Investigators searching for those responsible for Nancy Guthrie’s alleged kidnapping have had one key lead from the outset: a Bitcoin wallet address included in a ransom message sent to her family.
Cryptocurrency specialists say the wording of the ransom demand and the use of the wallet point to inexperienced operators. Detectives, however, are also reportedly questioning whether an early decision in the case — involving just $152 — may have been a costly mistake.
The ransom email, which referenced details about Guthrie’s home and an Apple Watch that had not been publicly disclosed, demanded $4 million in cryptocurrency in exchange for her return.
A second email, sent from the same IP address, later claimed that Guthrie had died.
According to sources familiar with the investigation who spoke to Air Mail, FBI agents and detectives with the Pima County Sheriff’s Department are now revisiting the decision not to pay the $4 million ransom.
Rather than send the full amount, the FBI placed $152 worth of Bitcoin into the wallet, hoping the suspects would move the funds and give cyber investigators a chance to trace the transaction.
The money, however, has not moved and remains in the wallet.
“[The suspects] would want to get those $4 million off chain as fast as they can,” said Ari Redbord, global head of policy at TRM Labs, a data firm that assists law enforcement agencies in investigating cryptocurrency-related crimes.
“They are typically using mainstream exchanges like Coinbase or Kraken that have that user information. … Law enforcement can then subpoena them for that information,” he told The Post.
EXCLUSIVE: Disclosure Day Decoded: The Most Confusing Moments Explained Clearly
But instead, the FBI opted to deposit a much smaller sum in the account.
The strategy — called “tickling the wire — might have worked, especially because Guthrie’s bumbling kidnappers probably wouldn’t use more sophisticated tools to cover their tracks.
“An actual, sophisticated operation wouldn’t have gotten involved in a kidnapping conspiracy turned homicide. That alone says it’s rookie s–t,” said attorney Todd Spodek, who specializes in cyber crime and represents alleged $16 million fraudster Ronald Spektor.
A suspect was filmed in a cobbled-together Walmart mask/glove ensemble with a gun awkwardly holstered on his pants, trying and failing to disable Guthrie’s doorbell camera on the day she vanished.
Even if that bumbling thug had been working with a computer-savvy mastermind: “It sounds like some f–king, and I don’t know any other word than the yiddish, but some farkakte plan,” Spodek said.
Yet both Spodek and Redbord agree that choosing to not send the $4 million was also a valid option for law enforcement.
“Law enforcement is often placed in a Catch-22 situation, damned if they do, dammed if they don’t,” Spodek said.
“They could have sent a large sum of money, and it could have gone nowhere. The suspects might have panicked and left it sitting in the wallet for 10 years. Or forever. It’s hard to negotiate with a terrorist. These are not rational people.”
Meanwhile, the task force is still trying to track the ransom notes authors by following the chain of proxy servers the sender, or senders, used to protect their identities.
Authorities also detained and released several persons of interest, canvassed Tucson-area gun stores, and analyzed potential DNA evidence — all to no avail as the investigation enters its fifth month.
