English
U.S. Treasury Targets Chinese Network For Alleged Drug Production: How ChainUp’s Trustformer Prevents Illicit Crypto Transactions
03 Nov 2023

1. Event Background

On October 3, the U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) issued sanctions against 28 individuals and entities believed to be involved in the international distribution of narcotics. This list encompasses a Chinese network alleged to be engaged in the production and distribution of substances such as “Fentanyl”. It's reported that these entities might also be associated with the trafficking of other drugs like “Xylazine” and "Nitazenes".

In response to these sanctions and the possibility of blockchain technology being used for fund movement related to these illicit activities, ChainUp experts initiated an analysis of on-chain addresses linked to the sanctioned Chinese entities. The Trustformer KYT (Know Your Transaction) system, a robust tool designed for monitoring and examining blockchain transactions, was employed for this purpose.

By scrutinizing the transaction history associated with these sanctioned addresses, the objective is to trace the flow of funds and gather insights into the financial activities of these entities. This analysis may reveal patterns in fund movement, connections to other addresses, and potentially provide a better understanding of the extent of their involvement in the narcotics trade.

This proactive approach to monitoring blockchain transactions is in alignment with broader efforts to combat illicit activities and enforce sanctions in the digital realm. 

Given the gravity of the situation and the potential implications of these sanctions, it becomes imperative to delve into the specific measures being taken to investigate the sanctioned addresses.

 

2. Event Analysis

The Trustformer KYT system is being employed to scrutinize the sanctioned addresses.

2.1 Sanctioned Address of Zhang Wei - 0x961C5Be54a2ffC17CF4Cb021d863c42daCd47Fc1

The details of the sanctions are provided below...

Utilizing Trustformer's risk detection product to address risk inquiries, it's found that this address has a Trust Score (TCR) of 34, indicating a serious risk. It is directly associated with the USA political blacklist. Clicking on the label provides more information about related names, nationalities, etc.

Dashboard displaying wallet address with TCR score of 34, risk labels and address details

 

A review of the address's transactions indicates a pattern of receiving USDT from a specific address in varying amounts, from a few hundred to tens of thousands. Following each receipt of USDT, the funds are promptly transferred to the OKX exchange, often within seconds or minutes. This pattern suggests the possibility of internal withdrawals within the exchange.

Transaction history of the malicious wallet address

 

Trustformer's fund tracking tool was used to trace the flow of funds to and from this address. Within the examined 3-month window (can customize the selection of any consecutive three months), there were four source addresses for USDT transactions related to this address and three destination addresses. All identified destination addresses are associated with the OKX exchange.

Fund flow of the malicious wallet address

 

2.2 Sanctioned VALERIAN Address - 0x983a81ca6FB1e441266D2FbcB7D8E530AC2E05A2

The details of the sanctions are provided below...

 

According to Trustformer's risk detection platform, this address has a TCR score of 59, indicating serious risk and being directly associated with the USA political blacklist. This address is 188 days old, last active on April 15th, with a significant transaction amount of 9200 USDT.

Dashboard displayiing wallet address with TCR score of 59, risk labels and address details

 

The historical trades shows that all transactions associated with this address involve USDT trades, and the received USDT is consistently sent to various addresses. Based on its on-chain transaction behavior, the address has attracted the attention of hackers due to frequent large volume transfers. Notably, transactions from April indicate that whenever a transfer is initiated from this address, a mimic transaction with an identical amount and a recipient address resembling the start and end of the original transaction typically follows within minutes.

Mimic wallet trying to scam the target victim

 

Furthermore, the destination addresses from these transactions can be traced. For example, funds from address

0x5726C643d5d5ABAC461ee652D71e362c925CE802 are eventually being transferred to the Gate.io exchange for withdrawal.

Malicious wallet depositing into Gate.io for fiat withdrawal

 

Utilizing the Trustformer fund tracking tool for an extended analysis, the selected three-month window USDT transactions associated with this address were primarily directed to the Gate.io and OKX exchanges.

Fund flow of malicious wallet address

 

2.3 Sanctioned SHEN Xingbiao Address - 3B7S6zrgxQVQUHTU8wstM23tB9afE7ojuX

The details of the sanctions are provided below...

This address has a TCR score of 63, indicating serious risk and being directly associated with the USA political blacklist. This address is 296 days old, last active on October 11th, with a significant transaction amount of approximately 3.5BTC. This indicates that transactions can still occur even after the address has been sanctioned.

