Article reprinted from: Chloe

Author: Chloe, PANews

During the "MeToo" storm in Taiwan in 2023, the well-known Taiwanese host Huang Zijiao was involved in sexual harassment accusations, which attracted great attention from the outside world. Recently, an "outside case" has been revealed. During the investigation process, it was accidentally discovered that Huang Zijiao's personal hard drive contained a large number of pornographic videos. In addition to hundreds of nude videos of women, 7 of them were secretly filmed videos of underage girls. The youngest The victim was even less than 10 years old, which triggered days of public criticism.

Faced with doubts, he admitted that the video came from the well-known Taiwanese voyeur forum "Creative Private Room", which was dubbed the "Taiwanese version of Room N" because of its obscene content and invasion of privacy (the "Nth Room" incident occurred in the second half of 2018, causing an uproar in Korean society and a "sexual exploitation" incident that attracted attention from all over Asia). Huang Zijiao was also found by prosecutors to be a "senior member" of the voyeur forum Creative Private Room.

In order to avoid tracing, the "Creative Private Room" forum deliberately set up its website overseas and publicly announced that members can use USDT TRC20 to store value. However, the specific wallet address is required to be informed via private message, and it is particularly emphasized that the use of Taiwan exchange wallets is prohibited in an attempt to deceive others.

According to insiders, there is actually a more covert money laundering channel behind "Creative Private House". They use dummy accounts to collect membership fees, and then transfer USDT to "suppliers" who provide illegal pornographic videos. This practice undoubtedly makes the flow of criminal proceeds more confusing and greatly increases the difficulty of identification for prosecutors and police.

XREX releases a cash flow report to analyze wallet transaction cash flow

However, traditional information on the blockchain is open and transparent, and can be checked by everyone. Every transaction and transfer on the chain is recorded and can be traced.

"Block Trends" published an article on April 11, using the "Wayback Machine", a tool that records historical changes in web pages, to find the address provided by members on the voyeur forum for remittances, and then used MetaSleuth, a graphical on-chain transaction website, to clarify the flow, and finally obtained the non-custodial payment wallet addresses used by 4 creative private houses at different times.

On April 12, Taiwan Exchange XREX released a report analyzing the four payment wallet addresses, tracing the flow of funds on the chain, targeting the recipients behind the "Creative Private House" and those who actually gained benefits through voyeurism and sexual violence.

According to the usage of the "Creative Private House" wallet provided in the report, the total amount of payments received by these four wallets totaled 896,000 USDT.

Looking at the possible actual beneficiaries, 10 "custodial wallets" received more than 10,000 USDT from Creative Private House, using exchanges including Binance, Max, ACE, and BingX. These 10 wallets also frequently received funds transferred from these 4 "non-custodial" wallets.

Among them, the "custodial wallet" that received the most payments was TNFw***4 located on Binance. XREX used the wallet database OKLink tool to find the transaction information of this wallet and found that this wallet has been active for 3 years. From December 5, 2021 to April 29, 2023, the wallet received funds from "Creative Private House" for a long time, receiving a total of 73 payments and obtaining more than 66,000 USDT.

Even among these 4 publicly disclosed wallets, the latest fund transfer was at 23:19:18 on April 10, 2024, from the OKX exchange to the 4th receiving wallet TA2***HRp8V of "Creative Private House", which means that this wallet is still frequently used and is in an active state.

Reverse engineering to find out the actual owner

XREX pointed out in the report that transferring tokens on the blockchain requires gas fees, and by tracing the source of gas fees, the wallets can be linked and the information of the actual holders can be found. Transferring TRC-20 USDT on the Tron chain requires TRX as the gas fee. By analyzing the flow of gas fees between these wallets, the real holders behind different wallets can be revealed and the connections between them can be found.

And if a wallet frequently transfers USDT, it will recharge a large amount of TRX. This feature is common in wallets controlled by organized and large-scale groups, whether they are fraud groups or illegal platforms like "Creative Private House".

The figure below is a relationship diagram generated using the Arkham visualization tool. The four wallets in the middle of the figure are the payment addresses used by "Creative Private House" at different times. The TRX in these four wallets have a common source, and these wallets also have close interactions in TRX transactions, forming a close network, revealing that these four wallets are likely controlled by the same person or the same group.

It can also be seen from the figure that the fourth wallet of "Creative Private House" TA2G8**Rp8V has a recharge record of 5,066 TRX from MEXC Exchange. Law enforcement agencies can query the user's real-name verification information from MEXC Exchange based on the transaction hash of this transaction and find out who the trader behind it is.

In addition to the TRX transaction records mentioned above, the source of the gas fee can be traced back. Among the four wallets of "Creative Private House", the first to open the transaction was TJxBDg**ACakZ, which made the first gas fee deposit at 16:03:21 on November 30, 2021.

From the visualization chart generated by Bitquery, we can find that the TRX transfer of "Creative Private House" shows a "layer transfer" relationship. Some wallets transfer TRX immediately after receiving it. This phenomenon of "fast in and fast out" of funds is not common in general trading behavior and is one of the characteristics of judging abnormal transactions.

XREX pointed out that a lot of TRX used to pay gas fees first jumped from Binance to a decentralized "non-custodial wallet" and then transferred to the first wallet of "Creative Private House" TJxBDgd**RACakZ.

The report also compiled these transaction hashes. As long as law enforcement agencies obtain relevant real-name verification information through Binance, they can know who is providing the TRX handling fees required for "Creative Private House" to transfer funds. XREX believes that "these traders may be website managers, staff, video providers, operators, or people who purchase equipment, or they may be members' refunds." If you want to find out the results, the prosecutors need to conduct further investigation and analysis.

It is worth noting that the exchange is the only unit that has users’ real-name verification information, so it is very important to find the “custodial wallet” of the centralized exchange. Through real-name verification and other identifiable information, it can be compared with the “creative private room” The group behind it.

When tracking down the group behind "Creative Private House", it is very important to find the "custodial wallet" of the centralized exchange, because the exchange is the only institution that holds the user's real-name authentication information. By cross-checking the real-name verification information and other identifiable clues, there is a chance to uncover the true identity of the manipulator behind "Creative Private House".