Well you don't want to lose those keys ... there is a bit of a conundrum there (granted you don't have to do it the way they did either).
As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.
I'm not invested in crypto or really at all interested in it. That said, my mentor seems pretty excited about it and is pretty heavily invested as of the past few months. I advised him to do something like https://en.wikipedia.org/wiki/Shamir's_Secret_Sharing and distribute it across a wide number of storage mechanisms, physical, digital, and custodial. For instance, in google drive, in drop box, in a bank safety deposit box, engraved in a gold bar buried in your yard, in your house safe, etc.
Why anyone with a significant amount of crypto assets isn't going to insane extremes in terms of secrecy and durability is beyond me.
I don't understand the math but I think I have seen that style of secret management where any 3 of say 10 secrets can access something but no 2 or any 1 secret can do it.
It would seem to solve a lot of just organizational problems where "jan is out of the office today" and nobody can do the thing ... but if access is spread out among 10 people ... 3 probably are in the office when needed.
Granted I've never seen it used in production personally, not / seen it on a granular level.
> In order to prevent one person from having complete access to the system, Vault employs Shamir's Secret Sharing Algorithm. Under this process, a secret is divided into a subset of parts such that a subset of those parts are needed to reconstruct the original secret. Vault makes heavy use of this algorithm as part of the unsealing process.
I have used it. It works. Tooling is still pretty poor. Every use, we ended up bringing the necessary people into a room, booting up an offline laptop from a sha-summed live USB, QR code scanning each of our secrets, combining them, then using the key to sign whatever we needed to sign, photographing the signature as a QR code. We use software from 2008 because an OS stack contains code from tens of thousands of developers, and we felt old software was less likely to have an active 'steal these keys and exfiltrate them via open wifi' malware.
We would first go through the process with 'dummy' keys to check everyone was happy with the process and what we were going to do (ie. which commands, what software, what exactly will be signed). We would then do it again with the real thing. And then we'd power off the computer till next time it needed to be used.
"Clunky" would be a good way to describe it... But it's hard to make it better without relying on a bunch of software we don't have the resources to audit.
This plan doesn't really scale to the 2000 wallets mentioned in the OP. But maybe that scenario only comes up when you're looking to launder billions of dollars worth of BTC?
As far as how exactly they got caught, there was a reward offered by the company it was stolen from. It may have been someone tipped the feds off for the reward.