Report Shows QuadrigaCX “Cold Wallets” Actively Involved in SIGNIFICANT Criminal Activity: Ties to Silk Road, Hacked Funds, Identity Theft, and Drug/Human Trafficking

Related image
Picture Credit: Coininsiders

 

 

Contents hide

Introduction

Recently, CoinDesk posted an article on their site that referenced a Reddit user’s analysis into the 103 bitcoins that QuadrigaCX (Canadian Exchange) claims that it sent to a cold wallet by accident.

Specifically, CoinDesk cites this Reddit post:

Despite the fact that it is visibly clear that the funds were removed out of the cluster address that it was sent to, the Reddit user argues that this, in fact, is okay because the true cold wallet addresses for QuadrigaCX are a list of five addresses, which they self-identified.

The author states:

1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa Balance of 36.37786282 BTC

1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB Balance of 33.19556316 BTC

1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M Balance of 19.54328527 BTC

1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe Balance of 10.34268585 BTC

1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R Balance of 4.87560516 BTC

For a total of 104.33500226 BTC. Notably, every address was inactive since April 2018 and the majority of their received BTC was either directly from the QCX hot wallet or a wallet 1 transfer removed from the hot wallet.

With all this information this we can confirm:

These 5 addresses are a portion of the QCX cold wallet addresses.”

This information was covered and re-blogged/retweeted/shared by numerous credible news outlets since it was originally shared and published by CoinDesk (approximately 48 hours ago).

Given the opaque nature of these funds, the author has taken it upon themselves to perform due diligence and research into the nature of these ‘cold wallets’.

This report makes no claims as to whether these are legitimately cold wallet funds or not, but rather examines the nature of these wallets to ascertain their activity in order to get a better idea of what these wallets may have been used for.
[su_spacer size=”15″]

Findings From the Report
[su_spacer size=”5″]

  1. In total, QuadrigaCX sent and liquidated down $400M+ in each of the associated addresses plus the wallet address (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP). The latter wallet address was included because research from blockchain firm ‘Trinide’ concluded a significant correlation between the above address and the cold wallet addresses (more on this in the conclusion plus a linked to the 200+ pulled transactions).
    [su_spacer size=”5″]
  2. These ‘cold wallets’ are associated with a significant amount of criminal activity. This criminal activity includes but is not limited to; dark markets, child pornography, fraud, identity theft, hacking, blackhat services, drug trafficking, and human trafficking. There were no potential ‘middle men’ between the operator of the cold wallets and the recipient/sender of the funds from these sources. To be clear, there were hardly any ‘legitimate’ (i.e., legal) transactions in some of these wallets.
    [su_spacer size=”5″]
  3. Significant amounts of customer funds were siphoned into some of these wallets as well. Those customer funds were usually pooled, aggregated, then liquidated down. The research was careful to ensure and demonstrate that the funds were not aggregated, then sent to another ‘cold wallet’ location. Final destinations were verified with advanced blockchain software and multiple other identity verification sources.
    [su_spacer size=”5″]
  4. The exchange, Bitfinex, in specific, received tens of millions of dollars from these cold wallets. Some of the funds that were sent to Bitfinex were of questionable legal nature.
    [su_spacer size=”5″]
  5. Some of the transactions that occurred within the cold wallets significantly implicated involvement with Payza/Obozo/Egopay controlled entities.
    [su_spacer size=”5″]

It should be noted that an additional wallet address (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP) was included in the estimated total that was liquidated due to the results of the transaction analysis that was performed by blockchain analytical research firm, Trinide, between this wallet and the fourth QuadrigaCX cold wallet that will be covered in this analysis.

Below are the notes from that transactional analysis:

  • In total, there are 266 transactions that involve both of the addresses (a significant number).
  • Out of that 266, 86 of them have both addresses listed as inputs. 
  • Given this fact, as well as the amounts transacted between both wallets, the blockchain research firm concluded that these wallets are either: a) Owned by two entities that are essentially operating in coordination with one another; or b) The wallets are, in fact, owned by the same entity.

All 266 transactions were aggregated, along with their transaction IDs and uploaded to a PasteBin document.
That upload can be accessed at this link: https://pastebin.com/zYjrvzrf
[su_spacer size=”15″]

Analysis Strongly Indicates That QuadrigaCX Was a ‘Front’ Business

It is the author’s firm opinion that QuadrigaCX was essentially running the exchange as a ‘front’ business. This conclusion derives from both blockchain analysis as well as fundamental research.

There are several indicators that this was the case, which are as follows: 

  1. The blockchain analysis shows that QuadrigaCX received tens of millions of dollars worth of bitcoins from objectively illegal sources (such as dark market wallets) in such a way where it cannot be argued that they were ignorant to these transactions. In other words, the following research will show that the argument that a customer was interacting with these illicit sources and then sending the funds directly to QuadrigaCX, unbeknownst to them, is entirely implausible. In fact, the report will show that it is more than likely that QuadrigaCX was either initiating these deposits manually or lending their address to these entities directly.
    [su_spacer size=”5″]
  2. Funds from the cold wallet addresses were ‘mixed’ in an attempt to obfuscate their origin, which is highly unusual for any legitimate, legally operating entity in the position of QuadrigaCX.
    [su_spacer size=”5″]
  3. Much of the money that QuadrigaCX had access to is inexplicable. For instance, the estimated liquidated total far exceeds what QuadrigaCX should have been able to glean from simply absconding all of their customer funds.
    [su_spacer size=”5″]
  4. Funds from the cold wallet addresses were sent directly to illicit parties such as SilkRoad, hacked exchanges, and known Ponzi schemes. Transfers to dark market websites are simply indefensible in any circumstance. Again, it must be reiterated that these were not user-generated withdrawals or deposits. Thus, these were transactions that QuadrigaCX initiated manually themselves.
    [su_spacer size=”5″]

The best way to explain QuadrigaCX’s activity is to relate it to a real world example of running a ‘front business’.

Essentially, analysis shows that QuadrigaCX operated in the same manner as an illegal night club, gentleman’s club, bar, laundromat, car wash, or similar type of business that receives a lot of cash.

If these business are being used as illegal ‘fronts’, they will still operate in a manner that closely resembles a “legal” operation. In theory, there will actually be a laundromat, gentleman’s club, car wash, etc., that is in existence. However, the true income garnered from running the business will be substantially lower than the income reported. This is because the owners of these enterprises (if they are illegal money laundering fronts) will often mix in funds from illegal sources in order to ‘clean’ the money.

Money must be ‘cleaned’ when it comes from illicit sources because the financial systems of the world are designed to quickly flag individuals that are transferring significant sums of money that are unaccounted for.

For instance, if John Doe walks into his local bank, opens up an account, then deposits $3 million into the account without a verified source of income or legitimate, verified reason for why John possesses such money, then John Doe’s account will more than likely be flagged and frozen, then there will be a subsequent investigation of John by his nation’s tax and law enforcement agencies. At the very least, John will lose his money, which defeats the purpose of John acquiring it in the first place.

