Working the Mt.Gox files, one question quickly appeared: Where did the funds go? 

At least for some there is an answer: BTC-e.

An exchange that emerged shortly after the first major hack at Mt.Gox. It went live and rapidly grew to something that should later become known as one of the most notorious exchanges of that era. 

In this article we are going to have a look at the casefile of BTC-e, trace its connections through the blockchain and darkweb.  

Act 1 – The Emergence 

BTC-e launched in July 2011, just weeks after Mt. Gox suffered its first major hack. It didn´t present itself as a Silicon Valley startup or a transparent trading venue. It had:

• No clear headquarters

• No identifiable executive team

• No public-facing corporate structure

Later investigations tied the exchange to Alexander Vinnik, a Russian national, along with other associates, including a Belarusian national Aliaksandr Klimenka.
Corporate entities linked to the exchange were registered in Cyprus and Bulgaria, while infrastructure and operational control were tied to Eastern Europe.

BTC-e operated with anonymous account registration and pooled wallet infrastructure, making it hard to trace funds, once they found their way into the exchange. 

Users could deposit Bitcoin and trade it for USD, EUR, RUB, or other crypto assets. At its peak, BTC-e handled approximately 3–5% of global Bitcoin trading volume — a significant share in the early market.

Act 2 – The Mt. Gox Flow 

When Mt. Gox declared bankruptcy in February 2014, around 650,000 BTC were reported missing. 

Subsequent forensic investigations — especially from independent analysts such as WizSec — determined the following:

• Probably all of the BTC were stolen through a long-running breach of Mt. Gox’s hot wallet.

• The theft began as early as late 2011.

• A large portion of these funds were funneled into wallets later linked to BTC-e.

Blockchain tracing showed the method of the hackers :

• Coins were broken into smaller increments before transfer.

• Funds were routed through intermediary addresses.

• Deposits finally were transfered to BTC-e-controlled wallets.

Because BTC-e pooled customer funds and booked internal transfers off-chain, that meant once Bitcoin entered the exchange, ownership records were no longer visible onchain, making them basically impossible to trace. 

U.S. authorities later stated that over 300,000 BTC connected to the Mt. Gox theft were probably laundered through BTC-e.

In a 2019 unsealed document, the DOJ stated that Vinnik together with one of his partners, Alexey Bilyuchenko, actually were directly responsible for the hack of the Mt.Gox wallets.

Flow of the Mt.Gox funds. Mt.Gox in blue on the left, BTC-e orange on the right. Note the blue box on the right, also representing Mt.Gox, indicating they were used to launder their own stolen funds. Interactive original can be found at https://wizsec.jp/images/theft_flow.svg

Act 3 – Silk Road & Criminal Liquidity

Between 2011 and 2013, the darknet marketplace Silk Road generated significant Bitcoin transaction volume. Basically known as the Ebay of the darkweb, it primarily acted as a marketplace for drugs. But also other, more or less legal, goods could be bought there, with BTC as the only way of payment. 

Vendors who earned Bitcoin through their sales needed a method to convert it into fiat currency. Thats where BTC-e became a handy solution. Reasons were simple: 

• Identity verification was practically non-existent.

• No withdrawal limitations

• No actual enforcement of compliance

According to the U.S. Department of Justice, BTC-e processed funds with connections to​​​​​​​ Mt. Gox theft proceeds, ​​​​​​​Silk Road vendor accounts and ​​​​​​​Ransomware schemes.

In official statements, the U.S. government estimated that BTC-e had facilitated transactions exceeding 4 billion USD in criminal proceeds over its operational lifetime.

Act 4 – The Seizure

On July 25, 2017, the U.S. Department of Justice seized the BTC-e domain.

On the same day Alexander Vinnik was arrested in Greece on charges including:​​​​​​​ Money laundering,, ​​​​​​​operating an unlicensed money service business and​​​​​​​ facilitating the laundering of funds from hacks and darknet markets.

Klimenka was arrested in 2023 in Latvia and later extradited to the US. 

Authorities alleged that BTC-e served more than one million users worldwide.

The exchange infrastructure was dismantled, and operations ceased.

In 2018 some users reported partial access to funds through a successor platform called WEX, but it never restored full balances and later disappeared. Insiders suggested that the funds ultimately came under the control of the russian intelligence service FSB. 

Act 5 - Conclusion

BTC-e demonstrated something critical about early crypto markets:

• Theft could occur undetected for years.

• Laundering infrastructure could operate openly.

• Cross-border enforcement was slow and fragmented.

Mt. Gox showed internal failure.
BTC-e showed the shortcomings of external institutions.

Together, they represent the first fully formed crypto crime ecosystem.

This article was the continuation from the casefile 001/Mt.Gox. If you found it interesting, you might consider following this blog and reading some of the other entries. I´m writing a series in through which I´m tracing back some of the most famous incidents in the history of cryptocurrencies. 

Stop the Dev!