Wednesday, March 11, 2015

FBI Silk Road Auction of March 2015

In March 2015 the US Marshals Service (USMS) held their third auction of bitcoins connected with the FBI case against Ross Ulbricht and the first Silk Road market.  Bids were submitted blindly on the 4th of March and the USMS moved the bitcoins on the 9th and 10th of March.

According to the auction announcement the funds were required to begin transfer by 2pm EST in Washington DC (which wound up being 1pm since daylight savings time began the day before).  Bids were to be "transferred to winning bidders in the order that each winning bid was received."  It appears that the winners had all their financial ducks in a row because the transfer of the bitcoins began promptly after the deadline passed.

Winner #1 - itBit

According to CoinDesk the winner of the first lot paid out, to the sum of 3,000BTC, was itBit.  Headquartered in New York itBit is a bitcoin exchange that also has a significant office in Singapore.
Transactions to the first winner of the auction.
Starting right after their lunch break the USMS sent a test transaction to the winning address of 50 mBTC.  This is a pattern we saw in the second auction and looks to be one they are going to be using going forward.    A half hour later the remaining bitcoins were transferred to the winning address.  No fees were paid for either of these transactions.

Based on who won these bitcoins and the immediate transactions that occurred it is my theory that the deposit went straight into the itBit operational wallet.  The two unspent transactions in this graph would represent a customer withdrawal and a "change address" ready for more use by the operational wallet.

Winner #2 - Unknown

It is currently unknown who won the 20K lot of bitcoins, which represents all of the series A blocks of bitcoin available. 
Transactions to the second winner of the auction.
The USMS initiated the second winner's transaction about a half an hour after completing the first one.  Again they began with a test transaction of 50mBTC and then two hours later completed the rest of the transaction.  It is unclear why there was more time for this transaction, representing 14 blocks between transactions rather than the single block for the first winner.  They also paid no fees to receive their bitcoin.

There is not much that can be said about this winner, other than they have exercised some excellent "privacy hygiene" when it comes to the transaction information.  The address is one that has not been seen on the blockchain prior to the auction, and the only action seen with the purchased amounts is a single sweeping transaction into a new address.  


Winner #3 - Unannounced

The third winner of the auction exhibits some connection to the Cumberland Mining & Materials LLC  of which very little is shown on their website.  They have not announced their participation but it is believed by many individuals that watch the blockchain that they were the initial recipients.

Transactions to the third winner of the auction.
The USMS initiated the transfer of the test 50 mBTC to the third winner about an hour after the last transaction, and then the USMS went home for the night.  This left the bitcoin community in suspense overnight over how much the third winner would receive and wondering if there would be a fourth winner.  But to their credit they were in the office super early the next morning to complete the transaction and sent the remaining balance to the third winner and thus wrapped up the auction before the markets opened on Tuesday.  The third winner paid a transaction fee of 100 bits for both the test transaction as well as the final transaction, the only transaction fees paid in the third auction.

The reason why any information is known about this winner is because they used an address that had been used before on the blockchain and this address was also mentioned on twitter.  Via some other internet detective work we can conclude that they have some connection to some other recognized names in the the exchange portion of the bitcoin ecosystem.  But those details are outside the scope of this blog.

However it does not appear that Cumberland kept all of the bitcoin for themselves, it appeared they were acting as a syndicate for their bid.
Detail of three transactions from the third auction winner.
Within three blocks transactions for 2K BTC, 14K BTC, and 5K BTC were peeled off of the awarded amount.  The remaining sum of nearly 6K BTC was short the test transaction amount and the fees paid to receive the initial sum.  Because of this I feel the 6K distribution remained with the administrator of the syndicate.

Nothing has been publicly stated about who the third winners were, nor who the members of the syndicate are.  There is also the possibility that these are cold storage amounts for the same entity.  However if it was cold storage I would have expected less movement of funds and more consistency in the size of the distributions.  This is why I feel four entities joined into this syndicate.

PSA - Don't Reuses Bitcoin Addresses

I'de like to finish with a public service announcement: don't reuse your wallet addresses.  Even the original paper on Bitcoin recognized the dangers of reusing addresses:
As an additional firewall, a new key pair should be used for each transaction to keep them from being linked to a common owner. Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner. The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.  
 [Section 10: Privacy, Bitcoin: A Peer-to-Peer Electronic Cash System]
Note that for the second winner we have never seen any of their addresses before.  And the only reason we know anything about the third winner, their syndicate, and what they are doing with their transactions is because of a re-used address and a tweet associating that address to an identity.  

I cannot stress enough how keeping addresses as single use entities is the simplest and most effort effective means there is to increase your bitcoin privacy.