Victim Details Open-Source Investigation Tracing Stolen Bitcoin in Court Filing
On Friday, April 5, 2024, Andrew Schober filed his witness disclosure statement in a lawsuit against Benedict Thompson, Oliver Read, and others in the United States District Court in Colorado.
In the statement, Schober detailed his investigation into the theft of over 16 bitcoins from his digital wallet in 2018. Schober outlined how he used open-source intelligence techniques, including searching public online posts and forum messages, to identify connections between the defendants.
Schober testified that malware was installed on his laptop in February 2018 that contained a file with addresses for over 195,000 bitcoin wallets. Only a few of these wallets had ever been used in transactions, according to the public blockchain records. The blockchain is a distributed digital ledger that publicly records all transactions made with bitcoin and other cryptocurrencies.
By examining records on the blockchain, Schober was able to trace a transaction that sent his stolen bitcoin to one wallet address in the malware. From there, his funds were transferred to another wallet and then used to acquire the privacy-focused cryptocurrency Monero.
Through correspondence with law enforcement and subpoenas of records during pre-trial discovery, Schober argued he had identified Oliver Read and Benedict Thompson as controlling the bitcoin and Montero wallets used in the transactions. Internet records also linked Thompson to the IP address used during the cryptocurrency exchanges, according to Schober’s testimony.
In his statement, Schober stated that expert witnesses would not be necessary, as the core facts around the theft of his bitcoin could be established through blockchain records, documentation from agencies and companies, and his own investigation. However, he said experts could be called if the defense disputed the technical details of the malware or transactions.
The case is scheduled for trial in the coming months. Schober will have to convince the jury that his open-source intelligence work has correctly identified Thompson and Read as the perpetrators responsible for the theft.
Please contact BlockTribune for access to a copy of this filing.
