Secret! "FBI on the chain" How Chainalysis tracks dark network transactions

Tools like Chainalysis allow law enforcement agencies to gain insight into illegal access, not just locate bitcoin addresses, but also monitor transactions, identify crimes, and make cases easier for juries to understand.

The United States is suffering from severe opioid epidemic, and since 2007, the number of deaths caused by overdosing has increased every year—in fact, the main culprit in this crisis is fentanyl. Because as a synthetic opioid, its efficacy is 100 times higher than morphine. Fentani dealers have made huge profits, but at the same time, they have gradually turned to the dark net and used cryptocurrencies to sell the new drugs.

Tools such as Chainalysis can now track related cryptocurrency transactions to help law enforcement agencies investigate fentanyl trafficking. This article will analyze how the infamous Fentanian trader ETIKING uses cryptocurrencies to engage in illegal transactions. The company has been active on the dark network until last year. In this article, you'll see how law enforcement uses the Chainalysis tool to convert ETIKING's bitcoin addresses into tangible clues and build compelling cases.


First, let's first study the deadly fentanyl

When we talk about popular opioids, most of us first think of heroin, street drugs, or prescription drugs like Osicon. But the data shows that these are not all – because since 1997, the most common cause of overdose is illegal synthesis of opioids, and the most chilling of them is fentanyl.

Due to its strong efficacy and danger, only 2 mg of fentanyl can cause death, but it is precisely because of this extremely effective effect that it also attracts a large number of criminals to take risks. Many drug dealers (mostly from non-US) can easily produce fentanyl, then smuggle it into the US and sell it at very high prices. More importantly, because fentanyl can be used by many people with a little dose, traders only need a small amount to get a high price. According to Chainalysis, drug traders only need to invest about $1,000 in the early stage to make fentanyl drugs worth up to $7.8 million, and at the same upfront cost, heroin can only generate about $4,000 worth. So for those who are criminals, such high economic incentives make them ignore the extremely high risk of the drug itself.

There are many fentanyl dealers using cryptocurrencies on the dark network, such as Nightmare Market and Empire Market. Although some trading platforms have chosen to ban trading in consideration of the extremely dangerous fentanyl fentanyl, many sellers still use some pseudonyms. It is called fentanyl, and some people will add fentanyl to a variety of different counterfeit drugs to continue trading, which further exacerbates the risk of overdose for end users.

On the other hand, the use of cryptocurrency transactions on the dark network adds an anonymity to both buyers and sellers. However, cryptocurrency transactions still leave a permanent record on the blockchain, which also provides law enforcement agencies with the opportunity to investigate illegal transactions. With Chainalysis, analysts can track funds in blockchains, query data related to cryptocurrency transactions, and correlate those transactions to corresponding entities in the real world. Fentanyl trader ETIKING was previously active on AlphaBay, and was arrested in 2018. This article will analyze ETIKING's previously processed cryptocurrency transactions.


Tracking ETIKING: Can Chainalysis reveal which darknet fentanyl trading information?

In 2017, a Florida woman died of overdose of fentanyl, which was purchased from a supplier called ETIKING on AlphaBay. The United States Drug Enforcement Agency (DEA) did not conduct an investigation by analyzing cryptocurrency transactions at first, but found ETIKING's seller Jeremy Achey and arrested it through information provided by informants.

After learning of this news, we decided to use Chainalysis Reactor to analyze ETIKING's cryptocurrency activities in order to find out whether the tool could help similar law enforcement investigations, and the results were not disappointing. Reacotr has a lot of information, and these potential clues are likely to help law enforcement officers to identify ETIKING more quickly, and the first step is to get Jeremy Archie's bitcoin address, we I will show you below:

ETIKING's customers pay him the bitcoin address used to purchase fentanyl:


We can enter the above address into the Chainalysis Reactor and you can see the counterparty information associated with the address. At this point, we can trace the service that was used before the fund transaction (such as whether it was processed on the cryptocurrency exchange). Trading), and at the same time, can trace the information of other criminals.

The above image shows a general breakdown of trading activity with an ETIKING address, where "Receiving Exposure" shows where the funds flowed, and "Sending Exposure" shows where the funds flowed out.

If we look closely at the "receive exposure" information on the left, we will find that different types of counterparties send cryptocurrencies to ETIKING, and Jeremy Archie apparently receives a lot of bitcoin through the dark network, which was collected with law enforcement agencies. The information is consistent. In the "send exposure" on the right, we see that Jeremy Archie actually sent a lot of bitcoin to the exchange, as well as other services (such as P2P exchanges, merchant services, etc.). It is speculated that these may be a series of transactions that ETIKING wants to convert from Bitcoin obtained from the Darknet to legal tender. In "Send Exposure or Receive Exposure", the analyst can easily pull out the list of services that are traded with ETIKING by clicking on any of the categories shown.

For example, if we continue to delve into the category of dark circles in ETIKING's "Receive Exposure", then we will find that the two darkest platforms they receive the most money are AlphaBay and Dream Market. Next, we can add these two darknet platforms to the Reactor chart for detailed analysis, as shown below:

In addition, we can analyze ETIKING's "send exposure" information in detail, and we will find that Jeremy Archie sent the bitcoin obtained from the dark network to four different exchanges.

Law enforcement agencies may wish to dig deeper into what receiving addresses ETIKING uses on these exchanges, and we will discuss further what to do later on this issue. Here, let's continue to see what other clues can be found using Reactor.

If we look more closely at an unusual transaction in ETIKING's "Send Exposure", we will find more valuable "trios". Between 2015 and 2016, we saw Jeremy Archie send 0.71 bitcoin to Energy Control International, a drug performance testing laboratory in Barcelona, ​​Spain.

These transactions indicate that ETIKING is seeking a legal drug laboratory to help test the quality of the drug, which is definitely another valuable clue worthy of follow-up in the eyes of law enforcement agencies.

Finally, by backtracking ETIKING's deposits, we can identify the bitcoin address clusters used by ETIKING, including the same addresses (green arrows) used in their favorite three cryptocurrency exchanges, and addresses from the same dark platform receiving funds. (Blue arrows) – These address clusters are likely to be controlled by ETIKING as well.

In summary, we already have a very detailed chart, so that we can get a deeper understanding of ETIKING's operation and its concept.

So what can law enforcement agencies do with this information? As we mentioned above, law enforcement agencies can investigate which exchanges ETIKING has deposited in Bitcoin – this is their real “gold mine”. Law enforcement agencies can summon these exchanges and get more account information related to ETIKING, and then they will know that ETIKING is actually Jeremy Archie and arrested him, and began to hear the case with the support of the transaction model disclosed by Reactor.


Blockchain analysis drives the development of drug investigations

Opioids have been taking people's lives, but the dark market has provided drug dealers with a new, seemingly anonymous sales channel. However, as the ETIKING case reveals, when law enforcement officers own and use the right investigative tools, anonymity does not prevent them from investigating criminals who use cryptocurrencies.

Tools like Chainalysis allow law enforcement agencies to gain insight into illegal access, not just locate bitcoin addresses, but also monitor transactions, identify crimes, and make cases easier for juries to understand.