However, if John has a legitimate source of income on paper that appears to validate why John would have so much money, John can successfully access his money.

This is why cash businesses are generally preferred in the ‘real world’ when it comes to money laundering. Banks keep strict financial records which mean that there is a very easy-to-follow paper trail when it comes to digital/credit transactions. However, this is obviously not the case with cash. There’s no way to validate whether a night club received $5,000 in cash on a Friday night or $10,000. Thus, if they did receive $5,000, they could elect to add in an extra $5,000 to that total that stems from outside funds. This money is then reported as legitimately earned income, and now the illicitly earned money has been “washed”.

It appears that this was how QuadrigaCX was functioning. While yes, it is true that customer funds were absconded, this does not appear to be the primary reason for why QuadrigaCX was in business. The following blockchain analysis will show that QuadrigaCX received tens of millions of dollars that could not have derived from customer deposits. Given the general public’s (and law enforcement/financial institutions) unfamiliarity with blockchain, the obfuscation of their wallet addresses, and poor tracking of customer deposits/withdrawals on the exchange, QuadrigaCX was in a position where they could easily most of their illicit funds stemmed from customers.

Thus, one of the goals of this report, after uncovering the actual nature of Quadriga’s alleged cold wallets, is to show, without equivocation, that QuadrigaCX received tens of millions of dollars from known criminal entities, effectively laundering the money for them.

If this claim is not true, it is incumbent upon QuadrigaCX to provide significant evidence attesting otherwise. Conveniently, QuadrigaCX has reported that it did not ‘keep books’ nor do they have any objective knowledge (in the absence of Gerry Cotten, their CEO) on where their crypto was stored. Therefore, they are only able to give a rough estimate of the customer funds that are ‘missing’ or ‘unavailable’.

However, there is no way to validate that this number is actually correct without verified, validated customer records and stringent accounting on their part.

Given the lack of any accounting records, the in-flow of tens of millions of dollars stemming from illicit/criminal enterprises, and the inexplicable failure on the part of the exchange to share knowledge of the company’s primary assets with more than just one individual (Gerry Cotten), the above conclusion by the author and all associated researchers stand behind the conclusion made in this section of the report.

Methodology Behind the Research

[su_spacer size=”5″]
This report makes zero leaps in logic. The assertions stated above are supported entirely by the transactions in the wallets themselves. This information is corroborated by software, graphic visualization, consultation with a few outside blockchain experts and each finding is associated with specific wallet addresses, transaction IDs, transaction times and amounts (in both USD and BTC).

It should be noted, however, that there were thousands of transactions total among all of the wallet analyzed. Therefore, the report does not include an explicit dissection of each and every single transaction. That does not mean that such an analysis was not performed by the author and associated researchers; it just means that not all transactions were analyzed in the report because it would be impractical or infeasible to do such.

To compensate for this practical constraint, dozens of screenshots, wallet addresses, transaction IDs, and known entities that these wallets transacted with are included within this report. Contrary to the prior report, these connections are not simply listed, they are explained in enormous detail with accompanying links and corroborating information from verified sources.

All information included within the report can be independently verified and more than enough information has been provided to allow any interested parties to independently corroborate the veracity and accuracy of the information included in this report. 

Given the aforementioned constraints of posting an analysis of each and every single transaction, there are some insights into the nature of these wallets that are yielded by the author and the researchers that are not explicitly shown. Again, it must be reiterated that no extrapolations/conclusions are made in this report that are unsupported by the data and analysis
[su_spacer size=”5″]

No Cluster Address Methodology Was Used

[su_spacer size=”5″]
There was absolutely no cluster address methodology used in the compilation of this research. Instead, each wallet is analyzed individually and the transactions to corresponding wallets are analyzed on a transaction by transaction basis as well.
[su_spacer size=”5″]

QLUE Analysis Software

[su_spacer size=”5″]
One of the major differences between the prior analysis (pt. 1) and this one is that professional blockchain analysis software was conducted in the curation of this report. This software is called, ‘QLUE’.
[su_spacer size=”5″]

What is QLUE?

[su_spacer size=”5″]
QLUE stands for Qualitative Law Enforcement Unified Edge and it was created by the ‘Blockchain Intelligence Group’. Its purpose is to provide more powerful insight regarding blockchain data by wielding a suite of proprietary tools and analytical techniques that one cannot find on regular online blockchain analysis websites.

This software is generally used by law enforcement to assist them in their investigations in the crypto sphere.

Perhaps the biggest benefit of this software is that it allows for a visual analysis of the flow of bitcoins, rather than forcing us to settle for a letter/number based analysis.
[su_spacer size=”10″]

Author’s Credibility

[su_spacer size=”5″]
There have been significant rumblings among pundits on social media, in mainstream media, and in courtrooms that the ‘investigation’ is being dominated by ‘chat rooms’ and ‘conspiracy theories’.

Readers of this report should rest assured that this report would not qualify as ‘chat room research’. ‘

The author of this research report has been tracking any and all relevant information pertaining to the functionality and solvency of QuadrigaCX for well over a year at this point.

In addition, the author of this report owns a cryptocurrency research-based website with over 500+ published reports in the crypto space dating back well over a year.

The author has successfully performed an analysis of blockchain data in the past and has written informational reports designed to educate the general community about the technical specifics of blockchain.

In addition, the author has published significant bodies of work that involve tremendous fundamental analysis of various projects, exchanges, leadership structures, acquisitions, whitepapers (prospectus), political in-fighting, conflicts, collusion, and collaboration in the cryptocurrency space.

The author has also had conversations with and interviewed numerous notable individuals in the community such as: Pierre Rochard (Bitcoin Core developer), Vitalik Buterin (founder of Ethereum), Charlie Lee (founder of Litecoin), Jed McCaleb (founder of Stellar Lumens), Charles Hoskinson (founder of Cardano), along with countless others. The combined market valuation of the aforementioned projects is well in excess of $40 billion.

The research will begin by analyzing each wallet in no particular order. For convenience, these wallets will be labeled with the numbers 1 through 5 as they are introduced into the report.
[su_spacer size=”20″]

Cold Wallet #1–1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R

[su_spacer size=”5″]
To view this wallet’s transaction history, please visit:

https://www.walletexplorer.com/address/1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R

A quick observation shows that several hundred bitcoins have exited the wallet over the past year:
[su_spacer size=”5″]

[su_spacer size=”5″]
So, in order to get a better idea of what this wallet’s purpose is,we will begin by tracking the transactions going out of the wallet itself.

For that, we are going to consult the ‘QLUE’ software.

