Chinese Police Publish Cryptocurrency Tracking Methods in Technical Paper

BTC0.42%
ETH0.61%
HTX0.27%

Chinese public security officers published a technical paper on the 4th of last month detailing cryptocurrency tracking and seizure methods. Authors Sun Shengbin from Wenzhou Public Security Bureau and Lou Yandi from Zhejiang Provincial Public Security Department documented investigative procedures in 'Criminal Technology.' Despite China's 2021 cryptocurrency ban and this year's expanded enforcement, crypto remains prevalent in fraud and money laundering cases due to transaction anonymity.

According to South China Morning Post, the paper covers evidence collection, transaction tracing, and asset seizure procedures used by Chinese authorities to pursue illegal virtual assets. China banned cryptocurrency as legal tender in 2021 and expanded enforcement this year to include stablecoins and real-world asset tokenization. However, criminals continue using crypto for fraud, gambling, and money laundering because transactions obscure user identities and enable fund transfers without central authority approval.

Chinese Police Locate Cryptocurrency Private Keys Through Device Forensics

Investigations begin with locating wallet private keys. All cryptocurrency wallets for Bitcoin, Ethereum, and other assets contain a private key—equivalent to a bank account password—that grants complete control over wallet funds. Private keys consist of 64-character random strings that users cannot memorize, so they instead store mnemonic phrases: sequences of 12 to 24 common English words like 'apple dog river sky' that can regenerate the entire private key.

Many users store these phrases in mobile phone memos, WeChat messages, or computer text files. When authorities seize a suspect's devices, the first step involves thoroughly searching for private keys or mnemonic phrase traces. The process uses three automated stages: dedicated software scans entire device storage, rules filter candidates like 'sequences of 12 consecutive English words,' and verification scripts eliminate meaningless strings or unrelated phrases.

For mobile devices, Chinese digital forensics software from companies like Pinghang can locate mnemonic phrases and addresses hidden in messaging apps or memos. Platforms from cybersecurity firm Meiyapico extract text from images, enabling recovery of clues from screenshots stored in photo albums, according to SCMP.

More complex wallet structures exist where offline devices called cold wallets physically store private keys while mobile watch-only wallets display balances. Sending funds through a watch-only wallet requires an offline signature from the cold wallet. When investigators find only a watch-only wallet on-site, they must locate the cold wallet containing actual transfer authority.

Investigators Trace Cryptocurrency Transaction Flows Across Blockchains

When devices yield no keys, investigations continue through fund flow and identity analysis. Authorities trace transaction records to narrow down the final destination even when criminals obscure trails by moving funds across multiple cryptocurrencies. However, this process proves far more complex than traditional bank account tracing because smart contract token swaps, cross-chain transfers, and delegated permissions scramble fund flows.

The paper introduces several investigative techniques. Reverse-tracing transaction fees reveals which exchanges connect to the funds, providing grounds to request user information from those exchanges. When criminals move funds across multiple blockchains—such as from Bitcoin to Ethereum—linking each transaction record reconstructs the transfer route like reading a route map.

Mixer services that combine multiple users' coins to complicate tracking also face scrutiny. Matching transaction times and amounts across multiple sub-addresses linked to the same wallet can pinpoint where funds ultimately exit. Through proper legal procedures, authorities can obtain Know Your Customer records from major exchanges including Binance, OKX, and HTX.

Authorities Seize Crypto Assets Via Key Replacement and Account Freezing

After confirming fund locations, authorities proceed to seizure and freezing stages. The most direct method involves private key replacement: moving suspected criminal proceeds to a multi-signature wallet controlled by police—requiring multiple approvals to open—then generating new keys. This effectively transfers wallet control to investigative agencies.

Assets held on exchanges can be frozen through account suspension. Police can freeze related accounts for six months and extend the period if necessary.

The paper emphasizes internal controls within investigative agencies. Individual investigators must not personally hold private keys, and the principle of separating case processing from asset custody must be maintained. Supervision systems must cover all asset transfer and custody processes, with clear records of handovers and evidence preservation.

FAQ

What did Chinese public security officers publish on the 4th of last month?

Chinese public security officers published a technical paper in the academic journal 'Criminal Technology' detailing methods to track, seize, and freeze cryptocurrency assets. Authors included Sun Shengbin from Wenzhou Public Security Bureau and Lou Yandi from Zhejiang Provincial Public Security Department Criminal Investigation Division.

How do Chinese police locate cryptocurrency private keys during investigations?

Police use automated three-stage forensics on seized devices: dedicated software scans entire storage, filtering rules identify sequences like 12 consecutive English words, and verification scripts eliminate false matches. Chinese software from Pinghang searches messaging apps and memos while Meiyapico platforms extract text from images to find mnemonic phrases stored in screenshots.

What methods do investigators use to trace cryptocurrency across multiple blockchains?

Investigators reverse-trace transaction fees to identify connected exchanges and request user information through legal procedures. When funds move across blockchains, authorities link transaction records to reconstruct transfer routes. For mixer services, matching transaction times and amounts across sub-addresses reveals fund exit points.

Disclaimer: The information on this page may come from third-party sources and is for reference only. It does not represent the views or opinions of Gate and does not constitute any financial, investment, or legal advice. Virtual asset trading involves high risk. Please do not rely solely on the information on this page when making decisions. For details, see the Disclaimer.
Comment
0/400
No comments