[xoa]

>Q: Stealing is illegal, so why would anyone use a CRQC to steal Bitcoin?

I've had this thought for awhile actually: how would reproducing some random number be legally "stealing" under any legal system in the world? Putting aside that cryptocurrencies have always been about "code decides" etc, that they're outside of the legal system entirely, but I'm struggling to see where there's any actual property interest here. Randomly generated numbers are not protected by IP in any way. There's no computer fraud act angle or the like here, nobody would be having so much as the slightest interaction with anyone else's private system. They'd merely be taking publicly available unprotected numbers and doing some math on them with their own quantum computer. Somebody else who has something related to those numbers is never deprived of them or interacted with in the slightest. There is nothing resembling "hacking", no flaws in the software exploited, all just math there from the start.

I can understand how suddenly a lot of proponents might wish to cling to and push the idea that it's "illegal" or "stealing", but doesn't appear to be any meat on dem bones. Maybe they hope to generate support to get laws passed banning it, though hard to see that working out either. As a practical matter seems like they're just going to have to agree on a transition to new version using PQE algorithms and try to convert over before it's too late?

[schoen]

Isn't your bank balance in a bank database also "just a number"? That number still exists if it goes up or down.

I understand that the bank's ownership of its computer means that hacking into it could be seen as (for example) a trespass. However, what if you somehow persuaded a bank employee to change someone's balance? The bank employee has some kind of authority to do this and the result is once again "just a number".

OK, what if you display some fraudulent information somewhere that leads a bank employee to decide to update a balance?

I don't want to entirely dismiss your intuition because after all there is lots of interest in not relying on legal systems to adjudicate issues related to cryptocurrency transactions. However, changing numbers and causing people or devices to change numbers is not inherently categorically exempt from being considered fraudulent. For that matter, computer fraud laws are often explicitly written to apply to unauthorized alteration of data, not just to unauthorized access to a specific device.

You might try to defend this by saying

* the ownership of cryptocurrency assets is defined as the ability to transfer them, and should not be further or separately interpreted apart from that ability, or

* deceiving a protocol is less obviously wrongful (or at least harder to define) than deceiving a person, or

* computer crime should require undermining someone's intent about the use of devices or data and that intent should be clearly manifested and meaningful, which it arguably isn't in a cryptocurrency system, or

* offline institutions create some kind of intelligible notion of ownership that's related to the non-digital world and this kind of ownership is what laws about theft or fraud aim to protect rather than any other kind of ownership without that non-digital nexus. (although this doesn't seem to be empirically true as ownership of, for example, domain names has been recognized as a form of property by courts since at least Kremen v. Cohen in 2003, even though it is just a matter of a database entry and has no offline existence)

These are interesting conceptual possibilities, but not necessarily persuasive for courts, law enforcement, or cryptocurrency end users.

[xoa]

>Isn't your bank balance in a bank database also "just a number"?

Absolutely not, but also "yes, which means no". In the first case, a bank balance isn't "just" a number, it's a massively regulated and legally backed number with many layers of interlocking entities, both private and multiple layers of government, in charge of maintenance, auditing, insuring, and enforcing. There is no equivalency to cryptocurrency there, as has been regularly touted.

To the second, it could certainly be argued that a bank balance is indeed "just a number" and that's the point, what gives the number its value is all the infrastructure around it not anything intrinsic to the number itself. If someone finds out my bank balance in Account ABC is $42076 that might have privacy implications sure, but knowing that number gives you access to absolutely nothing of meaning. That's a completely different situation to one where independently finding a given number, which note you need not even have any idea who it belongs to, suddenly equates to ability to make use of that number in real world relevant ways by social consensus.

We're talking more the equivalent of Adam guessing a winning lottery ticket, and then hanging onto it hoping the value will go up and he can trade on the ticket or do other things with it while not actually cashing it in because it's so unlikely somebody else will guess the ticket. Maybe because the lotto ticket winners are published on a public ledger, and Adam doesn't want the notoriety, or at least not just yet. Then Bob does independently guess it, immediately turns it in, and now Adam's lotto ticket is worthless. Bob didn't steal anything from Adam. Whether what Bob did is ok or not depends on the rules of the game.

