Cloned Boy
Professional
- Messages
- 1,017
- Reaction score
- 787
- Points
- 113
Welcome to a series of stories from the dark web. Here you will find reports of hackers, carders, escrocs and other cybercriminals whose actions cannot protect your data and knowledge. We explore the secrets of the dark web, investigate the patterns of financial fraud, explore the world of cybercrime and learn how social engineers and system manipulators work. This series is your guide to the numbered shadows, where danger can be found behind the click.
Important: All information is for educational purposes only. We do not promote or encourage any illegal activity. We encourage all readers to remain cautious on the Internet.
Hello, friends! Today I have something truly exclusive for you - a series of posts from the closed dark web forum Cypher Vault, which you will not find anywhere else. The material is so rare that even I had to use all my connections to get access to it. Imagine an ordinary guy – a cybersecurity professional who has spent his entire life protecting the digital assets of the rich, one day losing everything because of his honesty.
A ruined career, a lost reputation and the tragic death of his best friend, who became a victim of a cryptocurrency Ponzi scheme. What happens when a man who knows all the secrets of digital security decides to switch sides? An elite team of hackers. A multi-million dollar target. A flawless plan. But what if everything goes wrong. And most importantly, how does the hunt for digital treasure end? Or maybe this story, turn on notifications, this story is too good to miss even one part of it.
Now get comfortable, we are diving into the world of digital ghosts and lost bitcoins.
Hello! They call me a ghost here, and I want to keep it that way for my own safety. By the time you read this, I have already disappeared from the radar. This post is the only evidence of my existence, and I share it only because some stories need to be told. Until 2018, I was what you’d call a good guy.
At 38, I was a senior cybersecurity analyst at Gibraltar Shield, a San Francisco firm that specialized in protecting financial systems. My office was in a glass tower overlooking the bay, and my salary allowed me to rent an apartment in the Richmond District. It was a normal life, it seemed. I’d wake up at 6:30 a.m. every morning, run five miles along the waterfront, and be at my desk by 9, reviewing security logs.
I protected digital safes for people. People you don’t even know exist. My clients stored billions of dollars in cryptocurrency. When early Bitcoin miners went from geeks to millionaires, I was the one they came to for protection. I didn’t have a formal education. I left Chicago at 17 with just a backpack and an old laptop. My parents wanted me to follow in my father’s footsteps and become an oil engineer.
But I was more interested in digital code than black gold. That’s how I ended up in Silicon Valley in 1999, just in time for the Datcom boom. A self-taught guy with Russian roots, I worked my way up through talent and perseverance. After 20 years of work, I had learned everything from digital security from encryption to social engineering.
I knew how people protect their money and how these protections could be circumvented. October 15, 2018, changed everything. That day, I discovered strange activity in the systems of our client, the cryptocurrency fund Helios Capital. Their algorithms were siphoning investors’ funds offshore in small increments, not big enough to raise suspicion, but adding up to around $40 million.
I gathered evidence and presented it to the Gibraltar Shield board, and their reaction stunned me. “Alex, Helios is our biggest client. Your job is to protect their systems, not their business model.” A week later, I received a compliance notice, and two weeks later, I was fired for unauthorized access to client data.
Someone had doctored the logs, which showed I was copying confidential information for personal gain. That night, I sat on Pier 39, looking out over Alcatraz. My career was in tatters, my reputation was destroyed. I had learned the hard truth. The system doesn’t protect honest people, it protects those with money. But the real blow came on November 22, 2018. My best friend, Jack Thornton, a Boston-based programmer I met in the 2000s, killed himself.
He’d lost his entire life savings, $780,000, investing in the cryptocurrency Ponzi scheme Bitcoin, which collapsed in early 2018. In his suicide note, he wrote, “They stole not only my money, but my dream. I don’t see a way out anymore.” Standing at his grave in Boston’s Forest Hills Cemetery in the cold December rain, I made a life-changing decision.
I would no longer protect the system. I would make it pay. That night, I bought a new laptop with cash, created an encrypted email account, and logged into the Dark Web for the first time, not as a defender, but as a predator. I was 38 years old. I had 20 years of cybersecurity experience under my belt. And a new mission ahead. I had a plan.
