Law enforcement in Bucks County, Pennsylvania, likely didn’t think they were dealing with a dark Web criminal pro when Theodore Price’s name first popped on their radar.
According to federal court documents, detectives from the Northampton Township Police Department north of Philadelphia began tracking the unemployed 30-year-old earlier this month after fielding a complaint from Price’s girlfriend’s parents about stolen laptops. But what started out as an alleged deadbeat boyfriend boosting valuables quickly accelerated into a wilder situation – and one with considerable more money involved.
By his own admission, Price told investigators he had stolen millions of dollars in Bitcoins, the online currency powering illicit transactions online. The self-professed hacker claimed he’s pocketed nearly $40 million in online tender. If true it would make the bizarre case one of the biggest digital currency heists ever. And it may or may not be true. While a federal agent said in an affidavit that “the estimated value of Bitcoin obtained” fraudulently “is over $40 million,” the government withdrew, at least for the moment, a formal charge related to the bitcoin.
It all started when Janine and Steve Aversa returned home from vacation to their Bucks County home on July 4. According to an affidavit filed in federal court, the couple noticed two laptops were missing. They had an idea who was responsible. The court documents say Janine called her daughter Brittany Morton. The couple suspected Morton’s boyfriend, Price, was behind the robbery. Although he wasn’t allowed in her parents home, Morton admitted Price had been over while the Aversas were away.
The next day, Morton walked into the local police station with two computer bags. She told detectives she had asked Price about the computers and he had pleaded innocence. However, Morton was able to track down one of the missing laptops to a tech store; the clerks told her Price had sold the computer for $150. Morton next went to Price’s home, let herself in, and discovered two laptops in cases – one she believed to be her mother’s missing computer; the other was a rental computer she had gotten for Price, on which he had failed to make payments.
Also inside the bag, according to court documents, Morton found a credit card in her father’s name, as well as credit cards in her dead grandmother’s name, and her ex-boyfriend’s name. The bag also contained lists of the names and personal information of strangers. Morton went to police.
Police quickly traced Price to a hocked necklace that was also stolen from the Aversas. Police also obtained a search warrant for Price’s address on July 12. There, detectives confiscated “‘thumb’ flash drives, two computers, multiple Micro SD memory cards as well as a piece of paper and a notebook which listed a victim’s name, address, phone number, credit card number to include a date of expiration as well as the three digit security code,” according to the affidavit.
Janine Aversa positively identified one of the confiscated laptops as one of the items stolen from her home. But when she fired up the computer, there were programs on there that weren’t there before, including a tor browser, the anonymous deep Web navigation tool.
Police also discovered “105 pages of alphanumeric code” in the search, the court affidavit states. Local law enforcement brought the digits to the U.S. Department of Homeland Security. Agents suspected the numbers were linked to bitcoin accounts. During the search of his home, Price admitted to knowing about the Internet currency, but he told investigators he didn’t have much and only occasionally used his tor browser to visit AlphaBay, the recently shuttered online black market.
But within a few moments, Price switched his story, according to the affidavit. “Price stated that people hire him to do things for their companies,” the document stated. “Price elaborated stating he would write Trojan software to penetrate network systems.” He also told investigators “he had been hired by numerous foreign governments to develop penetration software.”
He said the numbers discovered by investigators were tied to bitcoin accounts. And Price, the documents say, explained he had developed software that essentially let him pick the digital pocket of bitcoin users.
“Price state that he purchased incomplete software from a vendor on Alpha Bay for approximately $50,” the complaint said. After tweaking the software, Price was able to come up with a program that would divert funds into his own accounts. “Price’s software recognizes the similar characters in another wallet and replaces it with Price’s acquired wallet,” according to the complaint.
“Because the bitcoin wallet address is a legitimate address, the user does not realize that bitcoin transaction is being diverted into a wallet other than theirs.”
Price told police one of his bitcoin accounts contained $34.6 million, with millions more spread among other accounts. Court records indicate the total number might be between $40 and $50 million.
If he’s telling the truth, Price’s bitcoin scam would be one of the top five digital currency heists of all time, Emin Gun Sirer, a Cornell University computer science professor, told the Morning Call last week. In 2014, hackers yanked $436 million from Mt. Gox, a Japanese-based bitcoin exchange, following by a $127 million heist at Silk Road and a $56.4 million hit on the Sheep Marketplace exchange in 2013. But unlike Price’s heist, all the earlier big dollar hacks were largely the work of anonymous actors.
But if Price did have millions in bitcoin, as the Morning Call wondered, why was he so cash-broke he was stealing laptops and hocking $30 jewelry? The hacker told investigators he wasn’t able to cash out his bitcoin without drawing attention to himself; he also said he was planning on hiring a private jet to take him to England right before his arrest. He boasted of having a fake passport under the name “Jeremy Renner,” the same name of the actor featured in the “Avengers” movies, according to the complaint.
“The evidence in this case is strong,” a court document requesting Price remain in custody stated last week. “When approached by authorities, Price admitted that he had defrauded others of over $40 million in bitcoin, and that he currently possesses sole access to that currency.” They withdrew, at least for the moment, a charge of bitcoin theft.
Currently, Price is facing one count of identity theft and one count of fraudulent access of a device. More changes could be coming as a federal grand jury hears more evidence in the case, the Morning Call reports. Price’s public defender has not yet commented on the charges.
(c) 2017, The Washington Post · Kyle Swenson