1. Introduction

China has adopted one of the world's strictest regulatory approaches toward cryptocurrency-related activities. While private ownership of virtual assets has received limited civil recognition in certain judicial decisions, cryptocurrency trading, token issuance, exchange operations, and related financial services are generally prohibited. Consequently, cryptocurrency fraud investigations in China are treated not merely as financial crimes but often as cybercrime, telecom fraud, illegal fundraising, money laundering, and organized criminal activity.

Chinese cybercrime investigations involving cryptocurrency fraud are primarily conducted by:

• Ministry of Public Security (MPS)
• Cyber Security Bureau
• People's Procuratorates
• People's Courts
• People's Bank of China (PBOC)
• Cyberspace Administration of China (CAC)
• Anti-Money Laundering Authorities

2. Legal Framework Governing Cryptocurrency Fraud Investigations

A. Criminal Law of the People's Republic of China

Investigators generally invoke:

Article 266 – Fraud

Applies where offenders obtain property through deception.

Article 224 – Contract Fraud

Used where fraudulent investment contracts are involved.

Article 191 – Money Laundering

Applicable when cryptocurrency is used to conceal criminal proceeds.

Article 312 – Concealing or Disguising Criminal Proceeds

Frequently used against OTC traders and crypto laundering networks.

Article 287

Cybercrime-related offenses involving network technologies.

Article 225

Illegal Business Operations.

B. Anti-Telecom and Online Fraud Law (2022)

China's Anti-Telecom and Online Fraud Law provides a comprehensive framework for combating internet-based fraud, including cryptocurrency investment scams, pig-butchering schemes, online investment platforms, and virtual asset fraud. The law mandates cooperation among telecommunications providers, financial institutions, internet platforms, and law-enforcement agencies.

3. Cryptocurrency Fraud Investigation Protocol in China

Stage 1: Complaint Registration

Victims report fraud through:

• Local Public Security Bureau (PSB)
• National Anti-Fraud Center
• Cybercrime reporting portals
• Financial intelligence units

Investigators collect:

• Wallet addresses
• Exchange account information
• Screenshots
• Transaction hashes
• Communication records
• KYC documents

Stage 2: Initial Intelligence Assessment

Authorities determine:

Nature of Fraud

• Fake investment platform
• Ponzi scheme
• Pig-butchering scam
• ICO fraud
• Mining fraud
• OTC laundering operation
• Fake exchange scheme

Jurisdiction

Chinese authorities examine:

• Victim location
• Suspect location
• Server location
• Cryptocurrency exchange involved

Cross-border elements frequently trigger national-level investigations.

Stage 3: Digital Evidence Preservation

Investigators preserve:

Electronic Evidence

• Mobile phones
• Computers
• Cloud storage
• Chat records
• WeChat messages
• Telegram communications
• Server logs

Chinese forensic teams create forensic images to maintain chain of custody.

Stage 4: Blockchain Analysis

Specialized cybercrime units conduct blockchain tracing.

Objectives

Identify:

• Source wallets
• Destination wallets
• Mixing services
• OTC traders
• Exchange accounts

Investigators analyze:

• Bitcoin
• Ethereum
• USDT transfers
• Multi-chain transactions

The blockchain trail is correlated with banking and telecom records.

Stage 5: Financial Intelligence Analysis

Authorities integrate:

• Bank account records
• Cryptocurrency wallets
• Exchange KYC data
• Telecom metadata

China increasingly treats virtual currency transfers as mechanisms for disguising criminal proceeds.

Stage 6: Exchange Cooperation

Investigators issue:

• Production orders
• Data requests
• Asset-freezing notices

Requested information includes:

• IP addresses
• KYC records
• Login histories
• Wallet ownership records
• Withdrawal destinations

Stage 7: Asset Freezing and Seizure

Once illicit proceeds are identified:

Authorities may:

• Freeze bank accounts
• Freeze exchange accounts
• Seize hardware wallets
• Confiscate private keys
• Restrain suspect assets

China increasingly conducts simultaneous freezing actions to prevent rapid movement of digital assets.

