Analysis of using virtual currency to launder money

When it comes to money laundering, we often see various scenes of money laundering by gang bosses in movies. There are money laundering methods that use casinos, antique trading, overseas investment, virtual goods, etc. as media. Now with virtual currency, criminals launder money. What changes will happen to the method?

The money laundering risk of virtual currency

Due to the existence of anonymity, decentralization, difficulty in tracking, global circulation, convenience of transactions, complexity of transaction models, irrevocability after transactions, diversity of holding methods, and controversial standards for value determination, virtual currencies, etc. characteristics, so it has a high wind laundering risk .

Criminals’ use of virtual currency has gradually reduced virtual currency to a money laundering tool. In addition, relevant state departments have continuously increased their efforts to combat cybercrime in recent years . A series of combinations such as ” Card Broken Action ” and ” Anti-Money Laundering Law ” have come into effect. The money laundering channel has suffered a heavy blow, which has also intensified the phenomenon of virtual currency money laundering, and law enforcement agencies and criminals have begun a new round of in-depth game.

The emergence of new virtual currency money laundering methods such as anonymous coins, running U platforms, and mixed currency platforms has also made this game even more difficult .

The process of virtual currency money laundering

Generally speaking, the process of using virtual currency to launder money can be roughly divided into three stages. In actual cases, the three stages can sometimes be clearly distinguished, and sometimes overlap, overlap, and aggregate. It is difficult to completely separate, and some only use partial Complete the money laundering at the stage.

The first stage: to put home . Criminals buy virtual currency and inject illegal funds into the channels to be “laundered”. In actual cases, other methods may be combined to confuse the source of virtual currency . This stage is actually very common in many money laundering methods. As long as the criminals infiltrate the stolen money into a third-party platform/merchant for money laundering, this process can be called placement.

The second stage: the cultivation stage . Money launderers use the anonymity of virtual currency to conduct multi-level and complicated transactions, thereby concealing the nature and source of criminal proceeds.

The third stage: the integration stage segment . After constantly transferring and laundering illegal gains, the virtual currency held by criminals is basically unrestricted and relatively safe. At this time, they only need to integrate all the laundered virtual currency into a certain address and finally withdraw it. The money laundering operation is basically completed.

New virtual currency money laundering methods

Method 1: Use anonymous coins to launder money

First of all, a recently emerging money laundering method is to use anonymous coins for transactions, because anonymous coins use technical means such as ring signature proof and zero-knowledge proof to make users’ transaction records untraceable. Criminals will convert the stolen money into anonymous coins at the exchange before performing subsequent trading operations , which makes it difficult for law enforcement agencies to conduct further investigations.

Case: Japanese criminal group used anonymous coins to launder large amounts of money

According to Japanese news media reports, many Japanese criminal groups use virtual currencies and private anonymous coins such as Monero and Dash to launder money. After investigation, it was discovered that illegal money laundering transactions conducted through virtual currency exceeded US$270 million, and the source of these transactions was likely to come from drug transactions and other illegal activities.

Relevant Japanese authorities investigated the virtual currency transactions in Japanese gangs and found a USB interface named ” ZDM “, which is the abbreviation of Zcash, Dash and Monero, which shows from Since 2016, a gang has used hundreds of transfers to launder money amounting to 29.85 billion yen (approximately US$27.8 million).

The following figure summarizes the methods of Japanese money laundering cases :

Analysis of using virtual currency to launder money

Method 2: USDT running sub-platform

Traditional running score: Refers to the process of frequent transfers and money laundering by criminals by acquiring the QR codes of ordinary users’ third-party payment platforms.

USDT running points: Participants of running points buy USDT as a deposit on the USDT running points platform to participate in the running points to grab orders. Participants of the running points provide the recharge codes for purchasing USDT coins to the running points platform. The running points platform gathers USDT recharge codes of various recharge limits, integrates them into a USDT recharge code pool, and provides them to the gambling platform in the form of a recharge interface. Gamblers to recharge their gambling funds need to scan the USDT recharge code to recharge, that is, use RMB to purchase USDT from the running sub-platform, which will eventually cause the renminbi to flow to the running sub-platform.

