I am very concerned that the courts, these AUSA's prosecuting crypto crime, and the IRS do not seem to understand the difference between using LIFO to: (1) establish the amount of assets that flowed through a very limited set of KNOWN parties and a very limited set of their KNOWN accounts. (2) trace $148k through TEN unattributed wallets on the blockchain, each of which do somewhere between $4m in volume and $1.5 billion in volume, to establish that the last wallet in the chain received the victims funds and then sent out the victim's funds to Tornado Cash. I've never seen anything like this. I've never worked with a single fed who would back a freeze like this. I wouldn't back a freeze like this. Doing so runs a real risk in freezing an innocent third-party's funds unlawfully. It almost certainly does not impact the actual criminal—the thief, or their money laundering counterparts. Thus, it would not create recourse for the victims of the original crime.

You're telling me that not a single one of these hops was the sending party paying the receiving party for something that they received elsewhere? That there is def no service or OTC desk here. And you're telling me you know this because...."LIFO is a valid tracing method."

People always ask me, "what's the best tool?" And I always say, "The tool is the least important thing in crypto tracing." This is such a perfect example of why. I want you—yes, literally, you—to imagine that you are the red address pictured below.

You receive a flat 500,000 from someone. You know what it's for (wink wink nudge nudge 😄) Now, under what circumstances do you send out...*checks notes*....exactly $46,511.62? Don't overthink it—you're not an expert and that's fine. Just use your brain. There are a handful of possibilities. All of them are possible based on the limited information I've given you. Some are more reasonable than others. What do you think?

All the responses to my question were actually....really great. I'm impressed. Seriously! I copy/paste here bc it's going to be hard to find them later: @Shenanigrahams: "buying NFTs" @ReilgunII: "buying a car" @notrlyacat: "someone's getting their cut. 10% minus [finder / handling fee] was the thought process. automatically triggered hence the random value." @FlyGuyInTheSky: "Less than 1 minute between receiving and sending is absolutely crazy… possible with a GridPlus Lattice1 but a Ledger … 🧐 looks like distribution of the “winnings”." @Onchainsnoop: "Round number input and random output. Looks like the 500k is an internal movement of funds between two addresses belonging to the same service and the output is withdrawal from the service..??" @danielvf: "Given that it moved out 55 seconds later, I'd assume unrelated previous business, unless the movement could be triggered by address 4."

@Shenanigrahams @ReilgunII @notrlyacat You'll notice that all these responses have something in common: they all speculate about (for lack of better words) some "external force" thats, in part, "triggering" the transaction. Because transactions don't just randomly happen. Agent George put it like this:

@Shenanigrahams @ReilgunII @notrlyacat Specifically with the transaction I highlighted, multiple people latched onto: 1. The discrepancy btwn the incoming even 500,000 and the outgoing 46,511.62 2. The amount of time between the incoming and outgoing transaction What story does this tell -or- not tell?

Ultimately we will never know unless the owner(s) of these addresses decides to tell us (please do lol) But I think that there is a lot of evidence that the outgoing transaction is not related to the incoming transaction. It defies logic that a single person sent themselves 500k and then sent themselves 46,511.62. The txns are very quick, and that amount out is very precise. It's more likely that Address 5 sent out that 46k during their "normal" course of business, and the 500k just happened to land seconds before it.

It is possible that a single entity, e.g. an exchange, topped up their account with 500k in order to process pending withdrawals. If so, a single entity would actually control both address 4 + 5. However, it's unlikely they would control Addr 6—that would be a withdrawing third-party. It would also imply that Addr 2 or 3 were actually deposits into said exchange, made by a different, fourth-party (the scammer?)

All of those things would break the trace though. The exact circumstances just dont matter. In order for the trace to even plausibly hold, you would have to imagine that the owner of Address 4 is the scammer. He then said to the owner of Address 5, "here's 500k I scammed please launder it for me and give it back to me when you're done!" Then, seconds later, Address 5 started laundering it for him. Or something. But that's just not how these things work. Address 4 would say, "here's 500k usdt, pls give me [BTC|TRX|U on T|RMB|USD]" Address 5 would receive the money on ETH and send them 500k [BTC|TRX|U on T|RMB|USD]. Any outgoing ETH txns are part of a separate deal and are not the victim's funds.