Tracers in the Dark

He had led them there based on a strange, nascent form of evidence: Janczewski had followed the strands of Bitcoin’s blockchain, pulling on a thread that had ultimately connected this ordinary home to a very dark place on the internet, and then connected that dark place to hundreds more men around the world. All complicit in the same massive network of unspeakable abuse. All now on Janczewski’s long list of targets.

Ref. CD68-A

American agencies had used this newfound investigative technique, tracing a cryptocurrency that had once seemed untraceable, to crack one criminal case after another—starting small but ballooning into operations on an unprecedented, epic scale. They’d followed Bitcoin transactions to identify culprits from Baltimore to Moscow to Bangkok. They’d exposed crooked cops stealing millions. They’d tracked down half a billion dollars in stolen funds, the fruits of a multiyear, international heist and money-laundering operation. And they’d pulled off the biggest online narcotics market takedown in history, capturing the market’s creator and shutting down his bustling digital bazaar, one that had generated more than $650 million in contraband sales.

Ref. 105B-B

But even after all of those journeys into the depths of the cybercriminal underworld, tracing cryptocurrency had never before led them to a case quite like this one. That morning’s search in the suburb near Atlanta, as Janczewski would later put it, was “a proof of concept.”

Ref. EC0E-C

He thought again of the extradimensional evidence that had brought them there, a tool like a digital divining rod, one that revealed a hidden layer of illicit connections underlying the visible world. He hoped, not for the last time, that it hadn’t led him astray.

Ref. E17B-D

world, all of which confirmed that they’d witnessed it, adding it into their copy of the Bitcoin blockchain, the unforgeable, unchangeable, and altogether public ledger of who owns which bitcoins in the global cryptocurrency economy. In fact, these witnesses noting the transaction in their collective accounting of all bitcoins—agreed to by all of the cryptocurrency’s users—represented the only meaningful sense in which the abstract coins could be said to have “moved” at all, or to have even existed in the first place.

Ref. 83EE-E

Yet to anyone who looked at the same transaction record at the time, there would be no clue revealing who that someone was—neither the sender nor the recipient. Nothing in that record, sitting fully visible on the open internet, would indicate that the money had, in fact, moved from the accounts of the world’s first dark web drug lord to the wallet of a federal agent, payment to that agent for acting as a mole inside a global team of investigators working to take down a giant narcotics market.

Ref. 58B7-F

month after that payment, the dark web drug lord would be arrested and jailed. But it would take nearly a year longer before an IRS criminal investigator named Tigran Gambaryan laid eyes on the record of that transaction. Sitting in his Hayward, California, home, with his infant daughter in his lap, he would painstakingly click through addresses on Bitcoin’s blockchain, “hand tracing” the movement of that dirty money, as he would later describe it. And when he identified its destination, his epiphany would unlock a new era of law enforcement investigation, one in which detectives like Gambaryan could follow the money, digitally, to unfathomable hoards of ill-gotten wealth and to the doorsteps of the criminals who had collected

Ref. 2441-G

The ID documents in front of them, Frost explained, were forgeries. Fuentes’s real name was Carl Mark Force IV, and he was an agent with the Drug Enforcement Administration. This man, Frost went on, had cashed out more than $200,000 worth of bitcoins through Bitstamp over the previous six months, and he was trying to extract another $200,000 of the cryptocurrency when Frost had frozen his account for suspicious activity, just days before this meeting.

Ref. E150-H

“I utilize TOR for privacy,” Force had explained in an email to Bitstamp’s staff. “Don’t particularly want the NSA looking over my shoulder. :)” All of it left Frost feeling deeply uneasy. Was this DEA agent using Bitstamp’s crypto exchange as part of his undercover work to bank dirty drug money? And if so, why would he want to hide his tracks from another U.S. government agency? “The harder we looked at this, the stranger it seemed,” Frost recalled.

Ref. 6D70-I

Frost continued his story: Something about the DEA agent’s answers to Bitstamp’s questions had felt off. “There’s something wrong with this guy,” he told Haun and Gambaryan. “This doesn’t pass the smell test.”

Ref. 5E85-J

So Frost had filed a suspicious activity report with the U.S. Treasury’s Financial Crimes Enforcement Network, or FinCEN. He’d gotten a call back from a Secret Service agent based in Baltimore, a man named Shaun Bridges.

Ref. 4777-K

By the time the online black market was taken down in October 2013, the Silk Road had grown into a gargantuan narcotics and money-laundering bazaar unlike any ever seen before in history. And for much of its time online, its founder had been just across the bay, practically under their noses.

Ref. 063A-L

For Gambaryan, it was a welcome lead back into a case he’d coveted for years—or rather, a thread, however tenuous, that seemed to trail off from the Silk Road’s vast tangle of criminality, into the unknown.

Ref. C615-M

To IRS criminal investigators like Gambaryan and Alford, both special agents in the service’s Criminal Investigation division, known as IRS-CI, the story was irritatingly typical. While the FBI were made into near superheroes in countless Hollywood films, TV shows, and press conferences, no one seemed to have even heard of IRS-CI agents like them. (“The IRS is the redheaded stepchild of law enforcement,” as one judge told me. “They get no respect from anyone.”)

Ref. 5305-N

When DPR later came to suspect that one of his Silk Road employees had stolen hundreds of thousands of dollars’ worth of Bitcoin from him, it was Nob—Force—whom DPR turned to for help handling the situation. The Silk Road boss asked his associate, with his supposed cartel connections, to track down his thieving staffer and torture him until he returned the money. In a dark turn, DPR later changed the order, asking Nob to kill his wayward worker instead.

Ref. CEF3-O

In Alford’s telling, the Baltimore team’s work sounded remarkably messy. There were other rumors about Force, too: that years earlier he’d spent time cooling off in rehab after an undercover narcotics investigation. He’d gotten in too deep, the story went, inhabiting the role of the drug dealer he was playing a bit too fully, maybe losing track of which side he was on.

Ref. 9D0E-P

Then, just one day after their initial meeting, Haun received an email from Frost. The Bitstamp lawyer forwarded a request that Force had just sent to the cryptocurrency exchange’s customer service. “Could you please delete my transaction history to date?” the agent had written. “It is cumbersome to go through records back to November 2013 for my accountant.”

Ref. 2498-Q

Haun and Frentzen saw the email as a shocking red flag. After all of his other suspicious behavior, Force now seemed to be trying to destroy evidence. Any reluctance evaporated. They opened an investigation into Force the same day, with Gambaryan as lead agent. The twenty-eight-year-old IRS investigator had finally found the meaty cryptocurrency case he’d been looking for. It had put him onto the trail of a fellow federal agent.

Ref. 0A05-R

That lawlessness left a deep mark on Gambaryan—as well as an almost zealous, black-and-white starkness to his ideas of criminality. Even today he says the sense remains with him that there are real elements of corruption and chaos in every society, that the “law of the land” he witnessed in Moscow lies just beneath the surface, everywhere, ready to emerge whenever people have a sense of impunity from consequences. “Americans don’t know how good they have it,” Gambaryan says. “You let it slip, it turns into the chaos that I saw.”

Ref. DE1A-S

But a more basic and skeptical thought immediately struck Gambaryan about this new form of currency. “Participants can be anonymous,” he had read. But if this blockchain truly recorded every transaction in the entire Bitcoin economy, then it sounded like the precise opposite of anonymity: a trail of bread crumbs left behind by every single payment. A forensic accountant’s dream.

Ref. FC5A-T

I’ve tried not to take that rejection personally. Satoshi had, in fact, never spoken to a reporter. It would turn out that emailed response Andresen had received, refusing my request for an interview, would be one of Satoshi’s last known communications with anyone, to this day. Bitcoin’s creator disappeared from the internet less than two weeks after my article appeared, never to return. Their identity remains unknown—one of the greatest mysteries in the history of technology.

Ref. 1FBC-U

Tor was the dark web’s active ingredient, providing a kind of double-blind anonymity. It was designed so that anyone could visit a dark web site who knew the site’s address—a long and random-seeming string of characters. But no visitor to that site could see where it was physically hosted, nor could the site identify the location of its visitors. Any third party snooping on their connection could learn nothing about the locations of the computers on either end.

Ref. 7BD1-V

Amid the clamor surrounding Adrian Chen’s article, I hardly noticed an “update” that appeared shortly after it was posted. Chen had originally described Bitcoin in the piece as an “untraceable digital currency.” But in an addendum, he’d noted that Jeff Garzik, a programmer who worked with Gavin Andresen as a core developer of Bitcoin’s open-source software, had emailed him to correct a misconception. Garzik pointed out that while Bitcoin senders and receivers are identified only with addresses, all those anonymized transactions are still recorded on the blockchain in public view. Large transactions might attract the attention of investigators who could potentially de-anonymize users—those who had published their addresses online, for instance, or who had given identifying information to Bitcoin exchanges. “Attempting major illicit transactions with bitcoin, given existing statistical analysis techniques deployed in the field by law enforcement, is pretty damned dumb,” Garzik wrote.

Ref. A4F9-W

“Silk Road doesn’t really sell drugs, it sells insurance and financial products,” the Carnegie Mellon computer engineering professor Nicolas Christin put it at the time, expressing his amazement at the Silk Road’s smooth management of online transactions in an entirely new, anonymous medium. “It doesn’t really matter whether you’re selling T-shirts or cocaine. The business model is to commoditize security.”

Ref. 1863-X

Soon, DPR was regularly posting antigovernment political musings and love letters to his faithful buyers and vendors. He even created a Dread Pirate Roberts Book Club, where he moderated discussions on authors from the Austrian school of free-market economics. On the Silk Road, it was becoming clear, the Dread Pirate Roberts was more than a digital drug dealer or a black-market website administrator. He was, as various users wrote in forum posts, “our own Che Guevara,” a “job creator,” and, as one fan put it, a figure that would be remembered “among the greatest men and women in history as a soldier of justice and freedom.”

Ref. 9D1B-Y

Pirate Roberts. Here was someone making millions of dollars in highly illegal narcotics sales—a study by Carnegie Mellon’s Christin earlier that year had estimated that the Silk Road was moving $15 million in narcotics annually—while evading every global law enforcement agency. All of this after the DEA and Justice Department had been explicitly ordered by two U.S. senators to hunt him down and take his market off-line. The fact that he remained free more than a year after Schumer’s press conference seemed to testify to the very real power and impunity granted by encryption tools like Tor and Bitcoin. And DPR was publicly flaunting that impunity in the face of the most powerful government on the planet.

