In August 2017, the Royal Canadian Mounted Police (RCMP) seized a quantity of fentanyl and carfentanil, both opioids, in a drugs bust. In the process, the RCMP arrested a couple in Kelowna, BC, who the RCMP believed to be involved in the shipment of the drugs.

There are two elements of this case that are of particular interest to us at the Blockchain Intelligence Group: the fact that the arrested couple used the dark web to facilitate their global distribution channels AND the fact that they had been holding US$68,000 worth of bitcoin.

Bitcoin hoard

The Global News report into the seizure gave no further details about the bitcoins that had also been captured. However, our work at the Blockchain Intelligence Group (BIG) would bring up the following questions: What was the quantity of bitcoins? Had the couple stored them privately (offline) or through a third party, such as a wallet provider? What addresses were on that wallet? Such information will be under the custody of the RCMP working in concert with the DEA (US Drug Enforcement Agency). However, we can glean some likely scenarios based on what we know about how bitcoins can be stored.

It is possible that the Kelowna couple would have used a combination of hot and cold wallets. A hot wallet is software that will have kept their wallet connected to the Web, whereas a cold wallet is software or hardware that will have separated their private keys from the Web. A cold wallet can be digital or can be on a sheet of paper that bears machine-readable data. For the sake of convenience, the couple will have used a hot wallet to take payments. Then, they would have a cold wallet on which to store the bitcoin revenue for the medium-to-long term.

Both wallets will yield input and output addresses that BIG can investigate in order to track the movement of the coins. These addresses can potentially link the Kelowna couple to addresses belonging to wallets used for the proceeds of criminal activity.

The subtopic of private keys brings up a new question on the direction that the RCMP will have moved in order to seize the private keys for the hot wallet. Some hot wallets keep the private keys in a digital space on their server…in which case, RCMP would recover the data from the wallet. Had the couple used a wallet that had deferred private key control to themselves, the RCMP will have confiscated their computer equipment PLUS external hard drives in an effort to recover data from both the hot and cold wallets.

Dark web

The use of the dark web as a platform for the trading of goods, such as narcotics, forms a large part of the research work carried out at BIG. Law enforcement agencies often reach the conclusion that bitcoin transactions made on the dark web indicate illegal activity. The rationale behind this conclusion revolves around the idea of the dark web as a fertile environment for bitcoin-based trading of illegal goods and services.

The dark web is the most favoured area of the Web for money laundering, the sale of narcotics as well as hard pornography and sometimes firearms. However, only a proportion of these sites allow bitcoin as a payment option. So, bitcoin is not as essential an element of the dark web as law enforcement agencies continue to assert. Further to this, research has shown that the proportion of bitcoin transactions involved in illegal activity on the Bitcoin blockchain has been declining.

So, applying the Kelowna case to BIG’s work on the dark web, BIG’s main Bitcoin analytics tool, QLUE, incorporates data from sites hosted on the Tor browser to detect bitcoin addresses that are linked with the trading of the kind of goods that the RCMP had captured. The tool links bitcoin addresses and transaction hash IDs to wallets and, key to the work that BIG carries out, locate and analyse those wallets with funds gained from illegal activity.


CNBC, Dark web finds bitcoin increasingly more of a problem than a help, tries other digital currencies

Global News, Kelowna residents arrested in darkweb fentanyl trafficking investigation