty dollars each, despite there being an infant, and amount of them, which costs nothing to make more of as kind of wild. And you think that piracy would have destroyed the market for tigers assets too, with unlimited supply.

Demand should have gone way down. But no, the demand for digital goods is at all time high. Top tier musicians are making more money now than they ever did before.

And that's because we all have mobile devices glued to our hands twenty four seven. And we're continually thursday for more digital content to consume. IT almost seems like our whole lives are digital now. Movies, shows, means music, books, even the people we are closest to. We have a digital relationship with them.

But i'm always wondering, of all the digital stuff in our lives, is any of IT really ours to own OK? So I think anything that saved on your computer and you can use IT offline, i'll say that yours and you own that photos that are like saved on your phone, that's yours. Music saved an M P three form.

That's yours too. You own that. But the line is often blurry between what's on our devices verses what's on the internet. Like if you have an android phone, IT tries to get you to back up your photos to google drive, and it's not always clear if your photo is on your phone or on google servers.

If it's just on google services, then you don't really do IT do you? Since they have complete and full control of your photos, what about audio books? Let's look at those five minutes.

Most audio books I listen to you. I can actually borrow from the library their apps, which let you check them out, and you can listen to IT for a few weeks and then return IT digitally. It's great, but often my library doesn't have the book I want.

So i've gotta buy IT. And when I buy an audio book, the biggest marketplace for that is audible. So I look there. And what drives me crazy about buying books from audible is, well, I don't own that book like at all.

If I owned IT, I should be able to save IT locally, give IT to a friend needed to my library, or resell IT to someone else like I used to add your book. But all that is impossible to do through out table. And of course, auto book can cancel your account at any time, and you would lose all of the books that you got.

So to me, the audio books that you buy on auditable are not really yours. You don't own them at all. So let's look at some of other digital assets.

How about my online accounts like twitter or email accounts or online gaming accounts? Do I own my twitter username? No, I don't think so.

Twitter does. And they graciously let me use IT. And at any moment they could terminate IT or report out of my hands. I don't have any actual ownership of IT. I mean, just cook.

What happened when twitter change the name to x? There was a user on twitter who had the user name x and twitter just ripped IT out out of their hands and there was nothing not user could do to keep IT because twitter owns everyone's account yet. It's interesting because even though you can own a twitter account, they're still valuable and people are buying and selling twitter accounts all the time.

Let's look at video games. now. There are digital assets in video games, right? Like imagine you're playing an online game, and when you level up your character at all kinds of armour and weapons and gold, that character is yours, right? I don't think so.

I mean, the game can ban you at any moment. Then why? What about those in game items like golden weapons? IT feels like that stuff is yours, but it's not really. You can save IT offline or take IT with you to another game. And it's strange because even though you don't own that stuff in the game, those items still can have real world value.

I know i've bought an in game weapon before for a hundred box, and it's ridiculous because I bought something I don't actually own, right? What about my website, dark net diaries dot com? Do I have ownership of that? Well, at first games, sure, I purchase domain and I, and nobody can.

But no, first of all, I didn't purchase the domain i'm renting in all domains have to be renewed like early or every few years registered control the domains and you pay them to get IT, but then you have to keep paying them to maintain control of IT. Seems like I don't own IT if I have to pay someone over and over to keep IT mind. On top of that, governments can go to domain register rates and take over a domain that's being used for illegal purposes.

So yeah, i'd say I don't actually own my domain if someone else can ripped out of my hands like that, or if I will expire after a while. Domains on the dark web are different. I'm talking about on tour, the dark net.

See, on the dark web, domains look awful. There are like a long string of random letters and numbers you'd never be able to memorize IT. And then IT ends in dot onion.

So how do you get a domain on the dark web? Is there a central body like I can where you go to register domains with no note? Not at all.

You create the domain yourself, yeah, that's right. You generate a private public key pair, and that public key is your domain name. So at the system, the person who has the private key controls that domain.

Now to me, this is true digital ownership. And I love that unless someone comes and steals my key for me, nobody can ever take my dot onion domain from me. It's never going to expire.

And IT can't be seize by the feds. This is why a lot of people are drawn to the dark web to have something on the internet that's truly yours, and nobody can never take you away from you. Another that I think gives you true digital ownership is cyp to currency.

Not all money is like that. Your bank can refuse your if they want, they can cancel your credit or and pick out of the bank and free your money. I know paypal has for my account before trapping my money in there, but because cyp to currency is built on decentralized blockchain, there's no one managing yet to kick anyone out or freezing account or take over an account.

Everyone and anyone is welcome at all times forever. And the best part is you truly own your crypto to wallet. Because to get egypto currency wallet, you just make IT yourself by generating a random private key and then using that to derive a public I when you do this, only you are the only person has ever seen that private key.

And however, has that private key controls that public address or wallet. There is no admin that can revoke your key or move your money without your permission. Your key is your key forever and ever.

The block chain is a fascinating invention and whether you ve lover hcrm pcr cy, the technology behind IT is very interesting. Take the authorities black chain for example. IT popularized something called smart contracts, which allows people to add code into the black chain, which means you can program money and even create apps integrated directly into cyp pal currencies.

This is wild, and it's opening up a whole new future that we never imagined. And for instance, people are making entire video games with these smart contracts where the whole game lives on the black chain, which means the indian currency is actually real cyp to currency. Not only that, but the apps you make on the black chain are truly yours, where nobody can ever see IT from you or stop you from making IT.

It's time we step foot into this big, new, wild digital world. I think the game axy infinity represents a fundamental shift in video game development. I spoke to a jeff White about this game. Hi.

i'm jeff White. I'm an author and investigative journalist, and I cover organized crime and technology. yeah.

So x infinity is not like the games that I used to play when as a kid, where they tell you the video game and you go away and you play IT. And that's IT ACM an online game as a cost. Lots of them are Angel plane against other people online, which cause lots of games are.

But the thing that may actually different and quite radical thing for some people was that everything in the game was basically for sale. IT was as a whole marketplace. So the way that worked was you have these aces, which are based on the x lotter salamander.

You have a team of access, three aces. And you, you basic lesson of you fight them against your opponents ts team of access. And if you win, you're rewarded with smooth love potion tokens, which you can use to breathe your axial together to to get them to be Better. Fighting machine is basically a bit like, remember those tamagotchi .

wing things yeah little like digit pet .

that you can level up and stuff exactly is that this this game is hugely, hugely popular.

Okay, so how how? So I need a team of three of them. How do I get one of them? Which the process you buy.

you have to buy the team and you can't as found what I get one you have to buy a team of three cause three gic number in order to do this. This is what he gets interesting with a sort of cypher currency aspect to IT. Um if you have opportunity dollars for you, jack, you can swap your dollars into east the cursy on the the train the cyp courcy like bit coin as she's number two.

I think to bit point is I think I might say you can then take that theory of money and you can put IT into transfer into act infinity, and then you can use that in game currency to buy your access to buy smooth love potion. You can buy land in the game. So it's all the whole game is based on crypto currency and is a internal block within the game that tracks who owns walton, who's sold walk, to whom I see.

And I like the ownership aspect of this. You really do digitally own one of these axes. Since this hall on the blockchain, there's no way for anyone to take your axes away from you if you own them, unless they steal your private key.

To me, this is interesting, because look at this off the world right now, you can buy microsoft word or doby photoshop. You have to pay a monthly fee in order to use IT. You don't own a lot of this software or games today if you have to have an internet connection for IT to work. And as the meme goes, if purchasing is in ownership, then pacy isn't theft. Act infinity .

was created by a company called sky Mavis, who are heading in the vietor. I think the companies is relegation ter, those in singapore. And this was five guys who'd been part of the big sports seen.

So theyve been around gaming for a very long time. And the idea of sort of crypto based video games wasn't sort of wadded ican. You I think crypto Kitty predate acting acting what what of IT.

Um but basic what they did was they built this game and released IT. And they in a way, they locked out because they observer got the the benefits of video game obsession. People became obsessed with this game and started playing IT and battling their axes together.

