first level title

01 Money laundering risk of virtual currency

Due to the existence of anonymity, decentralization, difficulty in tracking, global circulation, transaction convenience, complexity of transaction models, irrevocability after transactions, diversity of holding methods, and controversial value identification standards, virtual currencies characteristics, thereforeHigh risk of money laundering。

The use of criminals has also gradually reduced virtual currency to a tool for money laundering. In addition, relevant state departments have continuously increased their efforts to combat cybercrime in recent years. The money laundering channel has suffered a heavy blow, which has also intensified the phenomenon of virtual currency money laundering, and law enforcement agencies and criminals have started a new round of in-depth games.

first level title

02 The process of virtual currency money laundering

Generally, the process of using virtual currency to launder money can be roughly divided into three stages. In actual cases, the three stages can sometimes be clearly distinguished, and sometimes overlap, overlap, and aggregation occur, making it difficult to separate them completely. stage to complete the money laundering.

Phase 1: Placement. Criminals buy virtual currencies and funnel illicit funds into channels to be “laundered.” In actual cases, other methods may be used to confuse the source of virtual currency. This stage is actually very common in many money laundering methods. As long as criminals transfer stolen money to third-party platforms/merchants for money laundering, this process can be called placement.

The second stage: the cultivation stage. Money launderers use the anonymity of virtual currencies to carry out multi-layered and complicated transactions, thereby concealing the nature and source of criminal proceeds.

first level title

secondary title

Method 1: Using anonymous coins to launder money

First of all, a recently emerging method of money laundering is to use anonymous coins for transactions, because anonymous coins use technical means such as ring signature proofs and zero-knowledge proofs to make users' transaction records untraceable. Criminals will convert the stolen money into anonymous coins on the exchange before conducting subsequent transaction operations, which makes it difficult for law enforcement agencies to carry out further investigations.

Case: Japanese criminal groups use anonymous coins to launder large amounts of money

According to Japanese news media reports, many Japanese criminal groups use virtual currencies and privacy-friendly privacy coins such as Monero and Dash for money laundering. After investigation, it was found that illegal money laundering transactions conducted through virtual currencies exceeded 270 million U.S. dollars, and the source of these transactions is likely to come from drug transactions and other illegal activities.

Relevant Japanese departments investigated the virtual currency transactions in Japanese gang organizations and found a folder named "ZDM", which is the abbreviation of Zcash, Dash and Monero, which shows that since 2016 Since 2010, a gang has laundered 29.85 billion yen (about 27.8 million U.S. dollars) through hundreds of transfers.

secondary title：

Method 2: USDT Benchmarking Platform

Traditional running points: refers to the process in which criminals conduct frequent transfers and money laundering by acquiring the QR codes of ordinary users’ third-party payment platforms.

USDT Benchmark: Benchmark participants go to the USDT Benchmark platform to purchase USDT as a deposit, and participate in the benchmarking to grab orders. The running points participants provide the recharge codes for purchasing USDT coins to the running points platform. The running points platform gathers USDT recharge codes of various recharge amounts, integrates them into a USDT recharge code pool, and provides them to the gambling platform through the recharge interface. Gamblers need to scan the USDT recharge code to recharge their gambling funds, that is, use RMB to purchase USDT from the benchmark platform, and eventually the RMB will be transferred to the benchmark platform.

The difference between the two: the original RMB margin was replaced by a stable currency, Tether USDT, and the original WeChat, Alipay and other third-party payment codes were replaced by the USDT recharge address of the exchange.

Advantages of USDT running points: no need for WeChat, Alipay and other payment codes, the operation is simpler, the payment address is anonymous, and the commission can be returned immediately.

The benchmark participant gives his exchange receipt code and provides the corresponding deposit to the intermediate platform. The platform contacts the demander of the benchmark, and the demander enters USDT into the account of the benchmark participant, and then deducts the deposit of the benchmark participant. After all parties draw benefits from the stolen money of the demand side, the running points are completed, and most of the funds after the running points flow into illegal gambling platforms in the network.

USDT running sub-platform money laundering process

Case: Money laundering on the "Apex" benchmarking platform

Dianfeng is a very well-known platform for running scores, which has been closed down by the public security organs.

Here I will explain the general operation mode of this platform from the point of view of the score participants to explain the score method more directly.

After the participants register on the platform, they need to go to the virtual currency exchange to register an account. After the exchange is approved, they can recharge the deposit on the platform.The recharge amount is the upper limit of the order amount. Peak requires participants to recharge their deposits must be higher than a certain amount.

After the platform receives the recharge funds, the Paofen platform adopts an order grabbing mechanism similar to the online car-hailing platform, and deducts 1.8% to 3% of the funds as platform commissions. Afterwards, the platform will distribute running score orders to the running score participants who have completed the recharge, and 0.3%-0.6% of the stolen money will be used as the commission income of the running score participants, and the completed running score funds will be transferred to overseas gambling websites to complete the running score .

