Author: Xiao Za Legal Team

On October 14, the U.S. Department of Justice filed criminal charges against Chen Zhi, the founder of the Cambodian Prince Group, accusing him of telecommunications fraud and money laundering, and seeking the forfeiture of approximately 127,271 bitcoins valued at $15 billion. Although these bitcoins are spread across 25 non-custodial wallets personally held by Chen Zhi, the U.S. government has still managed to effectively take control of the private keys and transfer the assets.

Today, the Sa Jie team will discuss the issues related to cryptocurrency involved in what the U.S. Department of Justice calls "one of the largest financial fraud cases in history," helping everyone understand more about cryptocurrency crime and cryptocurrency forfeiture.

1. How did Chen Zhi launder money through Bitcoin?

Question 1: About the "professional money laundering organization" and "mixing with legitimate businesses"

Q: Documents show that Chen Zhi's criminal group used "illegal money houses" for fund transfers while also utilizing their own cryptocurrency mining business (such as WarpData) to "clean" the stolen funds. In your opinion, which mechanism contributed more to the final scale of money laundering in this case: the decentralized money laundering capabilities of professional "money houses" or the "whitening" effect of the Prince Group's own mining operations? What new challenges does this pose for future regulation targeting TCOs (transnational criminal organizations)?

A: Professional "money houses" have decentralized, multi-layered transaction structures that help disperse funds and obscure their flow. The Huiwang Group, as one of the core chains of the Prince Group's main money laundering activities, has been disclosed by the U.S. Treasury to have laundered at least $4 billion through the Huiwang network between 2021 and 2025.

The mining business provides a "legitimate income" facade, facilitating the "legalization" of illegal funds, ultimately achieving the goal of money laundering. The Prince Group invested the proceeds of fraud into their own Bitcoin mining operations, using mining to cover the source of funds, and then replacing dirty coins with newly mined bitcoins to bypass regulation. Their Lubian mining pool controlled about 6% of the global Bitcoin hash rate at its peak; the approximately 127,000 bitcoins (worth over $15 billion) that were ultimately confiscated were also laundered through the Lubian mining pool.

From a purely scale perspective, $15 billion is larger than $4 billion, but one cannot simply judge the contribution of the two actions to money laundering based on this data.

On one hand, professional cryptocurrency money laundering groups like money houses engage in organized and large-scale money laundering, severely infringing on the legitimate rights of various upstream crime victims globally, significantly increasing the cost of rights protection for victims; on the other hand, such organizations also facilitate a large number of dark web transactions, drug trafficking, and even human trafficking, posing great harm.

Of course, using mining as a guise to conceal criminal proceeds reflects, to some extent, that unregulated mining operations also significantly aid in "whitening" funds.

These actions pose challenges for future regulation targeting transnational criminal organizations, primarily by increasing the difficulty of distinguishing between legitimate and illegitimate transactions. They blur the boundaries between illegal and legal, challenge existing regulatory frameworks, and require regulatory agencies to enhance their sensitivity in investigation and identification, as well as improve their ability to penetrate and recognize the substance of real businesses.

Secondly, the innovation of money laundering methods increases the difficulty of technical regulation. Professional organizations continuously innovate their cryptocurrency money laundering techniques, such as using mixers and decentralized finance protocols, making the flow of funds more complex and difficult to trace.

In addition, the difficulty of international regulatory coordination is also increasing. Against the backdrop of widespread cryptocurrency use in criminal activities, the significant differences in regulatory policies and attitudes towards cryptocurrencies among different countries make international regulatory coordination more challenging, allowing criminal organizations to exploit regulatory discrepancies for money laundering activities.

Question 2: About the "spraying" and "funnel aggregation" money laundering techniques

Q: Chen Zhi's gang employed complex techniques such as "spraying" and "funnel aggregation" to obscure the source of funds. From an anti-money laundering perspective, how does this "first disperse then aggregate" model increase the difficulty of on-chain tracking? Can it be said that this is currently one of the most effective technical means for large criminal groups to counter blockchain analysis?

A: Simply put, the "first disperse then aggregate" model creates a large number of transaction nodes and records, even causing criminal funds to mix with a multitude of other sourced funds, thereby interrupting the continuity of the flow of criminal funds, making it difficult for traditional on-chain data analysis techniques to establish a complete flow chart of funds, significantly increasing the difficulty of investigation.

