A Kidnap, a Ransom, and the Limits of Bitcoin as a Criminal Currency
01.17.2019

Costa Rican news outlets have been reporting a tragic crime story that has an interesting cryptocurrency twist. Twelve people have been arrested in Costa Rica and Spain in connection with the kidnapping (and suspected murder) of American entrepreneur William Sean Creighton, who disappeared in September 2018 and hasn’t been seen since. Creighton’s family were contacted by the kidnappers after his disappearance, and asked to pay a ransom of $5 million USD in bitcoin, but they were only able to pay $1 million. Despite making a transfer, Creighton was not released, and is now presumed dead. It’s thought that Creighton was targeted because he ran a sportsbook betting business in Costa Rica called 5Dimes, and was taking payment in bitcoin.

The story has caught the public’s attention for many reasons, not only because kidnappings are rare in Costa Rica, but also because his girlfriend, mother, and grandmother have all been arrested. The fact that the criminal band apparently includes two policemen is also an indication of the appalling degree of corruption that plagues law enforcement in my county of origin. These policemen reportedly collaborated in stopping the victim on the road, facilitating and allowing his kidnap.

As an avid follower of cryptocurrencies, the most interesting element for me has been how the band was apprehended despite the use of bitcoin. One of the most vaunted characteristics of bitcoin is its anonymity, and this is the reason why it has become the currency of choice for many criminal activities. In theory, BTC exists as a claim to funds held in a digital address, and you do not need to provide identity to gain access to those funds, only possession of a private key.

While bitcoin is anonymous, the failure point is always its interface with reality.

But unless you intend to remain fully digital, the anonymity element fails in its interaction with the tangible world. This seems to be where the criminals made key errors, giving themselves away. While some of the specifics are sketchy, it seems that by converting their crypto assets into fiat currency, they showed their identity. All bitcoin transactions are public because they are recorded on the public ledger that is the blockchain, and as the victim’s family made a payment with bitcoin, they would have known which address the funds were sent to, and these accounts would have been given to the police.

The chief of the Costa Rican Judicial Police said the main suspect, a 25-year-old computer engineer named Morales-Vega, opened an e-wallet in his residence in Cartago, Costa Rica, shortly after the funds were sent by the victim’s family. This led the police to quickly find him. Apparently, when moving funds in and out of one wallet, an IP address was revealed which was linked to Morales-Vega. We have not been given full details other than that, but the Costa Rican authorities claimed that they were able to identify the suspect early on due to this IP address, and then they passed those details to the Spanish police.

The suspect and three members of Creighton’s family fled to Spain via Panama and Cuba, and once there spent lavishly on apartments and restaurants, apparently waiting for the rest of the gang to join them. All the while they were being watched by the Spanish authorities, and then they were caught.

There are various ways the police could have identified the suspect. The most likely in my opinion is that he had opened an exchange account to transfer funds from bitcoin to other currencies (it’s difficult to pay for daily stuff with cryptocurrency after all). He either used his real details to comply with money laundering regulations, or he connected to the exchange to manage his wallet with his real IP address, which could have made him easier to find. The police only needed to ask the exchange for either his real name, or the IP addresses connected to the cryptocurrency wallets, and it is likely that the exchange complied immediately. It is quite remarkable that the police were aware of his identity very early on, and were able to notify Interpol and authorities in Spain that he was moving there.

This is a fascinating conclusion to a very tragic crime, and one that shows us that while bitcoin is anonymous, the failure point is always its interface with reality. While it is true that many criminals have managed to evade justice by the use of cryptocurrencies, when there is a very large criminal offense such as a murder or a kidnapping, police may be able to identify criminals because eventually most people will make a mistake and give away their identity, particularly if they want to exchange their digital assets.

In other words, even cybercriminals should HODL.

Andres Guadamuz is a senior lecturer at the University of Sussex, in the U.K. A version of this post first appeared at Guadamuz’s site TechnoLlama