https://www.justice.gov/usao-sdny/media/1352546/dl -> page 20 onwards.
This is the 'sealed complaint' -> this is pre-indictment -> look at the data they've gleaned from that server before probable cause.
24. Based on my involvement in this investigation, my training and experience, myreview of documents and other materials, as well as my conversations with law enforcementofficers and others, I have learned the following, among other things:a. All transactions on Marketplace-1 must use Marketplace-1’s bank. As explainedabove, Marketplace-1’s “bank” enables Marketplace-1 to retail and distribute narcotics securely17 The reference to successful DDoS attack prevention may be a reference to the purposeof Server-1.
between users (e.g., buyers) and sellers (e.g., vendors). Through the bank, customers depositcryptocurrency (Bitcoin or Monero) into the customer’s Marketplace-1 bank account—essentiallya cryptocurrency wallet. Once deposited, each user’s marketplace wallet is controlled byMarketplace-1. Then, after a buyer purchases a product from a vendor (e.g., narcotics)Marketplace-1 releases funds to the vendor’s Marketplace-1 bank account. In this way,Marketplace-1 serves as a financial link between vendors and customers and in so doing providesboth parties a level of comfort that the transaction will be consummated, while also allowing theparties to maintain distance and anonymity between each other. Marketplace-1’s bank also offersan escrow service, which provides sellers and buyers further protections. The escrow service canbe set such that a buyer’s money will be released to a seller only after specified actions occur, forexample, the shipment of narcotics. With the escrow service, sellers know they will be paid fortheir illegal narcotics and buyers know their payments will be released to sellers after specifiedevents occur. Although not every transaction on Marketplace-1 uses the bank’s “escrow” services,many do.b. Law enforcement officers identified the cryptocurrency wallets that Marketplace-1uses for its bank (collectively, “Bank Wallet-1”) and uses to funnel proceeds from Marketplace-1to Administrator-1 (“Administrator Wallet-1”):
Pursuant to the January 2024 judicially authorized warrant, lawenforcement officers searched Server-3. In Server-3, law enforcement officers identified thefollowing directories (i.e. computer folder) “/root/.bitcoin/wallets/[Marketplace-1] 1/”;/root/.bitcoin/wallets/[Marketplace-1] 2/”; “/root/.bitcoin/wallets/[Marketplace-1] 3; and/root/.bitcoin/wallets/[name of a cryptocurrency tracking software promoted by Administrator-1].Each of these computer folders contains a Bitcoin wallet file. A Bitcoin wallet file is a databasethat contains public and private Bitcoin keys to a particular Bitcoin wallet. 18 Because each of theseBitcoin wallet files were found on Server-3 and are named [Marketplace-1] or the cryptocurrencytracking software promoted by Adminstraotr-1, they appear to contain Marketplace-1 assets—specifically deposits made by customers and vendors into Bank-1.19 For simplicity, these fourwallets are defined herein as “BTC Bank Wallet-1.”
At the time of the search, wallets [Marketplace-1] 1, [Marketplace-1] 2,[Marketplace-1] 3, contained most proceeds, a total of approximately 1315.6 BTC ($36.8 million)in deposits. The wallet identified as a [name of a cryptocurrency tracking software promoted byAdministrator-1] contained approximately 0.41 BTC ($11,921) in deposits. 22ii. A review of BTC Bank Wallet-1 indicates that from on or about November9, 2020 through on or about January 9, 2024, there were approximately 244,483 Bitcointransactions in and out of BTC Bank Wallet-1, consisting of approximately 183,772 deposits andapproximately 60,711 withdrawals. The total Bitcoin deposited represents approximately1,316.038719 BTC ($36,895,586.12), and the total Bitcoin withdrawn represents approximately1,303.126267 BTC ($36,431,574.05).20iii. Server-3 also housed a Monero wallet (“XMR Bank Wallet-1”). Based ona review of XMR Bank Wallet-1, from on or about November 9, 2020, through on or about January9, 2024, there were approximately 265,375 Monero transactions consisting of 181,918 depositsand 83,457 withdrawals. The total XMR deposited represents approximately 296,094 XMR($46,728,991), and the total Monero withdrawn represents approximately 294,634 XMR($46,482,976).
