It would be possible for Law Enforcement (LE) or Intelligence Agencies (IA) to confiscate an ordinary user’s bitcoin, but it would be hard. Most wallets are password-protected. So, the user would have to reveal his password. Not only he could have forgotten it, revealing the password is usually self-incriminating. The refusal to incriminate himself can generally not be held against the suspect. Of course, LE could put all kinds pressure on the user, but there are limits to that too. Even a moderately-trained person could be surprisingly difficult to interrogate. Therefore, the user may very well successfully get out of that situation without ever revealing the password protecting his bitcoins.
A market platform must be able to make payments, to pay out escrowed amounts to the vendors. If the market administrator manually signs a list of payments on a daily basis, it is possible to avoid storing a dangerous password on the platform itself. If LE confiscates the servers, they would not have access to the password required to confiscate the bitcoins too. They would have to apprehend the market administrator and make him fess up his password. We would be back to the situation described above.
Letting the market platform pay out automatically, is possible, but there will always be a risk — no matter how small — that attackers will manage to make a copy of the private keys controlling the bitcoins. Subdividing the bitcoins into a hot and a cold wallet does not help with that problem. Ultimately, someone will have the final password: a machine or a person. In both cases, there will always be a risk that something will go wrong.
In the case of Silk Road, Ross Ulbricht had stored unprotected private keys either on the market machine itself, or else on a machine that could easily be discovered by inspecting the market machine. This was not just an LE issue. If any type of attackers had managed to overrun his main defense line, they would have been able to steal all his bitcoins. It was obviously an accident waiting to happen.
If he had stored his bitcoins on a separate payments-only machine and let this machine connect to his main market machine over the tor network, in order to retrieve the list of vendor addresses to which to make payments, it would have been sheer impossible for any attacker to figure out where this machine was located. Of course, it would still be possible to mislead this payments-only machine into making the wrong payments, but that would already be substantially harder. If the process automatically stops after three days, unless Ross signs the machine’s permission to do so, the attacker would have only 3 days to mislead the machine into signing over the money. If, for example, LE does not know about this beforehand, before apprehending Ross, they will not have enough time to mislead the machine before it shuts down automatically.
But then again, if possible, it makes much more sense to sign off the list of payments manually. Only very, very large markets should automate outgoing payments.
Ross was obviously making direct SSH connections to his market machine. Since LE were already watching him, all they had to do, is to record the IP addresses that Ross was connecting to, one of which would inevitably be his market machine. This is a silly way of getting caught. There was obviously no need whatsoever to connect directly over SSH to any of his Silk Road machines. He could just have exported his SSH port over tor too. Alternatively, he could also have used a Whonix-style gateway to route his traffic over tor. He did neither of both, because LE did manage to figure out his market machine’s IP address.
Of course, the Silk Road server could also have accidentally have revealed its IP address. That is also silly, because you could, for example, run the processes inside a Virtualbox virtual machine (VM). Anything running inside a VM does not know its own IP address. It is impossible to reveal information that you simply don’t know. In my impression, the same holds true for anything running inside a Docker container. I still need to verify this, but it would be quite obvious.
There was no need for Ross to reveal Silk Road’s IP address, even when they were watching all his communications. A few simple and absolutely not inconvenient countermeasures would have made that impossible.
Furthermore, even if they still happen to de-anonymize the server, in twenty minutes you have moved it. In the case of something like Silk Road, you should move the servers every week anyway. LE had to simultaneously de-anonymize the servers and Ross himself. He could have made this exceedingly hard.
The entire platform was apparently run off one server, his single point of failure. It looked like a unique copy, lacking any form of source control. There were probably not even backups. All of that would have gone wrong anyway.
But then again, it went even faster than that, because LE had already put Ross on the watch list and were watching him. The problem was not really that Ross had made OPSEC (Operational Security) mistakes — which apparently he also did — but that senators Charles Schumer of New York and Joe Manchin of West Virginia had written a letter to U.S. Attorney General Eric Holder, demanding that he would discover who exactly was behind Silk Road, to grab him by the balls, and to lock him up forever. Ross Ulbricht was facing the ire of the most dangerous LE/IA combo on the planet: the American one.
One way for Ross to deflect attention, was to shut down Silk Road and inform the best vendors and buyers that he will now be doing “Cotton Mill”. LE will not immediately know what to do. They were tasked to investigate “Silk Road” and not “Cotton Mill”. It would be difficult to prove the link between both. There are only rumours that they would be related. As you know, everything is always related to everything else. So, that does not help either. All orders would be void now, until further notice. Eric Holder would have to give new instructions first. Maybe he will conclude that it is time to take his scarce resources off the now defunct “Silk Road” story and to let them work on something more important instead.
Ross knew that they wanted him by the balls and hang him from the highest tree. Their capacity to run after someone like him, is very high. Their motivation was very real. They could already be watching him. Anybody with half a brain would have known that it is was time to move on.
Why not do the Silk Road stuff from Mongolia or Kyrgyzstan or so? The local LE will assist the American LE but will not have the capacity and in fact not even the motivation to come up with a reasonable performance. They are also notoriously corrupt. So, you can often solve the problem with plan B. If American LE cannot keep a direct eye on you, but must rely on a bunch of idiots somewhere, it will throw a big spanner in the works. You see, they could come over to a place like Paraguay, but LE is barely allowed to do that. Gathering intelligence abroad is rather the job of IA. In any case, the file will have to move to another team. As you know, the senators wrote to LE and not to IA. Therefore, they have simply written to the wrong person. Before they understand that they should fix this, the investigation will already have hit too many obstacles to become effective again. Wherever you move, one thing you can know for sure. The women will always be gorgeous there, especially when your pockets are stuffed and bulking with dollars. So, move already!