Blue Line

Three ways money launder’s use cryptocurrency systems

Police stopped Kellen P., a small-time drug dealer in rural Arizona in the United States, after running a red light. The officer arrested Kellen after a K9 found a brick of cocaine, methamphetamine, heroin and acid (LSD) hidden in a backpack.

October 21, 2018  By Joshua Lee

While the officer was searching the vehicle, he saw something out of the corner of his eye — small pieces of paper flapping in the wind. He picked up the paper and realized he was looking at something much more significant than just random fast food and convenience store receipts. He was looking at recently printed Bitcoin ATM receipts.

Bitcoin and Monero are two of the 994 cryptocurrencies available for purchase and are the two most common cryptocurrencies used by criminals. Cryptocurrency is a non-tangible digital form of currency regulated by complicated algorithms. Cryptocurrency replaces or is used in conjunction with a government’s primary currency. Despite the complicated nature of this type of currency, most are extremely easy to use, semi or fully anonymous and very difficult for law enforcement to track.

Small time drug dealers, large weapons traffickers and shady business owners are moving away from traditional forms of banking and moving toward cryptocurrency systems. Below, I listed the three most common ways criminals are laundering money through the system and where you, the investigator, should focus your efforts when investigating these crimes.

Traditional banking
The easiest and most common way criminals are using the cryptocurrency system is through the use of traditional banking systems. The criminal will first open a bank checking account. After the bank account is open and is funded with proceeds from a crime, the criminal will then open an digital wallet — similar to a bank account, just not associated with a bank—where he can store his cryptocurrency. He will then make small deposits from his traditional bank account into a digital wallet through the use of a digital exchange house. It sounds complicated, but most cryptocurrency wallets are owned by exchange houses, making the transaction as easy as any other online payment you would make with your bank.  


In order to get the money out of the system, the launderer can convert the cryptocurrency into other cryptocurrencies (Bitcoin, Monero, etc.) to use on the dark web, transfer it internationally (for example, from Canada to Mexico) or exchange it for the same or another government-backed currency (U.S. dollar to Bitcoin to Iraqi dinar).

Many lower and mid-level money launderers like Kellen P. prefer to use crypto-ATMs because it is very easy, quick and secure. Plus, you don’t have to own a traditional bank account, making it a lot easier to conceal your activity.

Most crypto-ATMs look just like a sleeker, updated version of a traditional bank ATM equipped with touchscreens, cameras, keypads and deposit slots.

Once the launder has his illegal proceeds, all he will need to do is find nearby crypt-ATM. From there, he will push the button “make deposit,” scan his Bitcoin wallet’s QR code using the built-in QR reader, insert the physical bills, then click “complete.”  

Kellen P. used this system to his advantage. He would sell drugs on the street, then immediately go to a nearby Bitcoin ATM to make a deposit. From there, he would keep his money in his digital wallet until he needed to buy more drugs or withdraw cash for personal use.

Dark web transactions are even easier and more profitable than selling drugs on the street. Kellen P. would purchase drugs from a local supplier then, after he receives a Bitcoin payment from a buyer, he would ship it using small envelopes. Since Kellen P. only shipped small amounts of drugs at a time, law enforcement was never able to intercept him.

Use a friend (money mules)
In 2013, the United States Federal Bureau of Investigations (FBI) shut down the dark web’s Silkroad, an international drug-dealing platform. Soon after the shutdown, the copycat Silkroad 2.0 emerged.

Launderers for Silkroad 2.0 admitted to using friends to help launder proceeds from the site. After receiving payment for illicit goods, alleged Silkroad 2.0 owners Blake Bethnall and Brian Farrell would transfer Bitcoin to their friends who would withdraw it through banks or a Bitcoin ATM. Their friends would then give him the physical cash after keeping a small portion for themselves.

If launders want to move money into the system surreptitiously and do not have access to ATMs, they will use a “friend.” Even if the launderer does not have a friend in the crypto-market that they can easily find one at

In Canada, there are hundreds of registered users on All the launderer needs to do is contact the depositor and give them the money. The depositor will then transfer Bitcoin directly into the launderers account for a fee of 10-30 per cent of the transaction. Many U.S. depositors can also exchange the Bitcoin into other currencies or can make a transfer in behalf of the launderer.

This process is very simple but very difficult for law enforcement to investigate.

Where to start?
The easiest way to investigate crypto-crimes is to focus on what you can see and discard the rest. It is borderline useless to try to trace cryptocurrencies once they leave a suspect’s digital wallet since it will likely lead you down a path full of digital tumblers, third party wallets and anonymous transfers.

Focus on what you can see using traditional investigative techniques. These are called choke points. Each choke point offers an opportunity to catch the crypto-launderer before it is too late.

So let’s break it down:

Example 1.) The launderer chose to use traditional banks and a legitimate cryptocurrency wallet. Subpoena the bank accounts and focus on tracking how much money is moving into and out of digital exchange house.

Example 2.) The launderer chose to skip traditional banks to use a crypto-ATM. Most countries have laws regarding crypto-ATM client information storage, but investigators should be able to identify how much was transferred, when and where the transfer was made. All crypto-ATMs have cameras so investigators should be able to obtain a picture of who made the transfer.

While searching suspects, investigators should pay close attention to the trash in the suspect’s pockets or the suspect’s car.

Example 3.) The launderer chose to skip banks and crypto-ATMs, opting to use a friend instead. This type of money laundering is the most difficult to identify and where old-fashioned police tactics —like surveillance and interviews — play an important role. Once identified, detectives should put pressure on the launderer’s friend to elicit information against the launderer.
Professional money launderers will use a variety of different techniques when laundering money, including using the cryptocurrency system. Good money launders, to avoid detection and confuse the money audit trial, will likely use one or a combination of the examples I mentioned above. Remember to focus on what you know and what you see. Surveillance and interviews will lead you to success and help fill in the gaps you will be missing in these digital investigations.  

Joshua Lee is a full-time police detective for the Mesa Police Department in Arizona. He has served as a patrol officer but is currently assigned to the Organized Crime Section of his department. He specializes in asset forfeiture investigations and convoluted financial and crypto-crimes. Lee is also an adjunct law and criminal justice professor, and instructs police in-service training. He is a financial crimes consultant for banks and financial institutions throughout the State of Arizona and is a Certified Fraud Examiner holding several professional and teaching certifications. He is also the owner of Secret Squirrel Press, which specializes in product reviews for law enforcement and more.

Print this page


Stories continue below