The hunt for the biggest kingpin on the dark web has two parts.


The worst exchange data leak since Mt. Gox: Nicholas Bax, Cryptologist, and Investigation Expert

The privacy of cryptocurrencies is that they are both a map and a mask, but that is not really how it works. Only a few entities that allow users to trade theircryptocurrencies for traditional currency are able to match the strings of numbers and letters in the real world. When a major exchange suddenly dumps a massive internal user database online, they haven’t just spilled their own data. They’ve offered a key to decipher a vastly larger set of financial secrets.

That’s what happened last week when Celsius, an exchange facing bankruptcy, leaked a huge amount of transaction data to a court filing. In order to help with the proceedings in which the company’s owners are accused of pulling tens of millions of dollars worth of coins out of the exchange prior to revealing their insolvency, the company’s attorneys released a document that shows transaction data of half a million users. That database was briefly posted as a 14,500-page PDF to the court records website PACER before being taken down—but not before Gizmodo copied it to the Internet Archive, where it was widely downloaded before being removed there, too.

The data dump includes the names and transaction details of Celsius’ users along with the dates and amounts of each payment. The database doesn’t include the addresses for senders and recipients on Cryptocurrencies’ blockchains but the unique payment amounts, detailed down to more than a dozen decimal places of precision, make it easy to match the payments to records.

Nick Bax, head of research at security consultant and asset recovery firm, says that this is the worst exchange data breach since Mt. Gox. The leak of the transaction database of the Mt. Gox exchange, which had its transaction database leaked online, is a dream come true for analysts focused on cryptocurrencies, but even as he compares the Celsius leak to that, he also calls it a disaster.

“You can find someone’s balance, deposits, and withdrawals and then correlate all that to the blockchain,” Bax says. “We can use it for good, but it can absolutely be misused too. Criminals are looking for the biggest balances right now. Those wealthy crypt holders could be targets for spear-phishing, scam, and physical extortion once they are identified.

Getting Cazes and AlphaBay on the wall: a case study for the nailed-to-wall FBI sting

That legal request took weeks to bear fruit. Finally, one evening in the early weeks of January 2017, Ali was in the middle of a law school night class when she got a call from the Sacramento-based FBI agent with the news: The subpoena results had come back.

Coming as it did, however, in the immediate wake of the tip sent to Miller about Alpha02, the two FBI analysts’ blockchain work nailed to the wall a theory that would have otherwise hung by only a few threads. Cazes and AlphaBay’s fortunes were tied together by the results of every exchange subpoena.

“When we saw millions of dollars in crypto flowing to him from what appeared to be AlphaBay-associated wallets, I was fairly confident that we had the right person,” Rabenn says. You get ready to indict when you hit that point.

Continued next week: When investigators find Cazes’ online alter ego on a pickup artist forum, they also discover a new challenge to catching him red-handed—and hatch a plan for the most ambitious sting in dark-web history.