Trend
More

文章详情

BSC

$--
0
download dymatic logo
image source head

Is virtual currency transactions really anonymous? How did the police track the flow of funds and lock in the suspect?

trendx logo

Reprinted from panewslab

04/21/2025·1M

Is virtual currency transactions really anonymous? How did the police track the flow of funds and lock in the suspect?

" This project was indeed organized and planned by me. I want to know how you found the traders behind it? According to my understanding, it is impossible for you to find me. What are you relying on ?"

The above are the details of the case disclosed by the Xin County Public Security Bureau in handling the "12.04" virtual currency pyramid scheme case. During the interrogation, the suspect Zhang, the head of the criminal pyramid scheme, asked the police officers in confusion about this issue.

When Lawyer Shao handles criminal cases involving black and gray industries and virtual currency, many parties will also have such questions, such as asking me: "Lawyer Shao, when I was doing this, I was abroad, and my previous company was abroad. We usually communicate with TG (aircraft software), and we burn it after reading it. Isn 't virtual currency transaction anonymous? How can the police catch me ?"

So today let’s talk about how the public security tracks the transaction process of virtual currency and locks the identity of the suspect in virtual currency ?

Author of this article: Lawyer Shao Shiwei 1

1 Virtual currency transactions

Really anonymous?

As one of the applications of blockchain technology, virtual currency has the advantages of decentralization, privacy protection, reduced transaction costs, and high returns. However, due to its certain degree of anonymity, it is often used by some criminals to make virtual currency launder money and gray-black transactions related to the gray-black industry.

But virtual currency is not completely anonymous, because the transaction process is public on the chain, but the address does not directly associate the identity. Additionally, because virtual currency exchanges need to comply with Know Your Customer (KYC) and Anti-Money Laundering (AML) rules, this also makes it easier for law enforcement to track transactions on the blockchain.

Because there is an open and tampered account behind virtual currency. Therefore, virtual currency transaction and evidence collection are actually very friendly to the public security organs.

2

How do public security organs track currency flow

Locking the suspect 's identity?

Perhaps in the early years, local public security organs lacked understanding of currency-related cases, and there were not many cases filed for investigation, and many victims had no way to protect their rights.

However, as the case-handling units continue to deepen their understanding of virtual currency, their ability to track on-chain data and analyze data in the flow of virtual currency is actually constantly strengthening. A brief introduction to several common methods:

1. On-chain address association analysis

Through blockchain browsers (such as Tronscan and Oko Cloud Chain), the transaction map can be analyzed, and common inputs between addresses and fund collection mode can be identified. For example, multiple addresses frequently transfer money to the same target address, which can be inferred as the same entity control.

According to Lawyer Shao’s experience in acting in currency-related cases, this analysis method is often used in virtual currency pyramid scheme crimes and casino opening crimes .

In the "12.04" virtual currency pyramid scheme case in Liaocheng mentioned above, the police found that the pyramid scheme platform generated multiple addresses to collect funds through the TokenPocket wallet, and eventually flowed the funds to the main address and withdraw cash through the exchange. By analyzing the transaction frequency and fund size of these addresses, the masterminds are locked in.

In many cases of opening a casino represented by Lawyer Shao, the income settlement process between the casino and the payment settlement personnel also uses the collection address as a breakthrough to lock the identity of the person involved.

2. Exchange KYC certificate adjustment

At present, most mainstream virtual currency exchanges (such as Binance, Ouyi OKX, Huobi HTX) and digital wallet platforms (such as ImToken) will publicly cooperate with the policy rules and regulations of law enforcement and special channels for the mainland public security to enforce the law on their official website.

Law enforcement officers can send a letter of investigation to the exchange by email, requiring the suspect's registration information, facial photos, financial information, currency withdrawal transactions, wallets, fiat currency transactions, currency transactions, contract transactions, login IP, MAC and other equipment information.

In addition, the exchange will also freeze the virtual currency in the suspect's account at the request of the law enforcement department, and the freezing period will be one year, but the law enforcement agency can apply for a renewal before the expiration.

3. Processing fee (Gas fee), transaction hash tracking

Each successful transaction of virtual currency requires payment of Gas fee (TRX/ETH, etc.). Then when tracing the wallet address of the suspect collecting the stolen money, the record of the suspect purchasing Gas fees from the exchange can be traced. For example, the police analyzed the source of the Gas fee at the address involved and found that it was to purchase TRX through the Binance account to pay the handling fee, thereby locking the exchange account.

In virtual currency transactions, transaction hashing can ensure the uniqueness and immutability of transactions, and the hash value generated by each transaction is unique. The transaction details can be seen through the transaction hash, such as the sender's address, the receiver's address, the transaction amount, the transaction fee, etc.

The case handler provides Gas fee transaction records and transaction hash to the virtual currency exchange to obtain the suspect's KYC information (such as passport, ID card, email address, mobile phone number, etc.).