And so they also got the benefit of a sort of critter currency boom because they're a sort of twenty, twenty and twenty twenty. And crp was starting to rise in value quite deeply at that point. So people who were into video game got into x infinity.

But what's really interesting around the discussion boards around taxi infinity is you start to see this change where people are discussing the game, and then they started to discuss crypto investment and crypto speculation. So suddenly, people who are into crypto on the speculative side of IT cited to see this game as a an opportunity, money making opportunity. So you got this incredible wind of obsessive gamma, and also a proposeso ve crip accounts y speculators coming in.

And this game is went up and up in value. I think at one point, IT was valued at two billion dollars. I think I want to say astonishing values.

And the other thing that fed into this was was covered, was locked down. So during that period, the game is bigger south east dasia, particularly bigger southeast dasa because that's where the company is. High quarter and IT absolutely took off, particularly the Philippines.

I think forty percent of the players about you were in the Philippines and enjoy locked down. A lot of people lost work, weren't able to go to work. We're looking round for turn to sources of income, and they started to see that actually they could potentially play this video game and make money at IT. So you put all these factors get together and you just get the six explosive combination that just launched acting infinity into the stratosphere, much in surprise. I think it's fair to say if the guy's the guy may us who made IT, I don't think no expecting to be such big .

of a hit now because the indian currency was the affery um crypt to currency. This allowed for a whole in game marketplace. You could buy or sell things to other players with cyp to currency, just like directly on the blockchain.

A syrian wasn't just for cyp to currency, but there were items on IT now access, for instance. And you could buy one from another person directly if you wanted without having to go through any game to do IT. How how do people like make money? Do you understand the complexities of this? Because of if you're battling someone and you win the battle, do you take money from the other person?

no. Um the way I would work is understand this is your waxes will become more more valuable the more fights they won and you could actually sell them to other people in the game. So you could say enough, i've got this team of access.

Look, they're got a fantastic track record of killing lots of other access. I didn't actually, but the killing was possible. But winning the battles, you know, would you like to buy them off me? Also, there's a trade and smooth love potion.

So as you played the game, you got more smooth love potion. You could sell the smooth love potion to people. You could buy self plots of land on luna assia, which the virtual environment, which the game is played. So everything, almost everything, was for sale. So the money was were being shared around by trading within the game.

Now you might be, think IT hold with a minute. This is an awful idea to bridge real money into a video game. Well, you're not not the only one to think that the video game marketplace, steam has alright banned all crypto based games from there.

At first class, you might be thinking of as because they don't want people spending real money on games like that, I can ruin the in game economy and IT leads to speculative behavior and and also isn't IT stupid to just buy video game assets like gold and weapons. But none of those are the reasons why steam banned crypto based games. A very popular game on steam is CSGO or I guess it's now called counter strike too.

Within steam itself, there's a whole marketplace where you can buy and sell in game counter strike items from other players for real money. It's like a giant marketplace on steam. Thousands of purchases happen every day.

Yeah, you can grow up type or credit details in and start buying items in the game from other players with real money. Steam has built this whole system. So clearly, they are perfectly fine with people using real money to buy in game items or be speculative in the game or the game economy.

However, when you sell an item, you don't get the money from the sale. They give you steam credits, which can be used to buy other games on steam. But players were like, wait a minute, if i'm selling this to someone who's buying IT with their credit card, why can I get the money they paid for? IT seems like really, really don't want to give you money.

Game credits are much Better for us. So players were like, you know what, nobody can stop us from just trade among ourselves. So player to player, sales started happening.

But how do you send money digitally? You can just give someone your credit card doesn't work that way. So players started trading using crypt or currency.

But this became unsafe. People were sending their money and not get anything in the trade. So websites started popping up saying, hey, will broker a deal for you and they started acting like the middle man and trades for counter strike.

And that went on for a while. And steam was like, all right, here we will make an A P. I for the marketplace. And this allowed second marketplaces to let players buy and sell in game items with real money. And not only that, a lot of markets allowed you to buy and sell items with crypto currency.

So while steam has banned crypto based games, you can actually use crp to to buy things in counter strike to or sell things and get crp to from IT. And this is all totally allowed by steam. Steam could put in the end of all this right now, if they wanted, they could make IT.

So players just can't trade with each other anymore, but they won't because they make far too much money from this whole system. So why the scheme actually ban crypto base games? I think it's because the regulatory landscape is unclear.

When you start accepting crypto currency, suddenly you get into these regulations that are very difficult to figure out. And don't tell me that steam band crypto based games because IT keeps out the trash scale type stuff. Well, have you seen the game banana? As i'm saying this, this is the second most type of game on steam, and it's possibly the world's dumas game.

You just click up banana and after while you might get a banana for doing IT, which can be sold on the marketplace. And it's making the creator a ton of money. Since people are buying bananas with real money for no reason, the banana does nothing in the game.

This is ten times one more than any N F T game i've ever seen, and it's not even an N F T game. The fact that steam allows this is kind of breaking my brain, honestly. Y, I bet there are million teenagers today who are very fluent at understanding the market intricate of v box or robots, the virtual currencies for their favorite games.

And to think about steam credits or v box or row box is you can only buy IT, you can never sell IT. It's against the terms of service to trade that for real money. And that kind of frustrates me.

It's kind like when you go to in our kid and they make you buy tokens to play the video games there, video games can Operate just fine on quarters. They still need to invent a whole new currency just to play them. And the currency can only be bad, never sold and stinks.

When I come home from in our gate in there, a few extra doku s on my pocket, these things are worthless, except for one place in the entire world. So axy infinity was built directly on the a theory um crypto currency utilizing smart contracts. But they soon had a problem.

When you play video games, you want IT to be fast. Thorium transactions were slow, sometimes taking a few minutes to complete. And the fees on a theory um were high, like often costing thirty dollars on fees just to buy an axy from another player. So to fix that, sky may is the creators of accent finite created a sight chain of a syrian called the role in network. This side chain was very compatible with the syrian so players could move their money in and out between the roar network and the a theoria network easily.

And that mechanism of moving money between the two, they named that the role in bridge, the role in network was much faster and had very low fees, like less than a, making a much more ideal for a video game to be played on this blocker chain. But for this role in network to Operate, there needed to be nodes and validators sky. Mavis didn't want to be the only one controlling those nodes and validators, because if they were, they could theoretically control the whole network.

I guess if you have a majority control of the validators, you could manipulate the system if you wanted. The idea of a decentralized network is that nobody should ever have a majority of the validators so that I can be manipulated. So they made sure to have people outside their control also running nodes and validators plan on a browse.

I think most people play on the phone. IT got so popular that were reports in the Philippines of people giving up their jobs just to play this game full time. Now, of course, as soon that happens and hit the headlines, you get this brush. H of people who all they go, i'll do that. And of course, came a pilot people to went for this game, particularly in southeast station.

So there's this very valuable company with millions and maybe billions of dollars worth of crypto currency assets running through its swapping around, move in fast moving a light. This will attract somebody who wants to steal that money.

Inevitably, as soon he starts to make scouts of money as a video game, somebody tries to pack you. And that's exactly what happened .

with ax infinity. A lot of scammers and thaves flocked to this game trying to steal things from other players. Some players cyp to wallets were loaded with tens of thousands of dollars of axial infinity assets. And scams were trying hard to steal stuff from players wallets.

One common tactic is to get an axy infinity player to connect their clipt a wallet to the scammer s website, maybe by saying something like are giving away a free rare aci with craft message to wallet, which then the thief can drain everything from IT hundreds, if not thousands of axy infinity players were victim to this type of attack. And I should say that even though attacks on players and cyp to Crystal based games is very common, it's not unique to only crypto s the games. I remember when I was playing world of world craft a long time ago, someone somehow got into my account and transferred all the gold and removable items from my character into whatever account they had.

I got digitally robbed in world of aircraft. And if you hang out in the counter strike forums, or rob locks forums, or fortnight forums, you see people begging for help every day, saying their account got hacked or their stuff got stolen. There's a lot of money in stealing video game assets.

