Yesterday, the Justice Department announced the arrest of Rui-Siang Lin for allegedly operating the darknet market Incognito Market, as detailed in their press release. This marketplace was one of the largest illegal narcotics platforms on the darknet.
Financial Details of Incognito Market
The complaint shows the seized Incognito Market servers contained Bitcoin and Monero wallets with the following activity:
| Asset | Deposit Txs | Withdrawal Txs | Deposit Values | Withdrawal Values |
|---|---|---|---|---|
| Bitcoin (BTC) | 183,722 | 60,711 | 1,316 BTC ($36,895,586.12) | 1,303 BTC ($36,431,574.05) |
| Monero (XMR) | 181,918 | 83,457 | 296,094 XMR ($46,728,991) | 294,634 XMR ($46,482,976) |
Notably, the majority (55.88%) of the deposit value was in Monero (XMR), a cryptocurrency known for its strong privacy properties. Darknet markets started using XMR in 2017.
Personal Cryptocurrency Exchange Accounts
The complaint shows the approximate value of funds that Lin allegedly received in their personal cryptocurrency exchange accounts:
| Year | Bitcoin Deposits | Monero Deposits | Unclassified |
|---|---|---|---|
| 2021 | $1,195 | $63,154 | |
| 2022 | $37,784 | $1,302,946 | |
| 2023 | $1,792,096 | $4,196,408 | $4,5000,000 |
According to the indictment, these exchange accounts appear to be Binance and Kraken.
Trend Toward Monero
According to the complaint, Rui-Siang Lin used instant exchangers to convert BTC to XMR, and the XMR was deposited onto their exchange account. Illicit actors regularly use instant exchangers and XMR to launder their illicit funds.
This case is somewhat unique. In most past cases, illicit actors used XMR to conceal their illicit funds and to circumvent basic automated risk indicators. Typically, Monero is converted to other assets such as Bitcoin, Ethereum, or Tether before being deposited onto exchange accounts and finally converted to cash. In this case, Rui-Siang Lin appears to have primarily deposited Monero directly into their exchange accounts.
In our opinion, this case demonstrates that Monero has enough liquidity for some illicit actors to prefer to deposit Monero on exchanges. We believe that this behavior will become more common with the restriction of privacy protocols and tools on Ethereum and Bitcoin. Exchanges should be prepared by implementing Monero transaction screening tools like Astral Shield to supplement their existing anti-money laundering controls.
Investigating Monero Transactions
Seized darknet Monero wallets are a gold mine for law enforcement. They can help track further proceeds of illicit profits as well as deposits by purchasers and withdrawals by vendors.
With Crescent Discovery, law enforcement can visualize Monero transactions and narrow down leads using advanced filters. With Astral Explorer, law enforcement can review our attribution records for specific input/output enotes and transactions and from custom attribution lists. These tools greatly help find and refine leads.
About Moonstone Research
Moonstone Research is a boutique blockchain analysis firm that investigates difficult-to-trace transactions. We specialize in tracing ransomware and other illicit payments. We also assist compliance professionals with supplementary investigations and reporting. Please email us if you would like to get in touch.