This article is more than nine months old

Zhong’s heist of 50,000 Bitcoin gives way to new ‘industrial’ era in crypto crime

Zhong’s heist of 50,000 Bitcoin gives way to new ‘industrial’ era in crypto crime
Crypto crime has evolved rapidly since James Zhong filched 50,000 BTC from Silk Road in 2012.
  • Artificial intelligence and quantum computing are poised to accelerate cryptocurrency crime
  • Surging number of hacks poses existential challenge to DeFi

Judging by the numbers, James Zhong seems like a master crypto criminal. The 50,000 Bitcoin he stole 11 years ago from Silk Road, the dark web contraband emporium, was worth $3.4 billion by 2021. After pleading guilty in 2022, he received a 366-day prison sentence last month.

Yet Zhong’s case is actually rather quaint when you consider his masterstroke: The 32-year-old Florida man filched Bitcoin from Silk Road by simply double-clicking on a withdrawal button. He was not so much ingenious as simply ingenuous.

Bad Actors

These days, Zhong would be utterly outmatched by a new generation of bad actors with far more nefarious objectives in mind, said Eric Jardine, a cybercrimes expert at Chainalysis.

“There’s been a movement from your idiosyncratic individuals to larger-scale, more industrial-type operations, many of which are really traced back to state sponsorship or state cover,” Jardine told DL News.

Stay ahead of the game with our weekly newsletters

NOW READ: Europe’s rules for crypto wallets nears final showdown

North Korea’s Lazarus Group, which US officials say is involved in financing the rogue state’s nuclear missile programme, is one of those operations. Russia harbours other crypto crime rings, experts say.

These groups, along with organised crime networks, routinely plunder crypto protocols for wealth, and use them to launder proceeds from ransomware attacks that target hospitals, schools, and other public bodies.

Meanwhile, lone wolves with greater expertise than Zhong prey on blockchain bridges and other vulnerable projects. The Euler bridge hack was a recent case. Even code-audited ventures such as Merlin aren’t secure. The exchange lost $1.82 million after developers exploited a backdoor in the code despite having the integrity of its code evaluated by experts.

Join the community to get our latest stories and updates

‘There’s been a movement from your idiosyncratic individuals to larger-scale, more industrial-type operations.’

—  Eric Jardine

As a result, the decentralised finance community is confronting questions that are becoming existential: How can crypto projects defend themselves against these foes? If billions of dollars’ worth of tokens are routinely stolen, how can people trust DeFi? And law enforcement crackdowns and headlines are poised to further tarnish the DeFi brand.

Lucrative target

Because more attacks are coming, Jardine said, especially on blockchain bridges. They are supposed to expand the scope of the DeFi ecosystem by connecting networks together. So securing them is vital.

”You have a really lucrative target, and you’re probably going to be seeing a lot of targeting in the future, just on the basis that there’s a lot to steal,” the analyst said. “There’s a chance that they” – the bridges – “are more vulnerable than other sectors of the crypto economy, like centralised exchanges.”

Still, there is hope. Last September, Chainalysis helped recoup $30 million worth of tokens stolen from Axie Infinity, the blockchain gaming giant.

More than $600 million had been plundered from the Ronin Network, a sidechain built for Axie Infinity. Chainalysis traced stolen funds to offramps and liaised with law enforcement and industry authorities to quickly freeze funds.

NOW READ: Fund managers still lured to crypto ‘because of the returns’

In the old days, Jardine said, hackers had more anonymity. Now the blockchain provides a permanent record of activities, making it much easier to trace assets. The former mode of crypto theft – hack some wallets, steal some funds and live large because you think no-one’s ever going to catch you – is bound to be less productive these days, he said.

And ideally, the funds wouldn’t be taken in the first place. The latest defence is — what else? — AI. Protocols can deploy artificial intelligence programs that analyse source code cheaply and comprehensively far quicker than a human could. While this approach has only begun to be tested, it could provide a way forward for embattled cybersecurity devs.

Security vulnerabilities

“You run a smart contract through something like ChatGPT and try to see what it flags as potential security vulnerabilities,” Jardine said. “You start to peel off the things that are vulnerable and keep the core, or revise the core so that it prevents exploitation and emulation.”

Then there’s quantum computing. Researchers have long sought to harness subatomic particles to exponentially increase computing speeds, and as they move closer to workable solutions fears have mounted the new technology will tear conventional encryption to shreds.

‘It’s just a matter of time before all this gets a lot worse.’

—  Meera Sarma

Meera Sarma, the CEO and founder of the cybersecurity firm Cystel, says industry leaders may be underestimating how rapidly quantum hacking will hit DeFi projects. “It’s just a matter of time before all this gets a lot worse,” she told DL News.

There are companies trying to work out how to defend against quantum hacking, she says. It’s already possible to buy a two-qubit quantum computer, perhaps for as little as $5000. A two-qubit (quantum bit) computer is the equivalent of running four computers at once, Sarma said.

“We don’t know how well it will work,” she warned. “Eight- to 12-qubit is when it starts to pose a real threat.”

NOW READ: A wallet likely linked to Do Kwon moves $7m while crypto king in jail

Jardine acknowledges that quantum hacking is “a massive break in terms of speed of computation, and you have to accommodate that.” But he argued that a lot depends on who has the technology first, and that it will probably be “the good guys” rather than a James Zhong type of character who grabs a quantum computer off the shelf.

As for the hackers themselves, Sarma said, they have similar motivations to Zhong — not just greed, but a desire to impress peers. The difference is that professional hackers want to keep their heads down.

Lavish spending

That’s a far cry from what Zhong did.

He was a hapless nerd who morphed into an outlaw and spent lavishly on real estate and gold bars and rocked up at yachts and Miami nightclubs with glamorous women on either arm, according to the case made by federal prosecutors.

He didn’t even bother to launder his loot. When police raided his home in 2021, they found a hard drive that contained thousands of Bitcoin stashed in a Cheetos Popcorn tin. And he showed off his high life in loads of social media images.

“He put his head above the parapet, which is quite unusual,” Sarma said. “Normally what happens is that attackers are very, very subtle about the money they make. They often invest it in properties, often convert it into white money, if you will.”

With the Zhong case now closed, a far more serious phase un crypto crime has begun.

Do you have a tip about crypto crime or another story? Reach out to me at thomasough@gmail.com.