Reveal! How On-Chain FBI Chainalysis Tracks Dark Web Transactions

Compilation | White Night

Editor | Qin Jin

The U.S. is in the throes of a severe opioid epidemic, with overdose deaths increasing every year since 2007 — and, in fact, fentanyl is to blame for the crisis. Because as a synthetic opioid, it is 100 times more potent than morphine. Fentanyl dealers are reaping huge profits, but at the same time they are turning to the dark web and using cryptocurrencies to sell the new drug.

Now, tools such as Chainalysis can track related cryptocurrency transactions to help law enforcement agencies investigate fentanyl trafficking. This article will analyze how the notorious fentanyl dealer ETIKING used cryptocurrencies for illegal transactions. The company had been active on the dark web until it was brought to justice last year. In this article, youll see how law enforcement used the Chainalysis tool to turn ETIKINGs Bitcoin addresses into tangible clues and build a compelling case.

First, lets examine deadly fentanyl

When we think of popular opioids, the first thing most of us think of is street drugs like heroin, or prescription drugs like Oxycam. But the data suggests that’s not all — because since 1997, illicit synthetic opioids have been responsible for the most overdose deaths since 1997, and the most chilling of them all is fentanyl.

Due to its strong potency and danger, only 2 mg of fentanyl can cause death, but precisely because of this strong potency, it also attracts a large number of criminals to take risks. Many drug dealers (mostly from outside the US) can easily produce fentanyl, smuggle it into the US, and sell it at a very high price. Whats more, because fentanyl is available to many people in just a small dose, traders need very little to command high prices. According to Chainalysis estimates, drug dealers only need to invest about US$1,000 in the early stage to produce fentanyl drugs worth up to US$7.8 million, while at the same upfront cost, heroin can only produce about US$4,000 in value. So for those criminals, such a high economic incentive makes them ignore the extremely high danger of the drug itself.

There are many fentanyl dealers using cryptocurrencies on the dark web, such as Nightmare Market and Empire Market. Although some trading platforms have chosen to prohibit transactions due to the extremely dangerous medicinal properties of fentanyl, many sellers still use some pseudonyms to Fentanyl is called fentanyl, and some people add fentanyl to various counterfeit medicines and continue to trade them. These behaviors increase the risk of overdose for end users.

On the other hand, using cryptocurrency transactions on the dark web adds a layer of anonymity for both buyers and sellers. However, cryptocurrency transactions will still leave a permanent record on the blockchain, which also provides law enforcement agencies with the opportunity to investigate illegal transactions. With Chainalysis, analysts can track funds in the blockchain, query data related to cryptocurrency transactions, and correlate those transactions to corresponding entities in the real world. The fentanyl dealer ETIKING was very active on the darknet AlphaBay until he was arrested in 2018. This article will analyze the cryptocurrency transactions that ETIKING has previously processed.

Tracking ETIKING: What can Chainalysis reveal about dark web fentanyl transactions?

In 2017, a Florida woman died of an overdose of fentanyl-like drugs purchased from a vendor called ETIKING on the dark web AlphaBay. The U.S. Drug Enforcement Administration (DEA) did not initially investigate by analyzing cryptocurrency transactions, but found ETIKING seller Jeremy Achey (Jeremy Achey) through information provided by informants and arrested him.

When we heard this news, we decided to use Chainalysis Reactor to analyze ETIKING’s cryptocurrency activities in order to see if this tool could be helpful for similar law enforcement investigations, and the results did not disappoint. Reacotr has unearthed a large amount of information. These potential clues are likely to help law enforcement officers and allow them to identify ETIKING more quickly. The first step is to obtain Jeremy Archie’s Bitcoin address. We will show you below:

ETIKINGs customers pay him to the Bitcoin address used to buy fentanyl:

16ozAi11YWScC88FL5tDiUbhCLLt1FHeSu

We can enter the above address into Chainalysis Reactor, and we can see the counterparty information associated with the address. At this time, we can trace the services used by this fund transaction before (such as whether it was processed on a cryptocurrency exchange) transaction), and at the same time, it can trace the information of other criminals upwards.

The graph above shows a general breakdown of transaction activity with an ETIKING address, where Receiving Exposure shows where funds are coming in and Sending Exposure shows where funds are coming out.

If we take a closer look at the information on “Received Exposure” on the left, we will find that different types of counterparties have sent cryptocurrencies to ETIKING. Jeremy Archie apparently received a large amount of Bitcoin through the dark web, which is consistent with previous collections by law enforcement agencies. The information matches. In the Send Exposure on the right, we see that Jeremy Archie actually sent a large amount of bitcoins to exchanges and other services (such as P2P exchanges, merchant services, etc.). It is speculated that these may be a series of transactions that ETIKING hopes to convert those bitcoins obtained from the dark web into fiat currency. In Send Exposure or Receive Exposure, analysts can click on any of the categories shown to easily pull up a list of services that trade with ETIKING.

For example, if we continue to analyze the darknet category in ETIKINGs Receive Exposure, we will find that the two darknet platforms that received the most funds are AlphaBay and Dream Market. Next, we can add these two darknet platforms in the Reactor chart for detailed analysis, as shown below:

In addition, we can also analyze ETIKINGs send exposure information in detail, and it turns out that Jeremy Archie sent the bitcoin obtained from the dark web to four different exchanges.

Law enforcement agencies may want to dig deeper into which receiving addresses ETIKING uses on these exchanges, and we will discuss further on which processing methods to use on this issue later. Here, lets move on to see what other clues we can discover using Reactor.

If we take a closer look at an unusual transaction in ETIKINGs Send Exposure, we will find more valuable trails. Between 2015 and 2016, we saw Jeremy Archie send 0.71 bitcoin to Energy Control International, a drug potency testing laboratory in Barcelona, ​​Spain.

These transactions show that ETIKING actually seeks legal drug laboratories to help test the quality of drugs, which is definitely another valuable lead worth following up in the eyes of law enforcement agencies.

Finally, by backtracking ETIKING’s deposits, we can identify clusters of Bitcoin addresses used by ETIKING, including the same addresses used in three of its favorite cryptocurrency exchanges (green arrows), addresses receiving funds from the same darknet platform (blue arrows) - these address clusters are likely also controlled by ETIKING.

To sum up, we already have a very detailed diagram that allows us to gain an in-depth understanding of ETIKINGs operations and the concept of its connection.

So, what can law enforcement agencies do with this information? As we mentioned above, law enforcement agencies can investigate which exchanges ETIKING deposits their bitcoins into – a real “gold mine” for them. Law enforcement agencies can subpoena these exchanges and obtain more account information related to ETIKING, and then they can know that ETIKING is actually Jeremy Archie and arrest him, and start a trial on the basis of the transaction pattern disclosed by Reactor.