I knew there were thousands of bitcoins sitting in dead wallets, lost, forgotten, abandoned. The bitcoins of early miners bought by a patient were now worth millions. And I knew how to find them. But to do so, I needed a team. An elite group of specialists, each the best in their field. Finding good hackers is not a problem.
Finding hackers you can trust with your life is almost impossible. But I knew where to look. In January 2019, I rented an apartment in Daly City, a suburb of San Francisco. Anonymously, for cash. It was there that I built my digital fortress. Six monitors, a dedicated line, $30,000 worth of equipment. I called it The Burrow. The first thing I did was go to a darknet forum called The Basement, a place I knew about from my previous job.
It was a deeply buried, invite-only platform where cybersecurity experts and hackers traded information. I used my old screen name, Blackswan. No one knew that a former corporate defender was hiding behind it. On February 3, 2019, I posted an encrypted message: Treasure Hunters Wanted.
Needed. Voice, Code, Shadow. Payment 10% each, only the best. 24 hours later, I received the first response from the user Mephistopheles. He wrote in flawless English. I can become anyone over the phone. From the CEO to your mother. Berlin, February 15, Café Einstein on Unterden Linden. Table by the window, 2:00 PM. If you are real, I will know.
I flew to Berlin on February 14. Sitting in the historic café, I watched the visitors. Exactly at 2:00 PM, a man of about 35 years old in a perfectly tailored suit sat down at my table. He said my real name with a slight German accent. "My name is Mephisto." I realized that it was from his nickname Mephistopheles on the forum.
“I looked at your CV on LinkedIn, an impressive career with the Gibraltar Shield, too bad it ended so badly. I didn’t publish my real name anywhere, certainly not on a forum.” Mephisto smiled at my surprise. “It was a test. If you had panicked, I would have left. But you kept your cool, you passed.” Mephisto was a former employee of the German Federal Intelligence Service.
His specialty was social engineering. He could convince anyone of anything over the phone or in person. He quit after the government used his skills against political opponents rather than terrorists. “I’m tired of being a pawn,” he said, “your hunt for bitcoins sounds more interesting.” I found the second member of the team through Mephisto.
On March 5, 2019, we met at the White Rabbit restaurant in Moscow with a man known in narrow circles as Kronos, a mathematical genius and Moscow State University graduate. He could crack almost any encryption system. “I heard you’re looking for lost bitcoins,” Kronos said in flawless English, sipping vodka. Funny. I’d been writing algorithms to recover private keys since 2006, but I’d never been allowed to use them officially.
Kronos worked for a Russian tech company, developing security systems for banks. But secretly, he was creating algorithms to hack crypto wallets. I saw the same disappointment in his eyes as I did in mine. “The system takes everything from people,” he said. “I want to take something from the system.”
The third member of our team took the longest to find. We needed a darknet expert—someone who knew every hidden corner of the digital underground. We found him in Barcelona in April 2019. Spider. He worked as an administrator for a major Spanish crypto exchange. At night, he lived a shadowy life, like El Fantomas. A ghost of the dark web, a broker of deals that are not spoken about out loud. “We met in a small bar in the Gothic quarter.”
“Are you looking for lost coins?” he asked, examining a glass of sangrea. “I know every corner of the web where they talk about cryptocurrency. I know stories of people who bought thousands of bitcoins for a few cents and forgot about them. Or died without leaving passwords.” On April 15, 2019, we met for the first time, in an encrypted chat created especially for us.
Alex, the cybersecurity specialist, Mephisto, the master of persuasion, Kronos, the coding genius, Ramon, the shadow of the dark web. Gentlemen, I wrote, we have skills, contacts, and motivation. “Now we need a goal. Not just any rich wallet. We’ll be hunting for a specific type of prey, those who deserve to lose their money.”
“And I have the perfect first target,” Ramon added. A man who bought 8,000 bitcoins for $100 in 2011. “That’s worth a fortune now. And from what I can tell from my sources, he’s not the most honest person in the world.” That’s when our hunt was born. We called ourselves Phantoms, the ghosts of the digital world. And our first operation began. Digital treasure hunting requires patience.
