In February of 2017, a woman suffered a fatal overdose on fentanyl which was purchased on the darknet by her fiancè (who also suffered an overdose but survived). The U.S. Drug Enforcement Agency (DEA) pursued an investigation which led to the arrest of the dealer “ETIKING” in late June of 2017. He was indicted less than a month later, convicted in January of 2018, and sentenced to life in prison in April of 2018.
The agents were able to focus their investigation on ETIKING after a confidential source gave them a Bitcoin address that they linked to a Coinbase.com account, which obviously contained some of his personally identifying information. Nearly 18 months later, surveillance corporation Chainalysis analyzed this case to show how many leads could have been generated early on using just that lone Bitcoin address.
Our goal was to learn if the tool would be helpful for similar investigations in the future, and we weren’t disappointed. Reactor surfaced a wealth of information and potential leads law enforcement could have pursued to identify ETIKING, starting with nothing more than his Bitcoin address.
Unsurprisingly, according to the Chainalysis breakdown, ETIKING was primarily receiving coins from two darknet markets (AlphaBay and Dream Market) and primarily sending his coins to four exchanges. However, by “looking more closely at an unusual transaction in ETIKING’s sending exposure,” Chainalysis was also able to identify transactions to a drug testing lab in Barcelona named Energy Control International. Additionally, they were even able to identify a whole new cluster of transactions that likely belong to ETIKING, not only based on the similar general transaction pattern, but also a connection to the original address:
[…] by backtracking ETIKING’s deposits, we can identify another cluster of addresses making deposits to the same addresses at three of the exchanges ETIKING favors (the green arrows), and receiving funds from the same darknet markets (the blue arrows). This new cluster of addresses is also likely to be controlled by ETIKING.
Chainalysis concludes with the obvious: their products can generate numerous possible leads from just one Bitcoin address, and the (centralized) exchanges “are the real goldmine here.” However, if this much data can be gathered on a fentanyl dealer who uses Bitcoin, it can be done for a journalist or political dissident who does as well.