Taipei, Taiwan Feb 27, 2024
The prevalence of cryptocurrency investment and financial fraud poses significant challenges to victims, often leaving them unable to recover defrauded assets even after cases are solved. In a groundbreaking collaboration, Taiwan’s Criminal Investigation Bureau (CIB), the Judicial Reform Foundation (JRF), and blockchain-enabled financial institution XREX have successfully cracked down on a cryptocurrency fraud case, setting a remarkable legal milestone in Taiwan's judicial history.
Using advanced blockchain intelligence tools and on-chain tracking technologies, XREX’s anti-money laundering (AML) and information security departments proved the flow of illicit funds and the owners of cryptocurrency assets, even when there were no identifiable suspects or accused, assisting Taiwan’s law enforcement agencies in returning defrauded Ether (ETH) to the victim.
The uniqueness of this investigation lies in the following:
- The attacker phished the Taiwanese victim while he was using the decentralized wallet MetaMask, resulting in his ETH being stolen from the wallet. Since MetaMask is a self-custodial and decentralized wallet, there was no customer service to assist the victim.
- The perpetrator likely belonged to a criminal organization overseas. Taiwanese law enforcement could not know the perpetrator's identity when processing this case. Therefore, the prosecution lacked a suspect.
- The attacker moved the stolen cryptocurrency assets into an account with OKX, an exchange that operates outside of Taiwanese jurisdiction.
- Multiple parties collaborated to seize almost all of the illicit assets and return them to the victim.
The victim, Mr. Wan, is a professional trader and has been active in cryptocurrency communities.
“I never expected the fraud group to impersonate a Forbes ‘media interview’ to phish and send web pages with malicious programs to steal my cryptocurrency assets, all under the guise of filling out information on the website,” Wan said. “I appreciate the help and support from the CIB, the JRF’s advocate Miffy Chen, XREX, OKX, and SlowMist. I hope my case can serve as a cautionary tale and convince law enforcement agencies that fraud cases involving such decentralized wallets outside our jurisdiction can be handled and resolved."
The attacker phished Wan while he was using his Metamask wallet to access a decentralized social platform, Friend.tech, on the Base blockchain network. The attacker drained his wallet and transferred the stolen funds to OKX. Upon realizing the fraud, Mr. Wan immediately shared his experience on social media and gained the attention of Web3 communities. Within six hours, SlowMist contacted OKX and intercepted the stolen ETH.
According to OKX’s compliance policies, they can only implement a temporary seizure of 72 hours, within which Taiwanese law enforcement must intervene.
On-chain analytics tracked the bridged assets to the attacker’s wallet, then to OKX.
Miffy Chen from JRF assisted in organizing and compiling documents detailing the cryptocurrency’s flow, assisting the victim in filing a report, and cooperating with the CIB and prosecutors to apply to the court for a seizure ruling.
But how can funds be legally returned to the victim if the case lacks an accused?
To solve procedural problems in the law, law enforcement agencies requested the intervention of a professional and neutral third party. XREX, an international crypto-fiat exchange, played a key role in verifying Mr. Wan’s ownership of the attacked wallet, as well as re-verifying details of the cryptocurrency flow. XREX’s security and AML teams used TRM Labs and SlowMist’s MistTrack to cross-analyze blockchain asset flows, and identify the flow of funds, submitting a complete cryptocurrency flow report with reliable evidence.
Chen stated, “This case relies on the mutual trust of multiple agencies to act quickly and effectively. It demonstrated that even if criminals have transferred the stolen assets to overseas exchanges, the assets can still be tracked and recovered. This case serves as a great encouragement to all law enforcement units and experts involved. I hope this unprecedented case is not just a stroke of luck, but an important reference for future cases."
The case’s in-charge, Detective Hsieh Rui Xuan from the CIB's Sixth Investigation Corp, remarked, “Scam syndicates are extending their reach globally through the Internet and emerging technologies like blockchain technology. This has become a serious social issue in Taiwan. While Taiwan's ability to combat overseas crime remains limited, seizing and returning fraudulent proceeds holds significant meaning for victims."
He added that while law enforcement continues to enhance cryptocurrency tracing techniques, this has to be done within existing regulatory constraints.
“I hope this case is an important foundation, not only for remotely seizing cryptocurrency assets, but also for promoting collaborations between law enforcement agencies and experts in blockchain, law, and cybersecurity to combat the misuse of blockchain technology for fraudulent activities," Hsieh said.
Sun Huang, XREX’s Chief Security Officer and General Manager, has over 15 years of international experience in cybersecurity and possesses both offensive and defensive capabilities recognized globally. He said, "This cooperation with law enforcement highlights how it is more difficult to launder money via a transparent and open blockchain network. All transactions are permanently recorded on-chain and cannot be tampered with or erased. The current difficulty lies in introducing and effectively using blockchain tracking and analysis tools. We believe XREX is already a leader in this regard and can be a partner trusted by law enforcement agencies."
XREX has integrated top-tier blockchain analysis technologies and monitoring tools such as JPMorgan’s portfolio company TRM Labs, Mastercard’s CipherTrace, Chainalysis, and MistTrack. XREX continues to fulfill its corporate social responsibility by assisting investigations to analyze illegal currency flows, disclose scam tactics, and produce forensic reports, pro bono.
XREX is also the first company in Taiwan to be audited by the British Standards Institution, attaining the latest version of ISO/IEC 27001:2022 Information Security Management System certification. XREX Taiwan is listed on the Financial Supervisory Commission's list of virtual assets service providers that have completed anti-money laundering compliance statements.
Sun Huang urged, "All cryptocurrency users must be vigilant and careful to verify. If one becomes a victim of scams, immediate action should be taken, such as transferring assets to a new wallet, filing a report as soon as possible, and preserving evidence. All these help in reducing losses. Be mindful to avoid follow-up scams targeting victims and claiming they can help recover assets. Always seek assistance from qualified operators and law enforcement agencies."
XREX, co-founded by internationally-renowned cybersecurity expert Wayne Huang, is the first cryptocurrency company in Taiwan to obtain an in-principle approval for a Major Payment Institution (MPI) license from the Monetary Authority of Singapore (MAS) and has completed anti-money laundering statements to the Financial Supervisory Commission. Its predecessor, security software startup Armorize, specializes in vulnerability analysis and advanced persistent threat (APT) network attacks.
About XREX
XREX is a blockchain-enabled financial institution working with banks, regulators, and users to redefine banking together. We provide enterprise-grade banking services to small to medium-sized businesses (SMBs) in or dealing with emerging markets, and novice-friendly financial services to individuals worldwide.
Founded in 2018 and operating globally under multiple licenses, XREX offers a full suite of services such as digital asset custody, wallet, cross-border payment, fiat-crypto conversion, cryptocurrency exchange, asset management, and fiat currency on-off ramps.
Sharing the social responsibility of financial inclusion, XREX leverages blockchain technologies to further financial participation, access, and education.
Yoyo Yu
Senior Director, CEO Office
XREX