That’s what 20 years in cybersecurity has taught me. Successful attacks take months, not hours. In May 2019, we began gathering information on our first target. Spider provided us with the name of an early Bitcoin investor who bought 8,000 bitcoins in 2011 for $100. At today’s rate, that’s over $280 million. From now on, I’ll call him Keith.
“How did you find out about him?” I asked Ramon over an encrypted video call. “There are legends about early Whales on the dark web,” he replied, sipping coffee in his apartment. In 2011, this guy bragged about his purchase on the Bitcoin Talk forum. Then he disappeared for years. He returned in 2017 during the boom, started transferring small amounts of money to exchanges. Kronos immediately found the posts in the archive.
Keith used the same handle. This was already a mistake. We spent the next two weeks digging into the digital trail. Keith was not just an early investor, he was one of the creators of the infamous Cryptoflex exchange, which closed without warning in 2017, taking the deposits of thousands of customers. “This is what I was looking for,” I told the team on June 1, 2019.
Not just a rich man. A scammer who ruined the lives of others. We had a three-part plan – reconnaissance, infiltration, or in simple terms, penetration, and extraction, or attack. The reconnaissance phase began on June 5th. Mephisto took over the task of gathering information about our target’s personal life. “He lives in Austin, Texas,” Mephisto reported a week later.
Bought a $12 million mansion in the Westlake area. Divorced for 45 years with two kids from different marriages. Obsessive-compulsive disorder, judging by his daily routine. Mephisto was a master. He called the ex-wife of the so-called Keith, posing as a journalist writing an article about successful crypto investors. In 15 minutes of conversation, he learned more than we could have learned in a month of digital reconnaissance.
“Our Keith never remembers passwords,” Mephisto said, reading from his notes. Stores them in an encrypted file. The file is protected by a phrase related to his childhood in Portland. Meanwhile, Kronos studied the transactions. His main wallet hadn’t been touched since 2013, he said on June 20. But there was a chain of small transactions leading to Keith, who uses a multisig.
Three keys were needed to access it. Spider dove into the dark web, gathering rumors about Keith’s methods. “He’s paranoid,” Spider said during our video conference on June 25. One key is on an encrypted flash drive he carries with him. Another is on his home computer. The third is rumored to be in a safety deposit box in Switzerland. I coordinated the work from my hole in Daly City.
The walls were covered with diagrams, graphs, and photos. By July 2019, we knew almost everything about our target – his daily routine, his habits, his weaknesses, his defenses. But we needed a way to penetrate his digital fortress. On July 10, Mephisto offered a solution. “Our target is looking for a new system administrator for his home office. He posts the job through an exclusive agency.
I can convince them that I have the perfect candidate." That candidate was me. Mephisto created a new identity for me - David Chen.
An IT security specialist with an impressive resume. Spider provided fake references from well-known tech companies. Kronos hacked the agency’s database to get my candidacy into their system. On August 1, 2019, I had my first interview via video link. On August 5, a second one with the victim himself.
“Mr. Chen, your resume is impressive,” Keith said, studying me through the screen. “But I need someone who understands the importance of security at a deep level.” I answered exactly as I was supposed to. “Security is not a technology. It’s a mindset, and the paranoid sleep best.” He smiled. On August 10, I was offered the job, while Kronos developed a special program for recovering private keys.
He called it “Siren.” It could try billions of possible combinations, using contextual information to narrow the search. “If we gain access to his computer and flash drive,” Kronos explained, “Siren will be able to recover the full key in about 24 hours.” On August 15, 2019, I moved to Austin.
Got an apartment near our whale’s house. Places. Bought some clothes, explored the locals, became part of the landscape. On August 20, I started working as a systems administrator. Gained access to his home network, saw his defenses from the inside. Mephisto worked on the social side. He called the whale’s bank in Zurich, pretending to be him, collecting information about the access procedures for the cell. Spider created anonymous wallets and withdrawal routes through a chain of mixers and exchangers.
By September 1, 2019, everything was ready. We planned to act on the weekend when the whale was flying to Hawaii for his monthly vacation. “Three days left,” I wrote to the team in our encrypted chat on September 2. None of us knew that the next day, an event would occur that would completely change our plan and put the entire operation in jeopardy.