Combining BTC Bank Wallet-1 and XMR Wallet-1—“Bank Wallet-1”—indicates that from its inception to on or about January 9, 2024, Marketplace-1 generated at leastapproximately $83,624,577 in revenue, which yielded at least approximately $4,181,228 from its5% commission. A review of Bank Wallet-1 further indicates that Marketplace-1 activityincreased year over year. For example, in 2022, Bank Wallet-1 received approximately $14.8million in deposits. In 2023, Bank Wallet-1 received approximately $65.5 million in deposits.c. Using software tools, law enforcement officers reviewed the publicly availableBitcoin digital ledger and traced transactions involving BTC Bank Wallet-1. In so doing, lawenforcement officers identified a series of wallets that received the majority of funds from BTCBank Wallet-1—i.e., that received the proceeds of Marketplace-1. One such particular wallet—“Administrator Wallet-1”—received the most funds from Bank Wallet-1, over approximately 58deposits from in or about October 2021 through in or about September 2023.i. During that time period, of the approximately 58 deposits intoAdministrator Wallet-1 from BTC Bank Wallet-1, approximately 24 were whole value transfers(e.g. 1 BTC or 5 BTC as opposed to 1.789 BTC.) Based on my training and experience, the transferof whole amounts is indicative of transferring proceeds (i.e. the proceeds derived from the 5% fee)from to an administrator as a profit. This is because when transferring funds, with the purpose ofmoving them, individuals tend use simple whole numbers. On the other hand, when transferringfunds, with the purpose of purchasing items, the amounts tend to not be in whole numbers becauseprices of items are pegged to fiat currencies and cryptocurrency is highly volatile.
Further, during that time period, the vast majority of Administrator Wallet1’s funds—approximately 123.14 BTC ($3,351,343)—came from BTC Bank Wallet-1. That is,the cryptocurrency flowing into Administrator Wallet-1 is from Markerplace-1. After receivingMarketplace-1 cryptocurrency, Administrator Wallet-1 transferred it elsewhere. Specifically,from on or about March 25, 2020 through on or about October 1, 2023, Administrator Wallet-1received approximately 77 deposits of Bitcoin, totaling approximately 126.0026 BTC, and thentransferred all of it to other wallets.20 Due to the volatility of cryptocurrencies, as to all United States Dollar converted amountsherein are approximate and based on the floating exchange rate near the time of the transaction.23iii. Accordingly, Administrator Wallet-1 appears to be a “pass through” walletused to obscure the source of funds (which is Marketplace-1), while transferring thecryptocurrency to other wallets under the control of Administrator-1.
This is the 'sealed complaint' -> this is pre-indictment -> look at the data they've gleaned from that server before probable cause.
24. Based on my involvement in this investigation, my training and experience, myreview of documents and other materials, as well as my conversations with law enforcementofficers and others, I have learned the following, among other things:a. All transactions on Marketplace-1 must use Marketplace-1’s bank. As explainedabove, Marketplace-1’s “bank” enables Marketplace-1 to retail and distribute narcotics securely17 The reference to successful DDoS attack prevention may be a reference to the purposeof Server-1.
between users (e.g., buyers) and sellers (e.g., vendors). Through the bank, customers depositcryptocurrency (Bitcoin or Monero) into the customer’s Marketplace-1 bank account—essentiallya cryptocurrency wallet. Once deposited, each user’s marketplace wallet is controlled byMarketplace-1. Then, after a buyer purchases a product from a vendor (e.g., narcotics)Marketplace-1 releases funds to the vendor’s Marketplace-1 bank account. In this way,Marketplace-1 serves as a financial link between vendors and customers and in so doing providesboth parties a level of comfort that the transaction will be consummated, while also allowing theparties to maintain distance and anonymity between each other. Marketplace-1’s bank also offersan escrow service, which provides sellers and buyers further protections. The escrow service canbe set such that a buyer’s money will be released to a seller only after specified actions occur, forexample, the shipment of narcotics. With the escrow service, sellers know they will be paid fortheir illegal narcotics and buyers know their payments will be released to sellers after specifiedevents occur. Although not every transaction on Marketplace-1 uses the bank’s “escrow” services,many do.b. Law enforcement officers identified the cryptocurrency wallets that Marketplace-1uses for its bank (collectively, “Bank Wallet-1”) and uses to funnel proceeds from Marketplace-1to Administrator-1 (“Administrator Wallet-1”):
Pursuant to the January 2024 judicially authorized warrant, lawenforcement officers searched Server-3. In Server-3, law enforcement officers identified thefollowing directories (i.e. computer folder) “/root/.bitcoin/wallets/[Marketplace-1] 1/”;/root/.bitcoin/wallets/[Marketplace-1] 2/”; “/root/.bitcoin/wallets/[Marketplace-1] 3; and/root/.bitcoin/wallets/[name of a cryptocurrency tracking software promoted by Administrator-1].Each of these computer folders contains a Bitcoin wallet file. A Bitcoin wallet file is a databasethat contains public and private Bitcoin keys to a particular Bitcoin wallet. 18 Because each of theseBitcoin wallet files were found on Server-3 and are named [Marketplace-1] or the cryptocurrencytracking software promoted by Adminstraotr-1, they appear to contain Marketplace-1 assets—specifically deposits made by customers and vendors into Bank-1.19 For simplicity, these fourwallets are defined herein as “BTC Bank Wallet-1.”
