Sophie Turner (Wikipedia article) was first known to the world as Sansa Stark in Game of Thrones, and now stars in the television miniseries STEAL (Wikipedia article). Central to the plot are “cold wallets”, meaning the hardware wallets that a person might use for self-custody of cryptocurrency such as bitcoin. This blog article is rife with spoilers for the miniseries. Don’t continue if you wish to avoid the spoilers.
The six-episode miniseries opens its first episode with a heist in which £4B (four billion British pounds sterling) is stolen from a pension fund manager having headquarters in London’s distinctively shaped and named commercial skyscraper “the Scalpel” (Wikipedia article). A police investigator Covaci is assigned to the case.
Episode 2 reveals that two underlings Zara (played by Turner) and Luke (played by Archie Madekwe, Wikipedia article) provided inside assistance to the highly trained armed robbers who carried out the heist. Each of them was promised £100K for their assistance, but in a shift that goes unexplained in the miniseries, they each received the larger sum of £5M. The viewer is given a brief glance at a computer screen (at right) indicating that the money was received in bitcoin. (Side note — the glance indicates that Zara received 64 bitcoin, meaning they were worth about £78K or maybe $100K each at the time and date set in the plot.)
And so the teleplay develops the first of a dozen “howlers” — technical inaccuracies in the miniseries that are so extreme as to prompt an informed viewer to howl at the television screen. Here, the howlers relate to the ways that bitcoin can be stored, and how the stored bitcoin might be lost through inadvertence or mistake.
The first glance at the computer screen shows Zara connecting to a VPN with the fictitious brand “ObscureX”, and then logging in on a web site or app with a fictitious brand Canteno. We note that at the time the screen tells us that Zara has received £5M worth of bitcoin, there is no USB device connected to the computer. This in turn tells us that Canteno is not a brand of a computer app that does its work while connected to an external (“cold”) wallet. Canteno is thus either a crypto exchange, similar perhaps to Coinbase or Strike, or is a brand of a “hot wallet”. Several things leap off the screen to the alert viewer:
- It is a howler that Zara and the highly trained robbers would use an ordinary crypto exchange (which requires the users to satisfy KYC (financial “know your customer”) and AML (“anti-money-laundering) requirements of the exchange) as their way to pass money back and forth. The teleplay writers could have avoided this howler by arranging for the characters to use “on the chain” transactions, which reveal much less about the sender and receiver.
- It is possible to receive “on the chain” bitcoin on an internet-connected device that is not making use of an external cold wallet, and this is what we mean by a “hot wallet”. But it is unlikely that Zara would use a hot wallet for holding such an amount of bitcoin, given that if the security of the computer had been compromised, the money might get stolen without warning from the hot wallet. The teleplay writers give to us that Zara has educated herself sufficiently about ways to store cryptocurrency that she has planned ahead and has arranged to have a cold wallet close at hand, and has already learned how to use it. A character that had educated herself this much would likely also have realized that it is daft to use a “hot wallet” to receive the “on the chain” bitcoin. The character would have been using a cold wallet from the outset.
As an aside, this particular cold wallet is physically quite large (bigger and thicker than a bar of soap). It has a low-resolution monochrome display screen with a “battery status” indicator. The (fictitious) brand name for the hardware wallet is “Aeglas”. Alert viewers realize that all of the hardware wallets that are commonly used these days are much more compact, and thinner. And most of them have no battery inside that would need a battery status indicator. But we go along with things, trusting that the teleplay writers must have had some good reason to make the wallet so large and thick.
But what comes next is a bigger howler. Various glances at the computer screen establish (incorrectly) that the decision to transfer the bitcoin to the cold wallet supposedly exposes the user to a risk — that if the cold wallet itself is lost, then the cryptocurrency is supposedly also lost.
“No! No! No!” the alert viewer howls at the television screen. The real situation is that if the cold wallet is lost, the user can simply arrange to purchase another cold wallet, and type in the “seed phrase”. The new cold wallet can then gain access to the “on the chain” cryptocurrency, just as did the previous cold wallet. But what has been (incorrectly) set up for us is that if Zara loses physical possession of the cold wallet, supposedly she loses the money.
Zara then goes to the home of her mother and secretes the cold wallet under a loose floorboard in her childhood bedroom.
