How Dutch Police Conduct Operations Against Darknet Marketplaces
It’s widely known that Dutch drug suppliers, especially those dealing in various euphoric substances, are considered among the best in the business. Products from Amsterdam are highly valued on the darknet, often serving as a benchmark for quality. Like other suppliers, the Dutch aim to expand beyond their borders and find large-scale clients. You may notice that many Russian vendors on various platforms offer genuinely European products on their shelves.
Of course, the active export of goods from the Netherlands attracts the attention of authorities. The growing global demand for high-quality drugs only increases the intensity of shipments. It’s worth recalling that the largest darknet market, Hansa, was shut down by Dutch and German law enforcement. The operation led to the seizure of the marketplace’s servers, which were located in Lithuania. This shows that Dutch police are truly active. Moreover, there are special departments and teams dedicated to investigating cybercrimes.
Over the years, the popularity of the darknet has grown, and now regular Tor users are increasingly buying drugs and other illegal goods online. The seriousness of this issue has drawn significant attention from the public and government agencies, which is why Dutch law enforcement has developed a set of measures to counter darknet trade within the country. Their approach is straightforward: they de-anonymize users and catch them offline. Nothing new here.
User Identification Methods
After the “Hansa marketplace takedown,” officers began raiding the homes of anyone connected to the market. Naturally, all these users were identified.
How do they do it? Primarily through the analysis of cryptocurrency transactions. We’ve written about this several times before. Here are some related articles:
- Almost all ZCash and ZClassic transactions are not anonymous
- Using Bitcoin transaction analysis to de-anonymize Tor hidden service users
- How the U.S. government studies the blockchain
Different wallets linked by transactions are associated with mailing addresses or other possible accounts. Next, registered accounts on social networks and seized darknet sites are checked, specifically the emails those accounts are registered to. This starts the process of building logical and causal connections.
Then, using information provided by crypto exchanges—which are legally required to share user data—law enforcement can accurately determine which transactions are made from specific Bitcoin addresses.
So, once investigators have a suspect’s Bitcoin address, the rest isn’t too difficult, as it’s a matter of connecting the dots, similar to traditional police investigation methods.
It’s worth noting that Europeans, especially Germans and Dutch, are very serious about fighting the darknet and plan to hire people from various fields—cryptography, programming, forensics, finance, and related areas—to create more effective teams.
After the “Market Crashes”
After the takedowns of Hansa and Alphabay, law enforcement gained access to thousands of user accounts. Many users migrated to other platforms, such as Dream Market. However, most of them continued to use the same PGP keys for platform identification, allowing police to keep tracking users and compromise them at any time. Did you change your PGP key after the RAMP shutdown? Do you even use encryption for your shady dealings?
Who Analyzes Cryptocurrency Transactions?
With the help of Chainalysis, a company specializing in cryptocurrency forensics, a team led by Coevering can identify individuals involved in various potentially criminal activities. Chainalysis software uses artificial intelligence to detect related transactions if at least one known Bitcoin address is available.
Another method is used to detect suspicious activity when several Bitcoin transactions originate from one source and then suddenly change direction to a new wallet.
In recent years, Bitcoin has remained the main payment method on darknet markets, but the trend is shifting as new cryptocurrencies are integrated. These new tokens are considered cheaper due to lower transaction costs, faster processing times, and, most importantly, greater anonymity.
Because of this, Chainalysis is working on developing tools to analyze the blockchains of other digital tokens commonly used by cybercriminals. This move could attract more high-profile clients to the company.
Challenges of Transaction Analysis
It was once believed that Bitcoin was the most anonymous and secure payment method. However, after a series of arrests, it became clear that this isn’t the case.
Another troubling fact is leaked information that the NSA and the U.S. military are working on ways to track Monero users.
That’s why many have started using mixers and obfuscating their transactions, making analysis more difficult. Moreover, modern darknet markets are integrating mixers into their payment systems.
Another tactic is changing Bitcoin addresses after each transaction, which has also become common practice.
The Crypto Era Has Just Begun
Think about it: ten years ago, most of us hadn’t even heard of anything like Bitcoin, and now we all know about hundreds of different cryptocurrencies.
Of course, criminals were the first to venture into the world of cryptocurrencies, since what is not fully understood can offer some security. But as we now see, this works both ways.
Cryptocurrency transactions are the only possible lead for law enforcement, and they are constantly improving their methods of analysis and investigation in this area.