4. Device fingerprint and IP association

The case handlers associate the operation behavior of multiple addresses through the login IP and device ID of the exchange or wallet (such as mobile phone IMEI, MAC address), thereby locking the target.

For example, in the case of MIT Hacker Brothers, the FBI analyzed the VPN logs and device fingerprints used by the suspect and found that he logged into the same exchange account multiple times, and finally located the physical location [i].

5. Cross-chain exchange and mixed currency cracking

Many suspects think that cross-chain transactions or using currency mixers can better conceal their identities, but this is not the case.

Cross-chain tracking : Track the transfer path of funds through transaction hashings of cross-chain bridges (such as Bitcoin → Ethereum).

Coin mixing analysis : Use on-chain fingerprint technology (such as transaction time and amount pattern) to identify the input and output addresses of coin mixers (such as Tornado Cash).

For example, when the US Department of Justice recovered the Colonier pipeline ransom, it analyzed the hacker's "chain money laundering" path and finally intercepted a series of private keys of the key addresses ending with the "dh77gls" character [ii].

6. International cooperation and stablecoin freezing

For stablecoins such as USDT, the public security may require the issuer (such as Tether) to freeze the funds involved in the address . International cooperation can also be carried out.

For example, a cross-border online gambling case involving a 400 billion yuan (the "first case of virtual currency" in the country) was cracked by the Jingmen police in Hubei. According to reports, "because the platform is settled in virtual currency, the public security organs connect with the virtual currency issuing agency and freeze the relevant virtual currency accounts involved in the case."

For example, in the 55 million Ethereum theft case in Neijiang, Sichuan, it is reported that "in order to solve this case, the Sichuan police conducted 14 international cooperations with Singapore, the United States and the Netherlands, extracted a set of techniques and tactics to analyze blockchain addresses in actual combat, retrieved data from overseas virtual currency exchanges more than 70 times, and traced more than 20,000 blockchain addresses" [iii].

7. From the final withdrawal flow to the

The virtual currency held by the suspect cannot be used directly for daily consumption in most countries, so there is always an export for black and gray transactions, that is, the virtual currency is converted into fiat currency. The person who helped exchange fiat currency became a breakthrough in tracing the identity of upstream criminals.

8. Abnormal transaction triggers risk control

The reason why many people’s bank cards are frozen is that frequent fast in and out transactions trigger the bank’s risk control system. And in the world of Web3, the same is true.

Generally speaking, ordinary currency speculators will place funds on the platform to buy and sell them, rather than regularly conducting high-frequency fast in and out of large amounts of funds. Therefore, in terms of currency flow tracking facts, if you find that there is a fast inflow and outflow of funds at the address, it will be considered a suspicious address.

3

Conclusion

Criminals will mistakenly think that virtual currency transactions are anonymous, so the investigators cannot lock their true identities; virtual currency exchanges are all abroad, so it is definitely difficult for domestic public security to investigate and collect evidence; it cannot be tracked through cross-chain and currency mixers, etc. Therefore, they will engage in black and gray transactions unscrupulously. However, this fluke mentality will only end up putting them in a deeper dilemma.

But some parties involved will discuss with me how much they regret after being arrested, but what they regret is not that they violated the law, but that they regret not designing the transaction chain more secretly.

When facing such a party, sometimes I don’t know what to say, and I can only sigh in response.

[i] Two hacker brothers who stole $25 million in cryptocurrency in 12 seconds were arrested http://note.f5.pm/go-240378.html

[ii] The US Department of Justice intercepted 63.7 bitcoins extorted by hackers, and Bitcoin fell by more than 10% in a single day | Interface News https://m.jiemian.com/article/6209923.html

[iii] The 55 million blockchain asset theft case in Neijiang, Sichuan has been solved! https://xinjiapo.news/news/215601/

Can frozen virtual be enforced?

Deeply investigated, the Xin County Public Security Bureau successfully cracked the first major case of virtual currency pyramid scheme in the city https://mp.weixin.qq.com/s/KduRfmY5hk8r6xLO5t_epQ

more

Trump's thoughts on negotiations: Whoever has gold is the dominant feature image

trendx logopanewslab1M

Trump's thoughts on negotiations: Whoever has gold is the dominant

Data: Tokens such as UDS, VENOM, ALT will be unlocked in large amounts next week, of which UDS unlock is worth about US$14.9 million feature image

trendx logopanewslab1M

Data: Tokens such as UDS, VENOM, ALT will be unlocked in large amounts next week, of which UDS unlock is worth about US$14.9 million

Weekly Preview | Initia will be launched on the main network and listed on Binance; US SEC holds its third roundtable for crypto policy, which will focus on hosting issues feature image

trendx logopanewslab1M

Weekly Preview | Initia will be launched on the main network and listed on Binance; US SEC holds its third roundtable for crypto policy, which will focus on hosting issues

Michael Saylor: Bitcoin does not have counterparty risks feature image

trendx logopanewslab1M

Michael Saylor: Bitcoin does not have counterparty risks