We recently explored the story of how an early bitcoin adopter and major NXT stakeholder lost over $1 million of cryptocurrency to a hacker. Androklis Polymenis (better known by his forum handle kLee) announced an unprecedented 500 bitcoin bounty for information leading the return of his money. Since then, things have moved fast and a resolution has been reached. Here's how the story ended – and what lessons were learned along the way.
1) Some of the money was returned
The huge bitcoin bounty – over 40 percent of the stolen 1,170 bitcoins – generated a frenzy of interest. The prospect of a $300,000 reward on his head understandably proved to be a source of considerable anxiety to the hacker.
As many noted at the time, people will go a long way for $300,000, and in a year or two years' time that sum could have grown to $3 million if bitcoin appreciates along its historical path. One of the likely outcomes is that the episode could have ended very badly for both victim and perpetrator, with the hacker being violently hunted down and the bitcoins changing hands to another criminal, rather than being returned to kLee.
The hacker contacted kLee and offered to send back 462 bitcoins, on the condition that kLee called off the hunt. Although it seemed like he was in a strong negotiating position at this point, kLee chose to think of his dependents and accepted the offer, preferring to get back some of his money rather than run the risk of losing it all. The 462 coins have just been returned, in two instalments, and kLee has publicly cancelled the bounty. Of course, the hacker still holds some 700+ stolen coins, and there is no honour among thieves. Whether kLee's statement will be enough to convince the bounty hunters to back off, or whether they will go freelance, remains to be seen. (Suffice to say that I still wouldn't want to be in the hacker's shoes. The fact that he even made the offer suggests enough information had been gathered that he considered his capture a distinct possibility.)
Alongside the bitcoin theft, several million NXT were also stolen. These were sent to BTER, where a large number were sold for bitcoin – crashing the price of NXT in the process. The good news is that swift action by BTER resulted in the hacker's account being frozen and around 3 million NXT ultimately returned. Since the funds stolen also included 2.8 million NXT earmarked for NXT infrastructure spending, this was a welcome development for the NXT community. The transfer was made after identities were confirmed, and the hacker had been contacted using his sign-up email address and his acquiescence to the deal established for legal reasons.
See how the story of the bitcoin bounty unfolded here.