Ref. 9C65-Z

But as DPR’s star rose, the appeal of appearing on the cover of Forbes magazine seemed to grow in his mind. (He eventually suggested that the cover might show an anonymous silhouette of a pirate, along with the headline “How a Pirate Won the Drug War.”) After eight months, he finally agreed to talk to me at length through the Silk Road’s Tor-protected messaging system, upgrading my account to the status of a drug dealer on the site to make it easier for us to exchange messages. On July 4, 2013, as we sat at our computers for five hours—me in a studio office in Brooklyn ignoring my friends’ Independence Day barbecue on the rooftop outside, him at some unidentified location, somewhere across the dark web—I interviewed the Dread Pirate Roberts for the article that would introduce him to the world.

Ref. 2F18-A

“I didn’t start the Silk Road, my predecessor did,” DPR answered, to my surprise. He described how, early in the Silk Road’s history, he had discovered a vulnerability in the site that would have allowed a hacker to de-anonymize the site’s Bitcoin wallet. When he brought it to the Silk Road founder’s attention, they became friendly, and eventually the original administrator of the site suggested “passing the torch” in the form of a hefty buyout. (All of this, I’d later learn—in part from reading Ross Ulbricht’s own secret journal—seems to have been part of the “Dread Pirate Roberts” myth that Ulbricht was spinning to cover his tracks should he ever be found out.)

Ref. A5A3-B

In all, Meiklejohn carried out 344 cryptocurrency transactions over the course of a few weeks. With each one, she carefully noted on a spreadsheet the amount, the Bitcoin address she had used for it, and then, after digging up the transaction on the Bitcoin blockchain and examining the public record of the payment, the address of the recipient or sender. Meiklejohn’s hundreds of purchases, bets, and seemingly meaningless movements of money were not, in fact, signs of a psychotic break. Each was a tiny experiment, adding up to a study of a kind that had never been attempted before. After years of claims about Bitcoin’s anonymity—or lack thereof—made by its users, its developers, and even its creator, Meiklejohn was finally putting its privacy properties to the test.

Ref. 01CC-C

When she had started that process of probing the Bitcoin ecosystem, Meiklejohn had seen her work almost as anthropology: What were people doing with Bitcoin? How many of them were saving the cryptocurrency versus spending it? But as her initial findings began to unfold, she had started to develop a much more specific goal, one that ran exactly counter to the Dread Pirate Roberts’s crypto-anarchist, idealized notion of Bitcoin: She aimed to prove, beyond any doubt, that Bitcoin transactions could very often be traced. Even—or, in fact, especially—when the people involved thought they were anonymous.

Ref. 2AB0-D

Soon she was reading about Linear A and Linear B, a pair of written scripts used by the Minoan civilization on Crete until roughly 1500 BC. Linear B had been deciphered only in the 1950s, thanks in large part to a classicist at Brooklyn College named Alice Kober who labored in obscurity over samples of the Bronze Age language for twenty years, writing her notes on 180,000 index cards.

Ref. 4AEE-E

There was a maxim in cryptography, often referred to as Schneier’s law after the cryptographer Bruce Schneier. It asserted that anyone can develop an encryption system clever enough that they can’t themselves think of a way to break it. Yet, like all the best conundrums and mysteries that had fascinated Meiklejohn since childhood, another person with a different way of approaching a cipher could look at that “unbreakable” system and immediately see a way to crack it and unspool a whole world of decrypted revelations.

Ref. 4BF6-F

The anonymity it offered was truly uncrackable. In fact, eCash was based on a mathematical technique called zero-knowledge proofs, which could establish the validity of a payment without the bank or recipient learning anything else at all about the spender or their money. That mathematical sleight of hand meant that eCash was provably secure. Schneier’s law did not apply: No amount of cleverness or computing power would ever be able to undo its anonymity.

Ref. 4A21-G

Bitcoin’s ingenious system meant that any single bad actor who might want to write a false transaction into the blockchain would have to use a collection of computers that possessed more computational power than all those many thousands of miners. It was a brilliant approach that added up to a secure currency with no central authority.

Ref. 1EEA-H

Satoshi Nakamoto’s Bitcoin white paper, it immediately became clear to her that Bitcoin’s trade-offs were the exact opposite of the eCash system she knew so well. Fraud was prevented not by a kind of after-the-fact forgery analysis carried out by a bank authority but with an instantaneous check of the blockchain, the unforgeable public record of who possessed every single bitcoin.

Ref. 241D-I

But that blockchain ledger system came at an enormous privacy cost: In Bitcoin, for good and for ill, everyone was a witness to every payment.

Ref. C669-J

Yes, identities behind those payments were obscured by pseudonymous addresses, long strings of between twenty-six and thirty-five characters. But to Meiklejohn, this seemed like an inherently dangerous sort of fig leaf to hide behind. Unlike eCash, whose privacy protections offered snoops no hint of revealing information to latch onto, Bitcoin offered an enormous collection of data to analyze. Who could say what sorts of patterns might give away users who thought they were cleverer than those watching them?

Ref. 2816-K

“You could never prove anything about the privacy properties of this system,” Meiklejohn remembers thinking. “And so as a cryptographer, the natural question was, if you can’t prove it’s private, then what attacks are possible? If you don’t get privacy, what do you get?”

Ref. 8585-L

she started with a very simple question: How many people were using Bitcoin?

Ref. 164D-M

Meiklejohn recalled that he had briefly alluded to a technique that could be used to collapse some addresses into single identities. Often, a single Bitcoin transaction has multiple “inputs” from different addresses. If someone wants to pay a friend 10 bitcoins but holds those coins at two different addresses of 5 coins each, the spender’s wallet software creates a single transaction that lists the two 5-coin addresses as inputs and the address receiving 10 coins as the output. To make the payment possible, the payer would need to possess both of the so-called secret keys that allow the 5 coins at each address to be spent. That means anyone looking at the transaction on the blockchain can reasonably identify both of the input addresses as belonging to the same person or organization.

Ref. 4153-N

Satoshi had hinted at the privacy dangers this introduced. “Some linking is still unavoidable with multi-input transactions, which necessarily reveal that their inputs were owned by the same owner,” Satoshi wrote. “The risk is that if the owner of a key is revealed, linking could reveal other transactions that belonged to the same owner.”

Ref. 3B66-O

So, as Meiklejohn’s first step, she simply tried the technique Satoshi had inadvertently suggested—across every Bitcoin payment ever carried out. She scanned her blockchain database for every multi-input transaction, linking all of those double, triple, or even hundredfold inputs to single identities. The result immediately reduced the number of potential Bitcoin users from twelve million to date to around five million, slicing away more than half of the problem.

Ref. 132C-P

Many Bitcoin wallets only allowed spenders to pay the entire amount of coins sitting at a certain address. Each address was like a piggy bank that has to be smashed open to spend the coins inside. Spend less than the whole amount in that piggy bank and the leftovers have to be stored in a newly created piggy bank.

Ref. 0C82-Q

This second piggy bank, in Bitcoin’s system, is called a “change” address: When you pay someone 6 bitcoins from a 10-coin address, 6 coins go to their address. Your change, 4 coins, is stored at a new address, which your wallet software creates for you. The challenge, when looking at that transaction on the blockchain as a sleuthing observer, is that the recipient’s address and the change address are both simply listed as outputs, with no label to tell them apart.

Ref. 7A55-R

But sometimes, Meiklejohn realized, spotting the difference between the change address and the recipient address was easy: If one address had been used before and the other hadn’t, the second, totally fresh address could only be the change address—a piggy bank that had materialized on the spot to receive leftover coins from the one that had just been shattered. And that meant these two piggy banks—the spender’s address and the change address—must belong to the same person.

Ref. 55DC-S

The result was that Meiklejohn could now link together entire chains of transactions that had previously been unlinked: A single sum of coins would move from change address to change address as the spender paid fractions of the total pile of coins in one small payment after another. The remainder of the pile might move to a fresh address with each payment, but those addresses must all represent the transactions of a single spender.

Ref. B02D-T

She’d come to refer to those chains of transactions as “peeling chains” (or sometimes just “peel chains”). She thought of them like someone peeling bills off a roll of dollar bills: Though the roll of bills might be put back in a different pocket after a bill was peeled off and spent, it was still fundamentally one wad of cash with a consistent owner. Following these peeling chains opened avenues to trace the digital money’s movements like never before.[*]

Ref. 48E8-U

Meiklejohn now had two clever techniques, both of which were capable of linking multiple Bitcoin addresses to a single person or organization, what she came to call “clustering.” What had initially looked like disparate addresses could now be connected into clusters that encompassed hundreds or, in some cases, even thousands of addresses.

Ref. 19E9-V

They’d collected hundreds of millions of web links in junk marketing emails, mostly ones intended to sell real and fake pharmaceuticals. Then, as Savage describes it, they acted out the role of “the world’s most gullible person,” using bots to click through on every one of those links to see where they led and spending more than $50,000 on the products the spammers were hawking—all while working with a cooperative credit card issuer to trace the funds and see which banks the money ended up at.

Ref. BAC3-W

That’s how Meiklejohn found herself in the early weeks of 2013 ordering coffee, cupcakes, trading cards, mugs, baseball hats, silver coins, socks, and a closet’s worth of other truly random objects from online vendors who accepted Bitcoin; joining more than a dozen mining collectives; fiendishly gambling bitcoins at every online crypto casino she could find; and moving bitcoins into and out of accounts on practically every existing Bitcoin exchange—and the Silk Road—again and again. The hundreds of addresses Meiklejohn identified and tagged manually with those 344 transactions represented only the tiniest fraction of the overall Bitcoin landscape. But when she combined that address tagging with her chaining and clustering techniques, many of those tags suddenly identified not just a single address but an enormous cluster belonging to the same owner. With just a few hundred tags, she had put an identity to more than a million of Bitcoin’s once-pseudonymous addresses.

Ref. 6CD8-X

With just the 30 addresses she had identified by moving coins into and out of Mt. Gox, for instance, she could now link more than 500,000 addresses to the exchange. And based on just four deposits and seven withdrawals into wallets on the Silk Road, she was able to identify nearly 300,000 of the black market’s addresses. This breakthrough didn’t mean Meiklejohn could identify any actual users of the Silk Road by name, nor could she unmask, of course, the mysterious Dread Pirate Roberts overseeing all of it. But it would directly contradict DPR’s claims to me that his Bitcoin “tumbler” system could prevent observers from even seeing when users moved cryptocurrency into and out of their Silk Road accounts.

Ref. 7D7B-Y

one address, the pile of money had been broken up in late 2012 and sent on forking paths around the blockchain. Meiklejohn’s understanding of peel chains meant she could now trace those sums of hundreds of thousands of bitcoins as they split, distinguishing the amount that remained in the control of the initial owner from the smaller sums that were peeled off in subsequent payments. Eventually, several of those peel chains led to exchanges like Mt. Gox and Bitstamp, where they seemed to be cashed out for traditional currency. For an academic researcher, this was a dead end. But anyone with the subpoena power of law enforcement, Meiklejohn realized, could very likely force those exchanges to hand over information about the accounts behind those transactions and solve the mystery of the $7.5 million stash.

