Feds Investigating Silk Road Accused Of Stealing Bitcoin, Abusing Gov't Power, Issuing Fake Subpoenas
from the the-movie-plot-just-got-a-sequel dept
Many people have noted that the story of Ross Ulbricht, supposed darkmarket underlord of the original Silk Road marketplace, felt like a made-for-Hollywood movie script. It appears that script just got another real world sequel, as the government has charged two members of the federal investigative team with Bitcoin money laundering and wire fraud. It appears that the DEA’s Carl Force and the Secret Service’s Shaun Bridges became experts in Bitcoin, that they used the investigation as an opportunity to enrich themselves. While it probably won’t have much of an impact on Ulbricht’s eventual court results on appeal, it still is going to raise some more significant questions about some of the investigations (though, it appears that both Force and Bridges were part of the Maryland investigations team, which was separate from the NY one that was the first to bring Ulbricht down).
And, no, this wasn’t just these guys stashing a few extra Bitcoins into personal accounts because of easy temptation. Force, in particular, seems to have gone out of his way to abuse his position in multiple ways. Force — while still employed by the DEA — apparently acted as the “Chief Compliance Officer” of the fairly well known Bitcoin exchange site Coinmkt, and used his position and power to abuse the system and steal money from customers. Here’s from the criminal complaint:
Force used his official position as a DEA agent to illegally run criminal history checks on individuals for the benefit of a third-party digital currency exchange company, CoinMKT, in which Force had personally invested approximately $110,000 worth of bitcoin.
Force functioned as the de facto Chief Compliance Officer for CoinMKT all the while employed as a DEA agent, even allowing himself to be featured in CoinMKT’s “pitch decks” to venture capital investors and allowing himself to be listed as CoinMKT’s anti-money laundering and/or compliance officer in order to benefit CoinMKT (a company in which Force had invested).
Force improperly directed CoinMKT to freeze one of its individual customer’s accounts containing a large amount of digital currency, worth approximately $297,000, even though he lacked a sufficient legal basis on which to do so, and Force then illegally seized those funds and transferred them into his personal account.
Force used his supervisor’s signature stamp, without authorization, on an official U.S. Department of Justice subpoena and sent the subpoena to a payments company, Venmo, directing the company to unfreeze his own personal account, which had been previously frozen due to certain suspicious activity. Force then sought to conceal evidence of his improper use of an official subpoena by directing the company not to contact the DEA and attempting to destroy copies of the subpoena. When the company did not comply, Force asked another agent on the Baltimore Silk Road Task Force, an IRS agent, to collaborate with him on seizing that company’s bank accounts.
This is someone abusing all sorts of power to steal a ton of money and then continuing to abuse that power to try to cover it all up. The full details of the affidavit throw up all sorts of red flags. Force communicated directly with Ulbricht using PGP encrypted emails, but didn’t tell anyone else on the Silk Road task force about it — nor share with anyone his PGP key and record what the emails said. That’s what he would have done if the communications were for the investigation, not for his own personal gain:
I have conferred with other law enforcement agents who conduct online undercover operations and believe the failure to preserve the private PGP keys while simultaneously directing a target to use PGP to encrypt messages makes little sense in the context of a law enforcement investigation, particularly taking into account that this task force involved multiple law enforcement officers, all of whom might require access to the evidence Force gathered in his dealings with DPR. In the event Force were to lose the PGP private keys, or that something were to happen to Force, any evidence contained in the encrypted PGP format would effectively be lost and unusable without the private keys. Force’s apparent failure to document the private PGP keys for his communications with DPR anywhere in his case file, or to provide them to others at the DEA or to the prosecutor, leads me to believe he did not want anyone other than himself (Force) to be able to decrypt certain of those communications, and that, as a result, he sought to deliberately undermine the integrity of the ongoing Baltimore Silk Road Task Force investigation.
From there, the affidavit details how Force stole Bitcoin, convincing Ulbricht to pay him for information, and then pretending that Ulbricht did not actually pay. The report also details evidence strongly suggesting that Force revealed to Ulbricht (in exchange for $100,000) that Mt. Gox’s Mark Karpeles gave up his name to DHS officials. Amazingly, the first note sent in that thread involves the person signing off as “Carl” and then later pretending to be named “Carla Sophia” (nice one, Carl).
Now, remember all the hubbub in the Baltimore indictment of Ulbricht about how he had communicated with an undercover agent to murder an employee who Ulbricht believed had stolen some money? Some people noticed that all the details of that hit seemed to disappear from the actual trial of Ulbricht. Perhaps it’s because the details of this complaint reveal that it was actually the Federal agents who stole the money in the first place — and then got Ulbricht to give $100,000 to “kill” the employee… who the federal agents had already arrested (which is how they stole the money in the first place!). The twists and turns here are amazing. The employee goes by the initials C.G., and he was grabbed by the Maryland task force (where these two guys served), and gave up his login to his Silk Road identity, known as “Flush.” Soon after that it appears that Flush robbed Silk Road, but it was actually people from the task force. From there we pick up the complaint:
January 25, 2013, C.G. debriefed with FORCE, BRIDGES, and other members of the Baltimore Silk Road Task Force. According to report of the interview, C.G. showed them how to log into Silk Road vendor accounts and reset passwords, how to change the status of a seller to a vendor, how to reset pins, and information about how the Silk Road administrative functions worked. BRIDGES’ text messages indicate that he left the proffer session after one day, and a Silk Road Task Force member stated that BRIDGES told him that he left the latter part of the January 25, 2013, proffer.