It's crazy. I do what you want. Do you want to go to the source of all the money, the file of all the money, which you, sky may be a sort of service themselves.

And so the hackers targeted one of the engineering team and Carried out a very, very elaborate, at least in my opinion, very lab social engineering exercise on this person, offered them a job. Now that's not an uncommon thing for the crypt to developers to get game developers to get poached all time. And so it's a great job for you, really big salary.

You know, are you interested in talking to us? And these employees said, yes. Stone, to receiving details of the job, did apparently a couple of rounds of interviews for the job, which I presume was web comes off, but, you know, was interviewed by people for a job that seem to exist.

Of course, none of this was true. There was no job. This employee of sky maybe was being targeted by hackers who were going to maneuver them to the point where they would effect the downfall where.

so we don't know how they made contact. My first thought was discord. A ton of scammers are on discord, trying desperately to hack into people's accounts.

But in this case, i'm willing to bet the initial contact was made on linked in. It's kind of easy to find developers for axy finally on there to begin with. Then it's only a few clicks away before you can message one of them.

And IT sounds like the message to develop offering them a job. So if that's the case, it's not so hard to create a fake persona on linked to look like you work for some prestigious company, making the whole story more believable. I mean, who kids job offers on disco anyway? You know, link in is the place to cook job offers.

The other thing you can do if you target someone in this way is you can say them, hey, for this job, we need to know that you can use this particular piece of software. Can you download IT for? So can you click on this link, go to this private service so you can do this exercise as part of the job application? There's lots of ways with the job application that you can do to trick someone into doing something they won't necessary done.

Down loading stuff, clicking on links. So I find that really, I think that was a really sort of smart way of of Operating and one gills to watch out. Eventually, my word gets downloaded by this employee of guy mavors onto their work device.

Now, full disclosure. I don't think, guy, may I have a revealed how that specifically was done, but you can think of multiple ways whereby by you build to convince someone as a job application process to download something, there's lots of ways to do that effect. The mail, where allowed the hack as access to guy with his computer systems and because they targeted an engineer who had what sky may be describes as very deep level access, IT wasn't like that, you know, have somebody in the H.

R. Department had had to work their way over to the development environment? They were already in theyd, hit the motherland effectively and were already in at a very deep level in science. Sky mats.

yeah. I mean, if you get nowhere onto a developers computer and then take control all of their computer, then you can assume the role of that developer in that company. You have their access keys, their loggins, their privilege, access to the network.

With theirs, or deep level like access to sky over the system, the hackers start scoping out how accent infinity works and how this money is moving around.

I bet they were looking for a central wallet like cold story or something where sky made with stores all the keys and has access to millions of dollars in cyphered. They couldn't find that. So the second thing was, with all this money flowing through the system, was her way to rabbit somehow.

And what they realize is what we've cover earlier is there's there's is internal blockchain within x infinite monitoring transactions between players. There's the external of the syrian block chain, which is actually bringing in money that people thereof, either currency that people are spending into the game and then putting that out.

So there's a conduit through which this is all happening, and that conduit is a thing called the own in bridge. The one in bridge's job is basis to reconcile what's going on in the game with what's going on in this external etheria blockchain. Eventually, the phone in bridge is nine computers, the world.

And those computers are looking at all the transactions inside and outside and reconcile the two ledges together. So basically, the hackers realize very, very smartly, that's the pinch point, that's the content, that's where the money is going across. If they can control the road in bridge, they can effective control the flow of money.

And since there's millions, millions of dollars inside x infinity, they can control that money. Now the thing that this is there were nine computers as part of the bridge expected nine. What they call validators and sky may be the thoughts about the possibility of getting hacked to give them credit.

And and they only controlled four out of those nine, which isn't enough to give you majority control. So you can just take over, guy ma, always get control of the bridge. inal.

Take the money out. The hackers had to find the fifth computers. They have five out of lines that got majority control.

And this is where things go wrong for sky. Mavis. Sky babies had outsourced the other five validator computers to external companies that they weren't in control of them.

So guy mayors didn't hold all the cards effected, but one of the companies that outsource to gave guy maybe a temporary access to its validator. And that temporary access was never revoked. The hackers somehow managed to realize all of this and thought are how we've got four computers validating a sky.

Mavis, we need to fish to get majority controlled. There's the fifth one. We still got access to IT voice guy mav.

We've got five out of the night computers. And guess what? We control the bridge, we control the money and .

it's time to still wow. I think the level of knowledge needed to pull this off is quite markable. This is not so simple as opening up a wallet and transfering the funds out to take over five of the nine nodes of the sixteen.

And to know how to Operate them in a way that will allow them to steal money takes a specific skill set. Whoever did this must have had to prepare quite a bit for an attack like this is kind of reminds me without one time, my friend went and boat and antique for no thousand dollars or something in on his way home. He stopped for lunch somewhere, and his car got broken into.

And the thise store, those change in a cup holder, they lived at that old antique and didn't think is worth anything, and left IT. Whoever was targeting axeine infinity knew exactly where to look to extract the most amount of value they could from the system. They knew exactly where the value was.

And I don't think many of us would know how to work these controlling nodes even if we could take them over. But when they took over these notes, they got immediately to work, setting up an attack which would allow them to transfer as much out of the roman network as they could, and as fast as they could directly into the authorities wallet that were ready and waiting. They set up everything and, using their control of the bridge, deployed a command to transfer the money.

They stole a ef currency and U, S, D, C, which at the time was valued at six hundred and twenty five million dollars.

Six hundred twenty five million dollars? Yes, i'm trying to think is there a single is there a single cyberia ist that is more than six hundred and fifty million dollars? I can't think of one.

I'll go for the i've been a bit circumspect in the book, but i'm being blessed irm spect. The more I go on, I think it's the biggest theft of all time. And I want I am going to add up the qualified to that.

That is a big statement to make life. I'm talking about one off. He went somewhere as well, you know, was made billions over over time by multiple victims.

I'm about one victim, one hit at the time the theft happened because obviously, you know the bit for next hack, you know the one that had Morgan election got well that was, I mean, that ended up being three billion dollars, I think, because, but at the time of the hat, IT was seventy million. So i'm talking about valuing a crime at the time the crime was committed, one of crime, one victim. And so i've been doing google, you know, you google and you google you, trying to find these things.

And you know this, the IsaBella to garden museum heist is one of them. So that was a think nine teeth. Three was IT.

They booked to music and they stole artworks. The artworks were valued at five hundred million. Now that's often listed as being one of the most you know expensive hours of all time. That's only five hundred million. So I know matt a limper, but I I, I, I do think it's a serious if it's not the number one, it's a very serious contender for biggest death of all time based on one hack, one victim, one crime, one victim valued at the time of the crime.

Some of my listers might be shaking in their head right now. I think. No, jack, none of this cyp t to o currency is real money.

This is not the biggest highs of all time. And in fact, a lot of articles which listed the biggest, highest of all time don't include any gypt cursy heights. But the thing is, these leaves immediately started exchanging IT for traditional money. So to me, if you can swap IT quickly and easily for any currency you want, then yet to me, it's real money. yeah.

IT may start off in crypto and you may turn IT knows up at that. But IT ends up in hard dollars and hard dollars that can be used to fund common activity. And some very serious as we going to talk about some very serious a common activity.

maybe I shall have mentioned this earlier. But the reason i'm talking with jeff about all this is because he just publish a book called, which is all about money launder ing in the modern world. And I just finish reading IT, and IT sent me down a wild, twisted tunnel into the world of money launching.

Now what we're talking about in this episode is the single chapter of the book, though the biggest tie of all time, x in IT is interesting by herself. But the thieves are now faced with a staggeringly huge chAllenge. How do you cash out six hundred and twenty five million dollars in stolen crypt to currency? If he sent IT all to an exchange, they might not be able to swap damage, or they might freeze your account and you could lose at all.