[su_spacer size=”5″]
QLUE Analysis of Wallet #1

[su_spacer size=”5″]
When we plug in the address into the QLUE software, this is the first result that we get:
[su_spacer size=”5″]

[su_spacer size=”5″]
In specific, we’re going to look at the 174+ BTC outgoing transaction from February 7th, 2018:
[su_spacer size=”5″]

[su_spacer size=”5″]
Here is the visual from QLUE below:
[su_spacer size=”5″]

[su_spacer size=”5″]
The big ‘0’ means that it has been detected by the software as being involved in a scam/hack/criminal activity. In other words, this is the type of wallet that you would flag if you ever caught it sending to your exchange. Thus, as an exchange, you certainly would never want to own a wallet like this.

But let’s go ahead and track where the funds have went:
[su_spacer size=”5″]

[su_spacer size=”5″]
Again, it appears considerable funds exited to this wallet (it clumps other funds that have went here from the alleged QuadrigaCX ‘cold wallet’ as well).

The destination address is ‘1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP’, which is shown in the picture above.

This is another wallet within the same cluster (MtGoxandOthers):
[su_spacer size=”5″]

Note: We aren’t following clusters right now, we’re simply following addresses.

[su_spacer size=”5″]
Its worth noting that the last transaction in this wallet occurred on December 3rd, 2018.
[su_spacer size=”5″]

[su_spacer size=”5″]
The graphical representation of this wallet’s transactions paint a hectic picture.

We can see significant sums of money traveling back and forth between the wallet — more than likely in an attempt to obfuscate the origin and the flow of funds.

Fortunately, it should not be too difficult for us to investigate where these coins have gone.

Here are some screenshots below:
[su_spacer size=”5″]

[su_spacer size=”5″]
We can see 100 bitcoins went to ‘Localbitcoins’ (an OTC/person-to-person selling service).

The address for that wallet = 18mk2R2WTzeyLR69yugSM8J5LBQBtQRaRy
[su_spacer size=”5″]

[su_spacer size=”5″]
The above transfer is a bit more disconcerting as it is labeled as ‘Bitfinex Hack’.

The wallet address for this wallet = 367ADepMPHndxXNCevbQeJT8KWq3vLte7R

It appears the reason that this was labeled as ‘Bitfinex hack’ is because, in 2016, this address was listed as one of the addresses that were compromised when Bitfinex was hacked in 2016.

Money going to or from this address is indicative of involvement. In theory, a compromised address at an exchange (one that has been successfully hacked) would be a hotbed for other illicit funds and funds that must be laundered/tumbled/mixed in order to obscure their origin.
[su_spacer size=”5″]

The Address is Listed in This PasteBin Dump of Affected Addresses During the Bitfinex ‘Hack’ in 2016:
[su_spacer size=”5″]

txid from to amount 002740a49e16fc127b0a58a887e5ad77cc4d5114a38aa6df0922cfebb76 – Pastebin.com

0083abb19ca6ce1ff1dd55ffa6531fe4d88d3ec884d93ee3c3f9a03efb4cb1b1 3F14ooo4Z4BchZrFNSxF5jgssMjJcKPfay 1PsMd9HzNxfyFNRQRxsjjvvzX48EmZVn9n 13.20420957

[su_spacer size=”5″]
It must be noted that this is a direct transaction to this wallet, without intermediary.
[su_spacer size=”5″]

Cryptsy Hack Involvement
[su_spacer size=”5″]

[su_spacer size=”5″]
In the above picture, we can observe 340.65 bitcoins being transferred directly to the wallet of the Cryptsy hack (3HNSiAq7wFDaPsYDcUxNSRMD78qVcYKicw)[TX ID: 47c2882d0d9781415e6c71a5047a2df6d2371062d3bf13c742443f28adedcdca].

The value (in USD) of the transferred bitcoins at the time was $1.2 million.
[su_spacer size=”5″]

The transaction occurred on July 30th, 2016 — yet Cryptsy’s website was officially ‘down’ on January 15th, 2016:
[su_spacer size=”5″]

[su_spacer size=”5″]
What’s interesting (and somewhat unrelated), is that just days before Cryptsy went down, over 5,000 bitcoins were transferred to Bitfinex:
[su_spacer size=”5″]

Transaction ID = d367bed1ba58906f9b6f01e73df74856a88b7662777ccaf428ac385379a52983

[su_spacer size=”5″]
What’s most interesting is that in the months before Cryptsy went down, the exchange collectively sent over 16,000 bitcoins to Bitfinex from late 2015 through most of 2016. Most of the transactions occurred even after Cryptsy had declared themselves insolvent.
[su_spacer size=”5″]

The TX IDs for these sends are located below:

  1. f920a5918023624891209dbf684c9c154da27a807ec80d958db7fe0163ed42ad
    [su_spacer size=”5″]
  2. d367bed1ba58906f9b6f01e73df74856a88b7662777ccaf428ac385379a52983
    [su_spacer size=”5″]
  3. d6cd65531063a336c1340e5fc640cd022b9b67159f604c5baec0c0752dce2d51
    [su_spacer size=”5″]
  4. 4508ab2bea26e41462e380f24422d32c53d186f571d3c702cbd93f54bddf999d
    [su_spacer size=”5″]

Just about every transaction went to this wallet : 3BW7c6gDF2QA63JUAtnFuXiv66q5D9tGbF (Bitfinex)

The vast majority of those funds (thousands of bitcoins; millions of dollars) are then transferred to this wallet address ‘3AgxodEvv9FZtm6LMgPxCSmBwhNSBdFsSk’. 

Some of the funds are transacted there directly, while other portions of the funds are re-routed through several different wallets before eventually reaching the ‘3Agxod’ address.

In total, the aforementioned address (3AgxodEvv9FZtm6LMgPxCSmBwhNSBdFsSk) has received nearly half a billion dollars worth of Bitcoin in its history. However, at this point, it only holds approximately $10k.

What is notable is that there is also a send here from the parent wallet (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP) (Transaction ID: 8eb827c19712eb388076bfd226321667d7b0251aa9138d638caa80c533039903).
[su_spacer size=”10″]

More Deposits to Bitfinex

[su_spacer size=”5″]
Specifically, below, a $12+ million to Bitfinex’s hot wallet can be observed (TX ID:0baac7b192def11e085f96509da7e5129e01ad837cef67fc41e21fe3dcf17e02)
[su_spacer size=”5″]

The recipient wallet was Bitfinex’s hot wallet: 1Kr6QSydW9bFQG1mXiPNNu6WpJGmUa9i1g
[su_spacer size=”10″]

Additional Observations:
[su_spacer size=”5″]

  • There appears to be 153 bitcoins parked here (October 2018): 1FksuzLTaYDV5GiqsGAnF62mywCatXyuuW
    [su_spacer size=”5″]
  • Tens of millions of dollars from the overarching wallet (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP) have been liquidated. These funds were not used to satisfy customer withdrawal requests.

[su_spacer size=”5″]
According to blockchain.info , $180M has been through this wallet in total:
[su_spacer size=”5″]

[su_spacer size=”10″]
Back to QuadrigaCX “Cold Wallet” #1 ( 1J9Fqc3TicNoy1Y7tgmhQznWrP5AVLXj9R)

[su_spacer size=”5″]
If we revisit QuadrigaCX’s cold wallet #1, we can see the vast majority of this wallet’s funds came from ‘EvolutionMarket’ (dark web wallet).

