Homeland Security Investigations (HSI)
Problem
As the illicit drug market has moved online, HSI needed a way to trace crypto as part of their narcotics trafficking investigations
Results
- Forfeited USD 15 million from prominent fentanyl and narcotics vendor
- Arrested fentanyl marketplace vendor and supplier
- Mapped entire criminal networks on the blockchain to protect public safety
Deaths from fentanyl and opioid overdoses have reached staggering levels in the last decade. In the United States, there were over 81,000 opioid-related deaths in 2023 alone. As drug manufacturers and dealers increasingly take to darknet markets to sell their products, and as more of these vendors have started accepting cryptocurrency as payment, the illicit drug market has evolved from street corner dealings to highly complex digital networks that span the globe.
The ongoing fight against fentanyl
One of the top priorities for Homeland Security Investigations (HSI) — the primary investigative federal law enforcement agency within the Department of Homeland Security (DHS) — is stemming the flow of fentanyl across the US border. HSI collaborates closely with international law enforcement agencies and private sector organizations to shield Americans from threats to their safety and security — at home, abroad, and online.
HSI Deputy Assistant Director (DAD) Mike Prado explained, “What strikes at the heart of these organizations is when you cripple them financially. It was really incumbent upon us to follow that money when it started moving into crypto and became more prevalent with the growth of the dark web and darknet marketplaces.”
To stay ahead of these mounting threats — particularly as illicit drug suppliers increasingly rely on cryptocurrencies to carry out transactions — HSI made the decision to invest in blockchain intelligence.
How HSI works with TRM Labs to disrupt crime
Before blockchain intelligence, special agents at HSI needed to conduct on-chain investigations manually, relying on a number of disparate open-source tools. But the increasing adoption of cryptocurrencies by malicious actors spurred the agency to find a more comprehensive, scalable, and reliable solution.
“Whether we’re investigating financial fraud, money laundering, drug trafficking, child exploitation and sexual abuse, arms trafficking, or counterproliferation cases . . . crypto is the lifeblood of the online world these days,” said DAD Prado. “As an organization, we determined that we needed to invest in the latest innovation and technology that exists to trace these things — just as we would in any other program to ensure that our agents are getting the best tools available.”
“We let our power users kick the tires [with TRM Labs],” said Daniel Lezcano, acting division chief at DHS’ Cyber Crimes Center. “We heard excellent feedback from the team on the product, and valued the customer support we received, which was a deciding factor for us.” Special Agent Aron Mann of the HSI Cyber Crimes Unit added, "HSI has been working closely with TRM Labs on cyber-enabled violations and other cases that involve cryptocurrency. The ability to track transactions, especially on the individual address level, coupled with the user-friendly graphing and layout of the product has proven to be very effective to equip our investigators to obtain disruptions."
Using blockchain intelligence to take down Farmacy41
Following the AlphaBay darknet takedown, HSI and federal law enforcement partners began triaging the tremendous amount of data gathered during the investigation. Through this process, investigators uncovered a message from a suspect who had identified herself as the prominent opioid and fentanyl vendor, Farmacy41. This individual had also shared personally identifiable information (PII) in these communications, including her home address in the Sacramento, CA area.
When SA Mann received the lead, he used blockchain intelligence to trace bitcoin withdrawals from her vendor marketplace accounts to multiple cryptocurrency exchange accounts. “A lot of her historical transactions went directly from the marketplaces — sometimes not even through an intermediary hop, just straight to the exchanges,” he explained. Even though the vendor used mixers to try to obfuscate her tracks, SA Mann noted that tracing the flow of funds — and getting the information he needed to secure “know your customer” (KYC) data from the exposed exchanges — was fairly straightforward with blockchain intelligence.
Ultimately, SA Mann and his team were able to secure a search warrant to search the suspect’s home, where the investigative team found USD 450,000 in bulk cash, along with a Trezor (a kind of cryptocurrency hardware wallet) containing roughly USD 1.2 million worth of bitcoin and ether; SA Mann later seized additional crypto after performing forensics on Farmacy41’s seized electronics. HSI was then able to indict and arrest the Farmacy41 vendor — along with her supplier — resulting in a USD 15 million forfeiture.
Keeping communities safe with blockchain intelligence
“Being able to trace crypto is absolutely essential in virtually every investigation, but particularly narcotics trafficking investigations. When we take out [a criminal’s] money, that's when we really deal a significant blow to them,” said DAD Prado. “TRM enables us to map out an entire criminal network — whether it's the financial aspect of the network or the operators who are smuggling.”
HSI’s use of blockchain intelligence to trace and investigate illicit on-chain activity in the Farmacy41 case, and thousands of others like it, is critical in keeping dangerous drugs like fentanyl off the street — ultimately saving countless lives and keeping communities across the US safe.
Ready to get started?
Fill out the form to schedule a demo with our team.