>I understand that the bank's ownership of its computer means that hacking into it could be seen as (for example) a trespass

Holy shit are you for real? COULD be seen? Yes hacking into a bank would absolutely mean felony prosecution on multiple counts if you were caught.

>However, what if you somehow persuaded a bank employee to change someone's balance?

They would be committing multiple felonies and you would be committing criminal conspiracy, inducement and so on depending on jurisdiction, and probably wire fraud and a bunch of other stuff if you do it remotely that are sorta gimmes for prosecutors.

>The bank employee has some kind of authority to do this and the result is once again "just a number".

The bank employee does not have legal authority to do this. Any technical authority they have is only within the auspices of the law, internal compliance controls and practices and on and on.

Anyway without going through your whole post you're doing a whole lot of false equivalency. Breaking into and modifying somebody else's systems is no small point, it's explicitly illegal under the CFA in the US and similar in the rest of the developed world. There's no such thing as legally "copying" money from an end owner perspective, even if internally to the global financial systems when it comes to fiat currencies from the Treasury & Fed or other national equivalents to banks and other governments and so on it gets more complicated. It's all meant to effectively be a digital version of actual old fashioned hard currency. Hence the entire core concept of theft: it applies to zero sum games, where one person getting more cash means another person now has less.

I'd welcome any actual specific laws on the books about cryptocurrency that contemplates what would happen if someone simply guesses a private key with no interaction with anyone else and then uses it on the network. But without that it's hard to see any existing precedent. On the contrary, cryptocurrency people have repeatedly pushed, and built into the core foundations, the notion of code being law, that possession of a private key is all that's needed and the rest is up to the network and you're supposed to be in charge of that (or someone else is on your behalf and that relationship can be subject to contracts).

[schoen]

> Holy shit are you for real? COULD be seen? Yes hacking into a bank would absolutely mean felony prosecution on multiple counts if you were caught.

I meant to refer specifically to the trespass theory (advocated about 25-30 years ago by some companies as a way to enforce terms of service) as a reason one might attempt to distinguish "changing a number on company X's computer" from "changing a number in a distributed database". That is, there might be legal theories that are more protective of individual companies' computers just because the physical computers belong to the companies as opposed to information-in-general.

https://en.wikipedia.org/wiki/Trespass_to_chattels#Early_app...

However, other forms of computer crime law can protect information-in-general, regardless of where it's stored or by whom.

My point was that existing laws have been happy to punish changing numbers on computers based on the meanings that those numbers have to people, what people act as though those numbers represent. I believe some of these laws are drafted broadly enough that they already treat stealing cryptocurrency as illegal. Even if legislators didn't consciously regulate it this way, courts may conclude that concepts of fraud, property, conversion, etc., already apply to cryptocurrency systems, even if there isn't an obvious technical difference between a transfer intentionally authorized by a human owner and a transfer authorized as a result of fraud, hacking, bugs, etc.

I understand that in, say, Bitcoin, "ownership" of assets stored in a UTXO is implemented only as the ability to cause a transaction that consumes that UTXO, and that this ability doesn't refer to a person's name or identity, or to good or evil, or to the reason that someone caused such a transaction, or to how someone came to possess the necessary information to create it. The blockchain consensus is updated based on whether the transaction followed certain deterministic rules, and concepts like "the owner" do not in fact appear directly anywhere in those rules. However, this doesn't stop a court from saying that some such transactions represent fraud or conversion or something while others don't, even though the transactions in question were equally valid according to the blockchain consensus.

I understand that there's uncertainty and debate in the cryptocurrency world about how we should want legal systems to regulate or not regulate cryptocurrency, remedy or not remedy otherwise-wrongful actions committed via cryptocurrency systems, and enforce or not enforce agreements implemented in or through cryptocurrencies. I also think you're right to point out that there's an issue about whether the content or behavior of the code is, or is meant to be, the "entire agreement" among parties using it, or whether it just somehow reflects other kinds of relationships that are also partly enforced by legal systems.