On September 3, 2019, everything almost fell apart. My new employer, whom we call Keith, suddenly canceled a trip to Hawaii. “David, we need to update our security immediately,” he told me at 7:30 a.m., before I had even had my coffee. “There was an attack on a well-known exchange. I want to make sure my assets are safe.”
Keith was paranoid, like most crypto whales. I knew this from our intelligence, but now... I saw it up close. He changed his passwords every two weeks, used three-factor authentication, and never kept all his access in one place. I immediately alerted the team through our secure channel. The plan was delayed, the bird remained in the nest. Spider, our darknet expert, responded first.
“This could be an opportunity. Stress makes people careless.” He was right. The panic over the stock exchange hack meant Keith would be checking his assets. And that meant using the keys. We held an emergency meeting that night. We need to adapt, I said. Mephisto, our master of social engineering, suggested a new approach. Let him give us the keys himself.
I could convince him his Swiss bank had been compromised. Kronos, our code genius, shook his head. “Too risky. I suggest another. I modify the siren. If he enters even one of the keys on a computer Ghost has access to, we can capture a partial print and reconstruct the rest.” Spider nodded. “It could work. But we need to act fast.” For the next forty-eight hours, Kronos worked nonstop, creating what he called Chimera, a modified version of the key-trace interception program.
“On September 5th, I installed Chimera on Keith’s home server under the guise of a security update. It’s a cutting-edge monitoring system,” I explained to him. It tracks any unauthorized access attempts in real time.
Keith was impressed. He had no idea that I had just installed the most advanced Keylogger program on his system. On September 7th, what we had been counting on happened. Keith decided to check his main wallet. I watched remotely as Chimera quietly collected data. He used the first key, which was stored on his computer. Then he connected a secure flash drive for the second. “We have partial fingerprints of two keys,” I informed the team.
Kronos immediately began analyzing. I needed time. The third key was still a problem. Mephisto offered a solution. I could convince him that for maximum security, he should check the third key as well. On September 10th, Mephisto called Keith, posing as an employee of a Swiss bank. In a perfect Swiss accent, he explained that the bank was auditing the safety of its safe deposit boxes and was recommending that customers check the safety of their valuables.
It worked. On September 12, Keith informed me that he was flying to Zurich for two days. “David, look after the system,” he said. “I’ll be in touch.” As soon as his plane took off, we began the final phase. Kronos had already reconstructed the structure of the first two keys and was working on an algorithm to predict the third. “I need access to his main computer,” Kronos said.
Remotely. Physically. That night, I entered Keith’s house using my official access keys. I connected a special device directly to his home server. Kronos worked through it, accessing the encrypted data. By dawn on September 13, he sent a message. “I have everything we need. Come back.” Kronos stayed awake for the next 36 hours, working to reconstruct the full key structure.
Spider had prepared a route for the withdrawal. A complex chain of anonymous wallets, mixers, and exchangers. On September 14, at 7:45 p.m. Austin time, Kronos wrote one word in our chat. “Done.” We gathered in an encrypted video conference. On the screen, Kronos showed the recovered keys. “We have access to the wallet,” he said.
Eight thousand twenty-six bitcoins. At the exchange rate at the time. About eighty-three million dollars. We were silent, realizing the enormity of the moment. “Proceeding with the extraction,” I finally said. The transfer of funds would take several hours. We could not withdraw everything at once. It would create too much ripple on the blockchain and attract attention.
Spider created 20 intermediate wallets. Transfers were made in small batches, no more than 50 bitcoins at a time. Each transfer went through a mixer, then split into even smaller amounts, then through yet another mixer, and only then sent to the final wallets controlled by each of us. By 4 a.m. on September 15, the transaction was complete. The funds were extracted, the trail was covered.
Keith’s wallet contained twenty-six bitcoins. Enough that he didn’t immediately notice the loss, but only discovered it the next time he checked. “Two thousand bitcoins for each,” Ian said. “As agreed?” For me, this wasn’t just loot. This was retribution. For Jack, for the thousands of others whose lives had been ruined by crypto scammers like the so-called Keith.
“What now?” Mephisto asked. “Disappear,” I said. “I’m quitting today for family reasons. Keith will return in a week and find the loss. By then, we should be off the radar.” We all knew the risks. For that amount, Keith would raise the alarm not only of the FBI, but also of private investigators.
