_{Brought to you by:}

“Opportunity makes a thief.”

— Francis Bacon

Will the strategic reserve be a honeypot for hackers?

One under-considered risk in establishing a strategic reserve of assets is that they may be stolen. 

That, at least, is the cautionary tale from Quebec, where a dramatic heist dangerously depleted the reserve of Canada’s most strategic asset: maple syrup.

Quebec is the Saudi Arabia of maple syrup (accounting for 70% of the world’s production) — and the OPEC of maple syrup is the Quebec Maple Syrup Producers (QMSP).

Quebec’s producers are required to sell their syrup through the QMSP and also deliver 25% of their production to the global reserve kept in QMSP warehouses — the Fort Knox of Canada.

Many syrup producers, resenting this loss of freedom, took to the streets in 2010 to protest against the QMSP’s rules.

The QMSP (then known as the FPAQ, or “Federation”) responded by placing guards in the territories of rebelling producers, and in some cases, confiscating entire crops from those who had flouted the rules.

In 2011, however, a bumper crop caused so much syrup to be delivered to the Global Reserve that the Federation had to rent out an additional warehouse to store an overflow of 16,000 barrels of the sweet stuff.

Security at the new warehouse was minimal — no cameras, no alarms – because the Federation “couldn’t have imagined someone wanting to steal maple syrup,” according to one account.

But a barrel of maple syrup is often as much as 20x more valuable than a barrel of oil, so it should have come as no surprise that the Federation’s lightly guarded warehouse turned out to be a honey maple syrup pot for sweet-toothed thieves.

Over several months, a small group of collaborators repeatedly liberated barrels of syrup from the reserve warehouse, replacing them with empty ones; they took the full barrels to a second warehouse, where they were emptied of syrup and refilled with water; the full barrels were then returned to the original warehouse and swapped for the empties.

The stolen syrup was trucked to Vermont and New Brunswick, where it was sold in small batches to legitimate distributors unaware of its illicit origin.

The scheme was only discovered when a Federation inspector, clamoring over a pyramid of 600 pound barrels to do inventory, nearly toppled over as he tried to pull himself up on an empty one. 

By then, $18.7 million CAD of stolen syrup — 9,571 barrels worth — had already disappeared without a trace into the legal syrup market.

In other words, the syrup had been laundered. 

This was easily done because there’s a thriving black market for maple syrup in Quebec.

Many syrup farmers, unwilling to abide by the Federation’s rules, covertly sell their syrup to “barrel rollers” — syrup launderers who illegally buy directly from Quebec’s producers.

The syrup is then re-sold to wholesale buyers in New Brunswick and Vermont, where the Federation has no jurisdiction. 

It was that ecosystem of black market buyers and sellers that enabled The Great Canadian Maple Syrup Heist — because there’s no point in stealing something you can’t sell.

Crypto, of course, flows easier than syrup (even when it’s stolen).

Opportunity knocks

Crypto attracts hackers because, like maple syrup, it’s a bearer asset, it’s fungible and it tends to be poorly guarded.

Unlike the Québécois liberators of maple syrup, however, North Korean hackers of crypto operate without fear of arrest.

That’s never been more evident than in the wake of the Bybit hack.

According to data from TRM Labs, North Korea laundered over $400 million of stolen ETH in just the first five days after the attack.

This rapid pace, TRM writes, “suggests that North Korea has either expanded its money laundering infrastructure or that underground financial networks, particularly in China, have enhanced their capacity to absorb and process illicit funds.”

So, for all the improved analytics and increasingly sophisticated efforts by law enforcement, crypto appears to be getting easier to launder. 

This makes it more attractive to steal — and it’s likely to get easier still: Thanks to a US court ruling that OFAC had exceeded its authority in sanctioning smart contracts, Tornado Cash should soon be removed from the OFAC sanctions list.

That ruling was understandably celebrated on Crypto Twitter, but it will make things easier for North Korea.

A revived, more active Tornado Cash would bolster the robust ecosystem of OTC brokers, crypto mixers, rogue exchanges and Chinese banks that North Korea uses to launder the roughly $5 billion of crypto it’s thought to have stolen over the years.

Perhaps the size of the Bybit hack (78x greater than the Great Maple Syrup Heist!) will prompt a new effort to crack down on the final leg of that process — the Chinese banks that appear to off-ramp most of North Korea’s stolen funds.

But it doesn’t seem likely.

TRM’s Ari Redbord told Coindesk that the political and economic consequences of cutting Chinese banks out of the US banking system are such that it requires sign-off from the Treasury secretary and attorney general.

If US law enforcement couldn’t get that sign-off from the Biden administration, it probably won’t get it from the Trump administration, either.Unless they suddenly have a strategic reserve of bitcoin to protect?

A growing stash of US government-owned crypto is sure to attract the attention of North Korea’s most skilled hackers — and the easier it is to launder, the more likely they are to try.

Laundering crypto is already pretty easy, so I imagine that the strategic bitcoin reserve will be a honeypot that no self-respecting hacker will be able to resist.

Let’s hope the Fort Knox of crypto will be better guarded than the Fort Knox of maple syrup.

— Byron Gilliam

Brought to you by:

Arkham is a crypto exchange and a blockchain analytics platform that lets you look inside the wallets of the best crypto traders — and then act on that information.

Arkham’s Intel Platform has a suite of features including real-time alerts, customisable dashboards, a transaction visualization tool, and advanced transaction filtering — all of which is accessible on all major blockchain networks, and completely free.

1. House Financial Services kicks off stablecoin discussions 

2. Another try for the BITCOIN Act

3. Correlation between equities and crypto has increased due to adoption

4. Taproot Wizards on sale 2 years after being inscribed on Bitcoin

5. No forks given — Bitcoin DeFi without upgrades

A Bitcoin Bull Run Is Coming

Dan Held discusses crypto innovations within Bitcoin DeFi, metaprotocols and the future of bitcoin fees and security. Find out about the outlook for Bitcoin updates and soft forks.

Listen to Supply Shock on Spotify, Apple Podcasts or YouTube.

Blockworks is hiring a VP of sales! This role would be responsible for the design, implementation, and execution of all financial, accounting, and reporting.

Remote US | $200k Base & OTE $300k

Apply now if you are:

• Crypto native

• Obsessed with sales

• Have run a team before

• Know how to sell into protocols