Bucks burglary probe leads to a Montco hacker and possible $40M bitcoin theft

Police on the trail of two missing laptops and a gold necklace followed it to the Montgomery County home of a self-described computer hacker who claims responsibility for what could be one of the largest virtual currency heists on record, court documents say.

Theodore Price, of Hatfield, told a local detective and a Homeland Security agent investigating a burglary at the Bucks County, home of his girlfriend's parents that he wrote software to steal between $40 million and $50 million in the online currency bitcoin, the documents say.

When the officers arrived at his door almost two weeks ago, he told them he had been preparing to flee to London on a chartered jet using a fake passport in the name of "Avengers" movie star Jeremy Renner, a complaint filed in federal court July 19 says.

And, a computer expert at Cornell University who tracks bitcoin crimes finds a scenario that connects an alleged theft of a couple of laptops worth hundreds of dollars to a possible virtual heist of tens of millions plausible.

Price, 30, is charged with identity theft and access device fraud. U.S. Homeland Security agents allege they found stolen personal information and credit card numbers in his possession. He told agents he had purchased the information from a "dark web" store using bitcoin, the records say. He has been detained pending further court action/

If Price's claim that he stole control tens of millions of dollars' worth of bitcoin is verified, it would be solidly among the top five virtual currency thefts on record, said Cornell University computer science professor Emin Gun Sirer, whose work focuses on the cybersecurity systems that make virtual currencies like bitcoin work.

"It's fascinating," Sirer said, noting virtual currencies are a favorite target of hackers because they're valuable, their security is relatively weak and they're unregulated, so there's no higher authority that can reverse a fraudulent transaction.

Bitcoin theft is not uncommon, Sirer said. The largest was $450 million worth of bitcoin stolen by hackers from the Japanese bitcoin exchange Mt. Gox in 2014, forcing the company's bankruptcy.

It is unusual, however, Sirer said, for authorities to identify a person responsible for the theft, as Price claimed to be, according to the court documents.

"This is one of the first cases where the person behind the malware has been located," Sirer said.

Bitcoin is a digital currency, tied to no government, that can be exchanged for U.S. dollars and other national currency. It consists of a public ledger of all bitcoin in circulation and the transactions in which they are used. To own bitcoin, a user must possess two codes; a public key that identifies individual bitcoin, and a private key akin to the signature needed to write a check. To carry out transactions, those codes are passed between bitcoin wallets, where they are stored by users.

According to the complaint against Price, he told a Homeland Security agent that he wrote software that simulates the code used to create bitcoin wallets. He then distributed the software on specific internet forums, injecting it into email addresses, the complaint says. Price said the software steals bitcoin keys by replacing other people's wallets with Price's wallets during transactions, court records say.

Price told the agent one of his bitcoin wallets contains the equivalent of $34.6 million that he intended to launder so he could spend it, the records say. Price said he has other bitcoin wallets with the equivalent of thousands and millions of dollars, according to the records.

A court document filed last week that charged Price with unauthorized access to a computer to commit a federal crime for personal financial gain listed the value of the stolen bitcoin at between $40 million and $50 million.

Assistant U.S. Attorney Lesley Bonney said the unauthorized access charge has since been withdrawn, but would not say why Price was not charged with the bitcoin theft he admitted to the agent. Bonney said federal prosecutors have 30 days after filing a criminal complaint to seek an indictment from a grand jury, and that a grand jury can recommend whatever charges it sees fit based on the evidence it hears.

The complaint says Bucks County police began investigating Price after a Bucks County couple returned from vacation and found two laptops and a gold necklace missing from their Northampton Township home. The couple's daughter, Price's girlfriend, confronted Price about the missing items because he had access to her parents' home, but he denied taking them.

Price's girlfriend later discovered Price had sold her father's laptop for $150 at a computer store and found two laptop bags in his home, which she took to police, court records say. A search of the bags revealed the mother's computer, stolen credit cards belonging to people related to the girlfriend and the dark web credit card information Price later admitted buying, according to the complaint.

Additional police work revealed Price had hocked a third laptop that his girlfriend had rented for him and her mother's gold necklace, the complaint says.

So if Price controlled tens of millions of dollars worth of bitcoin, as he claimed, according to court documents, why was he allegedly stealing and selling things for relatively small amounts of money?

The answer, Sirer said, is because the bitcoin ledger is public, it's virtually impossible to spend large amounts of stolen bitcoin without being noticed. Most hackers use a process called "tumbling" to launder stolen bitcoin by intermingling it with other people's transactions, but the complaint says Price didn't have a chance to do that.

"It makes sense that someone could steal $40 million, but not be able to pull it out," Sirer said.

Price's lawyer, federal defender, Catherine Henry, has not responded to a request for comment.

peter.hall@mcall.com

Twitter @phall215

610-820-6581