TL;DR
- A UK law enforcement officer stole approximately 50 BTC from assets seized in the Silk Road 2.0 investigation.
- Despite using the Bitcoin Fog mixing service, the suspect’s transaction trail was traced using Chainalysis’ industry-leading data and expert investigation services.
- After a five-year dormancy period, authorities recovered $1.3 million worth of the stolen bitcoin.
- This case demonstrates how blockchain’s permanent record, combined with advanced analytics, can expose sophisticated financial crimes.
In 2019, UK authorities achieved a significant victory against darknet markets with the arrest of Thomas White, administrator of Silk Road 2.0. During the operation, authorities seized White’s devices, but what appeared to be a straightforward investigation would later reveal a shocking betrayal: a National Crime Agency (NCA) officer discovered private keys on the seized devices and used them to steal nearly 50 bitcoin from White’s wallet.
In 2017, during the active investigation, investigators identified an unauthorized transfer of approximately 50 BTC from White’s suspected wallet. The movement, though initially undetected, left an indelible mark on the blockchain. The funds held in the wallet were sent over a series of transactions to a popular mixing service, Bitcoin Fog, before being systematically withdrawn in a pattern clearly designed to avoid detection.
Unraveling the scheme: Investigation and evidence
In 2022, Merseyside Police initiated an investigation into White’s missing 50 BTC. Bitcoin Fog had long maintained a reputation for sophisticated obfuscation in the crypto underworld, but this didn’t prevent specialist cybercrime officers from tracing the funds through the service.
As the investigation progressed, evidence began pointing not to White, but rather to one of the NCA officers involved in the initial 2017 investigation. Utilizing Chainalysis software and services, investigators were able to identify that some of the funds were cashed out at exchanges and other services. This provided opportunities for Merseyside Police detectives to secure evidence in the form of identification documents, indicating that Chowles, the NCA officer who had been part of the original investigation team, was in fact behind the transactions.
From detection to recovery: Bringing justice
Following the laundering process, Chowles consolidated approximately 30 BTC into what investigators termed the “Default Wallet.” This wallet remained dormant for nearly five years until 2022, when a police search of Chowles’ residence revealed a device containing its private keys.
After Chowles’s arrest, Chainalysis Global Services provided crucial expert evidence documenting the complete flow of funds, which proved instrumental in securing a guilty plea from the former NCA officer. The blockchain’s immutable record, combined with Chainalysis’s world-leading data and expert analysis, provided critical evidence to link transactions to the recovered assets, which were subsequently seized by Merseyside Police and valued at over $1.3 million at the time.
The case highlighted three fundamental principles of modern financial investigation: the permanence of blockchain records ensuring evidence remains accessible regardless of time passed; the ability of advanced analytics to overcome sophisticated attempts at fund obfuscation; and cryptocurrency’s inherent transparency in exposing insider threats, as every transaction leaves an indelible digital footprint. Crucially, this case also demonstrates the vital importance of skilled investigators; without the expertise of Merseyside Police’s trained cybercrime officers, these transactions might have remained buried in the blockchain’s vast ledger.
The blockchain never forgets
Blockchain records remain permanent and transparent; however, these records are only as valuable as an investigator’s ability to interpret them. The combination of immutable transaction records, Chainalysis’s sophisticated analytical capabilities, and well-trained law enforcement officers transforms cryptocurrency from a perceived tool of obscurity into investigative opportunity.
Years after the initial theft, the blockchain revealed the truth, and through the combined efforts of skilled investigators and Chainalysis’s tools and services, that truth was surfaced, proving that in the world of cryptocurrency, every action leaves a lasting trace, waiting to be discovered by those with the expertise to find it.
This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.
This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.
Chainalysis does not guarantee or warrant the accuracy, completeness, timeliness, suitability or validity of the information in this report and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material.