Former Cryptsy users were teased over the weekend by an anonymous twitter and bitcointalk user, who claimed to be able to return funds that Cryptsy says it lost in an alleged hack. Days later, despite a hastily drawn and legally questionable contract being posted on Cryptsy’s website, no proof that the funds have been recovered, has been forthcoming.
Over the weekend, Cryptsy’s Twitter account responded to Crypcracker1, who had been tweeting at Cryptsy’s account since January. Crypycracker claimed to have access to funds that Cryptsy’s CEO Paul Vernon [aka “BigVern”] said was lost in a hack. Cryptcracker asked for a 30% commission on the funds, but the two sides apparently agreed to a lower fee. A contract was drawn up with Vernon and Cryptcracker signing digitally (of note: Cryptcracker’s signature appeared to be copy and pasted throughout the document and appears to say “Wrecker”)
Members of the press who don’t make a habit of blindly regurgitating any lead handed to them, instantly cast doubt on the story.
The original seed of doubt comes from the story of the hack itself. Many have doubted that Cryptsy was hacked at all, and there are allegations that Cryptsy’s leadership is using the hacking story to cover up their exit plan. At the heart of these accusations is the fact that Vernon admitted to not reporting the hack to the authorities and that he didn’t mention the alleged hack to customers until 18 months after it allegedly occurred. There are also accusations that Vernon is in China and statements in divorce proceedings seemed to contradict Vernon’s public claims about his financial situation.
But, even with those inconsistencies, many still believe Vernon’s claim that Cryptsy was hacked. Cryptcracker was seemingly poised to come to their rescue by after claiming to know the identity of the hacker. Eventually, his claim changed from being able to finger the hacker, to being able to recover and return the Bitcoin and possibly the Litecoin that was stolen.
After Vernon agreed to Cryptcracker’s modified deal, Cryptcracker said that the coins would be returned after a contract was drawn up and posted. Cryptsy then posted the aforementioned contract, both on Twitter and on its website.
Not long after, media outlets began reporting that Cryptsy’s stolen funds were about to be returned.
As of press time, no funds have been forthcoming and Cryptcracker has given another excuse for the delay: He needs to talk to his lawyer.
Consulting lawyer to make sure nothing gets in between me getting paid my bounty when coins are recovered.
— cryptcracker (@cryptcracker1) March 14, 2016
Journalists should know not to trust anyone with an egg as their twitter profile picture.
Cryptcracker has provided no evidence that he has the ability to either reveal the alleged hacker’s identity or to recover the stolen funds. Users of the Bitcointalk forum have accused him of in some way working with Cryptsy staff, or that he may actually be a member of Cryptsy’s leadership using a sock puppet account.
I have my doubts that this is something concocted by the Cryptsy leadership itself. If it had been, then the Cryptsy staff would have most likely publicly responded to the offer back in January. That they waited a full three months to respond seems like an unnecessary and overly complicated deception. Rather, it seems reasonable that they would have made it public as soon as their delayed withdraw plan dried up.
But just because Cryptcracker likely isn’t from Cryptsy doesn’t mean the funds are about to be returned. There is simply no reason to believe this is going to happen. First, Cryptcracker would have a lot more to gain by simply taking the ill-gotten gains for himself. While it is true that there would be some value in holding coins that aren’t associated with a high-profile hack, anyone skilled enough to recover them would also be skilled enough to properly launder the coins to the point that they are untraceable. Even if you believe that Cryptcracker is simply a good Samaritan, without any proof that the coins have been recovered it is best to assume that they haven’t been. Simply moving 1mBTC out of the account, or signing a message with the bitcoin address, would have gone a long way to proving to Cryptsy (and the world) that his claims were legitimate and would have gotten their attention much quicker than a tweet.
There are two possibilities that seem likely to me: Either the original hack was real and the Cryptsy staff is playing this out in the off chance that Cryptcracker comes through, or the original hack never occurred and Cryptsy is only responding because if they didn’t, it would appear that they didn’t care. In this scenario, Cryptsy isn’t unlike OJ Simpson when he claimed that he would spend every waking moment trying to track down Nicole’s murderer. They know the funds aren’t coming back but they have to pretend to be flipping over every stone for the benefit of the users whose coins they stole.
In either case, Cryptsy hasn’t made a “deal” to recover the funds. Best case scenario, they made a deal with an anonymous person who more than likely has no chance to do what he promised. Worst case scenario, this is an elaborate scam designed to distract us from something much larger.
The “stolen” coins have not moved, we will update you if they ever do.
[For reference: Bitcoin talk Forum]
[Photo: Engelbert Reineke]