[su_spacer size=”5″]
In addition, the money appears to be sourced to and from various Bitcoin mixers as well:
[su_spacer size=”5″]

[su_spacer size=”5″]
It is worth noting that millions of dollars in laundered funds from BTER.com (now known as Gate.io) were laundered through QuadrigaCX’s cold wallet #1 as well.

Below is a picture of the total amount of funds that have entered and exited from this wallet address:
[su_spacer size=”5″]

[su_spacer size=”5″]
As one can see in the picture above, approximately $43.5 million dollars entered into this wallet. Only $17.6k remains.
[su_spacer size=”20″]


Cold Wallet #2 — (1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa)

[su_spacer size=”5″]
This is another wallet that was listed in the Reddit post cited by CoinDesk.

The transaction ID for one of QuadrigaCX’s deposits to this wallet (on February 6th, 2019) is posted below for convenience:

https://www.walletexplorer.com/txid/63019af632b2eb2b76d9845fd564bff3fe299822505412b002201b8610afb758

Again, Blockchain.info can help us ascertain how many bitcoins have been in and out of this wallet:
[su_spacer size=”5″]

[su_spacer size=”5″]
From what we can see above, this wallet received a total of $45 million worth in bitcoins. Its current value stands at $131k, which derives primarily from the funds that were recently transferred into it by QuadrigaCX.
[su_spacer size=”10″]

Graphical Visualization of Wallet In-Flows For Wallet #2

[su_spacer size=”5″]
As with wallet #1, we will look at the graphical in- and out-flows for Bitcoin for this wallet:
[su_spacer size=”5″]

[su_spacer size=”5″]
In the picture above, the red circle in the middle represents the alleged cold wallet for QuadrigaCX ( 1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa). Again, whenever the QLUE software denotes an address with a red circle, that means that it has already been flagged as being involved in a scam or some sort of fraudulent transaction (i.e., where an individual/entity has been deceived into sending money to the address).
[su_spacer size=”5″]

[su_spacer size=”5″]
Notably, there is a ‘Silkroad2market’ wallet address that has received funds from this wallet. This is a direct transaction.

Also, to be clear, this is a Silk Road controlled address, not a customer address.
[su_spacer size=”5″]

In the picture above, we can see a significant number of Bitzino wallets sending funds over to this QuadrigaCX cold wallet. Some of these transfers are direct.
[su_spacer size=”10″]

More QuadrigaCX Deposits Found in Cold Wallet #2
[su_spacer size=”5″]

[su_spacer size=”5″]
It appears that QuadrigaCX also dropped 400 $BTC into this wallet back in 2015.

The wallet address for the QuadrigaCX wallet labeled above = 1AUaxsdfA7mZTajSwKX2QZVMBU7Wgi6ZQR.

In total, it received $1.7 million. None of that money is in this address currently:
[su_spacer size=”5″]

[su_spacer size=”5″]
It seems that the vast majority of this money was sent to this alleged cold wallet address in one fell swoop:
[su_spacer size=”5″]

[su_spacer size=”5″]
The rest of the money was sent from this wallet to the 3rd alleged cold wallet (which will be covered next) — 1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB.
[su_spacer size=”5″]

In the picture above, we more funds flowing from QuadrigaCX to Bitfinex. In total, 196 bitcoins were involved in this transaction from Quadriga cold wallet #3 into a Bitfinex ‘old’ wallet (labeled old because it is no longer in use). The address of the receiving wallet is (1Jw5nc5TM4xp8KmRrdXfcCiWYoDaC2BVAK)
[su_spacer size=”10″]

Bitzino Casino Transactions
[su_spacer size=”5″]

As shown above, there were several bitcoins stemming from Bitzino (An Online Bitcoin Casino). It should be noted that, overall, the vast majority of money going in and out of Quadriga Cold Wallet #2 was to Bitzino.

Overall, there was $20 million+ in transaction volume between this Quadriga Cold Wallet #2 and Bitzino, which represents over half of the total funds that were received at the Quadriga Cold Wallet #2 address.

What is interesting about Bitzino is that it shutdown spontaneously and mysteriously without any warning around 2016. Whether the funds have been laundered or not remain in question.

The transactions between Silk Road, other illegal darkweb entities (i.e., AlphaBay, AlphaMarket, etc.) as well as the size of the transactions received and sent from these wallets (i.e., in excess of $1M+ at times), show that those wallets were definitely not customer wallets.

At this point in the analysis, there is no direct evidence that any customer ever made a deposit to either cold wallet address.

If readers remember the previous Bitcoin chain analysis of QuadrigaCX’s wallet activity, they will note that identifying customer withdrawals was relatively easy. Therefore, in the absence of evidence that any customer directly deposited to this address, it is fair to assert that any and all funds that were deposited to either Quadriga Cold Wallet #1 or Quadriga Cold Wallet #2 were either done by Quadriga directly or by other entities (like Bitzino) that were directly given the wallet address (for some reason).

It is worth noting that all money that entered into this wallet was re-directed toward known liquidation outlets, such as:

  1. Localbitcoins
  2. Bitfinex
  3. Other Exchanges
    [su_spacer size=”20″]

Wallet #3 — (1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M)
[su_spacer size=”5″]

[su_spacer size=”5″]
As we can see from the picture above, this third ‘cold’ wallet that QuadrigaCX supposedly owns contained $50 million in it at one point.

Let’s go ahead and take a look at the graphical representation for this wallet:
[su_spacer size=”5″]

[su_spacer size=”5″]
Again, this wallet has been imbued with the rating of ‘0’, meaning that it has been positively identified with scams or criminal activity. In other words, the ‘0’ is a means of “flagging” the wallet as unsafe to transact with.
[su_spacer size=”5″]

[su_spacer size=”5″]
Interestingly, from the picture above, we can see that 142 bitcoins went to wallet (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP).

This is the wallet that was mentioned under the subheading of the first wallet analysis. It was noted, in specific, that this wallet was involved in significant illegal activity, such as funds laundered from the Cryptsy wallet following their insolvency (Cryptsy at the time alleged they had absolutely no money and their exchange website was down) as well as the Bitfinex wallet (after it had been announced and listed as ‘compromised’). Deposits to the ‘1JZJaD’ wallet from this cold wallet address may explain why there was a grand total of $180 million that passed through that wallet.

Given the enormous sum ($180 million) that has been moved in and out of the aforementioned wallet, it is almost implausible to insist that the individual owner of that wallet could be a customer of the exchange:
[su_spacer size=”5″]

[su_spacer size=”5″]
In the picture above, we can observe 100 $BTC going directly to the 1HyYMMC wallet from Quadriga Cold Wallet #3. The 1HyYMMC wallet address is the second cold wallet address that was reviewed in this report.

