Chinese Officials Hoped CoinJoin Would Hide Bitcoin Bribes

key takeaways

Guochun He and Zheng Wang sought bitcoin wallet Wasabi to hide bribe payments, Elliptic said
The pair allegedly hoped to gather confidential documents related to a federal investigation into Huawei

Two Chinese officials tried to hide bitcoin bribes paid to a US double agent with crypto mixing technology, once again thrusting privacy-preserving protocols into public discourse.

In 2019, authorities say Guochun He and Zheng Wang directed a US government employee to steal information about an ongoing criminal investigation into a global telecom company based in the People’s Republic of China (PRC), according to the Department of Justice (DOJ).

The DOJ doesn’t name the company, but the Wall Street Journal and CNBC both reported the firm as Huawei.

The officials, said to be conducting foreign intelligence operations in the interest of Huawei, believed the US government employee was recruited to work for Beijing. He was in fact working with the US Federal Bureau of Investigation (FBI), the complaint alleges.

In Sept. 2021, the Chinese officials assigned the double agent with detailing their meetings with prosecutors at the US Attorney’s office in Brooklyn.

They were especially interested in understanding which Huawei employees had been interviewed by the government, seeking a description of the prosecutors’ evidence, witness list and trial strategy.

Guochun He, one of the Chinese officials who paid the bitcoin bribes, allegedly told the agent that the company in question was “obviously interested” in the information. He first handed over $41,000 in bitcoin in Oct. 2021 for stealing a document and another lot worth $20,000 in September.

Huawei didn’t return Blockworks’ request for comment by press time.

Analytics unit traced bitcoin bribes despite Wasabi Wallet

In private messages, He allegedly asked the agent to accept bitcoin as he believed it would be “private and safe” from the eyes of the government.

Crypto has long been considered a means of engaging in discrete transactions, but mostly the opposite is true. Blockchain data, at its core, is almost always public and transactions are traceable, albeit pseudonymous.

Crypto mixers were designed to provide privacy for this open financial system. There are many different kinds but they generally work by commingling funds with other users.

Mixers have increasingly come under the spotlight after usage by North Korean hackers and other bad actors in laundering illicit crypto gathered from exploits across the crypto ecosystem alongside ransomware attacks.

Excerpt from DOJ indictment.

The US recently banned citizens from using Ethereum-powered crypto mixing service Tornado Cash for this reason.

Blockchain analytics firm Elliptic found that the two officials used bitcoin wallet Wasabi Wallet to conceal their transactions. Wasabi describes itself as an open-source, non-custodial bitcoin wallet created to provide privacy by default.

The wallet makes use of tech known as “CoinJoin,” which combines bitcoin of multiple transacting parties to render identifying fund provenance more difficult.

“All of the bribe payments can be traced back to Wasabi,” Elliptic said in a statement. Tom Robinson, co-founder and chief scientist at Elliptic, told Blockworks the firm was able to identify the bitcoin transactions based on details disclosed in the criminal complaint.

Elliptic was then able to use its blockchain analytics tools to trace the source of the payments and identify the use of Wasabi. Wasabi Wallet didn’t immediately return Blockworks’ request for comment.

Image source: Elliptic

Both officials are charged with attempting to obstruct a criminal prosecution of Huawei in the federal district court in the Eastern District of New York. He is additionally charged with two counts of money laundering based on bribe payments.

They currently remain at large. If convicted, He faces up to 60 in prison and Wang faces up to 20 years.

In any case, the matter once more highlights the difficulty of hiding crypto activity — whether illicit or benign — even after funds are sent through crypto mixing technology such CoinJoin.

Elliptic’s Robinson told Blockworks the firm has “special techniques for identifying bitcoin addresses associated with Wasabi use.”

Get the news in your inbox. Explore Blockworks newsletters:

The Breakdown: Decoding crypto and the markets. Daily.
Empire: Crypto news and analysis to start your day.
Forward Guidance: The intersection of crypto, macro and policy.
0xResearch: Alpha directly in your inbox.
Lightspeed: All things Solana.
The Drop: Apps, games, memes and more.
Supply Shock: Bitcoin, bitcoin, bitcoin.