I currently work on smart contracts for a living. I find the question of how legal systems should view them fascinating, and I don't have a clearly articulated position on it.

Edit: I'd again like to point to Kremen v. Cohen as an analogy. In that case there was a privately (sort of) created database of domain name registrations. There weren't specific laws or regulations created to describe how the courts should view domain name ownership. The defendant in that case fraudulently caused a domain name to be transferred from the plaintiff to the defendant. The courts agreed that the domain name was "property" and that the defendant could be sued for this, again even though there was no specific legislation regulating the domain name industry. Now, many people are unhappy about various ways that the legal systems of various countries try to control and regulate domain name ownership and transfer. I know people who've worked on naming systems that are explicitly meant to be harder for governments to regulate.

Still, when courts looked at the original DNS decades ago, none of these forms of queasiness about the government's role stopped the courts from concluding that domain names were property based on their characteristics and use, and that people could be sued for fraudulently taking domain names away from other people.

It seems like you might be perceiving a kind of hypocrisy in the notion of people wanting to deliberately create things that are harder to regulate, and then still sometimes involving the courts in disputes over them.

[QuantumNomad_]

Cryptocurrency gains are taxable in many (most?) countries. Clearly the governments see cryptocurrency as something more than just random numbers without meaning.

Likewise, when government agencies shut down dark net markets (DNMs), they will seize the cryptocurrency funds that the DNM had (from market fees etc., or even funds that belonged to customers and were in escrow etc. by the DNM) if they can (i.e. if they get access to the private keys of DNM owned wallets either by technical means or by convincing the operators of the DNM to hand over the keys). Again because the governments view cryptocurrencies as something more than just random numbers without meaning.

Speaking of seized funds. Let’s say that a government agency had seized a significant amount of bitcoin from a DNM and was transferring those funds to wallets under government agency control. Along comes some guy with a quantum computer and takes those funds for himself. Is the government agency just going to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!” No, I think not.

[xoa]

>Cryptocurrency gains are taxable in many (most?) countries.

So?

>Clearly the governments see cryptocurrency as something more than just random numbers without meaning.

Not really? It's the realized gains that get taxed. That's a completely generic feature of the tax system, the government doesn't give a shit (and shouldn't) what people decide has value in any given transaction. The only thing they care about is whether or not there was actual cash equivalent value exchange happening. Barter is always a potentially taxable event. The government makes no judgement on whether you do it with pretty river rocks or random numbers, they can assess the value of the exchange as if it was done with cash and tax that result.

Re: Seizure of everything related to an illegal operation: sure, they will take everything they can find regardless. They'd take a computer with a ~/.ssh full of random keys too. The data they seize might also have pirated movies/games/music. Some of the things might have "value" but that doesn't make them currency.

None of this implies the result you clearly wish it did.

>Is the government agency just going to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!” No, I think not.

You "think not"? Why not? What laws do you think are being violated? There are lots of cases where the government will seize something that might at the time of the seizure be worth $X, and then legitimate activity happens elsewhere such that now it's worth $0.5X or whatever, and that's perfectly fine. The question hinges on whether the activities of other independent people/entities unrelated to the criminal entity that got seized are legitimate or not. It's not a matter of vibes. Like, imagine the government seizes a winning lotto ticket. And then before they can do anything with it somebody unconnected else goes into a convenience store and legitimately buys a ticket, guessing the number too. The value of what the government seized has just dropped. Would I expect the government to throw its hands in the air and say “oh well, he guessed the random number, nothing more we can do!”

Well, yes? That is indeed my expectation, within the rules of the game in question. If the lotto says "if you fail to claim your winning ticket within 1 week before someone else guesses it as well then too bad" or "well then you both split it 50/50" or whatever, yeah I'd expect the government to be held to the exact same standard as anyone else.

