from Hacker News

Crypto investor charged with kidnapping and torturing

by jonas21 on 5/25/25, 2:55 AM with 82 comments

  • by carimura on 5/25/25, 5:06 AM

  • by lrvick on 5/25/25, 11:24 AM

    As someone who has worked for and/or audited most major crypto custody companies, I am sad to report every single one takes shortcuts that give single individuals acting alone the power to move billions of dollars in value. They also never review third party dependencies. They blindly merge any code dependabot tells them to merge from internet randos and give it control of the funds.

    This level of negligence should be illegal, but it isn't. Negligence is the default in crypto custody. There are no useful security regulations in this space.

    Even the ones that think they have a good split custody solution or claim to use HSMs always let an IT manager have remote access to all workstations involved or a release engineer build the software that is used shifting the centralized power and risk to them.

    Kidnappings and torture are becoming common as people realize this

    https://github.com/jlopp/physical-bitcoin-attacks

    If you directly or indirectly control secret keys of any significant financial value on your own, you are endangering yourself and your family.

    Even if you only maintain an open source library used by crypto custodians that do not review the code you write, someone has good reason to coerce you into sneaking in malicious code.

    To engineers working at custodians: Make your employers manage keys with a quorum of geographically distributed individuals with HSMs, immutable time delayed access controls, and a software supply chain that is full source bootstrapped, reviewed, compiled deterministically, and signed by multiple people so no single person can manipulate the flow.

    My team and I open sourced a lot of tooling to do this safely. Please use it, or use it for reference to ensure your internal tooling meets the same bar.

    https://trove.distrust.co

  • by 0x38B on 5/25/25, 6:18 AM

    The most telling or disturbing thing I learned from a recent article posted here about the Crypto-related kidnappings was how criminals found some of their victims’ addresses and personal information in marketing data that companies kept on their customers.

  • by canucker2016 on 5/25/25, 4:58 AM

  • by add-sub-mul-div on 5/25/25, 4:27 AM

    Technology isn't even a cool field anymore, the major innovations (crypto, blockchain, AI) have such a film of sliminess around them. You have to ignore or be ignorant of the fact that they're going to be used for scams and bullshit more than for good.

  • by frontfor on 5/25/25, 3:53 AM

    When the weakest link between the criminal and the cryptocurrency is a single person (the holder himself in this instance), that person alone would need to withstand all attacks and “rubber hose cryptanalysis”.

  • by Aeolun on 5/25/25, 11:15 AM

    > Inside the home, the police found Polaroid pictures showing the man bound and being assaulted

    Because of course. These people live in a world where nothing can touch them, least of all the law, so why wouldn’t you literally make your own evidence of your crime and leave it lying around.

  • by baby on 5/26/25, 7:20 PM

    This is so crazy, this happened not far from my place and we saw a lot of cops around, even crazier some people broke into my building 3 days after the kidnapping looking for a "john", even crazieeeer I had coffee with this john (the kidnapper) in 2019 in SF. He seemed a bit odd but overall nice, kind of like a blackhat that had found a job on the other side (he was doing security for a crypto project called grin).

    Most likely this is not your typical kidnapping, I would bet that they knew each other and that there's something else at play. Also the apartment he was staying at is $75k/month rent, that's insane...

  • by cperciva on 5/25/25, 4:38 AM

    This is part of why I designed Tarsnap to keep data as secure as possible, even from me. If someone stores their crypto keys -- or world domination^W optimization plans -- on Tarsnap, I don't want to get kidnapped and tortured by anyone trying to steal that data.

  • by smckk on 5/25/25, 4:28 AM

    Stay safe out there.

    Personal and physical security for founders, operators, and investors

    [0] https://a16zcrypto.com/posts/article/personal-physical-secur...

  • by bpodgursky on 5/25/25, 4:24 AM

    This is said to happen in Russia all the time, except the police never intervene and the bodies are just incinerated once the keys are tortured out.

  • by dang on 5/25/25, 8:27 PM

    Related ongoing thread:

    Wrench Attacks: Physical attacks targeting cryptocurrency users (2024) [pdf] - https://news.ycombinator.com/item?id=44087183 - May 2025 (50 comments)

  • by strathmeyer on 5/25/25, 5:17 AM

    Great job score one for crypto holders who plan on not revealing their key under torture.

  • by brunoqc on 5/25/25, 5:34 AM

  • by web3aj on 5/25/25, 6:48 AM

    This story is unreal.

  • by ChrisArchitect on 5/25/25, 7:42 AM

  • by nikkwong on 5/25/25, 4:36 AM

    Had Satoshi known the impact his innovation would have had on the world, all said and done, I bet he would have chosen to keep it under covers.

  • by rsynnott on 5/25/25, 5:56 PM

    > Inside the home, the police found Polaroid pictures showing the man bound and being assaulted, the law enforcement official said.

    ... Why on earth would you document this?

    > Two butlers who worked at the home were also present and agreed on Friday to be interviewed by the police, the official said.

    ... Why on earth would you do this in a place where you weren't the only person present?! (Also, butlers, wtf?)

    I suppose, much like the crypto people are slowly rediscovering why the modern financial system is as it is, maybe they're also figuring out how to do crimes by trial and error.

  • by greatpostman on 5/25/25, 4:18 AM

    Theres alot of really rich crypto people in nyc that are up to no good.

  • by baxtr on 5/25/25, 4:00 AM

    "Brute force attack"?

  • by mediumsmart on 5/25/25, 4:11 AM

    Man Charged with Kidnapping and Torturing Crypto Investor for Weeks

    considering that the crypto investor was a man and assuming that the man acquired the wallet he was tortured for by investing in crypto.

  • by private_island on 5/25/25, 5:55 AM

    Bring back the penny. A bag of them can be used to stop an attacker.

  • by echan00 on 5/25/25, 8:27 AM

    If the title read 'human charged with kidnapping a d torturing a man' instead does that mean all humans are bad? I fail to see the linkage here