Ref. 34B0-Z

Unlike with credit cards or other digital payment systems, there was no overseer who could stop or reverse the money’s movement. That had made every Bitcoin business and its stash of crypto revenue a ripe target for hackers, especially if the holders of those funds made the mistake of storing their secret keys on internet-connected computers—the equivalent of carrying six- or seven-figure sums of cash in their pockets while strolling through a dangerous neighborhood.

Ref. 7B21-A

In the final draft of the paper Meiklejohn and her co-authors put together, they definitively stated conclusions—based for the first time on solid, empirical evidence—that flew in the face of what many Bitcoin users believed at the time: Far from being untraceable, they wrote, the blockchain was an open book that could identify vast swaths of transactions between people, many of whom thought they were acting anonymously.

Ref. 61AC-B

“We demonstrate that an agency with subpoena power would be well placed to identify who is paying money to whom. Indeed, we argue that the increasing dominance of a small number of Bitcoin institutions (most notably services that perform currency exchange), coupled with the public nature of transactions and our ability to label monetary flows to major institutions, ultimately makes Bitcoin unattractive today for high-volume illicit use such as money laundering.”

Ref. 6009-C

When the UCSD paper hit the internet in August 2013, it was introduced with a description that, to those involved, had come to seem inevitable: “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names.”

Ref. 87B1-D

At a glance, Meiklejohn immediately identified the change address and checked the money’s destination against her database. Sure enough, the address was one of the nearly 300,000 she had already tagged as belonging to the Silk Road. Meiklejohn had just connected Flycracker’s address directly to the source of the heroin he’d tried to use to frame Krebs.

Ref. B173-E

By then, in the late summer of 2013, the Dread Pirate Roberts had competition. Two other dark web bazaars called Black Market Reloaded and Atlantis had appeared, modeling themselves on the Silk Road and attracting their own, smaller collections of drug dealers and customers. (“I like having them nipping at my heels,” DPR had told me derisively in our interview. “Keeps me motivated.”)

Ref. 3CBE-F

Meiklejohn was careful not to overstate her findings: Not every Bitcoin transaction could necessarily be tracked. If bitcoins were spent carefully, it might still be possible to elude her tracing techniques. But that description of Bitcoin’s privacy properties was still a far cry from what many of its users believed. Like a kind of crypto-Cassandra warning of a crackdown to come, she found herself telling one reporter after another that Bitcoin’s much-hyped anonymity promises weren’t what they seemed.

Ref. 1DBD-G

few days later, she wrote me a long email annotating in meticulous detail every move the money in my Coinbase account had made, eleven transactions in total, going so far as to include hyperlinks to the pages on the website Blockchain.info that showed each one. Meiklejohn had identified my deposits into all three dark web markets, as well as the withdrawals of leftover bitcoins from each. She’d distinguished those transactions from others where Coinbase had moved my money from one of its addresses to another for its own housekeeping. She’d even spotted half a bitcoin I’d sent to my fellow Forbes writer Kashmir Hill, who was carrying out her own journalistic experiment in trying to live on solely Bitcoin for a full week.

Ref. 04A3-H

Thanks to her test payments and clustering techniques, Meiklejohn had already identified a handful of the other input addresses in that transaction. She could say with confidence they were among the hundreds of thousands of addresses associated with the Silk Road. And as Satoshi himself had pointed out, the same person always has control of the keys for all the input addresses in a multi-input transaction. This was, after all, the first rule of thumb that had guided Meiklejohn’s research.

Ref. F740-I

At that exact moment, another young woman across the table from Ulbricht grabbed his laptop without hesitation, gingerly whisked it away, and handed it to a man who had suddenly appeared behind her, seemingly out of nowhere. Ulbricht lunged for the machine but found that he was caught in a bear hug. Everyone involved, on all sides of Ulbricht, was in fact an FBI agent. Before he was even aware of what had happened, Ulbricht was being cuffed. As it turned out, even the Silk Road moderator he’d been chatting with had been an undercover agent: A Homeland Security Investigations official named Jared Der-Yeghiayan had quietly arrested a real moderator months earlier and then taken over her account, and was now sending Ulbricht messages from a bench just across the street from the library.

Ref. A861-J

This elaborate, highly orchestrated arrest had been overseen by the New York field office of the FBI and designed around one critical goal: to catch Ulbricht with his laptop open and logged in to the Silk Road. Grabbing the machine in an open state was not merely a matter of catching Ulbricht red-handed. He used an encryption program on his laptop that would automatically transform the entire contents of his hard drive into an uncrackable cipher the instant the lid was shut, concealing its secrets from investigators forever.

Ref. 8495-K

On the live PC, swept out of Ulbricht’s hands, the FBI found a vast smorgasbord of evidence, the kind that only a criminal with far too much confidence in his laptop’s encryption would dare to keep: Ulbricht had, amazingly, maintained a diary, a logbook, a spreadsheet of his net worth, and even comprehensive records of his chats with the Silk Road’s entire staff.

Ref. A381-L

In fact, it would turn out that when I was interviewing the Dread Pirate Roberts just three months earlier, Ulbricht had already been identified as a suspect—thanks to the IRS agent Gary Alford’s web sleuthing. The FBI, meanwhile, had tracked down the Silk Road’s servers in Iceland and France.[*] As Ulbricht was being cuffed in San Francisco, other agents were simultaneously taking over the Silk Road’s infrastructure and preparing to transfer more than 144,000 bitcoins held on Ulbricht’s servers and laptop. In other words, even as the Dread Pirate Roberts was telling me, that Fourth of July, about the revolutionary future that his work would usher in for all mankind, spinning a dream of a new era of lawless online liberty, his role in that dream was already coming to an end.

Ref. 184E-M

The FBI has described that cybersurveillance coup as the result of a misconfiguration in the site’s use of the Tor anonymity software but has been reluctant to ever officially explain that error in a courtroom. Some cybersecurity experts have speculated some other secret technique actually allowed the bureau to break or bypass Tor’s anonymity protections. The Department of Justice would ultimately argue that because the server was located abroad, the Fourth Amendment privacy protections against warrantless searches—including potentially hacking it—didn’t apply.

Ref. 2BD1-N

Working in his office on an upper floor of the Ronald V. Dellums Federal Building in downtown Oakland, Gambaryan began the familiar process of subpoenaing and then poring over Force’s financial records. He found that Force had, in late 2013, paid off his home’s entire mortgage, an outstanding loan of $130,000. He’d repaid, too, a $22,000 loan he’d taken out against his federal retirement account. He’d even made a gift of tens of thousands of dollars to his local church, the sort of largesse that, Gambaryan knew all too well, was tough to afford on a federal agent’s salary. The numbers only got shadier from there: Gambaryan found records of real estate investments in which Force had listed his net worth as more than $1 million. That wealth was almost entirely due, it became clear, to a massive influx of liquidated bitcoins from cryptocurrency exchanges like Bitstamp and CampBX that had flowed into Force’s bank accounts. The payments totaled $776,000 beyond his $150,000 annual DEA salary over the two prior years that he’d worked on the Silk Road case. With that ample financial padding, Force had then retired from the DEA, just days before Gambaryan began to look into his records.

Ref. 2918-O

When they reached Bridges on the phone, however, he was immediately, inexplicably hostile. “What is a federal prosecutor in San Francisco doing investigating anything going on in Baltimore?” Haun remembers him asking. “Why do you have any jurisdiction here?” Gambaryan and Haun, taken slightly aback by Bridges’s tone, explained they’d learned about Force’s suspicious behavior from George Frost.

Ref. 4A5B-P

Bridges responded, as Gambaryan remembers it, with defensive posturing and non sequiturs. He bragged that in addition to his Secret Service role, he was the Baltimore Task Force’s liaison to the NSA and an expert on Tor and cryptocurrency, implying that he, Shaun Bridges, was best qualified to deal with the Force case. He made it clear to Gambaryan and Haun that Baltimore—and in particular anything related to Carl Force—was his territory and he wasn’t going to share that turf with them. After the Secret Service agent hung up the phone, Gambaryan and Haun gave each other a look. Their shared reaction: “What the hell was that?”

Ref. 10D9-Q

Reading those messages—and reading between the lines, based on what he’d learned about the Baltimore Task Force’s investigation of the Silk Road and the separate, murder-for-hire indictment of Ulbricht that had resulted—Gambaryan marveled at the dramatic irony. Green’s arrest for drug possession had been arranged by Carl Force himself, the very agent who had sent the drugs to Green’s address, in a sting operation. Then, when Green had apparently gone rogue, stealing hundreds of thousands of dollars’ worth of bitcoins from Silk Road coffers, DPR had turned to none other than Force, under the guise of Nob, to carry out Green’s “murder,” staged for DPR’s benefit. (The vomit dribbling out of Green’s mouth in the photo was, in fact, Campbell’s Chicken & Stars Soup.) Shakespeare himself couldn’t have written the misunderstandings and coincidences more tidily.

Ref. 312C-R

Not long after that initial payment from DPR, however, Gambaryan began to see that the messages between DPR and Nob on the Silk Road server had shifted into indecipherable passages of random-looking characters. At Nob’s suggestion, he and the Silk Road boss had started to use PGP, or Pretty Good Privacy, a free and widely trusted encryption program, which Nob suggested could give them an added layer of protection from surveillance. It also prevented Force’s supervisors at the DEA—and now Gambaryan—from reading their messages. What’s more, Force’s DEA reports had no record of the decrypted text of these conversations.

Ref. 5847-S

That subterfuge made Gambaryan deeply suspicious: Underneath this added layer of encryption, was Force still an undercover agent on the Silk Road working for law enforcement and merely pretending to have a mole inside the feds? Or was he using his position to act as a double agent, working for DPR as an actual mole, selling his own DEA intel to DPR? The layers of deception were dizzying.

Ref. F36E-T

I didn’t know how much to send before. I was afraid of offending if I sent too little and looking foolish if I sent too much.” It concluded, in the typical insecure style of the Dread Pirate’s communications with Nob, “I hope I didn’t make things difficult for you.” Amid the garbled, encrypted conversations between Nob and DPR, Gambaryan was able to read that one message. The Dread Pirate Roberts had made a critical slipup: He’d forgotten to encrypt that single text with PGP. Nob’s message in response was again encrypted and unreadable for Gambaryan. But its subject line was legible. It read, “Use PGP!”

Ref. 3786-U

But Gambaryan was a forensic accountant. He knew that a conversation about a payment was very different from proof that it had actually occurred.

