1. If the coins were moved through tumblers that would be detectable and highly suspicious.

2. Safely tumbling large quantities of coins is especially difficult. At this scale I would wager twenty dollars that blockchain analysis should be able to trace at least some of the coins with high confidence.

3. It is rumored that many tumblers are run by law enforcement.

Outside the sphere of crypto, this is called "washing" or "laundering" ("cleaned", etc. Anything along this line). "Laundering" is the legal term). Such acts are typically traceable, but generally fly under the radar. Once someone is aware that the money is being washed it is usually uncovered (AFAIK).

Washing crypto would seem even more difficult because transactions are all accounted for. So I'd assume a cleaner would need to have random time variance in redistribution so collisions aren't found. But also, money has to be spent or converted, so that's a big way you could uncover it. Money is harder because cash is still a thing.

1) See that money is transferred from account to washer (instant flag)

2) Search for accounts associated with initial fraud and watch for extraction.

I work in crypto. Transactions can very much be traced. There's no trace of Quadrigas cold wallet holding any large sums of BTC. It's still a mystery what, exactly, did they do with customer funds. It'll be uncovered eventually once enough time has been given to forensic examiners to go through the transactions of the exchange.

The thing is, exchanges pool funds and users on exchanges do withdrawals all the time, and sometimes send to these services.

The lack of an auditable cold wallet was a huge red flag. So was their multimillion ether loss (how would they cover that!?!?).

But even with public cold wallets, the public doesn’t know how much crypto or fiat is owed to users.

A corrupt exchange is it's own tumbler.

It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace: techniques for doing this are similar to large scale deanonimization of Tor traffic, and involve large scale pattern analysis.

> It’s important to note that it’s not just splitting up your own transactions, it’s that it’s actually other people’s coins that end up in your destination wallets. As such, it becomes very difficult to trace

It was my basically uninformed impression that the bitcoin blockchain consists of a series of transaction records that look like this:

- Address xxxxx1x sends 10 bitcoins to address xxxxx2x; address xxxxx7x mints 25 bitcoins

That is to say, the records show that balances increase and decrease, but there is no actual concept of a uniquely identifiable bitcoin (with, say, a serial number) -- there are only balances held by accounts. On this model, it isn't possible to say that other people's coins end up in your destination wallets. Is that not accurate?

(The fact that you can divide one bitcoin into 100,000,000 satoshi also suggests that there's no such thing as an individual bitcoin...)

The way that it works is that a certain number of coins are created when a block is mined. That number is recorded on the ledger associated with an address. Let's say it's 25 BTC, but it can be any number -- it doesn't matter. If you don't spend any of that BTC, then it exists only as that number -- a chunk if you wish. It is indivisible. It sits as 25 BTC in the account. If you decide to spend 5 BTC of the 25, then the ledger records that 5 BTC goes to wherever you are sending it and 20 BTC goes to your wallet. The previous 25 BTC chunk is removed. The 5 BTC exists as a "chunk" in the other wallet and the 20 BTC exists as a "chunk" in your wallet. The 25 BTC "chunk" no longer exists. Each wallet has a list of these "chunks" of BTC. Let's say that I have a 7 BTC "chunk" as well as the 20 BTC chunk. I want to send 22 BTC to someone else. It will take remove both my 20 BTC "chunk" and my 7 BTC "chunk" and give me a 5 BTC "chunk". I can't remember if the recipient gets a 22 BTC "chunk" or a 20 BTC "chunk" and a 5 BTC "chunk" (it's been a long time since I looked at the source code). I think the former, but it is traceable where the original came from and how they "chunks" where split up.

Hopefully that makes it a bit more clear. The word "chunk" is my own -- if you start using it in other discussions, nobody will know what you are talking about ;-) However, the main thing is that the wallets do not contain balances, but lists of transactions that ended up giving them coins. While there is no such thing as a "coin", it's discrete amounts rather than flowing in and out like water.

Not accurate. You can trace the life of a particular 'coin' value -- which is generated in the coinbase reward in a block and spent later on in a UTXO (unclaimed transaction output). We like to pretend that bitcoin is fungible, but it strictly is not; You can trace the life of every 50, 25 and now 12.5 Bitcoin from birth to currently unspent. They all get mixed, so it can be difficult.