So while they immediately started sending some of IT to exchange, and IT was only a small amount, and they needed a big plan for the bulk of IT. We're gonna a quick break here, but stay with us because after the break, someone's going to prison. This episode responded by my mobile with big wireless providers.

What you see is never what you get somewhere between the store in your first months bill, the Price you thought european magically skyrockets with mt. mob. You'll never have to worry about gotch's ever again when mint mobile says its fifteen dollars a month.

When you purchase a three months plan, they mean IT. So how do they do IT? Well, IT seeks to means no stores, no sales people, no nonsense approach guarantees you huge savings on the nation's largest fie G E network.

I've been using mid mobile for over a year now, and it's been great. I get great coverage and the pricing is nice and simple a few times. I need a customer support, and I was very pleased at how easy was to work with them. They were nice and fix my problems without any issues.

To get the new customer offer and your new three month premium wireless planned for just fifteen box a month, go to mint mobile dot com sash dark net that's mint mobile dot com sih dark net cut your wireless built fifteen box a month at mint mobile dot com sash darker net forty five dollar up front payment required equivalent to fifteen dollars a month new customers on first three months plan only speed slower, about forty gig bites on unlimited plan additional taxes, fees and restrictions apply see in mobile for details. The news broke pretty fast. Axy infinity roll in bridge hacked, six hundred and twenty five million dollars stolen en. Lots of people lost a lot of money, and including sky, moves itself. But of course.

everyone wanted to know who did this. Good question. I very quickly hit the news this has happened and infant, this guy maybe did a rolling blog on on what had happened.

And we're filling people in um and of course, because it's cyp to currency because all cyp to cursy moves across the block chain, which is in almost always publicly available, particular when the hacks transfer the money out from sky babies, publicly viewable. People started looking at the water addresses to which the monkeys being sent. They start looking at the methodology 包含 in the heck。 And very quickly the name that pops into frame is north korea.

North korea. So north korea's military has something called the reconcile. General buro in IT are believed to be where thousands of hackers are trained and test with completing military objectives. This isn't the first time you've been accused of stealing millions of dollars in cyp to, and it's estimated that theyve stolen over a billion dollars crypto currency now. And I can't think of another country where the government is hacking for financial game like this.

No, we know of it's it's simply very rare for for notions day hackers to be put on the same for money because north korea in this unique situation, north creates unique a lot of reasons. But the unique situation that they are under international financial sanctions have been for a very long time um how IT seems largely run out of money or one out of legitimate sources of money.

And so the accretion is the north korea computer hackers are are tasked with gaining currency, but by by any means necessary. And that's from what we know of north korea. Not unusual. It's diplomats history. Ally have been tasked with not just big diplomats, but you know, can you also make a bit of money on the side, please?

But now that I said that I love that I don't know of another country that hacks for financial gain, i'm reminded of an episode I did was a CIA agent. IT was episode one sixteen called mad dog in IT, A, C, I. A agent told me he tricked a diplomat from another country to give him information on an upcoming trade deal between the U.

S. In that country. He saw with their bottom line west the lowest amount that they would accept in the trade deal.

And he gave this information to the U. S, who in turn use that information to save the us. Billions of dollars in the trade.

O is this hacking for financial gain? Social engineering for profit? Maybe, I guess economic security falls under national security, and countries will go a great links to keep their economic security go. And well.

when you still cyp the currency, one of the hazard of this is it's inevitably going to be honor you blocked train somewhere and that's almost inevitable going to be public. And so it's almost like you've got into the bank and stone hold lunch bank notes, but they're all in a fluent yellow and people can see you know in your pocket that you've got these bank notes. So your key just because ecliptic currency thief is to launder the money.

And that's why I can sing on a second now. So they have all, they have a heard in seven thousand eth theoria tokens. They need to turn out in two dollars so that they can buy whatever. Why don't they just set up an exchange in north korea that they can just send IT to in be like, are I done?

That's a very good point. And one of the things people are spoken about is the ID of north korea that are setting up equip currency's exchange. I guess the answers that that would probably be um firstly, this this is this idea I think with all these steps are attributed to north korea, that north korea gets the money back to pyongyang.

That's what destination is. Well, there's nothing to buy in pyongyang. G no point sending IT there. Um yes, you can set up egyptians and exchange in pyongyang. All egypt cy there, withdraw IT in. I think it's still warm as the currency they use, but then you've got north korean currency in north korea. What are you're gona buy what what was the point of that?

What you want is to ship the money to add know you want to buy widget and Frank foot ball bearings in Frankfort, you wana pay somebody off in brazil, you want, you know, get hold of missile technology secrets. You know, in afghanistan, you want the money mobile. You want IT flexible.

So you want to be able to move IT around. And also six hundred and twenty five million dollars is a huge quantity of money. You've GTA take IT somewhere where there's enough liquidity that somebody will buy that cricket council of you in exchange for cash and will be out money, dollars, pounds, yeah, whatever. And so this was a chAllenge that north koo was faced with, if you need IT. Was they behind the hack that they were trying to take this money somewhere that could absorb IT and turn IT around and give IT back to them in cold.

hot OK? So north korea has six hundred and twenty five million dollars in stolen in crypto currency.

specifically a syrian and U S D C legations y. These allegations of of being involved.

these hats. Okay, so it's supposedly ly north korea. A lot of evidence points to them, but we don't know for certain.

I think IT was now the way these crypto currencies work is there is no way to recover that money. This is real ownership. As I was saying earlier, there is no central banks that can reverse to transfer.

Pull the money back out. The money is north korea. And there's nothing anyone can do about that ever except north korea is on strict sanctions, which means it's forbidden to do business with them.

On top of that, it's stolen money and those wallet were flagged. So exchanges won't simply let them exchange IT into cash. What they need is a chop shop. The only reason that I know about chop shop is because of playing, granted, of doto.

When I was playing the game and I stole a car and the police chasing after me, I could take that car into a chop shop and they'd scratch off the vin, painted the car a different color and given a new license plate. Then when I got back on the road, I could drive right past the police without them knowing it's the same stolen car. Since IT looks entirely different with cyp t to currency, you can't hide very well.

I just transfering the money into a fresh wallet. There is a big glaring transfer displayed publicly for anyone to see. Moving IT into a new wallet doesn't do anything to hide your tracks. They somehow needed to clean this money. So I can't be linked back to the money stolen from acx infinity.

By this point, the wallets into which the cypher have been transferred, the stolen money for maxie been transferred into crypt or wallets, and those for flag as being recipients of crime. And the law enforcement had acted quite quickly and gone around to the major exchanges, the big legitimate crato exchanges, and said, hey, if anybody trying to transfer your money from that wallet there, don't take IT because I was storm for maxi.

And so they tried, I think, sixty million dollars worth of exchanges. The hackers, at legitimate, sort of above the line, move the board exchanges. And that money all got frozen because because as soon as exchanges received the money there, oh, this is the stole axy money.

Yeah, we keep in this. And so the hack is lost tens of millions of the stolen money because they tried to pump IT through the legitimate system. The legitimate system just froze IT.

So then they need to define somewhere else. Where can you go with hundreds, millions of dollars are stolen cyp to and and just put IT in, no questions asked. And that's what let them to. Toronto cash.

Toronto cash. I've used tornado cash before, let me tell you why OK. So I was going for a coffee while back in my town and I noticed accepted a thorium crypto currency not like people have been donating a theory um to my podcast.

I'm gonna use IT to buy some coffee so I started to get IT going. But I thought, wait a minute. Hold on.

No way. This is a bad idea. My donation wallet is public, so anyone can see where I spend my money. And if they see, I spent IT on coffee in my town, that might expose where I live, I go to extreme length to keep my private life and public life separate.

So I need a way to move this money into a personal wallet so I can spend IT without people able to see where i'm spending IT. So what are my options? I could send IT to an exchange and then send IT to a fresh wallet.

But using exchange, I have to give them my personal details, like my driver's license and stuff, which seems a bit much just to buy a cup of coffee. Isn't there a simpler system, one that's more privacy focused? Yeah, toronto cash, tornado cash is great.