Specifically, the "spraying" technique takes large amounts of stolen funds received from victims and quickly splits them into countless small amounts, dispersing them like water to hundreds or thousands of new Bitcoin addresses. This step aims to confuse the situation, making a large amount of stolen funds disappear on-chain and reducing the focus on individual amounts.

"Funnel aggregation" refers to the process where, after multiple dispersals, these funds are aggregated again at seemingly unrelated nodes into a few core "fund pool" addresses, thereby re-collecting the dispersed funds and increasing the complexity of the links.

This model is currently the simplest, most effective, and low-cost means to counter judicial and law enforcement blockchain on-chain investigations, especially when used in conjunction with mixers (such as Tornado Cash). For institutions lacking advanced blockchain analysis technology and rich investigative experience, it indeed poses significant tracking difficulties.

Question 3: About the usability and challenges of cryptocurrency money laundering

Q: Chen Zhi's "pig-butchering" scam directly required victims to convert their funds into cryptocurrency. From the perspective of criminals choosing tools, what "convenience" does cryptocurrency provide in this large-scale money laundering activity that is difficult to match with fiat currency? And what core challenges does this convenience pose to global anti-money laundering regulation?

A: The convenience of cryptocurrency money laundering is primarily reflected in the following aspects:

Significantly improved efficiency. In practice, if victims have already converted their funds into crypto assets, it allows criminal groups to quickly complete their scams, avoiding a lot of traditional bank KYC and AML measures, greatly increasing the success rate of the crime.

Convenience of cross-border transactions. Traditional money laundering requires complex multinational corporate structures and financial operations to transfer funds between different countries and regions. In contrast, cryptocurrency can easily achieve global transfers; money launderers only need to set up virtual currency wallets for peer-to-peer transfers to complete cross-border transfers, evading cross-border regulation.

High degree of concealment. Traditional money laundering methods still face scrutiny and regulation from banks and financial institutions. While cryptocurrency transaction records are publicly available on the blockchain, the identities of participants are usually anonymous, represented only by addresses. This allows money launderers to easily hide their true identities.

Difficult regulatory control. The traditional financial system is subject to strict anti-money laundering regulations and monitoring, with financial institutions conducting real-time monitoring of large transactions and suspicious activities. Due to the decentralized and anonymous nature of cryptocurrencies, regulatory agencies find it difficult to implement effective control. This is also a significant reason why Chen Zhi's gang has been difficult to thoroughly investigate and dismantle.

Irreversible transactions. Once a cryptocurrency transaction is completed, it is challenging to reverse or cancel it. This increases the difficulty for judicial authorities to seize or freeze virtual funds, allowing money launderers to operate more securely.

Regulatory challenges:

Inconsistent global regulatory standards: There are differences in how countries around the world recognize the legal attributes of cryptocurrencies, leading to inconsistent regulatory standards. Criminal organizations exploit this discrepancy to evade regulation through offshore servers and multi-jurisdictional fund flows, making cross-border evidence collection and asset freezing difficult due to lengthy procedures and conflicting rules.

Increased difficulty of technical tracking: Blockchain technology has been distorted by criminals into a toolchain for crime, significantly reducing the effectiveness of traditional fund tracking methods, forcing law enforcement agencies to build more advanced on-chain data analysis systems.

2. How did the U.S. Department of Justice/FBI achieve the largest scale of forfeiture through on-chain analysis technology?

Question 4: About the FBI's breakthrough in "on-chain tracking" capabilities

Q: The U.S. Department of Justice claims to have successfully identified Chen Zhi's money laundering model through "blockchain tracking." Considering the enormous scale of these assets stored in "non-custodial wallets" personally held by the defendant, what do you think was the key breakthrough in on-chain analysis technology for the FBI this time? Does it signify that law enforcement has reached a new milestone in combating self-custody cryptocurrency?

A: We believe that the FBI's so-called breakthrough in "on-chain tracking" actually refers to the identification of money laundering paths and fund tracking, as well as address unboxing technology, and is unrelated to "combating self-custody cryptocurrency" technology.