Run points participants only need to provideReceipt Code and DepositYou can get a high income, so this is why running points are so popular.

Screenshots of receiving orders and earnings of a running sub-platform

Zhifan Technology security experts hereby remind：

Everyone should be more wary of the traps of running sub-platforms, and don't believe in the so-called part-time job advertisements such as "you can make money at home with zero cost, earning thousands of yuan a day", and you need to be careful to distinguish.

secondary title

Method 3: Currency Mixing Platform

In addition to the running score platform, there is also a virtual currency platform that criminals often use to launder money, which is the currency mixing platform.

Many official coin-mixing platforms are under the banner of increasing transaction privacy, but if you want to improve your transaction privacy, you have to pay more fees. Many people are unwilling, so these platforms actually have more Or become a medium for criminals to launder money.

The main purpose of criminals using the coin-mixing platform is to "launder coins", that is, to transfer stolen money (coins) to the platform, and then to obtain "clean" money from the platform. Mixing works by severing the link between the criminal's incoming funds and the outgoing funds he receives.

If criminals want to transfer stolen money to the mixed currency platform, they need to use the mixed currency service provided by the mixed currency platform, and this mixed currency service is used to hide the transaction path and the identity of the participants, and generally charges a high amount The handling fee is very popular with criminals. At present, the currency that the mixed currency platform accepts is mainly Bitcoin, and now a currency mixer that supports Ethereum and other currencies has also been launched.

The currency mixing platform is divided into two operating modes: centralized and decentralized.

Regarding the operation mode of the centralized currency mixing platform, there is such a speculation circulating on the Internet that after receiving the stolen money from criminals, the platform will first deposit a sum of funds from the cleaned pool to deduct the handling fee, because the amount of funds has already been collected. It is different, and the receiving address is also different. It is actually difficult to link the two funds.

Afterwards, the stolen money entered by the criminals will be shuffled with the subsequent funds after a period of precipitation. The platform has not announced the specific shuffling method, and the funds after the shuffling will be transferred to the fund pool for next use in one step.

The decentralized currency mixing platform mainly uses a method calledMechanism of CoinJoin, if you need to clarify the principle of the CoinJoin algorithm, you must first introduce a transaction mode used by Bitcoin.

UTXO mode: The bookkeeping model adopted by Bitcoin is called UTXO (Unspent Transaction Outputs), which is one of the core concepts of Bitcoin.

A UTXO can be understood as a banknote with a certain face value. When A wants to transfer a bitcoin to B, the process is to sign the previous UTXO in A’s wallet address with a private key and send it to B. the address of.

This process is a new transaction, and what B gets is a new UTXO. Just like we usually use banknotes,Bitcoin transactions also generate change, when A’s balance is greater than the amount he wants to send to B, change will be generated, and the change will be sent to A’s address, but this transaction cannot be distinguished from outsiders which address is A or B's.

image description

UTXO model diagram (without considering the handling fee)

The principle of CoinJoin relies on the accounting model of Bitcoin. At present, most of the coin mixers on the market adopt the CoinJoin transaction mode, and this transaction mode is a privacy transaction protocol proposed by Bitcoin core developers.

Due to the design mechanism of Bitcoin UTXO, the same transaction can have multiple inputs and outputs. CoinJoin can use the characteristics of Bitcoin to construct such a transaction, allowing hundreds of transaction initiators (addresses) to transfer a certain amount of Bitcoin to hundreds of transaction receivers (addresses) at the same time.

In this way, outsiders have no way to prove the connection between the controllers of these hundreds of addresses through this kind of transaction behavior in which the input and output are confused, which just meets the needs of criminals to obscure their source of funds .

As shown below fromZhifan Technology Chaindigg blockchain browserimage description

The picture is a screenshot of a CoinJoin transaction record

Case: Hackers use currency mixing platform to launder money after stealing coins

At 22:00 on May 17, 2021, FinNexus, the options protocol on the Binance Chain BSC chain, was suspected to be attacked. and Ethereum over 300 million FNX tokens (~$7 million).

first level title

04 Investigating methods for virtual currency money laundering

In order to effectively solve the problem of untraceable asset flow brought about by the anonymity of virtual currency, the security team of Zhifan Technology has independently developed a virtual currency investigation service platform serving public security organs—“Chase Trace-Virtual Currency Tracking and Verification Platform", relying on Zhifan's blockchain big data analysis capabilities, through the analysis of virtual currency address accounts, virtual currency traceability, clue expansion and other aspects to assist the public security organs in combating fraud, money laundering, pyramid schemes, dark web transactions and other virtual currency-related crimes case.

The security team of Zhifan Technology has been committed to researching criminals' new money laundering methods and models, and providing clues and decision-making directions for related cases involving the use of virtual currency for money laundering.