You send your money to IT IT get thrown in the pull with a bunch of other people's money, and you get sort of a claim ticket. And in any moment you can usually claim ticket to get your money back out into a fresh wallet. Essentially, this allows you to transfer your money into a new world.

But IT removes the tracks of where I came from. What's great about IT is that it's all automatic. I was tell you about smart contracts before where you can add code to this theory.

Black chain money is programmable, so I can see the tornado cash code verified, looks okay, and then get my wallet to interact with IT directly, giving you my money and getting that claim to get back. And the way toronto cash worked is that they purposely built IT, so the creators themselves never took control of your money. The only person who would ever have control of your money is you.

The smart contract is program to handle the money. But the creators built IT so that they can even control the smart contract anymore. They literally quoted all zeros in for who can control IT, which means nobody can as the .

stories have emerged one of the people who'd used this particular x of was reti button who um course came up with the syrian protocol think codel ped um and he said, look, this is exactly what I did. I wanted to do ukraine. I didn't want to do IT publicly and that is a hazard of using cypher is IT is public.

So I used to mix up because I went to preserve my privacy. They are good privacy preserving reasons to use something like tornado cash. And that's I suspect the reason tonio cash was set up largely was for those privity preserving reasons.

okay. So you might be thinking, hold on, this is just a big coin tumbler, a mixer for a money launder ing. And there have been lots of them in the past.

And weren't they all illegal anyway? Yeah, that's the thing. This one was different, very different. The ones in the past were typically custodial mixers, meaning someone is actually in possession of your money. If someone put a gun to their head, they could hand over all your money.

These kind of mixes are illegal because the person holding the money should know whose money they're holding. Like, if I give you something illegal to hold, you could be interest as much trouble for holding IT as me. And yeah, a bunch of people were running these mixers and were caught by the police and arrested for running unlicensed money transmitter ers.

And the police were able to shut down those services. The difference here is very important. A custodio mixer is where you give your money to some person to hold for when you want IT back. While a non custodio mixer, the money is held on the block k chain, not in anyone's possession, kind of like a huge stash your money in a locker somewhere.

And then you gave the key to someone else, and they got IT out the place that only knows knockers had no idea what you put in there, so they can be held liable for whatever was in there, kind of like a dead drop. Now, I imagine the makers of toronto cash saw that custodial mixers had been shut and arrested in the past, and they probably knew full well that a service like this might be abused by people. So toronto cash developers were like, we have to be absolutely certain that we're never in possession of anyone's money, ever.

We can never have custody since those kind of mixers are illegal. So it's only with the invention of smart contracts that they were able to make a service like this, that they could be completely hands off a service that nobody was Operating or running. IT was headless, and the developers can never touch anyone's money even if they wanted.

IT was coded that way. In no way shape perform are they ever in possession of anyone's money. And they went to great links to prove that only that they wanted this thing to be extremely resilient and impossible to be taken down, as they felt that privacy tools like this were very important to people.

Also, a lot of these mixes in the past were tailored for criminals. So alphabet, for example, was a dark net marketplace where people could buy and sell illegal items. Well, the site had its own crypt on mixer specifically designed to help you hide your illegal purchases in the world of cyber crime, intention matters if you are building something specifically for criminals to conduct crimes with that's recovered ing, and you can get reo charges against you.

But the developers of toronto cash held on strong that this was a privacy tool that was their point. And to make that clear, didn't hide in the shadows of the dark net. They were open about their service and made IT easily accessible.

I mean, they even had a twitter account in a Normal website, which are clearly said, this is a way to have private transactions on the syrian. So as you can see, as a person who values my own privacy, I found this tool to be helpful and important. The centralization is very fascinating to me, too.

My website, dark night, is that com is hosted on a single server somewhere. But tornado cash was kept up by hundreds of thousands of people running a fearing and validators and are something amazing and beautiful about that. We can put something on the black chain and you know it'll permanently be there as long as a theory um exists you've understand .

and exactly that's precise what IT is at least that's what the claim was um from inside tonio cash uh as well as well talk about later on. Others have a costa doubt on that but Sunny that was the claim. Look tonight to catches this headless organization. And once you use IT, your effective the using an automated machinists is like going up to evening machines, stick money and the can out that, you know. And the vending machines been forgotten by whichever company is meant to own IT IT just once, no on its own.

Well, clearly, what is the only warning to use toronto cash? The people who stalled the six hundred million dollars from Maxine finance also noticed toronto cash and send hundreds of millions of dollars to IT.

Now this is he presented a lot of problems for the the for the particular the united states uh government because they can see the, uh mony's gone from the stolen, the moneys gone from x infinity been stolen, sent to ten to cash, they believe is north korea behind this. But like, who do you? Who do you do you know? Who do you protect? Nobody behind the ato cash this time.

That's what they thought. So what do we should do about this? So they did the next best thing, the U. S. government. They put tonio cash under sanctions on basic, said, look, this, this mix of this tomato cash mixer is working for the north koreans.

We believe, we claim, and therefore, anybody you interact with this mixing sense, money to sees, money for anybody interacts, who's in the U. S. People, organizations doesn't matter.

They are breaching sanctions as well that we we can't shot to need to cash down. But we can freeze IT out by saying, you cannot interact with anybody in the U. S.

Anymore, and anybody in the U. S. Interact with another cash. You've committed a fence.

and we can come off to you. Sanctions what the privacy tool I use got sanctioned. Hold on, hold on. This does not feel right. Okay, I need some names who who created toronto cash .

yes um three people um IT seems created IT they are Andrew person serve woman storm and woman seven um they worked for company called pepe sec. And I think it's as well get into that. There's some legal proceedings around this we have to be quite careful about.

But I think it's it's very uncontroversial that they set up papp A C, C D and they created to a nado cash. But the key thing is they created IT, they say, to preserve privacy. And having created IT, they go to certain and said, okay, we now burn our passwords to this.

We step back. We have nothing more to do with this. It's running on its own. 啊。 The eternal cash down.

oh, IT was a double. Of course, downs are fascinating. What i'm saying is an acronym, D A O, dow and IT stands for desensitized autonomous organization. And this is a perfect example of one. The internet has changed everything about our lives.

You know that already every day I get online and I chat with those of people from all around the world, and I visit websites from other countries, and IT never feels like i'm traveling far away to another country to interact with them. It's just right here on the screen in my bedroom, just little seconds away. The internet has connected us in a way where national borders just don't seem to exist anymore.

So if you were to start an an online business and that exists only online and there's like no physical product, the reason to have a home base and maybe you started with two other people, like one person's from europe and others from asian, the third from the U. S, what country do you establish your business in? Forget IT.

Why not just make in an online company? Not part of any nation at all. Is that possible? I mean, traditionally, you needed to make a company like an L L, C.

Or something in order to get a business bank account to do business with like the world. But since this service is all crypto currency based, you don't need a bank and autonomists means the company can continue to Operate without anyone controlling IT. Toronto cash was one of these dows IT was decentralized and autonomists IT existed only online and was capable of Operating all by itself.

This is another new thing in the world that didn't exist ten years ago. These, those exist online only. It's a business that isn't seated in any specific country.

Why should I be if people are getting paid from a doll, then those people can to report their income on their taxes and, say, their contractors for that organization. So the U. S.

Federal authorities were mad that hundreds of millions of dollars were stolen and then sent through toronto cash. They wanted to seized the funds and shut down the service. But like I said, tornado cash was built in a way that IT was impossible to turn off, and they never had control with funds ever.

So the only tool the U. S. Authorities had to try to stop IT was to sanction IT, which I don't even think U.

K. And sanction and APP a piece of code. I mean, it's still there on get hub for anyone to see right now.

So if it's illegal, why is that on get hub? And code is just words and symbols. So in essence, here they've sanctioned a bunch of words that, in a certain combination, has meaning.

So can you even think a page with words on IT IT? Isn't there like a free speech violation? And here somewhere? But not only did they sanction the code, they decided to arrest of people who started IT. What was their intention for starting toronto cash? Because, as I said earlier, in the world of cybercrime.

intention matters. IT does. Well, there are two sides. This you can go on the back of what? But they said in what the defenders say, which is, this was a privacy preserving tool, the intention was never to enable money laundry.