Yet another implausibility offers itself. A character that had informed herself about how to handle bitcoin sufficiently to plan ahead and obtain a hardware wallet, would likewise have learned ways to obscure one’s IP address when carrying out “on-chain” transactions. In a nod to this, the teleplay writers have Zara use a commercial VPN service with the (fictitious) brand “ObscureX” when connecting with the bitcoin exchange. But the alert viewer knows that the VPN provider might log the connection, leaving risks outstanding for Zara. The alert viewer knows that Zara could have used “Tor” (Wikipedia article) which is, by the way, already built in to some computer apps that connect with a cold wallet.
But we put aside our reaction to Zara using a commercial VPN instead of Tor, because another technical inaccuracy presents itself. The on-chain address that Zara uses to transfer the bitcoin from the exchange to the cold wallet starts with “Ox”. The alert viewer, however, knows (blog article) that any on-chain address for transfer of bitcoin will start with “bc1” or (less often nowadays) will start with “1” or “3”. If the address starts with “Ox” then the cryptocurrency must be ethereum, not bitcoin! But we also put aside our reaction to this inaccuracy.
In episode 3, Zara’s mother finds and steals the cold wallet, and tells Zara she wants some of the money.
In episode 5, Zara visits her mother and successfully swaps her cold wallet with a decoy, convincing her mother that the wallet was wiped when she tried to access it. This, however, counts as a series of howlers. First, yes, one could easily imagine a wallet getting wiped when a third party tries repeatedly to access it. Yes, most wallets are designed so that if an incorrect PIN number is entered too many times, the wallet erases its configuration.
But a first howler is that as shown in a screen shot, supposedly the result of the “wipe” is a loss of the money. That is not how cold wallets work — the real situation is that the result of the “wipe” is merely a loss of the ability to use that particular cold wallet to control the on-chain assets. (As mentioned earlier, what the alert viewer knows is that the holder of the seed phrase could simply obtain another cold wallet and enter the seed phrase into it, thus regaining the ability to control the on-chain assets.)
A cold wallet that has gotten wiped will not (as shown in the episode) display a report of a zero balance of a crypto currency. It will simply display that the cold wallet needs to be configured (meaning that its previous configuration has been wiped). The user will then be invited to “restore a previous wallet” from a seed phrase or to “create a new wallet” which involves creation of a new seed phrase.
A remaining potential howler is that in a situation like this (a crypto balance of millions of British pounds) an alert user would likely have set up the cold wallet with a modest “bait” balance and with most of the balance stored under a “passphrase”. But the teleplay tells us that the entire balance of millions of pounds is, implausibly, not protected by any passphrase.
It is recalled that Zara and Luke are underling employees of the pension fund manager. Zara figures out that a higher-up employee named Milo was also complicit in the heist. We learn that he has a cold wallet that “contains” £20M (but of course that is not how cold wallets work). One of the robbers (nicknamed “Sniper”) no longer trusts his fellow robbers, and gains possession of Milo’s cold wallet. We are told that the wallet can only be unlocked if one also possesses Milo’s “access codes”. It seems that the “access codes” of the by-now-deceased Milo are secreted somewhere in his (former) office at the headquarters of the pension fund manager.
The alert reader, struggling to find some way to match up sloppy and inaccurate plot elements with things that have a chance of avoiding technical inaccuracy, grasps at straws to assume that the “access codes” most be the same thing as the PIN code of the cold wallet.
In the series finale (episode 6), the headquarters of the pension fund manager gradually become very crowded. In the middle of the night, Sniper handcuffs Zara and Luke and brings them to the headquarters, where they rummage through Milo’s desk and locate a little red booklet in which Milo’s “access codes” are written.
You can see the “access codes” at right, which contain letters as well as numbers, meaning that it cannot be a PIN code. But we just as well realize this cannot be a seed phrase (which cannot contain numerals).
Moments later, police investigator Covaci arrives, as do all of Sniper’s (now untrusted) fellow robbers. Gunfire erupts from multiple automatic weapons, hundreds of bullets fly, and many are killed or wounded. Zara, protected by “plot armor” (Wikipedia article), dodges all bullets, and manages to use a taser to incapacitate and then kill Sniper.
