Come listen to the story of Gary Harmon, brother to convicted Helix Dark Web Bitcoin mixer founder, and how he stole over $5m of Bitcoin law enforcement previously seized from Larry! This is eCrimeBytes.com S 2 Ep 7-3 Criminal’s Brother Swipes $5m Bitcoin Back From Darknet Seizure – Act 3: Gary Is Caught.
Please check out the previous acts for the background:
Sources:
- https://www.justice.gov/opa/pr/man-sentenced-stealing-over-712-bitcoin-subject-forfeiture
- https://www.databreaches.net/man-sentenced-for-stealing-over-712-bitcoin-subject-to-forfeiture/
- https://www.hackread.com/man-used-brothers-credentials-steal-seized-bitcoin/
- https://www.courtlistener.com/docket/60090297/united-states-v-harmon/
- https://www.courtlistener.com/docket/60090729/united-states-v-harmon/
- https://www.courtlistener.com/docket/16830474/parties/united-states-v-harmon/
- https://www.coindesk.com/policy/2021/08/18/bitcoin-mixing-ceo-harmon-pleads-guilty-to-us-money-laundering-charge/ (Photo)
- https://www.coindesk.com/policy/2023/01/06/brother-of-criminal-bitcoin-mixing-ceo-pleads-guilty-to-stealing-712-bitcoins-from-irs/ (Photo)
- https://www.clevescene.com/news/cleveland-bitcoin-thief-who-used-48m-in-stolen-funds-for-lavish-life-sentenced-to-four-years-in-prison-41896779 (Photo)
Transcript:
00:00:10:00 – 00:00:21:16
Keith
Welcome back to eCrimeBytes Season two, Episode seven. This is Gary and Larry Harmon. We’ve introduced Larry, owner of Helix made a shit ton of money on the dark web.
00:00:21:18 – 00:00:21:27
Keith
As
00:00:21:27 – 00:00:55:04
Keith
any honest American probably did. He has a brother named Gary who, when Larry’s Bitcoin was seized by law enforcement, stole it back. Because there’s this technology that’s available in these cryptocurrency wallets, Trezor wallet, specifically that because Gary knew the passphrase, he was able to reconstruct the cryptocurrency that the feds had sitting in an evidence locker in Washington, D.C. So it’s just a mind blowing case and we’re not even done.
00:00:55:08 – 00:01:21:22
Keith
Okay, So act three now we’re talking about where Gary is caught. We last left you. Gary was misspelling things unbelievably. He was misspelling too and rough and roof, and he was scared. Law enforcement was breathing down his shoulder. He was texting, texting his friends saying, hey, I was drunk. I probably moved much money. They probably noticed. And they do.
00:01:21:24 – 00:01:25:19
Keith
They notice. Why don’t you tell us about them noticing Seth.
00:01:25:21 – 00:01:48:25
Seth
Okay, so April 26, 2020 Law enforcement notices. So on the 29th of 2020, the court makes Larry turn over the recovery keys for the Trezor wallet. But there are funds missing. The court documents tell us that on April 29th, federal agents use the credentials provided by Larry to access hidden walls within the treasure. Federal agents confirm that Trezor
00:01:48:25 – 00:02:29:19
Seth
one contained all 16 subject wallets. Talk of putting all your eggs in one basket. Right. Federal agents successfully recovered approximately over 4000 Bitcoin from subject wallet nine through subject wallet 16 stored on the Trezor One and said Bitcoin was then transferred to the US Marshals Service. Federal agents are able to review transaction history and confirm that subject wallet one through subjecxt wallet eight had been emptied out as a result of the transactions conducted by Gary Harmon between on or about April 19th and April 24th of 2020 emptied out half of them.
00:02:29:22 – 00:02:54:25
Seth
So the investigation continues and according to non content electronic records obtained by the court, the defendant’s personal Google account received four emails from the email address No reply at Trezor Dot IO, and that was between April 19th and April 26. Same exact dates as the emptying these wallets one through eight, bracketing the time period during which the illicit bitcoin movements took place.
00:02:54:25 – 00:03:15:10
Seth
As he said this is consistent with Gary Harmon using Trezor’s web interface to create a Trezor wallet using only seed words and a passphrase, which is very interesting from a technology perspective Jones. Notably the defendant, did not receive any other messages from Trezor IO addresses before or after April 20th. This was an isolated event.
00:03:15:12 – 00:03:39:19
Keith
And if you’re wondering about the non content electronic records, law enforcement has two ways of getting records. They can either get the full content, meaning if they say, I want Keith Jones’s email, they’re going to get all the content of my email. What they did in this case is you can think of it as kind of like getting the subject lines and the to’s and the from’s.
00:03:39:19 – 00:03:59:26
Keith
So it’s not that you’re getting the content of the email, but you know that there was an email sent and in this case it was received from Trezor so they didn’t have to read the email. They said, We saw these emails come from Trezor to Garry’s email and you wonder, why didn’t they just look at the whole email?
00:03:59:29 – 00:04:00:12
Keith
Well,
00:04:00:12 – 00:04:16:08
Keith
there’s sometimes a legal process where it’s a little more difficult to convince a judge to get full content, where it’s a little easier sometimes to just get partial content like this. Just to prove enough to show, hey, something here is amiss.
00:04:16:10 – 00:04:44:18
Seth
Right? So pushing into July of 2020, the agents, FBI agents and IRS interviewed Gary Harmon. So July 15, federal agents from the FBI and the IRS conducted a voluntary interview of the defendant in Akron, Ohio. Agents advised the defendant he was suspected of transferring approximately 712 Bitcoin owned by Larry Harmon that were subject to forfeiture the pending criminal case against Larry.