However, the counter argument from the authorities, which they are making very strongly and in cool, is IT doesn't matter if you're gonna N A money transmitting business, dealing with the cash was hundreds of millions of dollars you are obliged to think about money laundry. You cannot just naively set the thing up and hope no crimes are going to use IT. So now I works, but you know, you have to obey money laundering laws.

So, so we've got arguments on both sides. We got arguments. The intention was never there. We got the arguments on the other side that IT doesn't matter. You want the hook for this if you set up these businesses um as you can tell them, i'm being diplomatic about this a because as legal for see is about IT but be also because I hear both sides I do genuinely hear both sides and it's it's and that's the things of fascinating debates. What is a fascinating story?

The police are saying intention doesn't matter here, the act of creating open source code and putting them on the blockchain to help make your financial transactions private was illegal because someone missed the tool. And I want to to point out here that the U. S.

Government isn't clear on where the cypher currency is, even money or not. The community futures trading commission, C, F, D, C, classifies IT as a commodity. The S C, C classifies IT as a security.

The irs classifies IT as property and finance. The financial crimes enforcement network classifies IT as money, which is what requires people to follow the entire money launder ing laws. The government has made all this so confusing. I hate being in this position. I don't want to take the side of criminals who stole this money, but because I want to live in a world where financial privacy exists, I feel like sanctioning privacy tools hurts me.

yes. But the cost of that, I think if you if you do one hundred cent privacy, you have to protect people you don't like as well as in is in fascinate and goes round and around in my head and say that sounds like it's going in yours as because .

the money transacting rules they were supposed to follow was K, Y, C, which stands for, no, your customer. For them to Operate this legally, they would have had to ask everyone who uses the service for the real name, identity, upload your drivers' license, tell them your address. And when you do all that now it's not so private anymore.

While now creators have to maintain a data base on a whole back end full of people's personal information, I don't want my personal information in a database somewhere, just so I can privately buy a cup of coffee. The best privacy tools are the ones who knows nothing about who I am. When the financial system becomes a surveilLance system, we start having big problems.

Look at china, for example. They have this social credit system. Or if you do things the government doesn't like, they can restrict what you buy.

They can also see everything you buy and make judgments about your character based on IT, restricting other areas of your life, even targeting you as a problem. Tim, a government that is watching your every purchase is not encouraging of a free society. I mean, let's look at some legitimate cases for why you'd want to use tornado cash to hide your transactions.

You heard me say that I like to have this buffer between my public life and my private life. The internet is a big old dangerous place. And if you don't believe me, listen to the previous one hundred and forty six episodes of this podcast is important that we secure our stuff and take our privacy seriously, also imagining going to buy something from someone.

And as soon as you give them the money, they can look to see how much money is in your bank account and all your previous purchases. This is how a theoria works by default. So we need a way to shield our purchases from the rest of our transaction history.

You heard how vite, the creator of the um wanted to donate to ukraine, but want you to do so privately without anyone knowing. There is another reason he's a public figure. He wants to keep his political activities to himself.

There are nonprofits that I know of who go to great links to keep their donors private because donors don't want the public to know what causes are giving towards and don't want any extra solicitation from people asking them for more money. But I keep thinking about stories of people living in oppressive regimes, china, russia, iran. If you live there and speak up against the government, you could easily go to jail.

And these governments once strict control over their citizens. So monitoring financial transactions is crucial to keeping a strong grip on them. So the centers and activists in these countries absolutely need a way to send and receive money in a private way to support their cause and educate people in the atrocities of their own government.

Their life depends on private financial actions. Churches and charities don't care if you deliver them a big bag of cash as an anonymous donor, and that's none of anyone's business. If I went to donate anonymously, I want the same thing for digital transactions. I think taking down privacy tools like toronto cash hurts regular people.

Which was exactly the basis on which the encrypt to campaigners sued the united states treasury and Janet elen individually after the sanctioning of toronto cash. Um this decision to sanctions tata cash went down very, very badly with large ways of the crypt to community, he said, for exactly the reason of held lines you know when a one the key arguments and a fascinating argument is to what extent are you responsible for the downstream effects of code that you create and make available um the people who saw this decision by the treasury, the U. S.

Treasure, to sanction tomato cash said, well you can't sanction code, you can sanctions the persons is uses the code, you know you don't somebody to get stabbed, you don't prosecute the person who made the knife if you prosecute the person did the stabbing um and so that was the argument on which the U. S. Treasury, one of the argument on which the U. S. Treasure was being sued.

The other line of argument was the code, as he said, is freedom speech freedom speech is constitutional protected those cases by the way that the attempts to sue the treasury um over decision on to know to cash uh god rejected have not done well but are being appealed um as far as where at the moment so they lost in the first at least one round, maybe two rounds, but they're continuing that campaign because they they argue exactly the same as you're saying, which is, you know this this is, this is code. You don't prosecute code because if you do, you damp on food my speech, you stop people inventing code as a chilling effect. That's the whisk here. And that argument still playing out a in the court.

I wanted to take a step back here. I note that this story wasn't possible like ten years ago. This is such a novel, new world, were in money, used to only be physical, but with credit cards it's turned virtual.

And with everything being online today, we need digital money. Money used to be controlled by governments, but now the crypto currency is controlled by the people. And it's like we're in the middle of a major revolution here.

Money is power, and the governments are losing their power as crypto currency becomes more widespread. So of course, theyd wanna put up a fight against IT. And now with smart contracts and downs, businesses can be fully autonomists and always online.

How crazy is that? That the company can exist to make money as an act as an online service. And IT doesn't need to be maintained or controlled by anyone.

This is an entirely new kind of problem for the U. S. Government to deal with, and they don't really have a good way to combat against IT other than sanctioning the code.

If you aren't from you without sanctions, work IT means the U. S. Department of the treasury's office of foreign sets control, which is o fac, has declared that you are forbidden to interact with tornado cash.

If you do, you might get arrested, but IT also means your money may become frozen if you send IT to an exchange. I mean, typically when I buy things or go online, I don't ever think about where they are. Not on violating sanctions, like for instance, of north korea is sanctioned.

I don't expect north korean made goods to be in my supermarket where I could buy them and break sanction codes or something. I assume the shop owner knows not to buy sanctioned items to try to sell them to me. So it's completely off my radar.

Here's the situation, which I think is the first time ever that an online application is sanctioned. This is unprecedented. And so now I don't, I don't know how to navigate this world. Am I supposed to check the sanctions list every time I go online, visit a website, buy something using online service? This breaks my brain.

You are clear, not the only person who feels this because in the wake of the U S. Government's sanctioning to later cash, somebody clearly um felt even more um concerned by this and I put out by and thought the whole thing was ridiculous, this idea of sanctions and so they set up a stunt um which is another bizarre twinkled this story and intriguing one so the thing about to know kash es, even of the government, the us.

Government sanctioned, it's still up and running. You can still use IT its code on the internet. The website went down, but that isn't matter, because the protocol, you can still send money to the protocol effectives and IT will do what it's program to do and effect mix the money and anonymized money.

So the thing about that is, if I know jacket you a serious all to dress, I can use a little cash to send you money. And there's nothing you can do about IT. You get sent to you automatically. So someone, somewhere we still know on waiting for day.

Actually, jack, when they turn up on your podcast, somebody took fifty thousand dollars and started randomly sending IT in tiny bits, tiny, tiny amounts to anybody who is famous who had on a theory body, including Jamie salan, uh, the comedian Jimmy fan chako neo on sketch all store kilos they started receiving and of course, IT shows up on the block chain. You can't hide dicks, see two kilo o nails address and you can see that receive money from tomato cash that's all logged. And so technically um technically I guess you could argue Jimmy fallon and jack nail have breached sanctions, are sanctions dodging or and and they are to guess you could say they should be prosecuted for that.