(Fun fact — in this miniseries, the teleplay writers do what often happens in a miniseries, which is the conceit of giving “names” to the episodes. I think most viewers don’t see the episode names, and even if they do see the names, I think most viewers give little thought to the names. Here, the first five episodes have names that are content-free. The sixth episode is entitled “Dead Cat Bounce”. This is, I guess, an in-joke, recognizing a concept in the world of finance. A “dead cat bounce” is a small, brief recovery (Wikipedia article) in the value of a declining asset. The term is derived from the rather morbid notion that supposedly “even a dead cat will bounce if it falls from a great enough height”.)
Returning to episode 6, the headquarters gets even more crowded with the arrival of MI5 (Wikipedia article) who have been competing with Covaci and his police colleagues to try to solve the heist. Covaci’s police colleagues also arrive. Things get still more crowded as the camera then shows workers busily peeling up bloodsoaked carpet squares and replacing them with new carpet squares.
Finally, implausibly, with the arrival of daylight, all of the employees of the pension fund manager (other than the deceased Milo) return to work and commence their ordinary daily activity at their desks. The camera shows them carefully avoiding the broken glass and stepping around the remaining bloody spots that have not yet had the carpet replaced.
In yet another howler, we learn that Zara and Luke have somehow managed to negotiate a deal with MI5 that they can “walk”, free from any criminal prosecution, in return for handing over their cold wallets to MI5. It is no easy task to enumerate all of the things that make no sense about this. First, even if one could negotiate such a deal, there is no way it could be negotiated within mere hours of the end of the bloodbath at the headquarters of the pension fund manager, yet we are told that this is what happened. Second, it is daft to think that merely paying money to MI5 could somehow be the thing that permits a suspect to “walk”. Third, as the alert viewer knows, the mere physical handing-over of a cold wallet is not the same thing as handing over the money. (In real life, one could hand over a cold wallet and moments later, configure a new cold wallet that is able to do all of the things that the old cold wallet could have done, including transferring the cryptocurrency to some other on-chain wallet location that is out of reach to MI5.)
The remaining collection of howlers surrounds the closing reveal, which is that Zara somehow managed to end up in physical possession of Milo’s cold wallet (seen at right) that is said to “contain” £20M, and that she also managed to end up in physical possession of the little red booklet containing what are said to be Milo’s “access codes”.
Any normal alert person familiar with cryptocurrency would not be standing outdoors in the public plaza in front of the Scalpel, as shown at right, casually discussing physical possession of these things. At this point, given the events set forth in the teleplay, Zara has not actually independently confirmed that Milo’s cold wallet is even functional, or actually “contains” any particular amount of cryptocurrency. But it’s worse than that — at this point, given the events set forth in the teleplay, Zara has not actually independently confirmed that Milo’s supposed “access codes” even work. Maybe the little red booklet is a decoy!
(As far as I can figure out, this is not a commercially available hardware crypto wallet. I am not aware of any with such a three-bar logo. If you recognize this or any other brand used in the miniseries as a real brand, please post about it below.)
In any real-life situation like this, any normal alert person familiar with cryptocurrency would have previously have grabbed a private moment to try to carry out an urgent on-chain transfer of the £20M to some other (perhaps newly created) wallet. This would have let Zara determine whether Milo’s cold wallet really works, and whether the “access codes” in the little red booklet really work. Assuming the transfer had succeeded, Zara would know for sure that she had actually gained control of the £20M.
(Yes, I get it that she would actually have started with a small test on-chain transaction, and then if it worked, she would have transferred the rest of the £20M.)
I have come nowhere close to enumerating all of the howlers in this miniseries that relate to cold wallets. But you can get a sense of it from the discussion above.
(Side note: there is many a thriller the plot of which depends centrally on a MacGuffin (Wikipedia article), defined as “an object, device, or event that is necessary to the plot and the motivation of the characters, but insignificant, unimportant, or irrelevant in and of itself.” An example is the film The Maltese Falcon in which a small statuette is the MacGuffin, providing both the film’s title and its motive for intrigue. My view is that the cold wallets in this miniseries do not count as MacGuffins — I think they are not insignificant, unimportant, or irrelevant in and of themselves. What do you think? Please post a comment below.)
Having said all of this, STEAL is a diverting and entertaining action-adventure miniseries. It is well-acted and well directed, which is part of what permits the alert viewer to set aside one’s reactions to the myriad howlers about cold wallets.
Leave a Reply