This transaction among others makes it obvious that the cold wallet addresses are interconnected with one another in some way. Perhaps the connection is nothing more than money being passed back and forth from one entity to another.
[su_spacer size=”5″]

[su_spacer size=”5″]
Overall, as more connections are expanded and extracted from the wallet, the trail of money from disparate sources leading back to this wallet as well as the others in the list are becoming more readily apparent.
[su_spacer size=”10″]

Purpose of Wallet #3
[su_spacer size=”5″]

[su_spacer size=”5″]
After tracing through a significant number of wallet transactions going to and from the Quadriga Cold Wallet #3, it appears that most of the money received was routed to four wallets:
[su_spacer size=”5″]

  1. 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP
    [su_spacer size=”5″]
  2. 1CRN5bx3KBqSiZoZnftbhSRvaCdfcAjons
    [su_spacer size=”5″]
  3. 1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa
    [su_spacer size=”5″]
  4. 1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB
    [su_spacer size=”5″]

The top address (1JZJaDD) is the wallet that we tracked as receiving over $180 million (and subsequently delivering it).

The second address, ‘1CRN5’ is not an address that was included within the 5 that are allegedly Quadriga cold wallets, so we’ll leave that alone for the time being (although there is probably plenty of insightful information to glean from that address).

The #3 and #4 addresses are two of the addresses that were definitively listed as QuadrigaCX ‘cold wallet’ addresses per the Reddit post and CoinDesk’s report.
[su_spacer size=”5″]

Preliminary Conclusion

It appears that money is being shuffled through this wallet with the primary goal of ending up at one of the four wallets listed above.

This was determined by the needlessly complex and lengthy route of travel for many of the coins in the wallet before they arrived at their final destination (i.e., one of the top 4 wallet addresses listed above).

It is worth noting that, again, none of the funds that entered into this wallet were specifically customer funds. It appears that money was re-routed from disparate dark market sources (such as AlphaBay/AlphaMarket/etc.) and coin mixers/tumblers.

In general, the wallet appears to be an intermediary destination for funds before reaching their final liquidation point.


[su_spacer size=”20″]
Wallet #4 — (1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB)

[su_spacer size=”5″]
The address posted above is the 4th QuadrigaCX cold wallet that we will cover in this report.

Again, this wallet address is connected to the ‘MtGoxandOthers’ cluster wallet:
[su_spacer size=”5″]

https://www.walletexplorer.com/wallet/MtGoxAndOthers?from_address=1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB

[su_spacer size=”5″]
As stated in the introduction of this report, we will not be dealing with cluster addresses.

So, let’s go ahead and take a look at the actual wallet itself:
[su_spacer size=”5″]

Source: https://www.walletexplorer.com/address/1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB

[su_spacer size=”5″]
Like the previous three wallets, it appears that the last time any funds were sent from this wallet was on April 4th, 2018.

This, along with the transactions that have been re-routed between the wallets through mixers and intermediate wallets, makes it very likely that the wallets are connected with one another and operated by the same entity.
[su_spacer size=”5″]

Source: https://www.blockchain.com/btc/address/1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB

[su_spacer size=”5″]
As seen in the picture above, this wallet has received nearly $45 million in total, and there is now only $120,108 remaining in the wallet.

If we head over to the QLUE software, we are presented with this picture from the outset:
[su_spacer size=”5″]

[su_spacer size=”5″]
The big ‘0’ here denotes that the wallet has been positively associated with scams in the past, which reduces all of its trust rating.

But before casting any judgment on the nature of this wallet, it is best to take a look at the transactions going to and from the wallet.
[su_spacer size=”5″]

[su_spacer size=”5″]
In the picture above, we can see the passage of approximately 141.559 bitcoins (transaction ID: 2083c8e649b4a745e55d30e56fc7d98c4510f58808f4578395fb11c0ea1b1ad8) going to the wallet we identified earlier in this report as having laundered $180 million with extremely illicit parties. (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP)

 

Below, is a graphical representation of the web of wallets and transactions that are connected to this cold wallet:
[su_spacer size=”5″]

[su_spacer size=”5″]
As one can see from the graphical representation above, a significant number of wallets were examined in this cold wallet address as well as the others.

Let’s look at the next connection:
[su_spacer size=”5″]

[su_spacer size=”5″]
In the picture above, we can see $30,000+ (transaction ID: a98ed1aac36c036063c9106dba87876cc7372193a87a2b91e8d716f20003b6d3) coming from QuadrigaCX owned wallets (1Kw39Kgb8SDxhy4VP4MjM1muSy7sfWur5w).
[su_spacer size=”5″]

[su_spacer size=”5″]
In the picture above, we can see even more funds going directly to the illicit wallet (Wallet Address: 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP) (transaction ID:c6e8301d676ad2a7fe3aff8d998ac8cf0a4c61a25305d08e12b9f7cb03d7e02c).

There was yet another connection to this wallet found immediately afterward as well:
[su_spacer size=”5″]

[su_spacer size=”5″]
The transaction ID for this 68+ $BTC send is (ea98476055935bb80cd1e517b8a344dd8e202dacd28c18facba41dd5f564bc30).

Even beyond this transaction, there is yet another one that routes to this illicit wallet from Quadriga Cold Wallet #4:
[su_spacer size=”5″]

The transaction ID for this 94 Bitcoin transfer = (8784ea22504498d5e26d3bf2687effdc78638264bb7875ca53b7ef617b45e233).

All of the other sizable transactions coming from QuadrigaCX ‘Cold Wallet’ #4 lead directly to that illicit address:
[su_spacer size=”5″]

[su_spacer size=”5″]
It is worth noting that all of these transactions from QuadrigaCX “cold wallet” #4, depicted above, are going directly to the illicit wallet:
[su_spacer size=”5″]

There are no intermediaries between these two wallets. The boxes that are shown in the middle represent the TX ID’s, not separate wallets.

Further analysis (conducted by lowering the ‘filter’ for transaction amounts shown), reveal that even more transactions were going directly to this illicit wallet than what can be captured visibly on screen in one photo:
[su_spacer size=”5″]

[su_spacer size=”5″]
Other sends appear to be landing at ‘localbitcoins’:
[su_spacer size=”5″]

[su_spacer size=”5″]
Transaction ID: bf00767d140831ec3fa51ea7cbe5c5eef30ddf6f9b259b2db90d5276902c198e

Wallet Address: 14AtH4G1dELMznREtC8EtyXL5FpMFuQezy

[su_spacer size=”10″]
It appears that the remainder of bitcoins in this send went to Binance (exchange):
[su_spacer size=”5″]

[su_spacer size=”5″]
The next analysis segment of Quadriga Cold Wallet #4, which will look at how $40M+ worth of bitcoins were extracted in a bulk transaction, will be detailed through words rather than with visuals because of the sheer number of interwoven connections laden within.
[su_spacer size=”10″]

Continued Analysis of Wallet #4 ($50M Liquidation Trail)
[su_spacer size=”5″]