On January 25, 2013, during the afternoon and into the night, the Silk Road website suffered a series of sizeable thefts. These thefts affected certain Silk Road vendors and overlapped with the time of the C.G. proffer session. The thefts were accomplished through a series of vendor password and pin resets, something that could be accomplished with the administrator access that C.G. had given to the Baltimore Silk Road Task Force.
On January 26, 2013, the proffer of C.G. continued. BRIDGES left early and did not participate on this day. At some point during that day, DPR communicated to Nob (FORCE) that Silk Road had suffered thefts and that those thefts were associated with C.G.’s account. Law enforcement questioned C.G. about this, and C.G. denied that he had committed the thefts. According to chats I have reviewed from the Silk Road servers and from Ulbricht’s laptop (as well as communications between DPR and one of his employees at the time of the January 25, 2013 thefts) it appears that DPR and the employee believed C.G. was responsible for the thefts, because they managed to associate account, “Flush,” with the theft. As a result of belief that C.G. was responsible for the thefts, DPR communicated with Nob (FORCE) — whom he believed to be a major drug dealer with the ability to procure hit men and hired Nob to have his associates kill C.G. DPR also communicated with another individual and commissioned a hit on C.G. For the hit that Nob’s associates were to perform, DPR paid Nob a total of approximately $80,000 through a bank wire transfer for the murder. FORCE and CG, together with assistance from others on the Baltimore Silk Road Task Force, then faked death to make it look as if Nob’s associates had killed C.G. BRIDGES was to assist with perpetrating this supposed murder-for-hire by working on “proof of death” photographs of C.G. that Nob (FORCE) was to send to DPR.
Got that? It’s a bit confusing, but really crazy. The feds collared this guy, C.G., who gave them his administrative login. From there, it appears that someone on the task force, likely Bridges, proceeded to slip out of the room and go rob Silk Road. In response to this, Ulbricht reasonably flipped out, blaming C.G., and just happened to reach out to another guy on the same task force, Carl Force, to help him kill C.G. So then Force, Bridges and C.G. staged the fake hit on C.G. while it was (allegedly, according to this complaint) Bridges who had swiped the Bitcoin. Holy crap.
Bridges appears to have also been fairly naive about this whole thing. Days after allegedly swiping all that Bitcoin from Ulbricht, Bridges asked Force to ask Ulbricht how to best exchange Bitcoin for cash. Because that’s not suspicious at all. Soon after that, the complaint claims, Bridges set up a new company called Quantum International Investments LLC. A few months later, Quantum got $820,000 from a Mt. Gox account. Apparently, right after transferring that money out of Mt. Gox and into his personal Fidelity account, Bridges was a key player in the affidavit to seize Mt. Gox’s bank accounts. What a shock that he got his money out “just in time.”
The final wire from Mt. Gox to Quantum account was on May 7, 2013. Just two days later, BRIDGES served as the affiant on a seizure warrant for $2.1 million in Mt. Gox accounts. I know from my training and experience as a law enforcement officer that the process of putting together an affidavit in support of a warrant is time consuming and often takes several days, if not longer, to prepare. In serving as an affiant for Mt. Gox bank accounts a mere two days after he had personally received a wire from Mt. Gox (the latest in a series of wires), BRIDGES had a conflict of interest.
A conflict of interest? You don’t say…
Even more ridiculous, after the FBI interviewed him over all of this, he apparently ran to his computer to transfer $250,000 out to another account, because that wouldn’t look suspicious at all. Bridges also reached out directly to Coinbase, the very popular online Bitcoin site, who he was talking to for another investigation, and apparently quizzed them about whether or not the money from Mt. Gox could be traced. As the affidavit notes: “Coinbase found this odd, given that the stated purpose of BRIDGES’ calls concerned an unrelated investigation.” Oh and just a couple weeks ago, after being told he was being suspended and to leave his government laptops in the “evidence vault,” Bridges decided to try something else:
On March 18, 2015, BRIDGES resigned after being told he was being suspended. USSS personnel advised BRIDGES to leave behind his two government-issued computers in the evidence vault. Although he properly tendered one computer where directed, he placed a second Apple brand laptop computer in a cabinet directly above an area that Baltimore personnel use as a “wipe” station. I do not believe BRIDGES would have any reason to store the laptop in this area, other than for it to be in close proximity to computers to be wiped, as personnel has advised this is not a storage area for laptops. Moreover, after BRIDGES was advised of his suspension, he asked his supervisor if he could access his Dell laptop computer to copy electronic receipts of personal items he had purchased from internet merchants. However, instead of copying receipts, BRIDGES began copying a folder entitled “Bitstamp.” Upon noticing what BRIDGES was copying, his supervisor secured the laptop and did not allow BRIDGES further access.
I’m sure there are more details yet to come (and, as always, you’re only hearing one side from a federal indictment, that may leave out some pertinent details). However, this does raise a lot of questions about who the Feds use in investigating cases that involve Bitcoin and how they find trustworthy participants.