The difference between the two : the original RMB margin has been replaced with a stable currency, namely USDT TEDA, and the original third-party payment codes such as WeChat and Alipay have been replaced with the exchange’s USDT deposit address.

The advantages of USDT running points : no need for WeChat, Alipay and other payment codes, simpler operation, anonymous payment address, and immediate rebate.

Participants of the running points give their own exchange collection code and provide corresponding deposits to the intermediate platform. The platform contacts the demander of the running points, and the demander deposits USDT into the account of the running points participants, and then deducts the deposit of the running points participants. All parties draw profits from the stolen money from the demand side of the running points and finish the running points. After the running points, most of the funds flowed into the illegal gambling and betting platforms on the network.

Analysis of using virtual currency to launder money

USDT running sub-platform money laundering process

Case: Money laundering on the “Dianfeng” running sub-platform

Dianfeng is a very well-known running sub-platform, which has been shut down by the public security organs.

Here, I will explain the general operating model of this platform from the perspective of the participants of the running points to explain the method of running away more directly.

After registering on the platform, the running participants need to go to the virtual currency exchange to register an account. After the exchange is approved, they can recharge the deposit on the platform. The recharge amount is the upper limit of the order amount. Pinnacle requires that the recharge deposit of running points participants must be higher than a certain amount.

After the platform receives the top-up funds, the running sub-platform adopts an order-grabbing mechanism similar to the online car-hailing platform, and deducts 1.8% to 3% of the funds as the platform commission. After that, the platform will allocate running points orders to the recharged running points participants, and use 0.3%-0.6% of the stolen money as the commission income of the running points participants. The funds after the running points will be transferred to the overseas gambling website to complete the running points. .

Participants of running scores only need to provide the collection code and deposit to get a high income, so this is why running scores are so popular.

Analysis of using virtual currency to launder money

A screenshot of the order and revenue of a running sub-platform

Zhifan Technology Security Experts hereby remind:

Everyone should beware of the pitfalls of running sub-platforms. Don’t believe in part-time advertisements such as “zero cost at home and thousands of dollars a day” and other part-time advertisements. They need to be discerned carefully.

Don’t take a shortcut to make money and embark on a criminal path. If you participate in the race to divide the participants, in the case of prior conspiracy with the predicate criminals, the participants will become accomplices in the predicate crime, even with the predicate crime. If the elements did not collude in advance, they will also be suspected of the crime of assisting in trust (the crime of helping information network criminal activities) and the crime of concealment (the crime of covering up and concealing the proceeds of crime).

Method 3: Mixed currency platform

In addition to running sub-platforms, there is also a virtual currency platform that criminals often use to launder money.

The official of many currency mixing platforms is under the banner of increasing transaction privacy, but if you want to improve your transaction privacy, you have to pay more fees. Many people are unwilling, so these platforms actually have more It has become a medium for criminals to launder money.

The main purpose of criminals using the mixed currency platform is to ” launder coins” , which is to transfer stolen money (coins) to the platform, and then get “clean” money from the platform. The role of currency mixing is to cut off the link between the criminal’s input funds and the output funds he receives.

If criminals want to transfer the stolen money to the currency mixing platform, they need to use the currency mixing service provided by the currency mixing platform. This currency mixing service is a service used to hide the transaction path and hide the identity of the participants . Generally, high amounts are charged. The handling fee is very popular with criminals. At present, the currency that the currency mixing platform accepts is mainly Bitcoin, and now it has also launched a currency mixer that supports Ethereum and other currencies.

Mixed currency platforms are divided into two modes of operation : centralized and decentralized .

Regarding the operation model of the centralized currency mixing platform, there is a speculation circulating on the Internet that after the platform receives the stolen money from criminals, it will first make a fund deducting the handling fee from the clean pool, because the amount of funds is already It is different, and the receiving address is also different, it is actually difficult to associate two funds.