Ref. B4A5-V

The prevailing wisdom in law enforcement agencies at the time still held that lawbreakers and libertarians were correct about Bitcoin—that it presented a serious problem for any agent who sought to trace dirty money movements. An unclassified FBI report published in 2012 had been titled “Bitcoin Virtual Currency: Unique Features Present Distinct Challenges for Deterring Illicit Activity.” The report had flatly stated that “since Bitcoin does not have a centralized authority, law enforcement faces difficulty detecting suspicious activity, identifying users, and obtaining transaction records.” The report noted that Bitcoin exchanges that demanded identification from traders might help identify Bitcoin users. But two years had passed since the report had been written, and U.S. law enforcement hadn’t actually managed to prosecute anybody based on those records, even as Bitcoin black markets like the Silk Road had flourished in plain view.

Ref. DDC5-W

Still, Gambaryan had always had his doubts about Bitcoin’s untraceability. From the very first time he’d read about Bitcoin, back in 2010, his accountant’s brain had wondered how it could truly provide anonymity when the records of every transaction were shared with so many thousands of machines around the world—even if those transactions were to addresses rather than names. At one point early in his tenure as an IRS-CI agent, watching the Silk Road’s unchecked growth, he had even gone so far as to suggest to a fellow agent that they try tracing bitcoins on the blockchain. His colleague had laughed at him. “Oh, so we’re going to bring in Satoshi Nakamoto to introduce the blockchain as evidence in court?” the agent had joked.

Ref. FCF9-X

So, why not use the blockchain as evidence? If a cryptographically unforgeable, giant ledger displaying every Bitcoin transaction was good enough to prove who owned millions of dollars within Bitcoin’s economy, Gambaryan thought, it ought to be good enough to use as evidence in a criminal indictment, too.

Ref. 2FA8-Y

At first, the collections of garbled character strings seemed meaningless to Gambaryan. But almost immediately, he could see he was onto something. On September 27, 2013, just a few days before Ross Ulbricht’s arrest, Gambaryan saw with a jolt of recognition that one of Force’s CampBX addresses had received a 525-bitcoin payment—the magic number that DPR had mentioned in his conveniently unencrypted message.

Ref. 1281-Z

The blockchain entry showed that the coins, by then worth $66,000 thanks to a bump in Bitcoin’s price, had moved to Force’s address as one solitary payment from another single address. So Gambaryan clicked on that second address on Blockchain.info, working backward through time, only to find that the money had moved to that second link in the chain a few weeks earlier, on September 1, again as a single collection of coins. When Gambaryan looked for the source of the coins at that second address, however, the picture became vastly more complicated: Ten addresses had combined their coins there. If he was going to follow the bitcoins any further, he’d have to trace back all ten paths.

Ref. 63E7-A

converging money flows, he thought, looked familiar: They struck Gambaryan as the typical, contrived complexity of someone splitting up and reassembling their illicit funds in the hopes of throwing an auditor off their trail.

Ref. FA05-B

Each of those addresses had received their funds on the same day: August 4, 2013—the exact date when the Dread Pirate Roberts had told Nob he’d paid him. Gambaryan mentally recorded the payments: They were for 127, 61, 134, and 203 bitcoins. He added the numbers in his head. They summed up to 525 bitcoins. Sitting alone in his living room, he knew he had just found DPR’s payment to Nob in the unfailingly honest record of the blockchain—the payment Force had written in an official report never took place.

Ref. 7316-C

For a moment, Gambaryan and Der-Yeghiayan sat on the phone in silence. Gambaryan had just, for the very first time in a U.S. criminal investigation, traced cryptocurrency payments to prove someone’s guilt. “Oh, shit,” Gambaryan remembers thinking. “We broke Bitcoin.”

Ref. 04BA-D

But one payment of $70,000 in bitcoins didn’t explain the $700,000 worth of bitcoins that had shown up in Force’s accounts. If Force had been willing to turn his alter ego Nob into a double agent, what else was he capable of?

Ref. 3B2B-E

Gambaryan could hardly believe what he was seeing. Amid the multiple personas Carl Force was juggling, he seemed to slip up and sign a message to DPR with his own name. Gambaryan could see Force’s attempt to undo the damage four hours later. DPR had received another message from the same account titled “Whoops!” The message read, “I am sorry about that. My name is Carla Sophia and I have many boyfriends and girlfriends on the market place. DPR will want to hear what I have to say;) xoxoxo.”

Ref. 11C5-F

As part of the standard practice of documenting his undercover work, Force had periodically used a screen recording program called Camtasia to make first-person videos of his sessions as Nob. Gambaryan watched hours and hours of the videos, painstakingly replaying Force’s online performances in real time. Sure enough, for one brief moment in those videos, Gambaryan saw that Force was no longer logged in as Nob. Instead, on the top right of his screen, he saw the username “DeathFromAbove.”

Ref. 3ABA-G

reading Bitcoin’s ledger of transactions. To Gambaryan, the theft just didn’t look like the work of Carl Force. The $350,000 worth of bitcoins was broken into more chunks than Force had typically bothered with, and they had moved through more hops on the blockchain, to addresses that Gambaryan couldn’t find in any of Force’s accounts on any exchange. “It didn’t fit the pattern,” Gambaryan remembers. “It was almost like I’d gotten used to the way that Carl was using the blockchain. This was different.” He’d come to a conclusion that seemed highly improbable to the prosecutors on the case, and yet he was sure of it. “It’s not Carl,” Gambaryan told Haun and Frentzen. “I don’t know who it is, but it’s not Carl.” Another thief of the Silk Road’s bitcoins was still out there.

Ref. 6B08-H

But a few hours later, the Berkeley computer scientist Nick Weaver woke up on the other side of the country, read Dratel’s words in news reports from the trial, and had a far more visceral reaction: He got angry. This was going to be Ross Ulbricht’s argument? Weaver was so “offended by the gross stupidity of the defense,” as he’d later put it, that he took an unusual step for an academic researcher: He looked up the email addresses of the prosecutors in court documents and wrote them a message, offering to help them disprove Ulbricht’s cover story.

Ref. F4E3-I

back to the Silk Road to serve as a patsy. One of the Silk Road prosecutors followed up with Weaver by phone, and the Berkeley researcher explained exactly how he suggested the Justice Department, with the actual server and laptop in their custody, could indisputably prove the origins of Ulbricht’s riches.

Ref. C520-J

On the stand, Yum went even further than Weaver had: He pointed to a 3,000-bitcoin payment that flowed out of Ulbricht’s wallet in April 2013, totaling roughly $500,000. This payment matched up with another shocking piece of evidence revealed in the trial: An encrypted chat transcript recovered from the Silk Road server captured DPR negotiating another five murders. A would-be contract killer named redandwhite, who’d claimed to the Dread Pirate Roberts to be part of the Hells Angels motorcycle gang, had written to DPR and offered to take out an assortment of DPR’s enemies: a blackmailer, a thief, and even a group of three of the thief’s housemates. DPR had agreed to the half-million-dollar job.

Ref. 16D2-K

Ulbricht hadn’t been charged with these murders for hire in the New York trial. By all accounts, no such murders took place, staged or otherwise; redandwhite appears to have been a scam artist. But as Yum demonstrated to the jury, Ulbricht’s intent to pay his would-be assassins remained—and remains today—burned into Bitcoin’s permanent ledger. Five days later,

Ref. 583B-L

But the day when the prosecution found the incontrovertible, public, and unerasable proof of Ulbricht’s Silk Road millions, argues Nick Weaver, remains a milestone in the history of cryptocurrency and crime. “That is the date,” Weaver says, “that you can state unequivocally that law enforcement learned that the blockchain is forever.”

Ref. 2AE4-M

the Silk Road,” he said. “I wanted to empower people to be able to make choices in their lives for themselves and to have privacy and anonymity. I am not saying that because I want to justify anything that has happened, because it doesn’t. I just want to try to set the record straight, because from my point of view I am not a self-centered sociopathic person that was trying to express some, like, inner badness. I just made some very serious mistakes.”

Ref. DEA0-N

She read from his chat logs in which he dismissed the dangers of drug overdoses and ordered killings. These threats of violence, she explained, were not directly charged as attempted murders in his trial but would nonetheless contribute to his sentence. She also spoke about the need for deterrence: to dissuade future would-be kingpins of the dark web from following his lead. “For those considering stepping into your shoes, carrying some misguided flag, they need to understand very clearly and without equivocation that if you break the law this way there will be very, very severe consequences,” Forrest said. The Silk Road, Forrest continued, “was a carefully planned life’s work. It was your opus,” she said to Ulbricht. “You wanted it to be your legacy. And it is.”

Ref. 6C3D-O

Then she sentenced Ulbricht to two life sentences in prison without the possibility of parole. A silence fell over the courtroom. Even the prosecutors were surprised by the immensity of the punishment Forrest had set down, which was beyond even what they’d asked for in a letter to the judge.

Ref. 906F-P

After a few more minutes of translated formalities passed across the conference table, Gronager and Powell agreed to the terms and timing of their proposed contract, then flipped to the back page and inked their signatures on lines that identified each of the companies they represented. Powell signed on behalf of Kraken. Gronager signed on behalf of a company that practically no one in the world had heard of at the time, one that would be devoted entirely to tracing cryptocurrency and identifying the players in its shadow-strewn economy: Chainalysis.

Ref. 246A-Q

Then, in early February 2014, this stumbling giant of the Bitcoin world had suddenly taken a hard fall. Mt. Gox announced that it was now suspending all withdrawals—not just in dollars, but in bitcoins. This time there could be no other explanation: The exchange was insolvent. It would be another week before Mt. Gox would reveal that it had been hacked, and weeks longer before it admitted that the hackers had taken everything—that it was bankrupt. But angry account holders were already swarming onto forums to express their outrage that Mt. Gox wouldn’t hand over thousands or even millions of dollars’ worth of cryptocurrency that was rightfully theirs.

Ref. 2BEB-R

Beyond even that business opportunity, Gronager had faith in the technology. As he would describe it years later, he saw the fall of the house of Gox as “just another piece of noise” contributing to the ever-present chaos of the cryptocurrency world. The signal amid that noise had always been Bitcoin’s underlying mechanics. Those features, Gronager assured himself, remained as elegantly crafted and resilient as ever. The noise would eventually quiet. The signal would persist.

Ref. 6C8C-S

His interest in his father’s workshop waned

Ref. 8684-T

Rick Falkvinge, the founder of the privacy- and information-freedom-focused Swedish Pirate Party, and a British anarchist programmer named Amir Taaki, who would later smuggle himself into Syria to fight ISIS alongside Kurdish revolutionaries.

Ref. 2CFF-U

Gronager had never been convinced that Bitcoin was meant to serve as a tool for untraceable, lawless payments. He’d intuitively understood from the start that the blockchain made Bitcoin a uniquely transparent form of money and saw its transparency as a feature, not a bug. When Meiklejohn’s “Men with No Names” paper appeared, he read it as a welcome confirmation of his belief that any use of Bitcoin as a tool for cryptoanarchy or crime was a misguided sideshow.