  1. The trail begins with QuadrigaCX ‘Cold Wallet’ #4. (1JPtxSGoekZfLQeYAWkbhBhkr2VEDADHZB)
    [su_spacer size=”5″]
  2. From there, we see a 152 bitcoin transaction worth $900k going to 1HFtPCQoYeW4xqihW59wagJf1rLvVotYWK (tx ID = d51b0cf9c6da4a9f6bfbbf8987ff42d307c1aa4deee8515bf796f071820f6fc0).
    [su_spacer size=”5″]
  3. The 1HFtPCQ wallet then receives +850 more bitcoin, to total 1,005 bitcoins that it has received. This is for a total $8.1 million. The transaction ID for this = d6e83af553b81b0b22d22d4c8376e311c27b17347d793a329c61255e7a412841.
    [su_spacer size=”5″]
  4. All the bitcoins ($8 million) are then sent to 1C5hceoqJpX826BcxYtdRSJXUkZs6fkwGn. (same transaction ID)
    [su_spacer size=”5″]
  5. This wallet (1C5hceoqJpX826BcxYtdRSJXUkZs6fkwGn) has received a total of 7,214.97 bitcoins worth a total USD value of $53 million. Currently, its value stands at 0.
    [su_spacer size=”5″]
  6. All transactions occurred between November 19th, 2017 — January 4th, 2018 in the 1C5hceo wallet.
    [su_spacer size=”5″]
  7. All of the funds were then aggregated and sent to 16UMAqsX26ACD9oZddekW4u5T4S1o9tQyz ($53 million) (3499 bitcoins). (Transaction ID = 341a76ab927935230ebc39acc48c8282a710fdfe431e6bbcc342300e70bfcc26).
    [su_spacer size=”5″]
  8. From the 16UMA wallet, the funds were split to two addresses with the two addresses receiving 200 bitcoins and 3299 bitcoins, respectively. 200 bitcoins ($3M) went to 38cbxEcWc9d6w2w4XWsqhE6e9nKx33D5qA. 3299 bitcoins went to 1LeWddfZ4PXEbi2sJMMdYUX2FgY97KEj9H. The transaction ID for this = 73478664d0ee694b0e4d58ef67bd64900703afc63ebe239bd84b4317c166deb8.
    [su_spacer size=”5″]
  9. From there on, the wallet that received 3299 bitcoins, also split the money into two tranches once again (299 bitcoins and 3,000 bitcoins; worth $49.9 million). 299 bitcoins ($4.9 million) went to 18gcZTBrhhAoqu7xee7ga9GL59KcKJwbLR. 3,000 bitcoins ($45.6 million) went to 1HmccKNxcFm3xMmjgHn5kPhR7jczZrn7TW. (Transaction ID: 8119643bef4d27ac73a6e33cabb4654d5f9030509db7eb3de5c834aff62edb52).
    [su_spacer size=”5″]
  10. The wallet that received 3,000 bitcoins (1HmccKNxcFm3xMmjgHn5kPhR7jczZrn7TW), then received 999 additional bitcoins from outside sources before forwarding all of that money to ($42.9 million) to 1L9WRCCa14DM5v1jinDy1LUV9mjXHSmmGF. (TX ID = f8e1d19515d665f9ce63f7e3c9e0779a55ce42f70262fbe29cf60d261ead4f9c).
    [su_spacer size=”5″]
  11. At this point, the bitcoins from 1L9WR are split up into two transactions of 499 bitcoins ($5.3 million) and 3,500 ($40.14 million), respectively. The 499 bitcoins went to the QuadrigaCX exchange (3CdyFXH2bSznSw9rJ5uZoe85SjReKSCeFF), while the 3500 went to an unknown wallet address (1HSs2rKpWAT2mJwhByHQoo7jg87oUfTsVb). (TX ID: 5a5a37289403d2a32936411561bd5185d20c2089a7ebccf2a69a77d1c853c51b).
    [su_spacer size=”5″]
  12. From there, the 3500 bitcoins ($40 million) is then split into two transactions of 3200 ($36.68 million) and 300 bitcoins ($3.4 million), respectively. The 300 bitcoin send ends up at 3P1sSi54Qz6yYSNfD5iwZoR7kvf8PqjPMp, while the 3200 bitcoin ends up at 1Kr9Mk4ijz4zw7oU4F1Cr8nj1s14T4TE2x. (TX ID = a9858f9768a33463ccd5540d54e452d50179c71b2a96ed3a55318339ec4a4ad6)
    [su_spacer size=”5″]
  13. The money is then re-routed through a few wallets, with the final destination wallet being 32qYHqxHNLJq83yJriopxPRTPb6bjkXzHe.
  14. If we track back to the QuadrigaCX hot wallet that received 499 bitcoins in this transfer (3CdyFXH2bSznSw9rJ5uZoe85SjReKSCeFF), it appears that all of those bitcoins were then sent to identifiable QuadrigaCX wallets (correlated with the main QuadrigaCX cluster). From there, almost all wallets sent money directly to Bitmex (TX ID: af96cf4e702040229ac15423c358183f52ee113b39f321f2dd57bf6caa339879). These were bulk amounts of several hundred thousand dollars at once.
    [su_spacer size=”5″]

All funds that were sent to 32qYHqxHNLJq83yJriopxPRTPb6bjkXzHe have been liquidated.
[su_spacer size=”10″]

Analyzing Derivative Funding For Quadriga Cold Wallet Address #4

[su_spacer size=”5″]
To recap, the string of transactions outlined above began with only 152 bitcoins — which were sent from QuadrigaCX’s “cold wallet” #4.

So that begs the question of how the aggregate funds grew to the total size of 4k bitcoins.
[su_spacer size=”5″]

Below are the footnotes that were taken during the tracking of these funds:
[su_spacer size=”5″]

  • It appears that a siginficant number of bitcoins came from the QCX ‘Cold Wallet’ #3 (1MhgmGaHwLAvvKVyFvy6zy9pRQFXaxwE9M) (TX ID: 5cbdcec2a61655a7f22c4c7a46aab0739c4a371bfd7d60e6eb8c5fed62dd18ba). In total, at least 188 bitcoins worth $1.5 million.
    [su_spacer size=”5″]
  • More funds from the alleged Bitcoin ‘Cold Wallet’ #2 (1HyYMMCdCcHnfjwMW2jE4cv9qVkVDFUzVa) came in as well (TX ID: d06023fa301b32158c93d470a7f803b66c2605460d4503b724f94deaded1842b). In total, there was $790k sent ; 96.77 bitcoins.
    [su_spacer size=”5″]
  • A significant sum of QuadrigaCX hot wallets sent over money as well (what appear to be customer funds) (TX ID: f32e0612927a63080d8c9a295d56a2bef5ec6f202483e932ff424033647cea98). The estimated total is at least 150 bitcoins worth $1.35 million at the time of transfer. It is worth noting that customers did not send these funds directly to this wallet because the wallets they were contained in are controlled by QuadrigaCX. This was established through statements made by Quadriga through the Court Monitor.
    [su_spacer size=”5″]
  • More money is seen coming from QuadrigaCX ‘cold wallet’ #5 (1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe) ($2 million; 120 bitcoins) [TX ID: 877283280c466160cd72bc5ab4d8db472536e28b781d963b452059491e984e70]. Plus another $1 million (64 bitcoins) [TX ID: 7b8bcbea54e4cbec9a893bbae265250b3c11cebe25c7d1863da1eadadd49fc01]
    [su_spacer size=”10″]

Visual Representation of the QuadrigaCX Cold Wallet #4 Analysis

[su_spacer size=”5″]
Below are some pictures from the QLUE software’s graphic visual representation of QuadrigaCX’s transactions from their alleged ‘cold wallet’ (#4).