[QuantumNomad_]

> You "think not"? Why not? What laws do you think are being violated?

Actually we have real world examples of this very sort of thing: someone stealing cryptocurrency from a government agency seizure using the publicly knowable private keys for a wallet. No quantum computer was even involved, just plain old human error.

In South Korea this year, a government agency released pictures of a physical seizure that included written down mnemonic seed phrase.

The funds were then stolen, using that seed phrase.

And then:

> A Korean National Police Agency official said at a press briefing on the 3rd that "the first thief submitted a confession to the Cybercrime Reporting System on the 28th of last month, so on the 1st we arrested the person based on that and are tracking the secondary thief."

https://biz.chosun.com/en/en-society/2026/03/03/2HRCGVESIZBT...

So there you have it. The government in South Korea considered this a theft. An arrest was made. Investigations were made.

It is so very obvious that this is what would happen when you steal cryptocurrency from the government. Even when the government agency itself was the one to accidentally publish the private keys so that they became public knowledge.

[QuantumNomad_]

> It's the realized gains that get taxed. That's a completely generic feature of the tax system, the government doesn't give a shit (and shouldn't) what people decide has value in any given transaction

If I buy a vintage computer second hand for $1500 and then manage to sell it to someone else for $2000, I don’t owe taxes on that.

But if I buy $1500 worth of bitcoin and then sell those bitcoins for $2000, I owe taxes on that.

So yes, the government does “give a shit” what people decide has value in any given transaction.

[xoa]

>If I buy a vintage computer second hand for $1500 and then manage to sell it to someone else for $2000, I don’t owe taxes on that.

Uh, in the United States? Yeah, you absolutely do [0, 1]:

>"If you make a profit through these activities, it’s considered taxable income. You can use the Form 1099-K, along with other records, to determine how much tax you owe."

>"Remember that all income, no matter the amount, is taxable unless the law says otherwise – even if you don’t get a Form 1099-K."

>"If you made a profit or gain on the sale of a personal item, your profit is taxable. The profit is the difference between the amount you received for selling the item and the amount you originally paid for the item."

You may wish to review your understanding and confidence in your understanding of tax law.

----

0: https://www.irs.gov/newsroom/are-you-making-extra-cash-selli...

1: https://www.irs.gov/businesses/what-to-do-with-form-1099-k

[QuantumNomad_]

> Uh, in the United States?

I don’t live in the US, and am not a citizen of the US.

> You may wish to review your understanding and confidence in your understanding of tax law.

The tax laws in my country are different from the ones in yours. I know the tax laws of my country well enough.

[xoa]

>I don’t live in the US, and am not a citizen of the US.

Well good then, I guess you don't have to worry about any of this so long as no American ever gets a quantum computer! Not like any research on it happens here or anything so you shouldn't need to be concerned.

[captn3m0]

https://en.wikipedia.org/wiki/Illegal_number has lots of examples. The color of your bits matter.

The best bet would be to factor satoshi's keys, and then publish them on something like OEIS for some novel-math reason, and let someone else steal them for you.

[jfengel]

I can't imagine that getting laws passed is going to help. The government can't just order a bank to restore funds, the way they can with regular currency. They could try forcing the culprit to return them, but it seems unlikely for the culprit to be in your jurisdiction.

I suppose we could pass laws to prevent them from ever spending the money in a country that they can control. Even then, they'd have to find ways around the funds being "laundered" through mixers.

[wmf]

You might be surprised how many crypto hackers have been arrested and convicted. Usually they want to spend the money in civilization.

[spopejoy]

> how would reproducing some random number be legally "stealing" under any legal system in the world?

The usual way, via the criminal code. My old business treasury was scammed into transferring funds on-chain to an impersonator. We were able to recover losses through an insurance claim which required us to report the theft to the police.

[AlienRobot]

Judge: so he had a number in his online account and you changed the number without his authorization? Straight to jail.

That is how.

Law isn't code.