But the whole point of this exercise was to show how ridiculous IT was that that anybody, even famous people who have done clearly nothing wrong, can then, as a result of this sanction of tomato cash, get implicated in sanctions busting. The idea was just illuminate how, how ridiculous this words. And so I don't know what Jimmy fallon ji o needn't done about that, but it's, it's, it's tRicky. IT was fascinated, was done. The emerges sponsors.

the north korea sent about four hundred and fifty million dollars worth of crypto to toronto cash to try to mix IT as .

crypto council tracing companies who claim they left in about four weeks and then extricated what we don't know, of course, who IT went to there after. So you can with mixes, I am particular when you're mixing a huge count like phone fifty million, there are companies that track crypto, one of things they do with mixes as they look at the amount going in, the amount going out.

Now you can't link you know this crypt or currency payment is linked to that one going out, but you can see the volume and you can see the amounts going in, the amounts going out. And so I think that's what theyve done, is if looked to go look for fifty million goes in, we can look at the outflows. And sure enough, four weeks later, for fifty minute, comes out to put in very simple terms.

And so that money is now somewhere in crypto currency wallets. The other interesting thing is, women, who do you take that to to cash out? You're gonna say to somebody what you know, his, he's one of fifty million dollars, which came from tornado cash to know where else could you transfer that change IT into pounds or dollars or you are or whatever they want.

All people out that y'll do that, no questions ask that it'll take up a big cut. But but doing that to four and fifty million dollars, you've got got to have some brokers that have got some serious, serious liquidity on their hands to be to change that. So the theory, I think, from some people is that there's a bit of a glut now of stolen en money that the north koreans are accused of stealing, that they are trying to cash out but that they can't cash out quickly enough. Just there's nobody can you know who can buy off them for the phone and fifty million or whatever they need. So so that's where that that ended up all that money.

I guess the chop shop when you will work here because it's more like you stole like a giant bus. And no matter what color you change IT, you're going to look like a giant. But as coming out the other side.

yeah, yeah exactly. So I deal what a chop shop that can convert your big yellow bus into, you know, a bunch of tiny, little smart, whatever.

So just going back as well, this idea that tornado o cash was sort of leaderless um is now being totally chAllenged in the the first thing that happened was a guy called Andrew persave was arrested in holland and accused by the dutch government of um running tornado cash women Simonon is also in die by the U. S. government.

He's believed to be in the russian federation so hasn't a face trial i've trying to contact them and seminal hadn't heard back from him subsequently. After the sanctions moderato cash, the U. S.

Government changed roman storm, whose in the U. S. And is think currently being tried and is in prison again. Fascinating trial is his look. The same arguments are coming up in his trial as as we've talked about, you know, people saying that he did not run this, he was trying to was a privacy.

That's why he set IT up now going against that idea that these guys didn't run the inverted commerce to order to cat is a slightly inconvenient fact, which is the quantity government. They owned a lot of the voting tokens and crypto o tokens inside tonio cash. So the way this work is, you know, to know to cash is leaderless.

It's done by vote any changes to know to cash get done by vote using tokens. I think part of U. S.

Governments argument is will hang on. A lot of those tokens were in the hands of these three individuals. So they may say they didn't have control, but actually we think they did.

Also, they say they was still making money as a tonight to cash so all this leads to try to knock down this argument the defendants have, which is, oh, we didn't want IT the U. S. Government to saying, no, you did on IT.

He's the evidence. Why so the guys who started tornadoes cash, too, have been arrested. And in may of this year, the first verdict came in.

Alex I putz ve was tried in the netherland, and the judge found him guilty and sentenced him to five years and four months in prison. The cops took his porch in one point nine million euros. Encrypt currency. The press statement from the netherlands government says, quote, tornado cash is non legitimate tour that has unintentionally been abused by criminals and quote, not a legitimate ate tool. In fact, the judge said specifically he could not find any legitimate ate use for this tool, as if privacy itself is a crime, was fascine .

by this is all starts with a hack on the video game to his salamanders and IT ends up in this kind of epic battle boy all over freedom of speech and privacy. And yeah, I find IT really, really fascinating. It's almost like, it's almost like the collide, this topic story. You look into IT, it's got .

everything in IT. Yeah, yeah. We've got all over the road here evenly.

Are you going to get one down? No, I do not envy that. Ask another way to look .

at this is that the feds are saying that the developers of the tool are responsible for how users use IT. Not a bit crazy if you ask me.

It's like saying a lighter companies responsible anytime someone uses a lighter to commit arson or a drone maker is responsible anytime someone uses a drown y legally like spying on people flying in the wrong air space or dropping a bomb on someone what's like saying A V P N provider gets arrested, shut down sanctions because some of their users where online that did something illegal, or my goodness, IT is an encrypted messaging upper, responsible for people doing criminal activities on IT. I mean, we know criminals use iphones. Apple knows criminals use their phones.

In all these cases, the tech itself is neutral, and it's up to the user to use IT responsibly. Governments have never faced anything like this before, and they simply have no president to act on here. And in my opinion, are just drawing really full lines arbitrary. They can even come to a consensus on whether cyp to currency is money or night.

The worst example you could possibly think of maybe, you know, with the exception of child sex abuse, on the worst examples you could think of would be, you know, a country using this kind of technology to get nukes as like, oh yes, we ve got that. So it's it's almost like your your privacy defending hat your privacy defending head is being put to the most extreme test is like you want privy, right?

What about north korean nukes is almost like that immediately. What's happened is it's gone to you know what you argue with something. They just go to the most extreme example of comparing you to hit, or whatever is like that happened now is north korea. What are you going to say now? Is is yeah, fascinating, genuinely fascinating.

Okay, I don't buy that argument. why? Because all this happened and they didn't catch the real criminals here.

In fact, I think even if they implemented K, Y, C, north korea would just have used like some fake ID, and IT wouldn't helped catch them or slow them done at all. North koreans are still on the loose with their fresh and clean four hundred million dollars. And there the real criminals here go after them.

It's crazy that the story starts with someone stealing hundreds of millions of dollars and the people who end up in prisoner. The privacy advocates. And I researching all this, I had to refresh exactly what is money launder ing.

Mean, the act of money launder ing is to hide the cash you have was involved in some illegal tivy stolen money or drug money or something like that. Me trying to hide my transactions isn't a crime. It's only a crime if i'm trying to hide criminal activity.

And by the way, tornado cash despite being sanctioned is still up and running because that's how IT was designed, fully autonomous and decentralized. fact. There's youtube videos out there that explain how to still use toronto cash despite IT being sanctioned, basically show you how to get around sanctions.

I mean, videos like that surely should be illegal, right? And he just makes me wonder, these sanctions have any teeth at all? If if you ever hear of anyone who gets arrested for violating the toronto cash sanction, please tell me, I would love to know.

Because what's the point of all this if the government isn't going to enforce the sanction at all? Because IT almost feels like the government is powerless here. IT has no ability to or control crypto currency or from people using apps like this.

This is what permissionless money is like. And I don't see any evidence that the government is even trying to enforce sanctions. The sanctions code is still there.

And get up youtube happily host videos on how to avoid sanctions and still use toronto cash. What is happening here? Just a month ago, the A, C, C approved the a thorium etf.

This means you can buy this stock on a regular stock exchange and we'll buy, eat for you. It's a way to invest in syria without actually holding a syria. So there's this wallet out there which holds all the eat from this etf.

Well, guess what? As soon as the internet figured out, which, while IT is holding the money for the etf, someone sent a whole eat token, where's over three thousand dollars through toronto cash and then to the city of wallet, which, in my opinion, means the wallet is now violating sanctions and can no longer buy or sell on an exchange. They did IT to protest these sanctions to show that there's absolutely no way to enforce this.

And I guess this means toronto cash one. There's no way to stop IT or to stop people from using IT. And so today there are still millions of dollars flowing through toronto cash.

It's going down. Don't get me wrong that the advantage processing has has gone down. Um and and therefore, he makes a less effery ent mixer.

