PART 1 (IF YOUR GRAPH SAVED FROM THE NEXTED EXCHANGE PRACTICAL, SKIP TO PART 2)

On 2024-05-04, a victim was contacted by a scammer identifying himself as a U.S. Customs Agent.  The scammer told the victim that a package addressed to her residence was intercepted and contained illegal drugs. The scammer advised that a fine of $30,000 has been assessed and must be paid immediately to avoid her passport being revoked. The victim frequently travels back and forth between the United States and England and was fearful of losing her passport.  The scammer advised that the funds should be paid immediately at any Bitcoin ATM Machine and that she should send the payment to the following address:

14t1boHKexyqQvWqwBhFyM9Gv51Z4rL3uj

On 2024-05-04 18:52:59 the victim traveled to a Bitcoin ATM Machine and deposited approximately $30,000 USD sending the funds to the scammer’s address. The net transfer was 0.40669661 BTC with a USD value of $25,822.22.

Using an advanced analytical tool trace the address and identify the following information:

NOTE: CT Pro – Use the Tracer Feature and set a date filter of 5/4-8/2024

NOTE: All hops occurred within one to two days of the scam.

• Identify the name of the primary CEX Exchange the target may have used to cash out the cryptocurrency. NOTE - MAKE SURE TO SAVE THIS GRAPH BECAUSE THE INVESTIGATION WILL CONTINUE ON DAY 2.
   
• Identify Nested Exchanges that may be using an API Key from the Primary Exchanges.
   
• Based on the above information, what would the next investigative steps be?
   
• Document the last four of the transaction hash, the suspect address, and the exchange deposit address that you would use to prepare a Letterhead Memo to the exchange for account information. 
   
• You submitted the Letterhead Memo to the identified exchange, and they advised the Let's Exchange was accessing their platform via API key.  Locate the Let's Exchange website and determine how the Let's Exchange operates, if they allow U.S. citizens, and what information may be available.

PART 2

LETS EXCHANGE PROVIDED THE FOLLOWING INFORMATION:

We would like to note that we have carefully considered your request and we think that it is necessary to state the following.

Because we respect your work in keeping the world safe, and approve that LetsExchange is always ready to cooperate in order to provide any possible assistance.

Regarding the disclosure of information, LetsExchange can provide the following data which previously was provided to us by our partner Aura551 Ltd.:

Pair BTC-BTC>USDT-TRC20

Date/time 05.05.24 / 09:14

Deposit address

bc1qa93j837fty7ea09tscll54ul26svshl4436y88

Hash in 7deab2aa13fd930e2cdf6366b7aca0ece771ba5df940542db7f353a6dba4ffa3

Recipient address

TLcLSBBDXvuF6qHRwz2H9PzsBHK6pQSsUK

Hash out d7d9877a2e0a3a604971f6e565eacb9dc5a25cff7d8a1c7ce578f87772a277e8

IP

2401:4900:839f:8dd7:5cc1:6d67:6f3a:54af

Please be informed that it is all information which we have from our side.

Moreover we also would like to note that the transaction was completed on the date of the exchange, and we are unable to freeze the funds on our end.

We hope this information will help you.

NOTE: CT PRO – SET A DATE FILTER OF 5/5/2024 AND START WITH THE RECIPIENT ADDRESS PROVIDED BY LETS EXCHANGE: THE TIME OF THE TRANSACTION WAS 2024-05-05 09:46:

Trace the address and attempt to identify a cashout point:

Document the last four of the transaction hash, the suspect address, and the exchange deposit address that you would use to prepare a Letterhead Memo to the exchange for account information.