He would search for us for years. Our last conversation was brief. We deleted all channels of communication, erased all traces of our cooperation, each went his own way, with digital wealth and a promise never to contact each other. I thought that would be the end of the story. But it was only just beginning.
Important: All information is for educational purposes only. We do not promote or encourage any illegal activity. We encourage all readers to remain cautious on the Internet.
Hello, friends! Today I have something truly exclusive for you - a series of posts from the closed dark web forum Cypher Vault, which you will not find anywhere else. The material is so rare that even I had to use all my connections to get access to it. Imagine an ordinary guy – a cybersecurity professional who has spent his entire life protecting the digital assets of the rich, one day losing everything because of his honesty.
A ruined career, a lost reputation and the tragic death of his best friend, who became a victim of a cryptocurrency Ponzi scheme. What happens when a man who knows all the secrets of digital security decides to switch sides? An elite team of hackers. A multi-million dollar target. A flawless plan. But what if everything goes wrong. And most importantly, how does the hunt for digital treasure end? Or maybe this story, turn on notifications, this story is too good to miss even one part of it.
Now get comfortable, we are diving into the world of digital ghosts and lost bitcoins.
Hello! They call me a ghost here, and I want to keep it that way for my own safety. By the time you read this, I have already disappeared from the radar. This post is the only evidence of my existence, and I share it only because some stories need to be told. Until 2018, I was what you’d call a good guy.
At 38, I was a senior cybersecurity analyst at Gibraltar Shield, a San Francisco firm that specialized in protecting financial systems. My office was in a glass tower overlooking the bay, and my salary allowed me to rent an apartment in the Richmond District. It was a normal life, it seemed. I’d wake up at 6:30 a.m. every morning, run five miles along the waterfront, and be at my desk by 9, reviewing security logs.
I protected digital safes for people. People you don’t even know exist. My clients stored billions of dollars in cryptocurrency. When early Bitcoin miners went from geeks to millionaires, I was the one they came to for protection. I didn’t have a formal education. I left Chicago at 17 with just a backpack and an old laptop. My parents wanted me to follow in my father’s footsteps and become an oil engineer.
But I was more interested in digital code than black gold. That’s how I ended up in Silicon Valley in 1999, just in time for the Datcom boom. A self-taught guy with Russian roots, I worked my way up through talent and perseverance. After 20 years of work, I had learned everything from digital security from encryption to social engineering.
I knew how people protect their money and how these protections could be circumvented. October 15, 2018, changed everything. That day, I discovered strange activity in the systems of our client, the cryptocurrency fund Helios Capital. Their algorithms were siphoning investors’ funds offshore in small increments, not big enough to raise suspicion, but adding up to around $40 million.
I gathered evidence and presented it to the Gibraltar Shield board, and their reaction stunned me. “Alex, Helios is our biggest client. Your job is to protect their systems, not their business model.” A week later, I received a compliance notice, and two weeks later, I was fired for unauthorized access to client data.
Someone had doctored the logs, which showed I was copying confidential information for personal gain. That night, I sat on Pier 39, looking out over Alcatraz. My career was in tatters, my reputation was destroyed. I had learned the hard truth. The system doesn’t protect honest people, it protects those with money. But the real blow came on November 22, 2018. My best friend, Jack Thornton, a Boston-based programmer I met in the 2000s, killed himself.
He’d lost his entire life savings, $780,000, investing in the cryptocurrency Ponzi scheme Bitcoin, which collapsed in early 2018. In his suicide note, he wrote, “They stole not only my money, but my dream. I don’t see a way out anymore.” Standing at his grave in Boston’s Forest Hills Cemetery in the cold December rain, I made a life-changing decision.
I would no longer protect the system. I would make it pay. That night, I bought a new laptop with cash, created an encrypted email account, and logged into the Dark Web for the first time, not as a defender, but as a predator. I was 38 years old. I had 20 years of cybersecurity experience under my belt. And a new mission ahead. I had a plan.
I knew there were thousands of bitcoins sitting in dead wallets, lost, forgotten, abandoned. The bitcoins of early miners bought by a patient were now worth millions. And I knew how to find them. But to do so, I needed a team. An elite group of specialists, each the best in their field. Finding good hackers is not a problem.