These snapshots are provided to attest to the breadth of analysis for these wallets.
[su_spacer size=”5″]

[su_spacer size=”10″]
Conclusions From Wallet #4

  1. The illegal activity that was observed in the first three wallets does not exist in this wallet at all.
    [su_spacer size=”5″]
  2. All of the money that has entered into this alleged cold wallet has either been liquidated or gone to 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP.
    [su_spacer size=”5″]
  3. Millions of dollars went from the alleged ‘cold wallets’ of Quadriga directly into liquidation (this is demonstrated clearly via screenshots, TX IDs, and wallet addresses).
    [su_spacer size=”5″]
  4. It appears that a substantial amount of money was sent from QuadrigaCX’s main cluster address (where they received 100 bitcoins a few days ago), and then subsequently liquidated via this wallet as well.
    [su_spacer size=”5″]
  5. There is no plausible argument for stating that any of the intermediate wallet addresses covered in this portion of the report belong to individual customers. The pattern of movement of these addresses strongly suggests that they are being controlled by one entity (i.e., numerous addresses re-routing to one location simultaneously, numerous addresses with funds that end up at the same liquidation point, etc.)
    [su_spacer size=”5″]
  6. This report states with confidence that $50M+ was liquidated from QuadrigaCX Cold Wallet #4. All destination points out of the wallet are highly identifiable as either — a) belonging to the one wallet identified in the first analysis as essentially a hotbed for criminal behavior (1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP) or b) A known cryptocurrency exchange wallet address.
    [su_spacer size=”5″]
  7. It is more than likely that several million more dollars were either liquidated from the other ‘cold wallets’ (going directly into other wallets, yet not touching cold wallet #4), or via customer funds being directly siphoned into this ‘cold wallet’ or the illicit wallet.
    [su_spacer size=”5″]
  8. As mentioned by the author of the Reddit post — one wallet in particular that’s a bit troublesome is ( 1PdBMFkicx1vTHs9P6whPGondSVcmndVha). This wallet received $10 million from QuadrigaCX Cold Wallet #4. None of that $10 million is associated with the $50 million that we can verifiably state has been liquidated down.
    [su_spacer size=”5″]
  9. Because of the aforementioned liquidation in #8 as well as others that were not necessary included in this segment of the analysis, the report concludes that at least $80 million was liquidated down through this wallet by QuadrigaCX. However, only $50M has been calculated into the final spread. 

[su_spacer size=”20″]
Wallet #5 ( 1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe)
[su_spacer size=”5″]

https://www.walletexplorer.com/address/1ECUQLuioJbFZAQchcZq9pggd4EwcpuANe

[su_spacer size=”5″]
Similar to the previous four cold wallets, the fifth and final wallet’s last outgoing transaction was sent in early April 2018.

Let’s take a look at the wallet on QLUE:
[su_spacer size=”5″]

[su_spacer size=”5″]
Again, this wallet is given the rating of ‘0’, which means that it has been positively identified with scams in the past.

On ‘blockchain.com’, we can see that $41 million have exited this wallet:
[su_spacer size=”5″]

[su_spacer size=”5″]
Difficulty in Analyzing

[su_spacer size=”5″]
For whatever reason, the source of all funds coming into the wallet have been heavily mixed to the point where distinguishing the source of the funds is nearly impossible (as is a mixer’s job).

Typically, the source of these funds can usually be de-mystified with a bit of legwork (i.e., clicking through wallets endlessly, taking notes, seeing ‘meet’ points, clusters, etc.) — but in this case, it appears that whoever sent the funds was mindful enough to significantly obfuscate the source of the transaction.

However, this does not stop us from determining that several hundred bitcoins again went to 1JZJaDDC44DCKLnezDsbW43Zf8LspCKBYP.

A number of wallets were also tagged with ‘dark markets’, but without ascertaining the exact source of those wallets, determining the nature of these transactions is nearly impossible.
[su_spacer size=”5″]

Conclusion

The research above should not be considered premature or speculative. The results are definitive and the flow of transactions going both in and out of the wallets (apart from the last wallet that was covered), should make the conclusions stated in the beginning of this report readily apparent.
[su_spacer size=”5″]

Below is a Brief Q&A

Q: How do we know that these cold wallets have not been receiving customer funds?
[su_spacer size=”5″]

  • There are a substantial amount of funds that have entered into these wallets, but they did not derive from the main hot wallet. Many of the transactions derived from outside sources. However, these outside sources were not customer wallets. We can make that assertion because of a) the amounts that were being sent & b) the manner in which they were sent.

Below is a chart of the Bitcoin rich list (at the time of writing):
[su_spacer size=”5″]

[su_spacer size=”5″]
As the rich list above shows us, 99.36% of all wallets on the Bitcoin protocol contain 1–10 bitcoins or less. And out of all Bitcoin wallets in existence, only 3.13% of those actually contain 1–10 bitcoins. So, the vast majority own significantly less.

Based on that fact alone, the idea that there were hundreds of customers funneling 100+ BTC transactions directly to QuadrigaCX, a Canadian exchange that was far from the leading exchange in terms of worldwide Bitcoin volume, should be met with extreme skepticism.

While nothing can be ruled out (even gravity is still considered a theory), the burden of proof should be placed firmly upon QuadrigaCX and any other proponents of this theory to prove or provide some sort of definitive evidence that shows that any of these transactions were from customer intermediaries. 

In addition, the exchange’s widely publicized banking and withdrawal problems throughout 2018, make it even more implausible that they were able to garner significant Bitcoin deposits in the last year too.
[su_spacer size=”10″]

Q: So if the cold wallet wasn’t receiving customer deposits, then where was the money coming from?