Ref. B1C7-V

pioneered—with a year of hindsight, he considered them practically intuitive features of the blockchain—and his prototype integrated both tricks. But unlike UCSD’s clunky process of querying a massive database on a server, Gronager exploited a newer database technology called SQLite to interact with a more lightweight version of the blockchain on his laptop. The same queries that sometimes took Meiklejohn as long as twelve hours of processing time took just seventeen seconds in Gronager’s proof-of-concept program—a delay that he still considered intolerably slow. And Gronager didn’t need to carry out the hundreds of test transactions that Meiklejohn had spent weeks on. His voracious experimentation with every service in the Bitcoin economy over the past several years meant he already had, in his own records, most of the test transactions he needed to identify the collections of addresses his program clustered together.

Ref. 430F-W

building now: not simply a tool for tracing bitcoins, but a kind of trusted data source that could extract global patterns and money flows from the blockchain, a service that cryptocurrency exchanges would pay for to know more about their customers—including, perhaps, what side of the law they were on. Møller was intrigued and suggested they consider working together. Later they’d look back on that day, October 24, as the birthday of their company, Chainalysis.

Ref. 0803-X

On other days they hashed out their product’s mechanics on long walks through the pine forests and across the seaweed-strewn, windy beaches of western Denmark. “All of our best ideas we had while walking,” Møller says.

Ref. 27A3-Y

The drive was supposed to contain all of Mt. Gox’s financial data, including records of every trade made on the exchange in its four-year history. But when he decrypted it, Gronager found it was mysteriously incomplete. Many records of trades were missing the “counterparty”—the buyer or seller on the other side of the deal—and many more entries seem to have been deleted altogether.

Ref. 316D-Z

When Gronager asked Karpelès about those missing entries, Karpelès told him a strange story in his slightly clumsy, French-accented English. In early 2014, he said, around the time of the hacker breach that had stolen Mt. Gox’s entire treasury of bitcoins, someone had physically broken into the exchange’s server room and accessed its computers. The company hadn’t been able to determine who the intruder was, but Karpelès suggested the break-in was related to the theft and believed it had allowed the burglar to delete the data that Gronager had found missing. And, Gronager asked incredulously, didn’t the company have a backup of that data? Karpelès said no, that the backup system hadn’t worked either. Gronager could see that Karpelès was almost certainly withholding something, if not outright lying. But he avoided calling him out on this unlikely and seemingly unfounded explanation. Gronager wasn’t a cop, after all; he didn’t have any legal authority to compel Karpelès to speak honestly, or to punish him if he didn’t; this was meant to be a friendly fact-finding meeting.

Ref. BEAB-A

at least one sort of misbehavior Karpelès might be covering up with this data burglary tale. There had long been rumors that some of the trades on Mt. Gox were actually run by automated programs controlled by the exchange itself—that it used these bots to create trades at artificially high prices. Since Mt. Gox was secretly playing the role of both buyer and seller in these trades, they hadn’t cost the exchange anything. But the trades would create a false sense of bustling activity, bolstering Bitcoin’s exchange rate and making Mt. Gox seem more dominant in the Bitcoin economy than it truly was.

Ref. 5A06-B

stored on the same PC’s hard drive the Mt. Gox database of user account information he’d been given by the bankruptcy trustees, he offered to go a step further and look at the recipient’s account information, too. He wasn’t sure if he was supposed to freely share personal details from that Mt. Gox user database with U.S. law enforcement. But he went ahead and gave Haun and Gambaryan an IP address. It placed the account holder in Maryland.

Ref. 7E71-C

Gronager was right: Haun and Gambaryan had wanted an extra pair of expert eyes on Gambaryan’s blockchain analysis. They already knew the name associated with that Maryland IP address—the name of the person who had used Mt. Gox to cash out a total of 20,073 bitcoins—about $350,000 at the time it had been stolen from the Silk Road. That name was Shaun Bridges.

Ref. E059-D

unaided, clicking through addresses on Blockchain.info as he had with Force’s coins, Gambaryan used a free tool he’d found online called WalletExplorer, created by a Czech programmer named Aleš Janda. In creating WalletExplorer, Janda had done much of the same work as Meiklejohn and Gronager, implementing clustering techniques and labeling known entities on the blockchain. The tool made it relatively easy for Gambaryan to follow the bitcoins that flowed out of the Number13 account on January 25, trace them through multiple obfuscating hops, and then finally into an address that was labeled in WalletExplorer as part of the Mt. Gox cluster.

Ref. 7A9A-E

From there, Gambaryan turned to the tedious but familiar paperwork of more traditional follow-the-money investigations: He wrote to the owners and trustees of Mt. Gox—which had declared bankruptcy months earlier—asking the defunct exchange to turn over the records associated with the suspected account based on a mutual legal assistance treaty between the United States and Japan. Mt. Gox’s trustees agreed, and the resulting documents showed that the liquidated bitcoins, traded for dollars, had been sent by money transfer to a Fidelity account held by an entity called Quantum International Investments LLC. Gambaryan subpoenaed Fidelity, which immediately revealed Quantum International Investments’ owner: Shaun Bridges. Bridges had created a shell company using his very own name and home address in Maryland.

Ref. 84B5-F

It was late December by the time Gambaryan’s feverish money tracing had reached its end. Will Frentzen remembers receiving a call from Gambaryan late at night, surprised to see the IRS agent’s name appear on his cell phone during their Christmas vacation. Gambaryan explained what he’d found. The veteran prosecutor says he felt the hairs stand up on the back of his neck. “Holy shit,” Frentzen remembers thinking. “There’s two of them.”

Ref. 9C82-G

Force’s interrogation of Green on January 25, 2013, they began to piece together how Shaun Bridges had, that evening, retreated to his hotel room with Curtis Green’s laptop and spent the night using Green’s access to frantically hijack and pillage Silk Road accounts.

Ref. 3FF0-H

Most surprising of all, two years later, as the San Francisco team investigating Bridges’s theft searched through the Baltimore Task Force’s correspondence, they found no evidence that Bridges and Force had collaborated in their schemes. By all appearances, Frentzen says, the two men didn’t even particularly like each other. Amazingly, each seems to not have been aware of the other’s crimes, like a pair of robbers quietly burglarizing different rooms of the same house without ever crossing paths.

Ref. DC8B-I

“That blew my mind,” says Frentzen. “It was unbelievable to us that there were two crooked federal agents on the same task force and that they weren’t working together.” In fact, if it hadn’t been for Force’s entirely separate, even more reckless acts of criminality, Bridges’s theft might have gone entirely undetected.

Ref. 15E3-J

When Gambaryan had traced Force’s bitcoins, he had been too stunned that his blockchain analysis had actually worked to think of its larger implications. But when he used the technique again to follow Bridges’s stolen loot, a revelation was cemented in his mind: The blockchain wasn’t merely a cornucopia of evidence—one that would reveal crimes that went far beyond those of two crooked agents. It was a permanent record of often-traceable payments that had served as the perfect honeypot, a trap for anyone seeking financial anonymity online in order to commit crime. And it had persisted for years. Now that enormous wealth of evidence lay spread before Gambaryan, or any other law enforcement agent willing to spend the time to retroactively crack it. “This opens up a whole new world,” Gambaryan remembers thinking with awe. “Right now, we can go back and solve a million different crimes.”

Ref. 60BA-K

more than one agent had succumbed. The two men, like the Dread Pirate Roberts they were hunting, had been seduced by the same siren song: the false promise of untraceable money.

Ref. FDA2-L

Gronager, too, started to scrutinize BTC-e more closely, tracing its money flows in Chainalysis’s software. He began to see that all sorts of apparent illicit funds were ending up at this anarchic, crime-friendly exchange. They included dark web market cash-outs, stolen bitcoins, even the proceeds from a relatively new but fast-growing hacker scheme called ransomware: Hackers would infect and lock up victims’ PCs, sometimes encrypting their hard drives, and then offer to unlock or share the key to decrypt data only if victims paid a ransom of hundreds or even thousands of dollars in bitcoins. More often than not, those ransomware payments would end up cashed out through BTC-e’s mysterious exchange.

Ref. 72CC-M

Just months had passed since the promise of bitcoin tracing had been proven out for the first time in Gambaryan’s case against Force and Bridges. Now, already, BTC-e seemed to pose a fundamental threat to blockchain analysis as a law enforcement technique: an exchange at the heart of the crypto-crime world that was seemingly invulnerable to subpoenas for its users’ information. What good did it do to follow the money if that tracing led to a den of total anonymity?

Ref. 5FED-N

Senior law enforcement officials around the country were beginning to see what Gambaryan had sensed all along: that cryptocurrency tracing could be an incredibly powerful new investigative tool for law enforcement. Gambaryan, whose crypto-tracing in the Force and Bridges case had been the first of its kind, was now being offered the job he’d dreamed up and sought to create for years, hunting the biggest criminal kingpins of cryptocurrency, full time.

Ref. AAEA-O

The conversation turned to the subject of building cases against unlicensed money transmitters, and again Gambaryan piped up, suggesting the group investigate illegal exchanges not just in the United States but internationally, if they had U.S. customers. Faruqui was impressed that Gambaryan had read the statute—that even foreign exchanges were subject to U.S. money-laundering laws whenever they carried out transactions with Americans.

Ref. FED7-P

Gambaryan checked, and it turned out the only layer of misdirection that had prevented curious observers from learning the location of BTC-e’s servers in the first place was a company called Cloudflare, a web infrastructure provider and security service that shielded the exchange’s IPs from prying eyes like Gambaryan’s.

Ref. 720B-Q

Cloudflare was an American company, based in San Francisco. So Gambaryan sent the firm a legal demand to cough up the IPs of BTC-e’s servers. He quickly had those addresses in hand, and they revealed something he had never expected. BTC-e’s infrastructure was being hosted by a company not in Bulgaria, Cyprus, the Seychelles, or any of the other far-flung locations its owners had pointed to in their attempt to throw off snoops. They were in Northern Virginia. In fact, the IP addresses led to a data center just six miles away from Gambaryan’s desk at the NCIJTF in Washington, D.C. For a brief moment, Gambaryan wondered if BTC-e might even secretly be a CIA honeypot, then dismissed that theory as too absurd.

Ref. 40D9-R

Those back-end machines were configured to block all direct connections except an “allow list”—the few IP addresses belonging to the administrators’ computers. These IPs, however, led only to proxy machines. The canny admins had ensured their real locations would be opaque even to someone who had access to their servers.

Ref. 50CB-S

servers. That information pointed Gambaryan toward a place that he had long suspected might be the true home of BTC-e’s staff. Given all of the misdirection, it was far from a definitive clue. But now, just as Michael Gronager was zeroing in on the suspected time zone of the Mt. Gox thieves, Gambaryan too had his eyes on Russia.