Finding hackers you can trust with your life is almost impossible. But I knew where to look. In January 2019, I rented an apartment in Daly City, a suburb of San Francisco. Anonymously, for cash. It was there that I built my digital fortress. Six monitors, a dedicated line, $30,000 worth of equipment. I called it The Burrow. The first thing I did was go to a darknet forum called The Basement, a place I knew about from my previous job.
It was a deeply buried, invite-only platform where cybersecurity experts and hackers traded information. I used my old screen name, Blackswan. No one knew that a former corporate defender was hiding behind it. On February 3, 2019, I posted an encrypted message: Treasure Hunters Wanted.
Needed. Voice, Code, Shadow. Payment 10% each, only the best. 24 hours later, I received the first response from the user Mephistopheles. He wrote in flawless English. I can become anyone over the phone. From the CEO to your mother. Berlin, February 15, Café Einstein on Unterden Linden. Table by the window, 2:00 PM. If you are real, I will know.
I flew to Berlin on February 14. Sitting in the historic café, I watched the visitors. Exactly at 2:00 PM, a man of about 35 years old in a perfectly tailored suit sat down at my table. He said my real name with a slight German accent. "My name is Mephisto." I realized that it was from his nickname Mephistopheles on the forum.
“I looked at your CV on LinkedIn, an impressive career with the Gibraltar Shield, too bad it ended so badly. I didn’t publish my real name anywhere, certainly not on a forum.” Mephisto smiled at my surprise. “It was a test. If you had panicked, I would have left. But you kept your cool, you passed.” Mephisto was a former employee of the German Federal Intelligence Service.
His specialty was social engineering. He could convince anyone of anything over the phone or in person. He quit after the government used his skills against political opponents rather than terrorists. “I’m tired of being a pawn,” he said, “your hunt for bitcoins sounds more interesting.” I found the second member of the team through Mephisto.
On March 5, 2019, we met at the White Rabbit restaurant in Moscow with a man known in narrow circles as Kronos, a mathematical genius and Moscow State University graduate. He could crack almost any encryption system. “I heard you’re looking for lost bitcoins,” Kronos said in flawless English, sipping vodka. Funny. I’d been writing algorithms to recover private keys since 2006, but I’d never been allowed to use them officially.
Kronos worked for a Russian tech company, developing security systems for banks. But secretly, he was creating algorithms to hack crypto wallets. I saw the same disappointment in his eyes as I did in mine. “The system takes everything from people,” he said. “I want to take something from the system.”
The third member of our team took the longest to find. We needed a darknet expert—someone who knew every hidden corner of the digital underground. We found him in Barcelona in April 2019. Spider. He worked as an administrator for a major Spanish crypto exchange. At night, he lived a shadowy life, like El Fantomas. A ghost of the dark web, a broker of deals that are not spoken about out loud. “We met in a small bar in the Gothic quarter.”
“Are you looking for lost coins?” he asked, examining a glass of sangrea. “I know every corner of the web where they talk about cryptocurrency. I know stories of people who bought thousands of bitcoins for a few cents and forgot about them. Or died without leaving passwords.” On April 15, 2019, we met for the first time, in an encrypted chat created especially for us.
Alex, the cybersecurity specialist, Mephisto, the master of persuasion, Kronos, the coding genius, Ramon, the shadow of the dark web. Gentlemen, I wrote, we have skills, contacts, and motivation. “Now we need a goal. Not just any rich wallet. We’ll be hunting for a specific type of prey, those who deserve to lose their money.”
“And I have the perfect first target,” Ramon added. A man who bought 8,000 bitcoins for $100 in 2011. “That’s worth a fortune now. And from what I can tell from my sources, he’s not the most honest person in the world.” That’s when our hunt was born. We called ourselves Phantoms, the ghosts of the digital world. And our first operation began. Digital treasure hunting requires patience.
That’s what 20 years in cybersecurity has taught me. Successful attacks take months, not hours. In May 2019, we began gathering information on our first target. Spider provided us with the name of an early Bitcoin investor who bought 8,000 bitcoins in 2011 for $100. At today’s rate, that’s over $280 million. From now on, I’ll call him Keith.