Dashboard displayiing wallet address with TCR score of 63, risk labels and address details

 

Most of the recent transactions from this address are transfers to the OKX exchange.

With Trustformer's fund tracking tool, a thorough review over a chosen one-month timeframe showed that BTC transactions linked to this address predominantly moved to the OKX exchange. 

Fund flowing into OKX-labelled wallet address

 

3. Event Summary

Upon analyzing the three representative addresses, several key patterns in fund transfers emerged:

  • Funds Transferred to Exchanges: These addresses transfer funds primarily to centralized exchanges. Sanction actions may alert the entity holders, indicating to them that the malicious funds are flowing into their exchange for withdrawal, in order to evade further sanction risks.

  • Irregular Fund Flow Patterns: The amounts and intervals of funds received by these addresses are inconsistent, indicating no regular business transactions. This erratic flow might be to confuse the fund's origins and destinations, making investigations challenging.

  • Diverse Transaction Addresses: The addresses to receive funds transferred aren't fixed. This means that the sanctioned wallets may be trading with multiple partners, diversifying their fund flows to reduce tracking risks.

Overall, throughout the process of investigating and analyzing the addresses sanctioned by the Treasury Department, using Trustformer's KYT system's Risk Detector, based on Trustformer Insight, all the mentioned addresses have a TCR score of under 100 (for specific implications, please refer to the user guide below). These are high-risk addresses with a risk type labeled as "USA political blacklist." The Historical Transactions allow users to view detailed information for each transaction, capturing details such as the transaction time, token type, and transaction value. With Trustformer's KYT system's Trackr, users can continuously trace the flow of funds to or from an address based on criteria like Time Range, Token, Value, Opponent Category, and more, with results visually presented in a graphical representation.

 

Additional observations included:

  • The resilience of the decentralized Bitcoin network stands out, with the capability to facilitate on-chain transfers even post-sanctions. Bitcoin's predominant presence in these addresses underscores its prevalent role as a capital reserve. On the other hand, Ethereum seems to be more frequently utilized for transactional purposes.

  • It's also worth noting how entity holders respond and adapt to sanction actions. They might adopt more covert methods to handle funds, moving them to relatively safer places to evade further sanction risks.

Currently, Trustformer is offering an exclusive value-added service campaign. Users can visit the official website and click on "Free 31-Day Trial-get started" on the homepage to register as a Trustformer user, experiencing 31 days of complimentary product trial access.

For related product user guides:

 

About Trustformer

Trustformer is a leading application in compliance technology, utilizing large-scale models integrated with real-time blockchain data for risk monitoring and alerting. It enables instantaneous identification and alerts for risks associated with entities, wallets, and transactions. Complying with the FATF Travel Rule, Trustformer incorporates global cross-border financial regulations and cryptocurrency oversight policies. It aligns with localized financial regulations, crypto-financial licensing, and policies within judicial jurisdictions, facilitating real-time risk identification, transaction analysis, and alerting. Through graphical node inference, Trustformer conducts secure analyses of transaction addresses and fund links, offering risk compliance investigations and funds' security audit services.

 

Find Us

Website: www.trustformer.ai

Telegram: t.me/Trustformerai

Twitter: https://twitter.com/trustformer_ai

Email: kyt(@)trustformerai.com

Speak to our experts
First Name
Last Name
Email Address
Your Mobile Phone Number
+65
no data
Company Name
Job Title
Remarks
0/200
Trending topics
1
How To Choose The Right DEX
2
Unlocking the Future of Cryptocurrency Security: The Power and Promise of MPC Wallets
3
Bullish on Bitcoin: Assessing the Limits of the 23/24 Run
4
ChainUp Webinar: Protecting Profits and Reputation: AML Essentials for Businesses
5
Securing Your Digital Assets With Hot vs Cold Wallets vs MPC Wallets
6
Crypto Market: Signs of a Second Boom
7
How to Invest in Bitcoin ETF
8
Navigating Crypto Boom 4 with ChainUp Investment: A Sustainable Growth Path
9
Optimal Timing of Market Entry: Post-Bitcoin ETF Approval
10
What Is Bitcoin ETF
Certifications
Products
Blockchain for Financial Services
Asset Tokenization
Asset Custody
Direct Custody
Web3 Infrastructure
StakingDistributed StorageBlockchain API
Customer Support
Support Chat
Service Terms
Customer Support
Support Chat
Service Terms
Copyright © 2024 ChainUp. All rights reserved  Privacy Policy  Terms of Service