Ref. 2799-T

He also understood from his own background that Russians running a highly profitable, legally questionable business with indiscriminate associations are often just as fearful of their own government as any Western one, and they might want to place their business abroad to protect it.

Ref. 0B1A-U

The IP address for the account trading in stolen Mt. Gox coins on BTC-e matched one of the few IP addresses on the BTC-e server’s allow list for the administrators’ connections. In other words, the person who had siphoned hundreds of thousands of bitcoins from Mt. Gox into BTC-e wasn’t just any BTC-e user. They were a BTC-e administrator. Specifically, an admin with the username WME.

Ref. 2C3F-V

It all supported Gambaryan’s conclusion: Whoever was cashing out Mt. Gox’s 650,000 stolen coins had been running BTC-e. The person profiting from the proceeds of the biggest Bitcoin heist in history and the administrator of the shadiest exchange in operation appeared to be one and the same. And that single enterprising criminal seemed to go by the handle WME.

Ref. 7252-W

point might have been). The group had used its access to steal a pile of coins from the exchange. One of them, WME, had cashed those coins in on Trade Hill. But as the group had grown more daring, siphoning out more and more money in the years that followed, they’d become worried about getting caught—especially as WME began to use Mt. Gox itself to exchange stolen funds for dollars after Trade Hill went down. Eventually, the sum of stolen coins had grown so large that WME had made a very bold business decision: He would build his own exchange to cash it out.

Ref. D2EC-X

The hackers’ haul had been so massive that they had built an entire company to launder their millions, like mobsters launching their own Wall Street trading floor just to have somewhere to cash out their stolen funds. Having once run an exchange himself, Gronager understood that having a reserve of tens or hundreds of thousands of bitcoins made it far easier to bootstrap a trading platform. BTC-e had grown into much more than WME’s personal money-laundering outfit, acting as its own stand-alone, profitable business, as well as a magnet for criminally tainted bitcoins around the world.

Ref. EF1D-Y

A Secret Service agent on Gambaryan’s virtual currency-focused team with a particularly good memory recalled that a suspect that went by WME had years earlier been an active “carder,” a cybercriminal focused on stealing and selling credit card information. The agent had looked up the handle in the Secret Service’s broad database of cybercriminal profiles and found a name: Alexander Vinnik.

Ref. 7AEA-Z

Back in 2012, WME had posted a long series of messages and screenshots to Bitcointalk, part of a dispute with the staff of another exchange in Australia called CryptoXchange, which had frozen one of the Russian’s accounts. At one point in the thread, WME had gone so far as to post a letter from his lawyer to the offending exchange—and forgotten to redact a crucial piece of information. At the top of the page, in bold, were the words “Demand for the release of Alexander Vinnik’s funds.”

Ref. EDB4-A

When Tigran Gambaryan learned of the missing money—worth close to $700,000 at the time—he immediately called Michael Gronager, and they began hunting the wayward coins on the blockchain. They found that the money had moved to a now-familiar destination: BTC-e. Gambaryan confirmed with a dozen Secret Service agents that none of them had access to the emptied Bitcoin wallet. He learned that the agency had, instead, made the mistake of leaving the money at an address for which Shaun Bridges still possessed the key.

Ref. AF69-B

When Judge Katherine Forrest had imposed a double life sentence on Ross Ulbricht in May 2015, she had intended to scare off future dark web drug buyers, dealers, and administrators. By the time of AlphaBay’s rise, that unprecedented punishment seemed to have exactly the opposite effect. A study in The British Journal of Criminology found that sales on what was then the top dark web site, Agora, more than doubled in the days following the news of Ulbricht’s sentencing, to more than $350,000 a day. The study’s author, trying to interpret that unexpected increase, reasoned that by imposing such a shocking, draconian prison term, Forrest had only generated new awareness of the dark web’s drug trade. Rather than deter users, Forrest seemed to have created a massive advertisement for the world’s burgeoning cryptocurrency black markets.

Ref. 333B-C

“Is this person just a pure genius who has figured out all of the possible mistakes? Has this person cracked the code?” Rabenn remembers asking himself. “Has this individual found the perfect country with the right IT infrastructure to run a marketplace, and he’s able to bribe the officials there so we’ll never touch him? “As every day passed, there was, more and more, a sense that this might be the special one,” Rabenn says. “You begin to wonder: Is this the Michael Jordan of the dark web?”

Ref. 8A97-D

was simultaneously doing with BTC-e—but at more prosaic forms of crypto-laundering. On a site called LocalBitcoins, individuals were offering to meet in person and buy bitcoins for cash, advertising services that would come to be known as over-the-counter or peer-to-peer exchangers. Rabenn figured that these individual exchangers must be acting as human ATMs for the dark web drug trade, given that they had practically none of the know-your-customer restrictions that traditional banks are held to. As a trial run, Rabenn and a Fresno-based IRS agent arranged a deal with one such Bitcoin trader, recruiting an undercover agent to meet the exchanger at a Buffalo Wild Wings restaurant in Bakersfield, California.

Ref. A287-E

Miller, starting his new assignment, assembled the usernames of the top heroin and fentanyl dealers on AlphaBay and began to buy dope from them, one by one. As the packages arrived, triple sealed in silver Mylar and plastic, Miller and the team scrutinized both the shipments and their sellers’ opsec. They found that one vendor had made an elementary mistake: He’d linked his PGP key—the unique file that allowed him to exchange encrypted messages with customers—with his email address on the PGP key server that stores a catalog of users’ identities.

Ref. C09B-F

Desjardins remembers seeing that the suitcase had scratched parts of the Lamborghini’s interior, but Cazes didn’t seem to care. It struck Desjardins, in fact, that Cazes didn’t seem to have much emotional connection to the car at all; he didn’t even know how to use its radio. Desjardins thought that Cazes appeared to own it out of a sense that he should, that it was the socially correct way to display his wealth.

Ref. 647C-G

AlphaBay’s earliest days online, long before it had gained its hundreds of thousands of users or come under the microscope of law enforcement, the market’s creator had made a critical, almost laughable security mistake. Everyone who registered on the site’s forums at the time had received a welcome email, sent via the site’s Tor-protected server. But due to a misconfiguration in the server’s setup, the message’s metadata plainly revealed the email address of the person who sent it—Pimp_alex_91@hotmail.com—along with the IP address of the server, which placed it in the Netherlands.

Ref. 6DB5-H

That shocking mistake had been quickly fixed, but only after the tipster, who made a habit of scrutinizing dark web sites, had registered and received the welcome email. The source had kept it archived for two years as AlphaBay grew into the biggest dark web market in history. And now they had given it to Miller. It seemed that even the man Rabenn had once thought of as “the Michael Jordan of the dark web” was capable of elementary opsec errors—with permanent consequences.

Ref. B132-I

Alpha02 had tried to erase his tracks, deleting messages from the forums and changing his now-notorious username. But the evidence had been preserved by the Internet Archive, a nonprofit project that crawls and copies web pages for posterity. Just as with Ross Ulbricht, Alexandre Cazes’s operational security slipups had been permanently etched into the internet’s long memory.

Ref. 0D25-J

Soon, they found themselves butting heads with a usual suspect: Baltimore. When Rabenn called the same office that had produced Carl Force and Shaun Bridges’s Silk Road team, he was told they were hot on the trail of Alpha02 themselves. Baltimore, just as in the Silk Road case, was focused on infiltrating AlphaBay’s staff with undercover agents, in the hopes of working their way up to the market’s kingpin.

Ref. 4114-K

Baltimore’s infiltration of the market would only spook Alpha02, causing the staff to pull an “exit scam” like so many markets before it: running away with users’ money and then destroying evidence, making a case against them far harder to prosecute.

Ref. 3156-L

If Alexandre Cazes had moved halfway around the world to Bangkok in an attempt to run AlphaBay beyond the reach of Western law enforcement, he had chosen, by some measures, exactly the wrong foreign destination.

Ref. 17A4-M

agency called the Bureau of Narcotics and Dangerous Drugs had stationed a field office in Bangkok. American agents had long been sent there to disrupt the flow of so-called China White heroin from the Golden Triangle opium-growing region that covers parts of Thailand, Laos, and Myanmar. In the late 1950s that triangle produced fully half the world’s heroin supply and fed an epidemic of addicted U.S. soldiers in Vietnam in the 1960s and 1970s—a problem that made quashing the Thai drug trade one of the DEA’s earliest and highest priorities. Fifty years later, Bangkok remains one of the largest and most active DEA offices in the world, the regional headquarters for the entire East Asia operations of a U.S. law enforcement agency that has more overseas agents than any other.

Ref. 1539-N

So-called sexpats, foreigners using their wealth to live out their polyamorous fantasies, were common in Thailand. And as scandalous as Cazes’s affairs might have been, there was no law against philandering.

Ref. 07B9-O

When Cazes and a group of his friends left the restaurant, the cops entered and spoke to Sirocco’s management, demanding the receipts from the entire day to hide their intentions. Including wine and lavish tips, they found that Cazes had spent no less than 1.3 million baht—nearly $40,000—in a single meal for his entourage, an amount that flabbergasted even the agents accustomed to tracking high-rolling drug kingpins.

Ref. 7265-P

Cazes’s criminality, by contrast, was channeled entirely through the opaque aperture of the dark web. In the physical world, his hands were cleaner than those of any kingpin they’d ever encountered.

Ref. EA18-Q

forty-two thousand Americans had died of opiate overdoses in 2016, more than in any year on record. That surge in fatalities was due in part to an influx of fentanyl, an opium derivative as much as a hundred times stronger than morphine. And here this twenty-five-year-old French Canadian was running a massive open-air heroin and fentanyl bazaar in public view? She was haunted by the thought that every day they left AlphaBay online, anyone, even children, could order fentanyl from the site, receive it in the mail, and die of an overdose in a matter of hours. In a phone call with Miller

Ref. 284D-R

FBI agent laid out AlphaBay’s basic mechanics, its use of cryptocurrency for payments, and its escrow system. Sanchez interrupted to ask the agent what payment processor the site used. There was a short pause. Sanchez repeated her question. She wanted to know what processor held the bitcoins so that she could subpoena it and then seize AlphaBay’s funds, as she’d done with criminal payments countless times before. There was a longer silence still, and Sanchez started to get angry. Why were these agents refusing to tell her such a basic fact of the case? Finally, the lead FBI agent in Sacramento cut in to diplomatically explain to Sanchez the basics of Bitcoin and the blockchain: There was no payment processor, no bank, no middleman. Realizing that this sort of Bitcoin 101 would be necessary for some members of the team, “we were all kind of horrified,” Rabenn said.