“How did you find out about him?” I asked Ramon over an encrypted video call. “There are legends about early Whales on the dark web,” he replied, sipping coffee in his apartment. In 2011, this guy bragged about his purchase on the Bitcoin Talk forum. Then he disappeared for years. He returned in 2017 during the boom, started transferring small amounts of money to exchanges. Kronos immediately found the posts in the archive.
Keith used the same handle. This was already a mistake. We spent the next two weeks digging into the digital trail. Keith was not just an early investor, he was one of the creators of the infamous Cryptoflex exchange, which closed without warning in 2017, taking the deposits of thousands of customers. “This is what I was looking for,” I told the team on June 1, 2019.
Not just a rich man. A scammer who ruined the lives of others. We had a three-part plan – reconnaissance, infiltration, or in simple terms, penetration, and extraction, or attack. The reconnaissance phase began on June 5th. Mephisto took over the task of gathering information about our target’s personal life. “He lives in Austin, Texas,” Mephisto reported a week later.
Bought a $12 million mansion in the Westlake area. Divorced for 45 years with two kids from different marriages. Obsessive-compulsive disorder, judging by his daily routine. Mephisto was a master. He called the ex-wife of the so-called Keith, posing as a journalist writing an article about successful crypto investors. In 15 minutes of conversation, he learned more than we could have learned in a month of digital reconnaissance.
“Our Keith never remembers passwords,” Mephisto said, reading from his notes. Stores them in an encrypted file. The file is protected by a phrase related to his childhood in Portland. Meanwhile, Kronos studied the transactions. His main wallet hadn’t been touched since 2013, he said on June 20. But there was a chain of small transactions leading to Keith, who uses a multisig.
Three keys were needed to access it. Spider dove into the dark web, gathering rumors about Keith’s methods. “He’s paranoid,” Spider said during our video conference on June 25. One key is on an encrypted flash drive he carries with him. Another is on his home computer. The third is rumored to be in a safety deposit box in Switzerland. I coordinated the work from my hole in Daly City.
The walls were covered with diagrams, graphs, and photos. By July 2019, we knew almost everything about our target – his daily routine, his habits, his weaknesses, his defenses. But we needed a way to penetrate his digital fortress. On July 10, Mephisto offered a solution. “Our target is looking for a new system administrator for his home office. He posts the job through an exclusive agency.
I can convince them that I have the perfect candidate." That candidate was me. Mephisto created a new identity for me - David Chen.
An IT security specialist with an impressive resume. Spider provided fake references from well-known tech companies. Kronos hacked the agency’s database to get my candidacy into their system. On August 1, 2019, I had my first interview via video link. On August 5, a second one with the victim himself.
“Mr. Chen, your resume is impressive,” Keith said, studying me through the screen. “But I need someone who understands the importance of security at a deep level.” I answered exactly as I was supposed to. “Security is not a technology. It’s a mindset, and the paranoid sleep best.” He smiled. On August 10, I was offered the job, while Kronos developed a special program for recovering private keys.
He called it “Siren.” It could try billions of possible combinations, using contextual information to narrow the search. “If we gain access to his computer and flash drive,” Kronos explained, “Siren will be able to recover the full key in about 24 hours.” On August 15, 2019, I moved to Austin.
Got an apartment near our whale’s house. Places. Bought some clothes, explored the locals, became part of the landscape. On August 20, I started working as a systems administrator. Gained access to his home network, saw his defenses from the inside. Mephisto worked on the social side. He called the whale’s bank in Zurich, pretending to be him, collecting information about the access procedures for the cell. Spider created anonymous wallets and withdrawal routes through a chain of mixers and exchangers.
By September 1, 2019, everything was ready. We planned to act on the weekend when the whale was flying to Hawaii for his monthly vacation. “Three days left,” I wrote to the team in our encrypted chat on September 2. None of us knew that the next day, an event would occur that would completely change our plan and put the entire operation in jeopardy.
On September 3, 2019, everything almost fell apart. My new employer, whom we call Keith, suddenly canceled a trip to Hawaii. “David, we need to update our security immediately,” he told me at 7:30 a.m., before I had even had my coffee. “There was an attack on a well-known exchange. I want to make sure my assets are safe.”