You know that you want you mixed to have lots of liquidity, lots of volume going through. The less is used, the less efficient to the mix of it's going to be. However, IT is now a criminal mixer and so you know it's a sanction mixer going to U.

S. government. And so anybody uses IT. Is gonna a cook? What that means, of course, is if you use tornado cash, you're gna really struggle. Send the money on woods because whoever sees money coming, coming at them from tonight, he's going to go. I'm going to accept that unless it's somebody who doesn't care about dealing with sanction and tea, in which case, know you in the slight marky world.

IT is a very marky world because let's say, hey, i'm selling something lying and someone's like all by IT and they send me the cypher currency that's been mixed through toronto cash. And I was to say, wait in IT before you send me the money, let me analyze. You wanted to make sure he doesn't have any sanction cyp do in.

This is Bakers. This is like running the serial number on every dollar bill you ever get to see if it's ever been used by someone who has been sanctioned in the past. That would be a nightmare to have to do yet.

That's what I feel like we have to do from now on. Yeah, so suddenly i'm wondering why the U. S. Has even involved, right? So acting finites based in Philippines, so I can see the Philippine, please be an upset.

And okay, so I can see the vietor is being like, right? We got a tinct this because we don't have any other way, right? And then you've got the creators of tornado cash.

They're not U. S. Space, are they? Yes, roman storm is back in the U.

S but actually at the point where they sanctioned IT, I don't think that had been confirmed. I look with sanctioning. Sanctioning is a really interesting power in the basic.

Any time money transfers across the us, the us. Can exit control into the center. So it's it's strainingly difficult to avoid if you going once to go after you on sanctions, you know it's extreme discount to avoid that the U.

S. Government argument is that there would be U. S. Use as using the service.

You know money transactions would have gone across the U. S. Territory also, as far aware, sanctions the sanctions orgin uh accusations the U S.

Um but the art the foot of north korea gives the U. S. Government huge scope to go after IT around the world.

Wherever north korea tries to dodge sanctions. That seems the U. S. Government can go with its sanctions legislation.

So yeah, you know, IT seems, but in a way that doesn't surprise me, one one job that the U. S. Has managed to trying to do this.

right. I don't know if there's they were trad crime, but traditional crime is based with, you know, people in countries, and those countries can deal with that, whatever. And here we have a new kind of crime, which is there is no bounds.

There is no country. There is no head of some company, there is no person controlling the code. Um you know that is a crime like we having even established that there's laws that are establish to avoid money laundry ing that may have been what's know it's another person, another country that did IT right.

So it's but this is why sanctions, this is why sanctions are such a useful weapon and why the us. Is resort into more and more. We've had bitcoin fog as a prosecution in that case recently.

Another another cyp to mixer. This is why the U. S. Government is using them, is we can't nx these people, we can't lock them up, but in hands costs most of the time. We can use financial finances, financial warfare.

This is what we do now. We need to warfare.

We complete the code. We can't plex the people, but is all about money. So we are just going to use that sanctions power.

It's a really big god power, um, to use as soon as I outsides seeing this, and I night realizing what was going on. And that makes perfect sense. You know, you've got got so few weapons to bring the battle, but you got this weapon, and it's really good. You can use IT wherever IT makes perfect sense.

And you know, as as as a researching the subsidy de, I saw more stories like this. Another privacy service just like this called samurai let, was also shut down by the U. S.

Federal authorities. And the people who started IT were arrested. This was a coin join on the bitcoin network, which isn't the same as the smart contract system. But IT is an autonomous system and its non cust studio and IT was also open source.

And here you have people who have contributed to an open source project to and get arrested because the feds are accusing them of running any illegal money transmitting service. And as my eyes become tuned into this, i'm seeing more and more stories like this. The phenix wallet decided to remove themselves from the APP store.

Not saying a reason why ibex pay is shut them himself down, not saying why either mena masks received an enforcement action letter from the S, C, C, and they're counter suing the S, C, C over that something big is going on here. Privacy advocates have fought the government in the past, before. And one, the story of phil zimmerman comes to mind.

Phil created a fantastic encryption program called P G P, which allowed you to send an email to someone encysted IT. So on the u. And the receiver could see what was in IT.

Yeah, well, the U. S. Government hated this kind of encysted that gave us privacy and scription. That's only for the military.

How dare civilians try to use IT? So they classified P, G, P. As a municipal, and they called IT a regulated ARM.

As if I was a weapon which allowed them to say, look, fail. Unless you get an arms expert control license, you can't go distributing encryption code online. What happens if criminals use that? They could hide their communications. Nobody wants that right.

If B I began investigating fill, well, the privacy community was outraged that the government was restricting us from encysted our own messages, and they started being vocal about how important privacy was someone suggested to fill that he should publish the P, G, P, code in a book and feels like, what why? It's program, it's code. Just download online cheese.

If I were to put IT in a book, take eight hundred pages to print IT. But the thing was, books weren't considered regulated munition. Books were protected under free speech law. So if he would publish the source code in a book, that would would give him protections that what he's written is just words and not, in fact, to regulated ARM. So he published IT in a book, and IT was eight hundred pages of code.

Well enough people voice their support for a crypt and privacy that the government find the gave in and let fill off the hook, and even took crypt off the regulated arms list. IT was a big Victory for our privacy and think goodness, because crypt an is inherent in everything we do online. Now, even what you're hearing right now, this podcast was delivered to you encrypted so that anyone who will intercept to the pack is along the way.

When didn't know what you're listening to, IT would have been illegal for me to use encryption on this podcast in the nineties without an export license. I did a whole episode on this, actually that's episode twelve called crp to wars, which fill showed us says that code can be printed in a book and if it's principle like that, is protected on your free speech. And so once again, it's unprecedented that the government would put a sanction on code which has always been free speech until now. Until now, I don't know the cyp to spaces is so complex that if I sent IT to your wallet and you sent IT to my mom wallet and he sent IT to my wallet, and then I sent to the exchange, is the exchange gonna know that still came from toronto cash?

Very good question. And that comes down to how much liability the exchange has in the situation described there. That's what four hopes. Um I think given the crypto currency tracing is is fairly well as well, I think the authorities were still hang on. You should still have known that came from that but he fears about one hundred one hops or thousand hopes maybe that's enough hobbs, that the authorities say, well, yes, you had no way of knowing this okay, what transfer .

is a poly gun? And then back to eat and now you've got a new wallet and it's I don't know if that's tractable. There's just a lot of ways to get around that even still.

Now you're thinking like a money laundry. Er that's why I hope we get in this conversation where you you find that's what the books about yes.

the book jeff has released a book called prince uh, which goes into the monarchy minal or longing ing. Money is full of things that make you think about the new future that we're facing. I deviated quite a bit from IT here, but what jeff told this today was a single chapter from the book, so you can imagine how much more you would learn from getting this book and diving in.

So go read prince today and let me know what you think of IT. And i'll leave you with this very important warning from the FBI, which was issued apple 244。 This is P S A I dash zero four two five two four.

The FBI warns americans to avoid crypto currency money transmitting services that do not collect your name. I D address another personal information. To me, this is a king to the F, B.

I, advising against driving on roads without license plate readers or walking on sidewalks without facial recognition cameras. It's like being told not to wear sunglass is on a Sunny day, or to avoid using curtains in your house by cautioning us against privacy tools. They aren't just infringing ing on our rights.

You're asking us to live in a glass house exposed and vulnerable. This isn't just a warning. It's a push towards the future where privacy is the reality of the past is that the world we want to live in.

A big thank you goes to jeff. Wait for shing the story with us. You can find a link to his book inst in the show notes.

Go check IT out. This episode was created by me, the firework figger jacker. Our editor is the router rigger rest and leger, mixing done by next sound into a music by the mystery rooms mater cylon.

I was moving my stuff the other day and I had to Carry my computer down some stairs, but I dropped IT and IT tumbled down the stairs and itself to its all the way down at the bottom of the stairs was just a big, massive broken parts. The only thing that was still visible was a sticker. M, so least I have the memory of IT disease, dark diaries.