At the time of the search, wallets [Marketplace-1] 1, [Marketplace-1] 2,[Marketplace-1] 3, contained most proceeds, a total of approximately 1315.6 BTC ($36.8 million)in deposits. The wallet identified as a [name of a cryptocurrency tracking software promoted byAdministrator-1] contained approximately 0.41 BTC ($11,921) in deposits. 22ii. A review of BTC Bank Wallet-1 indicates that from on or about November9, 2020 through on or about January 9, 2024, there were approximately 244,483 Bitcointransactions in and out of BTC Bank Wallet-1, consisting of approximately 183,772 deposits andapproximately 60,711 withdrawals. The total Bitcoin deposited represents approximately1,316.038719 BTC ($36,895,586.12), and the total Bitcoin withdrawn represents approximately1,303.126267 BTC ($36,431,574.05).20iii. Server-3 also housed a Monero wallet (“XMR Bank Wallet-1”). Based ona review of XMR Bank Wallet-1, from on or about November 9, 2020, through on or about January9, 2024, there were approximately 265,375 Monero transactions consisting of 181,918 depositsand 83,457 withdrawals. The total XMR deposited represents approximately 296,094 XMR($46,728,991), and the total Monero withdrawn represents approximately 294,634 XMR($46,482,976).
Combining BTC Bank Wallet-1 and XMR Wallet-1—“Bank Wallet-1”—indicates that from its inception to on or about January 9, 2024, Marketplace-1 generated at leastapproximately $83,624,577 in revenue, which yielded at least approximately $4,181,228 from its5% commission. A review of Bank Wallet-1 further indicates that Marketplace-1 activityincreased year over year. For example, in 2022, Bank Wallet-1 received approximately $14.8million in deposits. In 2023, Bank Wallet-1 received approximately $65.5 million in deposits.c. Using software tools, law enforcement officers reviewed the publicly availableBitcoin digital ledger and traced transactions involving BTC Bank Wallet-1. In so doing, lawenforcement officers identified a series of wallets that received the majority of funds from BTCBank Wallet-1—i.e., that received the proceeds of Marketplace-1. One such particular wallet—“Administrator Wallet-1”—received the most funds from Bank Wallet-1, over approximately 58deposits from in or about October 2021 through in or about September 2023.i. During that time period, of the approximately 58 deposits intoAdministrator Wallet-1 from BTC Bank Wallet-1, approximately 24 were whole value transfers(e.g. 1 BTC or 5 BTC as opposed to 1.789 BTC.) Based on my training and experience, the transferof whole amounts is indicative of transferring proceeds (i.e. the proceeds derived from the 5% fee)from to an administrator as a profit. This is because when transferring funds, with the purpose ofmoving them, individuals tend use simple whole numbers. On the other hand, when transferringfunds, with the purpose of purchasing items, the amounts tend to not be in whole numbers becauseprices of items are pegged to fiat currencies and cryptocurrency is highly volatile.
Further, during that time period, the vast majority of Administrator Wallet1’s funds—approximately 123.14 BTC ($3,351,343)—came from BTC Bank Wallet-1. That is,the cryptocurrency flowing into Administrator Wallet-1 is from Markerplace-1. After receivingMarketplace-1 cryptocurrency, Administrator Wallet-1 transferred it elsewhere. Specifically,from on or about March 25, 2020 through on or about October 1, 2023, Administrator Wallet-1received approximately 77 deposits of Bitcoin, totaling approximately 126.0026 BTC, and thentransferred all of it to other wallets.20 Due to the volatility of cryptocurrencies, as to all United States Dollar converted amountsherein are approximate and based on the floating exchange rate near the time of the transaction.23iii. Accordingly, Administrator Wallet-1 appears to be a “pass through” walletused to obscure the source of funds (which is Marketplace-1), while transferring thecryptocurrency to other wallets under the control of Administrator-1.
) – sometimes it is a developer, many times a user.