After that, the stolen money entered by criminals will be shuffled with the subsequent funds after a period of precipitation. The specific shuffle method platform has not been announced, and the funds after the shuffle will be transferred to the fund pool for download. One step use.

The decentralized mixed currency platform mainly uses a mechanism called CoinJoin . If you need to clarify the principle of the CoinJoin algorithm, you must first introduce a transaction mode used by Bitcoin.

UTXO model : The accounting model adopted by Bitcoin is called UTXO (Unspent Transaction Outputs), which is one of the core concepts of Bitcoin.

A UTXO can be understood as a paper currency with a certain denomination. When A wants to transfer a bitcoin to B, the process is to sign the previous UTXO in A’s wallet address with a private key and send it to B the address of.

This process is a new transaction, and B gets a new UTXO. Just like we usually use paper money, bitcoin transactions will also generate change . When A’s balance is greater than the amount he wants to send to B, change will be generated, and this change will be sent to A’s address. , But this transaction seems to outsiders there is no way to distinguish which address is A or B.

As shown in the figure below, one input of 5 BTC will result in an output of 4 BTC and 1 BTC for change. It will continue to be used as the input for the next transaction along with other received BTC. Unless it is a party involved in the transaction, it is more difficult to distinguish from the outside which sum is output and which sum is change.

Analysis of using virtual currency to launder money

UTXO model diagram (without considering the handling fee)

The principle of CoinJoin relies on Bitcoin’s accounting model . At present, most of the currency mixers on the market adopt the CoinJoin transaction model, and this transaction model is a privacy transaction protocol proposed by the Bitcoin core developers.

Due to the design mechanism of Bitcoin UTXO, the same transaction can have multiple inputs and outputs. CoinJoin can use the characteristics of Bitcoin to construct such a transaction, allowing hundreds of transaction initiators (addresses) to transfer a certain amount of Bitcoin to hundreds of transaction recipients (addresses) at the same time.

In this way, through this transaction behavior in which input and output are confused by external personnel, there is no way to prove the connection between the controllers of these hundreds of addresses through this transaction, which can just achieve the criminals’ need to obscure the source of their funds. .

As shown in the figure below from the CoinJoin transaction record intercepted from the Chaindigg blockchain browser of Zhifan Technology , there are 68 input addresses on the left in the same transaction record, and 105 output addresses, and the Bitcoin addresses on both sides The format is the same, and it is difficult to re-establish the relationship between input and output addresses only by manual tracking.

Analysis of using virtual currency to launder money

 The picture shows a screenshot of a CoinJoin transaction record

Case: Hackers use the mixed currency platform to launder money after stealing coins

At 22:00, May 17, 2021, Binance Chain’s BSC on-chain option protocol FinNexus is suspected of being attacked. FNX tokens (with ETH-BSC cross-chain function) have been minted, transferred or sold in a large amount in a short period of time, involving BSC And Ethereum more than 300 million FNX tokens (approximately 7 million U.S. dollars).

After the hacker completed the attack, he used Tornado to trade ETH to launder the stolen money obtained. So far, there has been no trace of the hacker’s stolen money transfer.

Methods of tracing virtual currency money laundering

In order to effectively solve the problem of the inability to track the flow of assets caused by the anonymity of virtual currency, the security team of Zhifan Technology independently developed a virtual currency investigation service platform for public security organs-” Track by Trace-Virtual Currency Tracking and Verification Platform ” , Relying on Zhifan’s blockchain big data analysis capabilities, assisting public security agencies in combating fraud, money laundering, pyramid schemes, dark web transactions and other crimes involving virtual currency through the analysis of virtual currency address accounts, virtual currency tracking and traceability, and line expansion. .

The Zhifan Technology security team has been committed to researching new money laundering methods and models of criminals, and providing traces and decision directions for related cases involving the use of virtual currency to launder money.

Posted by:CoinYuppie,Reprinted with attribution to:
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.

Like (0)
Donate Buy me a coffee Buy me a coffee
Previous 2021-07-24 02:17
Next 2021-07-24 02:23

Related articles