A U.S. security analyst is actually portending a relaxing result after he was actually apprehended on landing at a U.S. airport terminal, his phone was actually explored, as well as was actually gotten to demonstrate to a marvelous jury system, merely to possess district attorneys turn around program as well as fall the examination later on.
On Wednesday, Sam Sauce, a surveillance developer at blockchain modern technology provider Yuga Labs, pointed out in a series of posts on X, in the past Twitter, that he was actually taken in to second evaluation through U.S. government representatives on September 15 after coming back coming from an excursion to Asia. Sauce pointed out representatives along with the Irs’s Offender Inspection (IRS-CI) device as well as the Team of Home Safety and security examined him at Dulles International Flight Terminal in Washington DC concerning a “higher account phishing initiative,” explored his uncovered phone, as well as offered him along with a marvelous jury system court order to demonstrate in New york city the full week after.
According to a photograph of the court order that Sauce uploaded, the marvelous jury system was actually examining cable scams as well as funds washing.
But Curry said he later received confirmation that the copy of his device data was deleted and the grand jury subpoena was canceled once prosecutors realized that Curry was investigating the theft of crypto, and not involved in it.
In a post, Curry said that in December 2022 he discovered that scammers had inadvertently exposed their Ethereum private key in the source code of a phishing website that had stolen millions of dollars worth of crypto. Curry said he imported the key to his own crypto wallet to see if there was anything left in the alleged scammers’ wallet, but that he found the key “five minutes too late and the stolen assets were gone.”
Curry said he was “on my home IP address and obviously not attempting to conceal my identity as I was simply investigating this.”
“We normally take this approach where it’s seeing if there’s anything we can do to help. And then if we can’t, obviously we can’t. It’s tricky, because there are so many of these phishing campaigns,” Curry told TechCrunch in a phone call.
Curry said that the feds had requested the authorization logs from crypto marketplace OpenSea, which Curry used to check the contents of the scammers’ wallet. Those logs included Curry’s home IP address. Curry accused the feds of using his arrival to the U.S. “as an excuse to ask for my device and summon me to a grand jury, rather than just email me or something.”
“I’m sharing this because I think it’s something people should be aware of if they’re doing similar work. It was widely shared that the private key was leaked and my background as a security researcher wasn’t enough to dissuade using immigrations and a grand jury to intimidate me,” Curry said in his post.
Curry is a widely known security researcher, whose work has helped to discover flaws in airline rewards programs, connected vehicles, and helped to uncover security weaknesses at Apple, and Starbucks. Curry said was flying into Washington DC to attend an election security research forum set up by U.S. cybersecurity agency CISA to audit U.S. voting machines.
After he was released from the airport, he spoke to his attorney, who told the federal investigators that Curry was investigating the incident as part of routine work as a security researcher.
In a call, Curry told TechCrunch he understood why the feds were investigating the incident, but criticized their approach.
“The thing I will give credit for is if in any other circumstance somebody has the private key, someone who’s obviously done a multimillion dollar phishing scam, and use that private key to sign in to OpenSea, yeah, I think it is a little suspicious and that’s like definitely something to investigate,” said Curry.
“They had a manila folder with my photo and my Twitter and all my social media, and I would have assumed that they would have looked into it a little bit,” said Curry. “Even just a brief read — just who I am and what I do — I feel it would have cleared things up a lot.”
While he believes the legal demand is resolved, Curry said that he “felt dirty” when the feds handed back his phone after searching its contents. U.S. authorities can search a person’s phone at the border without a warrant, including Americans, though the law is less clear on whether a person must comply. Only U.S. citizens cannot be denied entry for not complying, but they can have their devices seized indefinitely.
Nicholas Biase, a spokesperson for the U.S. Attorney’s Office for the Southern District of New York, where the grand jury subpoena was filed, declined to comment when reached Wednesday. Terry Lemons, a spokesperson for the IRS-CI, the criminal investigative arm of the U.S. tax authority known for probing crypto thefts, did not return a request for comment.
It’s not unheard of for U.S. authorities to target security researchers or journalists with threats of prosecution or other kinds of legal process to compel testimony, like grand juries, which convene in secret to determine if formal criminal charges should be brought against a person.
The relationship between U.S. authorities and the security community has largely improved in recent years as both attitudes towards good-faith hackers and the legal landscape for security researchers have changed for the better. However instances like this threaten to weaken the trust built in recent years by disincentivizing researchers from engaging in security defense and remediation if they think their actions could be prosecuted.
In the last few years, security researchers have taken matters into their own hands during thefts and hacking campaigns that target and steal cryptocurrencies. In the crypto world, this is called “white hatting,” a term that refers to the traditional distinction between black hats, cybercriminals or hackers who hack with malicious or illegal intent, and white hats, researchers and hackers who operate with no criminal or ill intent.
But accessing a victim’s wallet — even a scammer’s wallet — in an attempt to recover funds falls in “a real gray area” of the law, former prosecutor Elizabeth Roper told Motherboard last year.
“If it ends up saving everyone, every user on the platform and a bunch of money and the person who did it kind of immediately discloses it,” Roper mentioned, “maybe we wouldn’t use our resources to prosecute that person, however once again it relies on the details instance.”
Lorenzo Franceschi-Bicchierai provided stating.
