SlowMist AML Sets Legal Precedent in Taiwan with XREX and Law Enforcement

SlowMist
6 min readFeb 27, 2024

--

Background

Recently, the SlowMist AML team, in collaboration with the Criminal Investigation Bureau, the Judicial Reform Foundation, and the XREX trading platform, successfully cracked a challenging cryptocurrency scam case. This case may be a first in Taiwan’s judicial history, where, without specific information on the suspects or the identities of the defendants, advanced blockchain tracking technology was used to prove the flow of illegal funds and the ownership of cryptocurrency assets. This allowed law enforcement agencies to freeze and seize the assets, and ultimately returning the funds to the victims.

Case Process

The victim, Double Wan, was a user of the Base chain decentralized social platform, Friend.tech. The scammer made contact with the victim under the pretext of conducting an interview. After the interview, they sent him a phishing webpage containing malicious software, tricking him into filling out his information.

After filling out the information, the victim clicked “Verify,” at which point the webpage displayed an error message. The thief then guided the victim to add the “Verify” link to bookmarks in Google Chrome, instructing the victim to open Friend.tech and then click on the bookmark. Following these instructions, a verification box popped up on the page, prompting the victim to enter their password. Ultimately, the victim’s Friend.tech account and associated funds were stolen, resulting in a total loss of approximately 14.2 ETH.

Upon realizing he had been scammed, the victim immediately shared his experience on social media:

After posting a tweet about his ordeal, the victim contacted SlowMist (慢雾) for assistance, following the advice of other users. The SlowMist AML team then officially took on the case.

Utilizing the on-chain anti-money laundering tracking platform MistTrack, our AML team traced and analyzed the flow of the stolen funds. They discovered that the thief transferred 14.2 ETH from the victim’s Base chain address to a theft-associated wallet, and then used Orbiter.Finance to cross-chain the ETH from the Base chain to the Ethereum chain:

(https://dashboard.misttrack.io/address/ETH-Base/0xea177dfd41664608bd1d2befcf76017018655f9c)

Subsequently, the 14 ETH was transferred to an OKX exchange address:

Immediately, the SlowMist AML team contacted the security department at OKX to temporarily freeze the stolen funds for 72 hours. According to OKX’s internal policies, law enforcement from Taiwan had to intervene within 72 hours, or else the freeze on the illicit funds could not be extended. With the technical assistance of the SlowMist AML team, Mei-Hui Chen from the Judicial Reform Foundation organized and prepared documentation on the cryptocurrency flow, which helped the victim to file a police report. In collaboration with the Criminal Investigation Bureau and prosecutors, they applied to the court for a seizure order.

(https://twitter.com/evilcos/status/1714205957771923903)

Next, the challenge was how to return the funds to the victim without a defendant or a verdict, meaning law enforcement needed a professional and neutral third party to verify the ownership of the stolen wallet, the flow of the cryptocurrency, and to re-validate the fund flow documents. Fortunately, with the help of the XREX team, wallet ownership verification and re-validation of the fund flow documents were completed. MistTrack, the on-chain anti-money laundering tracking platform, played a crucial role in this verification process.

Mei-Hui Chen from the Judicial Reform Foundation commented, “This case relied on the mutual trust among various units, allowing for rapid and effective cross-sectoral coordination and action within a very short time frame. It’s encouraging for all law enforcement units and experts involved that even funds transferred to foreign exchanges could be recovered. I hope this case, though the first of its kind, will not be a one-off success but will become a standard procedure for similar cases.”

Xie Rui-Xuan, an investigator with the Criminal Investigation Bureau’s 6th Division, said, “The police continue to enhance their cryptocurrency tracing techniques and must explore and experiment within the constraints of existing laws. We hope this case can serve as an important milestone, not only making the remote seizure of cryptocurrency a standard practice but also promoting cooperation between law enforcement, blockchain, legal, and cybersecurity experts to combat the misuse of blockchain technology for fraud.”

Summary

After three and a half months, the victim successfully recovered the stolen funds. This case was fortunate. The victim promptly publicized his ordeal and contacted SlowMist , which followed up on the incident within 6 hours using the on-chain anti-money laundering tracking platform MistTrack for analysis. The results led to the quick freezing of the stolen funds by the OKX security department.

SlowMist has been deeply involved in the field of cryptocurrency anti-money laundering for many years, developing a comprehensive and efficient solution that covers compliance, investigation, and audit, actively helping to build a healthy cryptocurrency ecosystem. They also provide professional services to the Web3 industry, financial institutions, regulatory bodies, and compliance departments. MistTrack, which played a significant role in this case, is a compliance investigation platform offering wallet address analysis, fund monitoring, and traceability. It has accumulated over 300 million address tags, more than a thousand address entities, 400,000+ threat intelligence data, and 90 million+ risk addresses, providing strong protection against digital asset theft and money laundering crimes.

Lastly, if your cryptocurrency is unfortunately stolen, we offer a free community assistance service for case evaluation. You only need to submit a form according to the category guide (funds stolen/scammed/extorted). Your submitted hacker address will also be shared with the InMist Threat Intelligence Cooperation Network for risk control. (Note: Submit the Chinese form at https://aml.slowmist.com/cn/recovery-funds.html, and the English form at https://aml.slowmist.com/recovery-funds.html)

References

- https://shorturl.asia/0QpAT

- https://www.youtube.com/watch?v=f85HxCeBwiQ

About SlowMist

At SlowMist, we pride ourselves on being a frontrunner in blockchain security, dedicating years to mastering threat intelligence. Our expertise is grounded in providing comprehensive security audits and advanced anti-money laundering tracking to a diverse clientele. We’ve established a robust network for threat intelligence collaboration, positioning ourselves as a key player in the global blockchain security landscape. We offer tailor-made security solutions that span from identifying threats to implementing effective defense mechanisms. This holistic approach has garnered the trust of numerous leading and recognized projects worldwide, including names like Huobi, OKX, Binance, imToken, Crypto.com, Amber Group, Klaytn, EOS, 1inch, PancakeSwap, TUSD, Alpaca Finance, MultiChain, and Cheers UP. Our mission is to ensure the blockchain ecosystem is not only innovative but also secure and reliable.

We offers a variety of services that include but are not limited to security audits, threat intelligence, defense deployment, security consultants, and other security-related services. We also offer AML (Anti-money laundering) solutions, Vulpush (Vulnerability monitoring) , SlowMist Hacked (Crypto hack archives), FireWall.x (Smart contract firewall) , Safe Staking and other SaaS products. We have partnerships with domestic and international firms such as Akamai, BitDefender, FireEye, RC², TianJi Partners, IPIP, etc.

By delivering a comprehensive security solution customized to individual projects, we can identify risks and prevent them from occurring. Our team was able to find and publish several high-risk blockchain security flaws. By doing so, we wish to help spread awareness and raise the security standards in the blockchain ecosystem.

💬Website 🐦Twitter ⌨️GitHub

--

--

SlowMist
SlowMist

Written by SlowMist

SlowMist is a Blockchain security firm established in 2018, providing services such as security audits, security consultants, red teaming, and more.

No responses yet