Keith was paranoid, like most crypto whales. I knew this from our intelligence, but now... I saw it up close. He changed his passwords every two weeks, used three-factor authentication, and never kept all his access in one place. I immediately alerted the team through our secure channel. The plan was delayed, the bird remained in the nest. Spider, our darknet expert, responded first.
“This could be an opportunity. Stress makes people careless.” He was right. The panic over the stock exchange hack meant Keith would be checking his assets. And that meant using the keys. We held an emergency meeting that night. We need to adapt, I said. Mephisto, our master of social engineering, suggested a new approach. Let him give us the keys himself.
I could convince him his Swiss bank had been compromised. Kronos, our code genius, shook his head. “Too risky. I suggest another. I modify the siren. If he enters even one of the keys on a computer Ghost has access to, we can capture a partial print and reconstruct the rest.” Spider nodded. “It could work. But we need to act fast.” For the next forty-eight hours, Kronos worked nonstop, creating what he called Chimera, a modified version of the key-trace interception program.
“On September 5th, I installed Chimera on Keith’s home server under the guise of a security update. It’s a cutting-edge monitoring system,” I explained to him. It tracks any unauthorized access attempts in real time.
Keith was impressed. He had no idea that I had just installed the most advanced Keylogger program on his system. On September 7th, what we had been counting on happened. Keith decided to check his main wallet. I watched remotely as Chimera quietly collected data. He used the first key, which was stored on his computer. Then he connected a secure flash drive for the second. “We have partial fingerprints of two keys,” I informed the team.
Kronos immediately began analyzing. I needed time. The third key was still a problem. Mephisto offered a solution. I could convince him that for maximum security, he should check the third key as well. On September 10th, Mephisto called Keith, posing as an employee of a Swiss bank. In a perfect Swiss accent, he explained that the bank was auditing the safety of its safe deposit boxes and was recommending that customers check the safety of their valuables.
It worked. On September 12, Keith informed me that he was flying to Zurich for two days. “David, look after the system,” he said. “I’ll be in touch.” As soon as his plane took off, we began the final phase. Kronos had already reconstructed the structure of the first two keys and was working on an algorithm to predict the third. “I need access to his main computer,” Kronos said.
Remotely. Physically. That night, I entered Keith’s house using my official access keys. I connected a special device directly to his home server. Kronos worked through it, accessing the encrypted data. By dawn on September 13, he sent a message. “I have everything we need. Come back.” Kronos stayed awake for the next 36 hours, working to reconstruct the full key structure.
Spider had prepared a route for the withdrawal. A complex chain of anonymous wallets, mixers, and exchangers. On September 14, at 7:45 p.m. Austin time, Kronos wrote one word in our chat. “Done.” We gathered in an encrypted video conference. On the screen, Kronos showed the recovered keys. “We have access to the wallet,” he said.
Eight thousand twenty-six bitcoins. At the exchange rate at the time. About eighty-three million dollars. We were silent, realizing the enormity of the moment. “Proceeding with the extraction,” I finally said. The transfer of funds would take several hours. We could not withdraw everything at once. It would create too much ripple on the blockchain and attract attention.
Spider created 20 intermediate wallets. Transfers were made in small batches, no more than 50 bitcoins at a time. Each transfer went through a mixer, then split into even smaller amounts, then through yet another mixer, and only then sent to the final wallets controlled by each of us. By 4 a.m. on September 15, the transaction was complete. The funds were extracted, the trail was covered.
Keith’s wallet contained twenty-six bitcoins. Enough that he didn’t immediately notice the loss, but only discovered it the next time he checked. “Two thousand bitcoins for each,” Ian said. “As agreed?” For me, this wasn’t just loot. This was retribution. For Jack, for the thousands of others whose lives had been ruined by crypto scammers like the so-called Keith.
“What now?” Mephisto asked. “Disappear,” I said. “I’m quitting today for family reasons. Keith will return in a week and find the loss. By then, we should be off the radar.” We all knew the risks. For that amount, Keith would raise the alarm not only of the FBI, but also of private investigators.
He would search for us for years. Our last conversation was brief. We deleted all channels of communication, erased all traces of our cooperation, each went his own way, with digital wealth and a promise never to contact each other. I thought that would be the end of the story. But it was only just beginning.