  • As explained in the report above, there were several sources for these funds. They were as follows:
  1. Aggregated customer deposits at QuadrigaCX that were sent by the exchange itself.
    [su_spacer size=”5″]
  2. Darkweb addresses.
    [su_spacer size=”5″]
  3. Hacked/compromised exchanges.
    [su_spacer size=”5″]
  4. Bitcoin scams (HYIPs, Ponzis, ‘Mutliply Your Bitcoin!’ Schemes)
    [su_spacer size=”5″]
  5. Online Bitcoin Casinos (Not Explicitly Illegal According to Canadian Law)
    [su_spacer size=”5″]
  6. Other Illicit Sources
    [su_spacer size=”5″]

The list above is actually another reason why we can state in the affirmative that these were not customer withdrawals.
[su_spacer size=”10″]

Q: This report claims that QuadrigaCX liquidated down $400M worth of bitcoins. How is this possible?
[su_spacer size=”5″]

  • This question is a good one and it requires a multi-faceted answer. In order to answer this question, we should first ask ourselves:
    [su_spacer size=”5″]

What should we consider liquidation?’
[su_spacer size=”5″]

This is an important question to ask because, without an answer, it can always be suggested that, ‘Maybe the money was going to their real cold wallets’.

To start with, a proper definition of liquidation, in this context, is when an exchange/entity/customer redeems their cryptocurrency for some other value.

Generally, when money is seen being sent from an unidentified (personal) wallet to an exchange, that is considered liquidation. This is because exchanges are not storage.

It has been posited in the crypto commuinty and in Jennifer Robertson’s (wife of CEO Gerry Cotten) affidavit that perhaps Gerry Cotten was storing the funds at an exchange.

This explanation for the funds is implausible for a host of reasons, which are as follows:
[su_spacer size=”5″]

  1. Crypto assets are fundamentally different from real world assets in that the greatest means of securing one’s assets in this space is personal storage. In the real world, [Canadian] banks have CDIC (Canadian equivalent of FDIC for American readers) and customers have a right to their money in the event that the banks defraud them in some way. Banks in established nations with developed economies are also much less susceptible to ‘losing’ customer funds and robbing/hacking a bank for its money is exponentially more difficult than hacking a crypto exchange. In crypto, however, there is no unified regulation that mandates a certain level of transparency or ethical conduct from the actors in the space (i.e., exchanges). It is not uncommon to read news about an owner absconding with funds given to them for safe keeping by their customers. Hacks, of course, are a somewhat mundane experience and customers usually bear the brunt of such adverse events when they occur. Therefore, retaining ownership of one’s crypto holdings and securing them personally is the best method of securing one’s funds in the crypto space.
    [su_spacer size=”5″]
  2. There are plenty of other exchanges in the cryptocurrency space with vast holdings of Bitcoin and they simply do not engage in the practice of storing their funds on another exchange. All this would do is add tremendous counterparty risk.
    [su_spacer size=”5″]
  3. If there were an exchange that QuadrigaCX was storing their funds on, the above research would lead any reasonable observer to conclude that the exchange in question is Bitfinex. Given the fact that the two exchanges have the same payment processor (Crypto Capital Co.), it is more than logical to suggest that Gerry Cotten’s death would not be an impediment to Bitfinex releasing those funds. However, given the number of bitcoins that have been transferred to Bitfinex from QuadrigaCX and the current number of bitcoins in Bitfinex’s possession — the funds have more than likely been liquidated by Bitfinex themselves at this point.
    [su_spacer size=”5″]

Where funds were observed going to:
[su_spacer size=”5″]

  1. Multiple exchange hot wallets (with Bitfinex being the most common deposit location).
    [su_spacer size=”5″]
  2. Localbitcoins’. For those that do not know, ‘localbitcoins’ is a service for people that are looking to sell their bitcoins via face-to-face transactions. If bitcoins are being sent here, there is a 99.9% chance that those bitcoins have been liquidated.
    [su_spacer size=”5″]
  3. Illicit entities. These entities include the same illicit sources named above in the report. It goes without saying that these entities probably would not return QuadrigaCX’s funds, even if they had them.
    [su_spacer size=”5″]

Arriving at the $400M Total

[su_spacer size=”5″]

Given the fact that these wallets were all virtually emptied (i.e., all funds in each of the wallets examined where liquidated) — the author added the aggregate total between all 5 wallets. The author also had an independent blockchain research firm examine the transactions between the illicit wallet that was outlined in this report and one of the other hot wallets. The analysis yielded the conclusion that the two owners had to either A) Be the same entity or B) Be working for or with each other in close cooperation.

Thus, the illicit wallet’s liquidation total was factored in as well.
[su_spacer size=”10″]

Q: How can the author be so sure about their findings?
[su_spacer size=”5″]

  • This is another great question. The answer, simply put, is because of blockchain and QuadrigaCX’s self-identification.

[su_spacer size=”5″]
For those that have not been following this story, QuadrigaCX made the following announcement via the court monitor approximately two days ago:
[su_spacer size=”5″]

[su_spacer size=”5″]
This total matches the total amount of funds (off by about a Bitcoin) that were liquidated from the ‘hot wallet cluster’ for QuadrigaCX in the first Bitcoin analysis report:
[su_spacer size=”5″]

[su_spacer size=”5″]
The cluster wallet depicted above has also been positively identified by matching one of the Bitcoin wallet addresses that Jennifer affirmed as belonging to QuadrigaCX in her affidavit with results on ‘Walletexplorer’.

These two pieces of evidence, in conjunction, serve as strong evidence that the screenshot above is of QuadrigaCX’s ‘hot wallet cluster’.

As noted in the Reddit report that the CoinDesk article referenced, these 104 bitcoins were sent to 5 different wallets. Based on QuadrigaCX’s statements through the Court Monitor, it must be accepted that the aforementioned 5 wallets in the report belong to QuadrigaCX.

If this is not the case, then QuadrigaCX has lied explicitly, which would undoubtedly have an indelible impact on the trajectory of this situation going forward.

Given that the cold wallet addresses were known, the only work required from that point was piecing together how many bitcoins went into the wallets and where these bitcoins were sent to as well as where these bitcoins are from.
[su_spacer size=”20″]

Final Remarks

[su_spacer size=”5″]
This piece was created with painstaking diligence to ensure that there was “no stone left unturned” for either the readers, potential investigators reading the report or litigators of this matter.

As many have stated, it is important to not turn the QuadrigaCX situation into a ‘witch hunt’. However, in that same vein, it is also important to not look for reasons to exonerate QuadrigaCX.

Since this is merely a blockchain analysis, which is quantitative and finite rather than qualitative, there is no room for ‘bias’ in dissecting the results.

Reflecting on the report from a subjective point of view, it appears that customer funds at QuadrigaCX were liquidated and that a significant amount of money was laundered as well. However, it does not seem that the primary purpose of Quadriga’s operation was to liquidate customer funds. 

In essence, it appears that QuadrigaCX was involved in significant criminal activity that had no direct relation to the exchange at all and that the presence of the exchange itself gave it a plausible reason for owning so many bitcoins.

 

 

 

19 comments on “Report Shows QuadrigaCX “Cold Wallets” Actively Involved in SIGNIFICANT Criminal Activity: Ties to Silk Road, Hacked Funds, Identity Theft, and Drug/Human Trafficking

  1. Uhh. You left out the most important piece of proof. You claim these were not customer generated withdrawal of crypto bought using fiat via QCX. How can you know that without their internal records.

    What you show looks like the transactions of QCXs user base…

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.