Ref. 40F6-S

And it was those blockchain tracers who would offer the next breakthrough in the race to take down Alpha02.

Ref. DC4A-T

When a user sent their coins into their Silk Road account’s wallet, it was typically pooled with other users’ money and ended up stored at one of a small number of centralized addresses—the trait that had allowed Sarah Meiklejohn to so easily spot my marijuana purchases on the Silk Road back in 2013.

Ref. F630-U

That made it tough to trace the route of a buyer’s coins to any particular Silk Road drug dealer, Levin says, but easy to see that the money had touched the Silk Road itself. Just send a few test transactions to any Silk Road account, and the market’s wallet system would soon bundle up your coins with others, leading to a cluster of other Silk Road addresses—like a briefcase full of cash with a homing device inside, brought back to a criminal’s hideout.

Ref. 3BB3-V

But as Levin sent test transactions into AlphaBay accounts, he found that this market functioned differently. It seemed to carefully avoid pooling users’ money, keeping it instead in many small, disconnected addresses. By April 2016, AlphaBay had advertised to users that, like the Silk Road, it functioned as a Bitcoin tumbler: Put money into an AlphaBay account and it purportedly severed any link that could be used to follow it from where it entered the market to where it left. “No level of blockchain analysis can prove your coins come from AlphaBay because we use our own obfuscation technology,” read one 2016 post from AlphaBay’s staff to users on the site. “You now have ironclad plausible deniability with your Bitcoins.” Those claims, Levin says, turned out to be partly true. Most of the time when he put coins into AlphaBay and took them out again, they remained traceable. But unlike the Silk Road, AlphaBay’s deniability claim was more than marketing hype. Because it never gathered coins into large, easily identifiable purses, AlphaBay’s buyers and sellers were far tougher to distinguish from other, noncriminal users on the blockchain.

Ref. EE82-W

They began by carrying out the same sort of blockchain observation experiments Sarah Meiklejohn had performed in her UCSD office years earlier, only now on an industrial scale. For month after month, they performed hundreds of test transactions with AlphaBay wallets—still never actually buying anything from the market, only moving money into and out of accounts—and watched the patterns those transactions formed on the blockchain, in the hopes of finding clues they could use to spot patterns elsewhere in the vast expanse of Bitcoin’s accounting ledger.

Ref. C8FC-X

But Levin offered as an example the trade-off that every wallet has to make between the speed of a transaction’s “confirmation” and the fees it pays.

Ref. B44A-Y

In order to persuade the Bitcoin network to record a transaction, a wallet has to offer a fee. The greater a fee the wallet is willing to pay, the better incentivized other nodes are to quickly rebroadcast the transaction so that all the Bitcoin nodes around the world eventually come to agree that the transaction occurred. Most wallets allow users to set their own fees along a sliding scale of speed versus cost. Dark web markets, however, typically use their own set configuration.

Ref. 667D-Z

Chainalysis began to see the unique way that, for AlphaBay, the fee settings shifted depending on the size of a transaction. This set of fingerprints didn’t offer a complete solution, isolating all AlphaBay addresses at once. But it represented a tell—one of many, Levin says—that would allow them to delineate the market’s tangled web of payments. And just as with Meiklejohn’s clustering tricks, every discovery of a new trick like these fee fingerprints produced a new set of addresses that would help them refine again the profile of the other hidden addresses they still sought.

Ref. B386-A

By the end of 2016, Chainalysis had labeled more than 2.5 million addresses as part of AlphaBay’s wallet. But even that years-long project of excavating the entire, massive shape of AlphaBay’s finances was only a starting point. For Chainalysis’s users at law enforcement agencies, the task ahead would be following the money from somewhere in that vast pile of numbers out to the bank account of a real human being.

Ref. 037D-B

But they shared a focus on digital money laundering, a fascination with cryptocurrency, and a years-long friendship. They had come to form a two-person team of their own, a unit that was inseparable, practically mind melding into two lobes of a single Bitcoin-obsessed brain.

Ref. AC30-C

Ali had come to a realization: Every time a dark web market administrator pulled an exit scam, absconding with all the money his users held in their dark web market wallets, the dark web’s forums were flooded with users lamenting their stolen funds and others offering reminders that no one should store any amount of cryptocurrency on a market beyond what they plan to spend immediately.

Ref. 3918-D

But there was one person, Ali figured, who would never have to worry about an exit scam when considering where to keep his crypto savings: the dark web administrator himself. “Who would have the most faith to leave their money on the market?” Ali asked Erin. “Of course it would be the guy in charge.” What if they simply searched for the black-market addresses that had held the largest sums of bitcoins for the longest time, even while exit scams on other markets spooked every other high roller into pulling out their funds? The biggest, most stationary piles of money might just belong to the boss.

Ref. A9DD-E

The next day, however, Ali began calling Erin every few minutes to give her breathless updates: She had started with the address of the biggest sum of bitcoins that had sat unmoved for the longest time among all the wallet addresses tied to the AlphaBay cluster. And, observing where the money had eventually transferred out of AlphaBay, she’d been able to track its movements in Chainalysis’s Reactor software—the FBI, like most U.S. law…

Ref. 0FB5-F

Whoever owned these piles of criminal money had, at least in some cases, taken pains to hide their footprints on the blockchain. The funds would sometimes flow into clusters of addresses created by services known as mixers, advertised on dark web sites with names like Helix and Bitcoin Fog. These bitcoin-laundering services offered to take in coins, pool them with other users’ funds, and then return all the coins in the pool to their senders at new addresses. In theory this would cut the forensic link for any tracer,…

Ref. 66F6-G

But in other cases, they were able to defeat his efforts at obfuscation. Neither of the two FBI analysts would reveal how they overcame Alpha02’s use of mixers, but…

Ref. 2C4A-H

A mixer, Jonathan Levin explained, is only as good as its “anonymity set”—the crowd of users all mixing their coins to render them untraceable. Despite whatever claims mixers made to their customers, examining their work on the blockchain revealed that many didn’t actually offer an anonymity set large enough to truly flummox an investigator. The more money someone tried to launder, the harder…

Ref. 4964-I

Any decent mixer splits large sums of coins into smaller, less conspicuous payments when returning the money to its owner. But at some point, the transaction fees for every payment put a limit on any effort to break big sums of money up into small, less remarkable chunks, Levin says. Mixers, of course, weren’t the only tools that attempted to defeat blockchain analysis. Some wallet software offered a feature called CoinJoin, which could combine transactions from different users to muddle who had sent money to whom. But Michael Gronager hinted—without further…

Ref. F868-J

In truth, Chainalysis didn’t need to offer its users proof of the path money took on the blockchain, so much as probability. Grant Rabenn candidly explained that the bar for sending a subpoena to a cryptocurrency exchange for a user’s identifying information was low enough…

Ref. C309-K

however: It connected directly to an exchange. For the first time, they realized with excitement, they had managed to trace what they suspected might be a collection of the AlphaBay admin’s commissions all the way to a transaction in which Alpha02 had traded them for traditional currency. They knew it was at those cash-out points, the blockchain’s connections to the brick-and-mortar world of finance, that they might be able to match the transactions to a real person.

Ref. 1457-L

AlphaBay cluster into one cryptocurrency exchange after another. They came to recognize what seemed to be Cazes’s identifying tells, even in his bitcoin-laundering habits; in some cases, his attempts to obscure his ownership of the bitcoins became, themselves, a kind of fingerprint.

Ref. 2B89-M

Cazes would open an account with an exchange and attempt to use it to cash out a chunk of AlphaBay’s profits. At some point—often within months of his cash-out transactions—the exchange would grow suspicious about the origin of these massive cryptocurrency trades and ask for more know-your-customer information from him.

Ref. F7FB-N

Rawmeo, by contrast, was a full-color, tell-all persona, an outlet for Cazes to enjoy the rewards of his larger-than-life success, to stretch out his ego, and to soak up adulation, much as the Dread Pirate Roberts had been for Ross Ulbricht. But whereas DPR had built his following around a radical ethos of libertarianism and personal freedom, Rawmeo seemed to adhere to a much less idealistic philosophy. As he put it: “The person who gives the least amount of fucks will always have the upper hand.”

Ref. 915F-O

one fall. Every Rawmeo post ended with his lengthy signature, which summed up his lifestyle and extolled the paradoxical virtues of promiscuity for men and virginity for women: “Living in Thailand, enjoying life, making money, not interested in Western woman, not giving a fuck about millennial problems, addicted to rawdogging. #NoHymenNoDiamond #PoppedCherryDontMarry #RealMenDontDateSingleMoms.”

Ref. 639C-P

Cazes, like many Roosh V members, was obsessed with the threat of false rape allegations. He boasted of his solution, one that, for someone obsessed with privacy, was a shocking admission. “I secretly record EVERY new sex intercourse with a girl with a hidden camera in my room,” he wrote. “This is stored on an encrypted hard drive, ready to be pulled in case the shit hits the fan. If nothing bad happens, nobody will ever know that the video exists. I respect my girls’ privacy.”

Ref. A01B-Q

In some respects, Cazes was as privacy-minded as Rawmeo as he was as AlphaBay’s boss. He had fully compartmentalized his life, sealing off his philandering from his family life almost as completely as he’d sealed off his Alpha02 persona from his real-world identity. “I am what we call a professional cheater,” he wrote. He kept his wife ignorant of the second home he used for sex. He used fake IDs to prevent his “plates” from learning his real name. He even used separate phone numbers for his different personas’ communications and bragged that he spoofed the IMEI identifiers that a phone carrier can use to link two numbers on the same device, even when the SIM card has been swapped.

Ref. EBCD-R

As a money-laundering-focused agent, Sanchez’s central task in the AlphaBay case wasn’t to catalog Cazes’s affairs but to trace his financial assets, in Thailand and around the world. She did so with professional thoroughness, mapping out his four homes in Bangkok—the bachelor pad, his primary residence, another for his in-laws, and his mansion under renovation—as well as his $6 million five-bedroom seaside villa in Phuket, his two sports cars and motorcycle, and even the Mini Cooper he’d bought for his wife. Despite years tracking corrupt politicians and organized criminals, she was amazed by Cazes’s casual extravagance. In one email, a complaint he’d sent to his favorite rooftop restaurant, Sirocco, about disappointing service, he mentioned in passing that he’d spent roughly $120,000 at the restaurant in just the previous

Ref. 46BA-S

scratch,” he lamented. To Sanchez, this was Alpha02’s origin story. She read it, perhaps a bit reductively, as the autobiography of a man trying to overcompensate, blaming his mother for what he perceived as his lack of masculinity, seeking in his adult life to become the ultimate “alpha” male.