(1) Money laundering path identification and tracking. FBI investigators likely developed new on-chain data analysis tools themselves or collaborated with third-party security companies to better analyze the relationships between the transaction times, amounts, and addresses of the criminal group, identifying the money laundering patterns of the relevant criminal group, successfully finding the money laundering paths, and ultimately locating the aggregation accounts.

(2) Address unboxing. The FBI likely also combined other technical means, such as real-name phone numbers, IP location, and biometric identification, to successfully unbox the actual holders and users of the fund aggregation accounts, ultimately uncovering the true identity information of the criminals.

The FBI's technological breakthrough in this case indeed has significant implications for combating criminal activities involving self-custody cryptocurrency. However, in reality, similar technologies have long been used in many cryptocurrency-related crimes in our country, and even third-party security companies have similar technologies.

Question 5: About the legal and technical difficulties of "private key acquisition"

Q: In non-custodial wallets, whoever owns the private key owns the assets. U.S. authorities have not disclosed how they obtained the private keys for this batch of bitcoins valued at $15 billion. From the perspective of legal and cryptographic practice, what do you speculate is the most likely technical path for U.S. authorities to obtain the private keys?

A: U.S. authorities have not publicly disclosed the technical path to control Chen Zhi's bitcoins, and a clear answer awaits further information disclosure; the existing conclusions can only be based on speculation.

Current public information indicates that on-chain tracking and offline investigations played a crucial role, but there is no clear, publicly available evidence directly proving that U.S. authorities cracked a large number of private keys one by one through original brute-force methods, which is also practically impossible from a cryptographic perspective.

Thus, based on the current information, I speculate that the most likely paths for U.S. authorities to obtain the private keys are as follows:

Private key algorithm vulnerability theory: At the cryptographic level, the wallet generation program of LuBian used a pseudo-random number generator (PRNG) with low entropy vulnerabilities, making it possible to recover or guess the private keys. This vulnerability may have already been exploited by attackers to obtain the private keys and some funds, leaving traces on the blockchain that were later tracked and included in the forfeiture range by law enforcement; alternatively, law enforcement may have actively exploited the algorithm vulnerability to successfully crack the wallet and transfer the bitcoins to government-controlled addresses.

Spy infiltration theory: The FBI has reliable insiders within the criminal group who successfully obtained the private keys.

Raiding theory: Rapid law enforcement cooperation with countries like the UK and Cambodia, simultaneously raiding several homes of key suspects and retrieving private key backups from certain hardware devices.

Question 6: About the breakthrough difficulty involving non-custodial wallet cases

Q: The bitcoins confiscated this time are stored in non-custodial wallets where the defendant personally holds the private keys. In cryptocurrency cases, it is relatively easy to confiscate funds held by centralized exchanges, but it is extremely difficult to confiscate funds in non-custodial wallets. How significant do you think this breakthrough (whether through technical means or obtaining key testimonies) is for judicial authorities in recovering large-scale cryptocurrency assets?

A: The key to this question lies in understanding the specific enforcement methods of law enforcement agencies. Currently, we tend to believe that this case has certain unique characteristics, and we cannot conclude that "law enforcement agencies can easily confiscate funds in non-custodial wallets" simply because of the success of the enforcement agencies in this case.

Of course, law enforcement agencies have made some progress in technical breakthroughs regarding non-custodial wallets/cold wallets in recent years, but they have not reached the level of being able to "arbitrarily obtain cryptocurrency assets."

As cryptocurrencies become increasingly convenient tools for money laundering, fraud, and other criminal activities, countries are continuously improving their tracking and handling methods for cryptocurrency-related crimes, and the crackdown will only intensify.

The Sa Jie team also hopes that by answering questions related to cryptocurrency crime, readers will be more alert to the risks of falling into cryptocurrency crime traps.

That concludes today's sharing. Thank you, readers!

免责声明：本文章仅代表作者个人观点，不代表本平台的立场和观点。本文章仅供信息分享，不构成对任何人的任何投资建议。用户与作者之间的任何争议，与本平台无关。如网页中刊载的文章或图片涉及侵权，请提供相关的权利证明和身份证明发送邮件到support@aicoin.com，本平台相关工作人员将会进行核查。