On a 5-hour flight last weekend I watched the entirety of the American documentary miniseries, “This is a Robbery: The World’s Biggest Art Heist”.
On March 18th, 1990, Boston’s Isabella Stewart Gardner Museum was robbed. Two men posing as police officers entered the museum, tied up security guards, spent 81 minutes cutting out famous works of art from their frames, rolled them up, and disappeared into the night. At the time, the haul—which included original works by Vermeer, Manet, and Rembrandt—was valued at $500 million, making it the biggest art heist in history. No one has ever been charged with the crime and the art has never been found.
What struck me while watching was an unlikely icon: convicted and self-professed art thief Myles Connor Junior. We meet Sir Myles sitting in a red lawn chair, wearing brown loafers, cargo shorts, and a slouchy white tee. He introduces himself:
“Depends upon whom you ask, but in general, I’m known as an art thief. And some people [he shrugs] consider me the biggest art thief in this country because I’ve robbed a number of museums. But then again [as if this is an obvious correlation] I was a rock and roll guy”.
Myles did not commit this particular heist as he was in federal custody at the time, but his unabashed existence made me think. I have never been one to break the rules, however, if I did, art theft is just about the chicest crime one could commit. Seriously. What other crime could possibly be more highbrow than smuggling iconic art? And then, to take it one step further, (as Myles does), proudly admit said fact. He is the quintessential antihero.
In any case, this is a rambling intro (that calls my character into question) all to introduce an entirely different and far more contemporary heist that a recent headline called “the biggest crypto theft in history”.
The Crime:
A few weeks back, hackers stole $600m in cryptocurrency from the decentralized finance platform Poly Network. The whole thing was quite a cinematic experience. The new-age version of a bank robbery flick, replete with a cheeky thief, a squad of digital vigilantes and numerous armchair detectives watching it all play out in real time.
This kind of drama is uniquely crypto, uniquely 2020, and uniquely, for lack of a better word, nerdy. In a traditional bank siege, for example, an observer might need to rely on news helicopters circling overhead and “boots on the ground” for updates. In a crypto heist, you can watch it all unfold directly from your iPhone with a bag of Lays chips.
The Victim:
Poly Network, a company that is looking to link up blockchains (the digital ledgers that underlie the crypto asset industry – you can read what I think about that here), began ringing the alarm bells on the heist on August 12th. They said that thousands of digital tokens were stolen and proceeded to publish the address of the virtual “wallets” of the alleged hacker (I will not be getting into what a “virtual wallet” is – when I have more energy, I will write a whole thing on it). Poly Network urged centralised exchanges and miners, (the systems that process crypto transactions), to “blacklist” the assets coming from the addresses used by the attacker. It kind of worked.
The cryptocurrency exchange Binance said it was “coordinating with all [their] security partners to actively help” and Tether, the operator of a major “stablecoin” (a cryptocurrency that attempts to peg their market value to some external reference like the U.S. dollar or a commodity price such as gold) immediately froze the $33m of assets that were stolen.
Dear Hacker:
Poly Network proceeded to release a statement on Twitter (which is truly indicative of our day and age – imagine – we are literally Tweeting criminals) that kindly began with the salutation “Dear Hacker”. It further explained that “Law enforcement in any country will regard this as a major economic crime and you will be pursued.”
Incredibly, the hacker appeared to have listened and began slowly returning the stolen funds – first in small amounts and then in millions. During this time, the hacker decided to run a little “Ask Me Anything” Q & A (wondering if they read the Myles Connor Jr. playbook?). During the session, Mr. Hacker explained that they’d hoped that Poly “[learned] something from those attacks”, and when asked why they’d carried off the heist in the first place, they simply responded “for fun :)”.
A Criminal with a Heart of Gold:
Poly Network began referring to the hacker as “Mr. White Hat” – a reference to ethical hackers who search for vulnerabilities in organizations’ systems that could expose them to attacks. (Security researchers have since questioned this labeling). The hacker began claiming that they were out to “save” the project by highlighting its flaws and that they weren’t ever interested in the money. Poly Network not only promised Mr. White Hat a reward of $500,000, but further invited them to become their new “chief security advisor”. (I can’t make this up).
Last Monday Poly Network confirmed that the hacker had finally surrendered the final tranche of their ill-gotten gains.
What does this mean for the future of Crypto?
The whole point of crypto is that it is a decentralized system out of reach of authorities – be it government or big institutions. In traditional finance, when the bad guy gets caught, there are consequences. Can you even fathom a world where you rob a bank and then return the money and claim that you were merely exposing vulnerabilities in the store’s security? And then, on top of that, getting offered a job with said bank?
Naturally, the question of how to maintain the ethos of crypto while dealing with these situations arises.
Should a company turn a hacker into law enforcement authorities? Attempt to seize the stolen property on their own? Sue them? In a world that sets its own rules, how do you draw the line between a criminal escapade and someone just seizing an opportunity they found in a computer code?
One user wrote to a Tether executive on Twitter, “If we leave even a little power in centralisation, we will never be free of this world,”. They added that since the hacker had merely exploited a vulnerability left by the Poly developers, they should be the rightful owners of the coins.
A send off from my guy, Myles Connor Jr:
I committed 35 art robberies. How many did they know about? Very little.
To endless mystique and chic crimes.
Until next week.