Ref. 2065-T

thread on Roosh V in which members of the forum were debating Windows versus Mac operating systems. Cazes, a talented programmer and IT administrator who would never miss an opportunity to one-up his fellow alphas, chimed in to describe his personal computer setup: He ran Linux, the “Cadillac” of operating systems, he said. What’s more, he described how he used LUKS encryption, or Linux Unified Key Setup, a free encryption tool specific to Linux that would securely scramble his laptop’s entire hard disk whenever he so much as closed the lid of his machine. Without his passphrase, not even the world’s most powerful supercomputers would be able to crack that encryption within many human lifetimes. For the team of investigators now close on Cazes’s heels, this had enormous implications: As the Silk Road investigation had taught them, there were three central components to a truly successful dark web bust. To have dead-to-rights evidence of their target’s guilt, they would need to seize AlphaBay’s servers, arrest its administrator, and access the admin’s laptop.

Ref. 2EB1-U

The team was six months into the AlphaBay investigation, and they had Alpha02 in their sights, practically within their grasp. But if they couldn’t also lay hands on his laptop in a live, open state, his most incriminating secrets would remain eternally locked inside it.

Ref. 635C-V

nodes and lines that he’d illustrated. Each node represented a piece of evidence, with the different lines between representing blockchain connections from Chainalysis’s Reactor software, traditional payments they’d tracked, usernames and email addresses they’d linked to their target. On the left was the name Alexandre Cazes—the real-world person. On the right was Alpha02. Some lines meandered through multiple nodes, but every line began with Cazes, branched out into the mess of his online life, and then converged on his dark web persona.

Ref. 2C2C-W

It was no smoking gun. For that, they’d still need to catch Cazes with his hands on the keyboard. But looking at the chart, summing up the totality of Cazes’s opsec failures and the indelible tracks he’d left across the blockchain, the group agreed. He was no patsy; these were no coincidences. They had found Alpha02, and they were ready to charge him.

Ref. AD7F-X

Andersen-Röed, thinking of the two administrators’ PGP keys, made a comment that he intended as a joke: With those two keys, he pointed out, they could go onto dark web forums and impersonate the two German admins, writing messages and “signing” them as the founders of Hansa market. They could essentially become the administrators. As

Ref. 6D3A-Y

Soon, the notion of becoming Hansa’s bosses was no longer a joke. What if, instead of merely arresting the admins and seizing their site, they secretly commandeered the market? With one of the most active sites on the dark web under their control, there was no telling what powers they might gain to identify Hansa’s users, including its most high-volume drug dealers. If and when they did ultimately reveal their sting operation, the two Dutchmen daydreamed aloud, the psychological blow to the community would be insidious: No one would ever again be able to fully trust that a dark web administrator wasn’t actually an undercover agent working on behalf of the feds.

Ref. 342E-Z

Dutch police realized they could play this to their advantage: When the Germans arrested the men for their book piracy site, the Dutch would have the perfect opportunity to stealthily slip into their places, running Hansa with minimal publicity or disruption. “We could use that arrest,” says Gert Ras, the head of the Dutch National High Tech Crime Unit that was soon brought in to take charge of the operation. “We had to get rid of the real administrators to become the administrators ourselves.”

Ref. DC01-A

They now could see just how close the Americans were to taking down AlphaBay. What if, the Dutch technical adviser suggested, they combined their operations? All the Americans would need to do, he explained, was to wait for the Dutch takeover of Hansa before green-lighting their takedown of AlphaBay. Then, after they’d arrested Alpha02 and seized his servers, they would simply delay any official announcement of their victory. If all went according to plan, a massive throng of the dark web’s users would flee from the seized market to the next-best option—a market under Dutch police control.

Ref. 25C4-B

Then, only after the Dutch had a chance to spy on the internal workings of the dark web economy like never before—from the privileged position of its newly crowned kingpins—they would publicly announce their Hansa and AlphaBay operations simultaneously. Together, their sting operation would be what the Dutch technical adviser described as a “one-two” punch.

Ref. 9569-C

When they weren’t busy with tourism and team-building exercises, the agents were grappling with the practical details of raiding a dark web kingpin. At one point, the case’s lead FBI agent presented the looming problem of Cazes’s laptop encryption. Sanchez and the Thais explained that based on their surveillance, Cazes almost never opened his machine outside his own home. The agents agreed: They’d have to catch him in his house, logged in to AlphaBay, and yet somehow off guard, so that he couldn’t shut the laptop’s lid before his arrest. Almost as important as the computer was Cazes’s iPhone. The FBI told the Thais they’d need to grab it unlocked, or it too would be irretrievably encrypted. That phone, after all, might hold keys to Cazes’s cryptocurrency wallets or other crucial data. The question of how to thread the needle of capturing these two devices and their information hung in the air, unanswered.

Ref. 27AE-D

For weeks, the Dutch National High Tech Crime Unit had been preparing for this moment. They’d used the source code for Hansa that they’d pulled from the German servers to reconstruct their own, off-line, practice version of the market, to familiarize themselves with how it was built and administered. They’d even gone so far as to create their own play-money version of Bitcoin, with its very own blockchain—what cryptocurrency developers call a “testnet”—to privately experiment with how the site handled its monetary transactions.

Ref. 8F5E-E

At the Germans’ signal, the Dutch team immediately called a pair of agents they’d sent to a data center in Lithuania, where the server actively running Hansa was hosted. Those agents physically pulled out a hard drive from the rack that held the machine so they could access a backup copy of its data. The teams in Driebergen and Lithuania then began feverishly duplicating every digital component of the market, piece by piece, on their own computers and then on a server in a Netherlands data center, reconstructing an exact copy of the site that was now under their control.

Ref. 9B9B-F

Finally, around 3:00 a.m. on the third night after the arrests, a Dutch investigator, Marinus Boekelo, was troubleshooting a final problem in their reconstructed site, one that was causing error messages to cascade across the screen whenever someone used the search bar at the top of the page. “Fuck, fuck, fuck!” Boekelo muttered, bent over his laptop, his hands on either side of his face as he attempted one fix after another. Then, after a

Ref. B256-G

After nearly seventy-two hours, they had the site running smoothly and now fully under their own command. The skeleton crew still working in the conference room exploded in jubilation. Aside from the two or three minutes of downtime caused by a single brief hiccup, the migration of the site into a Dutch data center had been nearly invisible to its users.

Ref. FE9C-H

One of the younger Dutch agents had been an IT help-desk admin years earlier. He found his new job helping to run Hansa to be remarkably similar. He got to work efficiently resolving disputes over the site’s drug deals, assisted by a collection of pre-written answers the administrators had helpfully prepared in an online control panel. The undercover agent even came to the rescue of one grateful, sight-impaired drug dealer, helping him figure out how to get his screen reader software properly integrated with his Tor Browser.

Ref. D238-I

Ethical quandaries aside, the team couldn’t help but take a certain pride in the professionalism of their work. “The quality really went up,” said the head of the Dutch National High Tech Crime Unit, Gert Ras. “Everyone was very satisfied with the level of service they got.”

Ref. D6BB-J

Hansa, like any good dark web drug market, had been designed to learn as little as possible about its users beyond what was necessary to facilitate reliable drug transactions. The passwords for users’ accounts were stored only as cryptographic “hashes,” indecipherable strings of characters that let the site avoid having to protect a collection of those sensitive log-in credentials. Hansa also offered to let users automatically encrypt all their messages using PGP—including, most important, the mailing addresses that buyers would share with sellers when they made an order. All of that meant that, in theory, the site itself would never have full access to its users’ accounts or know their most personal secrets, such as the locations of their homes.

Ref. 5378-K

Now the police began to invisibly sabotage those safeguards. They started recording all of Hansa’s usernames and passwords when buyers and sellers logged in. They also began secretly archiving the full text of every message users sent on the site before the text was encrypted. Soon they were collecting hundreds, then thousands of buyers’ addresses from orders, turning the business of the entire market into a glass aquarium under their real-time surveillance. According to Dutch law, the police had to record and attempt to intercept every drug order made on the market while they controlled it. So the half dozen undercover agents working in their small conference room were soon joined by dozens of others, working on the same floor, who were tasked with manually cataloging every single purchase. They forwarded the data for sales destined for the Netherlands to Dutch police, who could seize the packages of heroin, cocaine, and meth shipped through domestic mail. Non-Dutch orders would be sent to Europol, which was charged with distributing the ever-growing pile of drug deal data to their respective nations’ law enforcement agencies.

Ref. BD5F-L

Already, the Dutch police had accomplished something that law enforcement had never attempted before: hunting, capturing, and vivisecting a dark web drug market in real time, unbeknownst to the site’s users. But Operation Bayonet was only getting started. The Dutch—and their collaborators from Sacramento to Bangkok—still had other, bigger game in their crosshairs.

Ref. 00EC-M

That spring, Gambaryan and Levin had together come up with an idea—a new, experimental method to examine AlphaBay’s use of cryptocurrency. Prosecutors in the AlphaBay case have referred to it using only the hideously vague term “advanced analysis.” But Gambaryan and Levin hoped they could use it to unearth a major finding: the IP address of the server that hosted AlphaBay’s Bitcoin wallet.

Ref. D046-N

Nonetheless, there the answer appeared, without fanfare, on Levin’s screen: an AlphaBay IP address. Or rather, a handful of IP addresses that were likely to belong to the site’s wallet server, with one especially likely candidate. A quick search revealed that the most salient IP wasn’t, in fact, in the Netherlands. It was in a data center in Lithuania.

Ref. 40AC-O

The IRS agent went silent. He pulled out his own phone and took a picture of the IP addresses on Levin’s screen. Then he stood up, blank-faced, and quickly walked out of the restaurant without explanation. Levin watched him go, dumbfounded. Gambaryan hadn’t even paid for his beer.

Ref. F782-P

The mechanics of that Hail Mary “advanced analysis” technique remain a blank spot in the story of Operation Bayonet—a black box with mysterious internal workings, one that investigators refuse to open. That’s because, as Gambaryan and other officials would later explain, they would continue to use this technique for years to come, identifying the IP addresses of dark web services’ Bitcoin wallets again and again. Law enforcement agencies wanted to make sure it kept working as long as possible—that dark web administrators, Bitcoin developers, or whoever might have the ability to fix the vulnerabilities they exploited didn’t wise up to their trick.

Ref. 1114-Q

collection of their own Bitcoin node servers, capitalizing on the way Bitcoin users broadcast their IP addresses in transaction messages, with the purpose of creating a global map of Bitcoin users’ geolocations. Could that technique somehow also have been updated and adapted to target—and locate—the Bitcoin wallets of very specific users? Even when the transactions were sent from a computer running on Tor’s anonymity network? For Operation Bayonet, all that mattered was that Gambaryan and Levin had course corrected a massive, coordinated, international investigation at a critical moment, deploying a new, secret weapon with hardly a day to spare. But secret weapons don’t tend to stay secret forever.

Ref. 9FC5-R