In 2023, a dark web platform called "ShadowBank" laundered more than $1 billion through fake DeFi (decentralized finance) projects, with victims in 40 countries. The criminal gang used mixers to cover up the flow of funds and threatened to release sensitive data to victims who did not cooperate.
Core team actions:
Dr. Michael Wu, head of blockchain analysis at CFIT, led the team to develop a customized tracking tool "ChainSleuth" to lock the mixer-related address by analyzing the vulnerabilities of Ethereum smart contracts. The technical team found that the criminal gang would post steganographic encrypted instructions in the Reddit encryption community every time they transferred funds. CFIT reverse engineered and cracked its communication mode and successfully linked it to the real IP of a hacker group in Eastern Europe.
Partner linkage:
FBI: Provided offline intelligence and confirmed that the mastermind was a former Bulgarian intelligence officer.
Europol: Coordinated cross-border raids and seized BTC cold wallets worth $420 million.
Coinbase: Assisted in freezing the exchange accounts involved in the case.
Key points of legal authorization:
According to Section 314(b) of the Patriot Act, CFIT forced cryptocurrency exchanges to provide suspicious transaction records and cited the Electronic Communications Privacy Act to obtain Reddit server logs, ultimately prosecuting 26 suspects.
Recovered $630 million in funds, released the world's first "Dark Web Mixer Tracing Guide", and pushed the U.S. Treasury Department to update virtual asset regulatory rules.