In Beijing’s Haidian District, investigators dismantled a sophisticated transnational criminal organization or TCO that siphoned off ¥140 million (≈ $20 million) from a short‑video platform company and laundered the funds through Bitcoin—all while relying on crypto mixers and offshore exchanges to obscure the trail. Despite advanced laundering techniques, law enforcement traced the money flow, recovered over 90 BTC, and secured lengthy prison sentences. Here's how blockchain forensics and multi‑disciplinary evidence integration cracked the case.
From 2020 to 2021, an employee identified only as Feng controlled the onboarding of service providers, structuring of bonuses, and approval of payouts at the short‑video platform (widely reported as Kuaishou). Leveraging this unchecked authority, Feng conspired with outside collaborators (Tang and Yang) to engineer deliberate loopholes in the bonus policy and redirect legitimate payouts to fake vendors they created.
Ghost shell companies—set up purely to receive these bogus bonus payments—became conduits for diverting ¥140 million away from the firm. Internal data leaks enabled collaborators to submit fabricated documentation that appeared to meet eligibility rules.
Once the funds were in these shell accounts, the group moved swiftly. They transferred the stolen assets through eight separate offshore cryptocurrency exchanges, converting them to Bitcoin in segmented batches.
To obscure the origins of the funds, they employed coin mixing services, a process that combines coins from multiple users to scramble transaction paths and resist traceback. After mixing, portions of the Bitcoin were converted back to yuan via over‑the‑counter (OTC) trades and funneled into bank accounts under the control of the perpetrators.
Despite the use of anonymizing technology, Chinese authorities assembled a robust multi-stream evidence framework that integrated transaction data, internal company documents, and bank-level cash flows.
The forensic investigation culminated in the seizure and recovery of over 90 BTC, valued at approximately CNY 89 million (~$11 million), which prosecutors ordered surrendered.
Sentences ranged from 3 to over 14 years, with Feng receiving the longest term of 14 years and six months. All defendants were convicted for occupational embezzlement and related financial crimes under Chinese law.
From a global law enforcement perspective, this case illustrates several critical principles:
Even though mixers were used to hide transaction origins, investigators established probabilistic links via clustering, timing correlations, and platform patterns. As Dan Dadybayo of Unstoppable Wallet noted:
“Tracing funds through coin mixing significantly increases complexity, but does not guarantee full anonymity… investigators could partially or even fully reconstruct flows in many cases.”
The use of internal corporate logs, vendor onboarding records, emails, and bonus policy documents allowed prosecutors to anchor blockchain analysis to real-world operational behavior. This made the case more than just an on‑chain trail—it became a well-documented fraud narrative.
Obtaining exchange records was key. By correlating wallet flows with KYC identities, timing, and IP logs, investigators could definitively link cryptocurrency flows to shell companies and individual actors managing the fraud. Jurisdictional complexity (eight different exchanges) was managed with coordinated legal requests.
This case shows how a medium-level insider can weaponize digital tools, such as incentive systems and crypto, to execute large-scale fraud. This isn’t organized crime or ransomware; it’s white-collar corruption enabled by crypto ecosystem vulnerabilities.
Tech companies must implement real-time monitoring, robust vendor onboarding protocols, and multi-step approval processes for high-value payouts to avoid similar loopholes.
Crypto platforms must maintain strong AML/KYC processes and support cross-border investigative requests, even while operating where crypto is partially restricted.
Law enforcement agencies worldwide can take note: this is not just a tech‑sector cautionary tale, it’s a forensic case study in how sophisticated blockchain analytics, legal cooperation, and cross‑domain data integration can dismantle elaborate laundering operations—even those built by insider actors.
At Merkle Science, we equip law enforcement and compliance teams with the blockchain intelligence tools needed to trace illicit crypto flows, uncover hidden networks, and recover stolen assets—no matter how complex the scheme. Learn more about Tracker.