00:04:44:21 – 00:04:49:02
Seth
The defendant denied removing the Bitcoin, saying, If I took it, why wouldn’t I take all of it?
00:04:49:02 – 00:04:57:16
Seth
So the defendant stated that he obtained a USB thumb drive from Larry containing passwords for accounts and servers used at the company Coin Ninja.
00:04:57:16 – 00:05:12:29
Seth
The defendant stated that he found several partial sets of scene words on that USB drive. When agents asked about the whereabouts of that USB drive, the defendant stated that he flushed it down the toilet at his chin because that’s not suspicious.
00:05:12:29 – 00:05:18:22
Keith
Right from now on. That’s how I’m destroying evidence. I’m going to a gym and I’m just going to flush it down the toilet.
00:05:18:24 – 00:05:20:10
Seth
Flush it down a toilet.
00:05:20:10 – 00:05:22:12
Keith
Okay. So June 28th,
00:05:22:12 – 00:05:35:03
Keith
you knew it was only a matter of time before Gary Herman was indicted after saying that. So June 28th, 2021, he was indicted ten counts counts one through eight, the standard money laundering.
00:05:35:05 – 00:05:59:13
Keith
Again, he used Bitcoin mixing services in order to try to cover his tracks and so forth. It’s technical stuff you don’t really need to worry about. Count nine was obstruction of an official proceeding, and that is in relation to his brother’s trial. And count ten is removal of property to prevent seizure, because that’s that’s verbatim exactly what he did.
00:05:59:13 – 00:06:01:15
Keith
He stole the cryptocurrency. They couldn’t have it.
00:06:01:15 – 00:06:28:15
Keith
So when he’s arrested, they find two Trezor wallets on him and 50 seed pass phrases. So given that the treasure wallets and the pass phrases that they had in hand, they were only able to reconstruct about $6,000 from the treasure devices that he had. Now, if you wonder why, you know, it is easier to crack into it.
00:06:28:15 – 00:06:45:26
Keith
These these pass phrases are really, really long. We’re talking like 20-50 characters or really, really long. You need to have them written down like this. And in order to just put them in to try them, it’s not as simple as maybe typing like a four letter pin.
00:06:45:26 – 00:06:57:11
Keith
Now a picture I’m putting on the screen for our video viewers that I’ll describe to our audio viewers is in this arrest, they found stuff related to Bitcoin.
00:06:57:11 – 00:07:00:00
Keith
And this is something you have never seen before. It’s called a Cronoswiss.
00:07:00:01 – 00:07:07:28
Seth
I’ve never seen it. I was wondering if I was missing out on the Bitcoin watch. Since I’m a watch guy, I have several. I collect watches. I’ve never heard of a bitcoin watch.
00:07:08:00 – 00:07:21:27
Keith
Yeah. So they found this in his condo or wherever they searched and seized it. And you’ll see this actually shows up later on. We’re going to discuss the forfeiture. That’s part of the punishment. And this is in there.
00:07:21:27 – 00:07:26:16
Keith
So August 18th, 2021. So this is just, you know,
00:07:26:16 – 00:07:34:08
Keith
two not even two months later, Gary’s brother, Larry, the original guy, the guy that ran Helix, he pled guilty.
00:07:34:08 – 00:07:50:09
Keith
In his case, he pled guilty to one count, conspiracy to launder money through Helix. At this point, he’s still awaiting sentencing. I don’t have any more information about Larry. Hopefully some point we’ll be able to do maybe an episode on him or an update on him.
00:07:50:09 – 00:07:54:29
Keith
But we’re really talking about Gary here because he’s the one that stole it from the law enforcement.
00:07:54:29 – 00:08:20:11
Keith
And that’s the interesting point of this case in my opinion. So in September 27th of 2021. So this is about a month after Larry pled guilty, Gary is detained for trial. And when we’re talking detained, we’re meaning arrested in a jail. Why? Well, they say they think he’s going to be a flight risk. He doesn’t have ties to the community.
00:08:20:14 – 00:08:26:08
Keith
The evidence against him is really strong and he has access to a large amount of funds.
00:08:26:08 – 00:08:39:12
Keith
So that’s the recipe of if you put that together of somebody being able to run, right? I mean, they don’t they can pretty much go anywhere and then they can fund the activity of going there.
00:08:39:12 – 00:08:42:20
Seth
It shouldn’t be a heavy lifting the judge to with that.
00:08:42:23 – 00:09:06:01
Keith
So with that, we’re going to end act three here and bring you our concluding act tomorrow. So if there’s anything in this episode that you like, please, like subscribe whatever application you listen to us on or watch us. Now, if you’re on Apple Podcasts specifically, please give us a five star review and just write anything nice in there that you can think of that helps us bubble up the charts there.
00:09:06:01 – 00:09:29:23
Keith
And that’s about half of our audio listeners. So it’s really important to us and we appreciate a lot if you would do that for us. Thanks. If you haven’t been to our website, that’s where all our links to our social media accounts are. You can get to it through e crime bytes dot com spelled e c r i m e b y as in yellow milk t e s dot com.
00:09:29:26 – 00:09:52:11
Keith
And if you’re on a desktop, it should be all across the top. But if you’re on your phone, there should be like this three lines up there. And if you click that button, a huge list of a council dropdown you could pick from and I think Instagrams on there, there’s Twitter and there’s everything. Any way you want to reach us, it’s in that list and I hope you jump on there.
00:09:52:11 – 00:10:07:06
Keith
Check out our glossary. We’ve got all the glossary from all our past episodes updated on there as well. And with that, we hope you come back and join us, in act four the sentencing of Gary Harmon.
Leave a Reply