Also, what you are describing is the so called 'account' model -- used by Ethereum, EOS, etc. Bitcoin is a 'utxo' model, which allows specific inputs/outputs to be traced.

   (The fact that you can divide one bitcoin into 100,000,000 satoshi
    also suggests that there's no such thing as an individual bitcoin...) 

Wouldn't it rather say "there is such a thing as a satoshi" ?

No, because my first argument still applies in full to satoshi. There are balances of satoshi, but no individual satoshi.

every satoshi can be traced from birth until unspent. There are most certainly individual satoshi. they live in UTXO's.

This is not true. Say I have a wallet with two Satoshi, and I transfer one each to two different wallets. Then I transfer two Satoshi from those wallets to a new wallet. Which way did each Satoshi take? You can't say!

The transaction sequence in your example is not possible. A transaction output can only be used once as an input. To me, the operation would rather look like these three transactions:

    100 Satoshi from A1
        2 Satoshi to A2
        98 Satoshi to Ax

    2 Satoshi from A2
        1 Satoshi to A3
        1 Satoshi to A4

    1 Satoshi from A3
    1 Satoshi from A4
        2 Satoshi to A5

Edit: Sorry I referred to "wallets" in my previous comment. This allows a scenario where the Satoshis are kept in separate transactions all the time. But I'm not interested in those scenarios. I'm talking about scenarios with multiple inputs and outputs. Where you can't say which of the inputs went which way. In this transaction:

    1 Satoshi from A1
    1 Satoshi from A2
        1 Satoshi to A3
        1 Satoshi to A4

You can't tell which Satoshi went where.

Yeah, I will 'change' my position on this. Satoshis in a single UTXO that are split are fungible - in your scenario you cannot identify the specific sat: either a1->a3, or a1->a4. This is kind of like 'forward fungibility'. You can however trace the value in satoshi's back from A4 to their coinbase at birth. At best, we introduce a UTXO taint percentage from previous inputs. Its this taint from other, external inputs that break backwards fungibility (due to taint).

So make public the addresses, give out a reward for proof of destination, and then let the cryptohacker community get after it. Kraken is offering $100k, we just need the addresses.

The FBI/private companies have specialized tools for tracking Bitcoins throughout their lifespan. All the data is out in the open so there is no hiding unless he converted to Monero anonymously.

considering Monero could you or someone elaborate on this a bit more? Maybe clarify if I'm misunderstanding something:

1) My understanding is, every transaction in bitcoin is public knowledge forever as part of the forever growing block chain. That is, there is no way to ever remove a transfer.

2) The only anonymity built in bitcoin is to hide your identity with pseudonymity, nobody necessarily knows your bitcoin address you are using. However if you are buying coins with credit card for example from person A and spend those at person B, person A will know that you have just spend that money at person B, and person B will know that you bought the coins from person A.

3) The only way(?) to hide, make the transactions anonymous is via tumbling, that is you send your coins into a huge account outside your control that aggregates maybe millions of $ from thousands of people and then sends them out again into random addresses. Nobody except the provider of the tumble service knows where your money went, making you anonymous, your money untraceable. I assume you want to repeat this process a few times with different tumble services.

Is that correct? I'm no expert. Also with 3) how feasible is that with $130 million? I mean to successfully tumble wouldn't I need at least double the amount probably much much more? How large are the tumbles in services such as bestmixer.io? Also it seems to me that with enough heuristics even tumble services could potentially be traced back, this doesn't seem impossible to me?

1. correct; 2. correct; 3. Kinda but Not quite the only way -- you can convert the values in the coins into another chain, ideally something like monero in which 1. applies, but 2. does not. (Monero uses a different transaction format called RingCT, it hides the true inputs/outputs among decoys and signs the set with a ring sig. It also hides the true amount transacted via Confidential Transaction encoding using a commitment and a range proof). Its much easier to tumble the value when the source/destination and magnitude is obscured.

How feasible to do this with $130 million? Yesterdays trade volume for monero was 75 million (thus actual on chain tx's are much less). So it would take a while to do this without drawing attention. I don't have a lot of faith in pure bitcoin tumblers. Possibly scams or fraud. Im yet to see one that works as expected.

"Im yet to see one that works as expected"

it might be wasabi wallet. not 100% though

thanks for your clarification i appreciate it

I was thinking you need a jump to cash somewhere, but even that would lead to _someone_. The coins can't just disappear.