Feds Pose as Cryptocurrency Money Launderer to Bust Alleged Dark Web Dealers

Law enforcement agencies are always looking for new ways to identify suspects on the dark web, whether that means using malware to unmask people, executing wide ranging attacks on the Tor anonymity network, or tracking a drug dealer’s physically mailed packages.

But on Wednesday, the Department of Justice announced dozens of dark web arrests thanks to a relatively novel technique. By posing as a cryptocurrency money launderer on dark web marketplaces, investigators from Immigration and Customs Enforcement's Homeland Security Investigations (HSI) were able to allegedly identify a number of people selling illegal narcotics, and open more than 90 active cases.

“Criminals who think that they are safe on the Darknet are wrong,” Deputy Attorney General Rod Rosenstein said in a statement. “We can expose their networks, and we are determined to bring them to justice.”

The DOJ announcement added that on Wednesday various law enforcement agencies arrested more than 35 alleged dark web vendors, including those allegedly selling cocaine, marijuana, and LSD. Investigators also seized quantities of Xanax and the high-powered opioid fentanyl. A number of the defendants are charged with weapon possession offenses.

But it’s the technique used to identify these suspects that makes the operation stand out.

“Posing as a money launderer for Bitcoin seems like a great mechanism to find the dealers: There are so many paths for the dark net dealers to get drugs. There are much fewer paths for them to get cash,” Nicholas Weaver, a senior researcher at the International Computer Science Institute at UC Berkeley, told Motherboard in an online chat.

At a hearing of the House of Representatives Financial Services Subcommittee on Terrorism and Illicit Finance on June 20, HSI official Greg Nevano stated that the agency’s cryptocurrency seizures have already amounted to more than $25 million in the current fiscal year to date, compared to nearly $7 million in all of the 2017 fiscal year.

Transferring large sums of cryptocurrency, typically Bitcoin, into fiat currency is one of the biggest issues facing serious dark web dealers. Once they move their bitcoins to an exchange in order to cash it out, law enforcement, with the right tip, can follow Bitcoin’s public ledger to the specific exchange and probe the company for relevant customer records. Or, in this case, authorities can interact directly with the alleged criminals at the point of transfer, potentially learning information about their identities.

“Worse, for the drug dealers, they need to avoid the reputable exchanges. Which means they can only really hope for ‘entrepreneurs’ on LocalBitcoins and the like to buy in bulk and buy in cash,” Weaver added. LocalBitcoins is a site that allows nearly anyone to buy and sell bitcoin to individual customers, making it more direct than transferring through a more traditional exchange service.

A criminal complaint for Nicholas J. Powell, 32, one of those mentioned in the DOJ announcement, says that in October 2016 investigators apprehended a cryptocurrency exchanger. With that person's cooperation, authorities then began investigating the trader's customers, eventually took over their account in an uncover capacity, and then in January 2017 started advertising their services on a number of dark web markets, the court document reads.

"Because Target Subject-1's [the cryptocurrency trader] original business model involved sending cash to physical addresses, each US Vendor Account transaction has provided agents with leads on the identities and locations of their counterparties," the complaint reads.

Weaver added "Once you have the seller it is now easy to either find the drug dealer he's supporting (by just following where HIS cash payment have to go) or, as they did here, take over the seller's identity."

Homeland Security Investigations Acting Executive Associate Director Benner said in the DOJ announcement, “The Darknet is ever-changing and increasingly more intricate, making locating and targeting those selling illicit items on this platform more complicated. But in this case, HSI special agents were able to walk amongst those in the cyber underworld to find those vendors who sell highly addictive drugs for a profit.”

The arrests spanned across New York, Maryland, Ohio, Sacramento, and other states, and impacted vendor accounts on various marketplaces, including the now defunct Silk Road, AlphaBay and Hansa, the announcement added. As well as HSI, the operation involved the DEA, US Secret Service, and US Postal Inspection Service, it read.

Update: This piece has been updated to include more information from a relevant court record.