An indictment was filed last week against Afek Zarad ( full indictment, Hebrew, Google Translate of the News Article ) for the theft of around 26 million Shekels in Dash, a form of semi-anonymous cryptocurrency. According to the indictment, Zarad and the victim, Alexey Eromenko, were flatmates. Allegedly, Eromenko invested since 2013 in various cryptocurrencies (not that there were that many back then).

Somewhere before February 2019, Eromenko purchased (or mined, or created) around 74,990.74 Dash coins; this represents around one percent of the whole circulation (as of today) of this cryptocurrency.

Zarad, allegedly, stole these coins and made five different transfers to four different addresses (you can see one here; some of the other addresses listed in the indictment are invalid, maybe there's a typo). Now, the indictment states that following the first five transactions, Zarad used some services to transfer the coins into other wallets that make identifying the origin harder; this is not the case with the first transfer of the second one. As far as I see it, both these addresses still have the coins that were sent there. The other two addresses may be different; but they are unavailable for analysis.

Now, the transaction itself, of 12,489 coins from 303 different input addresses to one output address seems kind of strange. But, if you analyze them, you get to understand what are these many transactions showing 1.67 Dash for each wallet.



Dash operates with masternodes; a masternode is a computer running Dash's software and a copy of all the blockchain, as well as other services. In order to run a masternode, you do need to have a thousand Dash coins held by your address, which requires they will not be moved. In such case, you receive a reward of around 1.67 Dash for each block you help mine.

This means that some of the money that was stolen, at least was not generated by investing in cryptocurrency, but by running masternodes. It also means that Eromenko held at least 27 masternodes in both addresses that were valid. I assume, that if a similar number represents the other masternodes he held, then he was the owner of more than 60 masternodes. Currently, Dash has a bit less than 5,000 masternodes; so the guy holding around 1% of the Dash coins also has more than 1% of the Dash masternode supply.

Now for the real problems that the authorities may face here. Let's assume, for the matter, that Eromenko was a legit play and reported all his gains and revenues, filed his taxes and lived well from the interest that the masternodes generated. Now, assuming that Zarad was sufficiently smart to make the transfer to addresses that are inaccessible from his computer, and that he will not have sold these coins but also would used them as masternodes, how would he have been tracked?

The question of how easily were 75,000 coins stolen from different wallets that held 1,000 Dash each, and where were the keys who held them, seems more than theoretical here. This is not one transaction that was made in one click of a button, this required both planning and a plan-b on how to ensure that post-arrest Zarad would not be required to hand over its keys. This is why the state's request for forfeiture of Zarad's PC and phone seems interesting: currently there is no indication that Eromenko would receive his coins back.

Had the police had any control over these assets, they would have either moved them back to Eromenko's control, or would have captured them themselves, in order to ensure that had Zarad had control over these wallets by an external third party (close relative, confidant, or just a partner), the coins would have been returned.

Currently, Zarad has an interesting bargaining power: without proving that he has the keys, it would be less than likely that the state could prove beyond reasonable doubt that he was the person who moved these coins from their original address to a new address, and that they were "stolen" and not hacked or transferred by Eromenko to a third party in a consensual manner.

Zarad's defense scheme may be somewhat similar; he may claim that Eromenko performed sophisticated tax fraud. Why? Had Zarad's coins been stolen, he may have used the Israeli exemption in the new tax regulation ( here, Hebrew ) to claim tax benefits: the loss of cryptocurrency due to a hack entitles you to deduct these losses for capital gains. He may have also a claim that the two have contracted (as flatmates) to open a new partnership; In such case, it may be word versus word, and hard to prove later on. Also, assuming that Dash has a private send feature, then Zarad as a sophisticated player should have used it to cover his tracks. Not using the private send feature to hide the origin of funds shows more than any other that he may have a good way to raise doubts.

We are yet to know how this case will evolve; but I believe that if Zarad would have sufficient grounds to fight this case, he might create interesting caselaw on the question of what is theft when a key is stolen, and how to prove theft when the item is not at one's possession.