Last week, the U.S. Department of Justice filed a criminal complaint against two individuals for committing armed robbery.The suspects are accused of forcing, at gunpoint, a North Carolina couple to liquidate their Bitcoin account at a U.S. cryptocurrency exchange.
The two gunmen, with the help of a more tech savvy co-conspirator, forced the husband to log into his account and then they executed three transactions totaling over $156,000 from the exchange to a decentralized exchange. The exchange denied a fourth attempted transfer based on suspicious withdrawal activity.
While the culprits attempted to obfuscate their transactions, even moving funds through anonymity-enhanced currency Monero, FBI agents and task force officers were able to trace funds on the blockchain through various addresses and assets back to the same compliant U.S. exchange, ultimately using blockchain intelligence and traditional investigative techniques to identify the suspects.
While the Durham, N.C. police department acquired surveillance video showing the SUV that the gunmen used, both on the day of the robbery and on proceeding days, authorities also worked with the compliant exchange on tracking financial flows.
As you can see below, the initial three outgoing transactions were all within a few minutes of each other, two in ETH and one Bitcoin with funds flowing to a decentralized exchange.
The perpetrators, as visualized below, then allegedly swapped currencies, conducted several laundering transactions, including through Monero, and moved the funds through the decentralized exchange in order to conceal the flow of funds (U.S. based exchange nodes in red).
Investigators were able to trace the swapped funds through the decentralized exchange and back to the same U.S. based exchange where the victims had held their funds (U.S. based exchange nodes in red).
The laundered funds allegedly went to four accounts: One account controlled by each gunman and two accounts controlled by the co-conspirator. The investigators were able to work with the team at the exchange to review and scrutinize account controller details.
According to the complaint, two of the accounts that received funds were opened in the gunmens’ names, using their driver’s licenses, their phone numbers and their home addresses. The other two accounts were previously opened in the co-conspirator’s name using his driver’s license and email addresses.
Email search warrants revealed pictures of the victim’s driver’s license, his license plate, pictures of guns that would be used in the robbery, discussions among the subjects of the planned robbery, and even a picture of one of the gunmen dressed in the construction uniform disguise he wore during the robbery.
The investigators also obtained cell phone records associated with the phone numbers the subjects used to open the accounts. The cell phone providers confirmed that the subjects were using their cell phones near the location of the robbery on the day of the robbery.
This case is the result of state, local, federal and private sector cooperation and coordination and an example of how blockchain intelligence, combined with traditional investigative techniques – search warrants, subpoenas, surveillance and other tools – can be used to investigate and solve cases.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.