Stage 8: Arrest and Interrogation

Suspects are questioned regarding:

• Wallet ownership
• Exchange usage
• Laundering channels
• Communication with co-conspirators
• Profit distribution

Digital forensic evidence is compared with blockchain records.

Stage 9: Prosecutorial Review

The People's Procuratorate evaluates:

• Fraud amount
• Number of victims
• Laundering activity
• Cross-border elements
• Organized crime indicators

Cases are then indicted before People's Courts.

Stage 10: Trial and Sentencing

Courts consider:

• Financial losses
• Number of victims
• International dimensions
• Laundering sophistication
• Recovery of assets

Penalties may include:

• Imprisonment
• Fines
• Asset confiscation
• Restitution orders

4. Investigation Techniques Commonly Used

A. Blockchain Forensics

Investigators trace:

• Wallet clusters
• Transaction patterns
• Exchange deposits
• Mixer usage

B. Telecom Data Analysis

Authorities analyze:

• SIM card registrations
• IP addresses
• Device fingerprints
• Internet logs

C. Big Data Correlation

Chinese cybercrime units integrate:

• Banking databases
• Telecom databases
• Social media data
• Blockchain intelligence

D. Cross-Border Cooperation

China increasingly cooperates internationally against cryptocurrency fraud syndicates and telecom fraud groups operating abroad. Recent operations have targeted transnational crypto-investment scam networks.

5. Major Chinese Cryptocurrency Fraud Case Laws

Case 1: Liu Virtual Currency Investment Fraud Case (Beijing High People's Court)

Facts

The defendant operated a cross-border cryptocurrency investment fraud scheme.

Victims were induced through overseas chat applications to purchase virtual currency and invest on fraudulent platforms.

Fraud proceeds exceeded RMB 5 million.

Investigation

Authorities:

• Traced cryptocurrency transfers
• Reconstructed fund flows
• Examined company performance records
• Linked wallets to defendants

Judgment

The principal offender received:

• 12 years imprisonment
• Monetary fine

Significance

Demonstrates China's use of blockchain evidence and electronic financial records to establish fraud losses.

Case 2: Huimin County Procuratorate USDT National Project Fraud Case

Facts

Defendants fabricated a "national investment project."

Participants were required to convert RMB into USDT.

More than 1,900 victims joined.

Fraud exceeded RMB 6 million.

Investigation

Authorities:

• Conducted forensic examination of electronic records
• Traced USDT transactions
• Reconstructed membership structures

Judgment

Defendants received prison sentences ranging from three to three-and-a-half years.

Significance

Illustrates prosecution of crypto-enabled investment fraud using forensic accounting and blockchain analysis.

Case 3: Kaiping Virtual Currency Money Laundering Case

Facts

A criminal organization converted fraud proceeds into cryptocurrency.

More than RMB 2 million was laundered.

Investigation

Investigators linked:

• Fraud proceeds
• Bank withdrawals
• Virtual currency conversions

Judgment

Nineteen individuals were convicted.

Significance

Highlights Article 312 prosecutions for concealing criminal proceeds through cryptocurrency.

Case 4: Xiangtan Virtual Currency Laundering Case

Facts

Offenders laundered proceeds from telecom fraud.

Funds were disguised as commercial transactions involving counterfeit luxury products.

More than RMB 6.84 million was processed.

Investigation

Authorities uncovered:

• Cryptocurrency conversion channels
• Layered laundering structures
• Fraud-related fund movements

Judgment

Defendants received prison terms ranging from two to six years.

Significance

Demonstrates China's focus on cryptocurrency-assisted money laundering networks.

Case 5: An and Others Concealing Criminal Proceeds Through Virtual Currency

Facts

Defendants provided bank accounts for telecom fraud organizations.

Funds were converted into cryptocurrency to disguise origin.

Investigation

Authorities reconstructed:

• Banking transactions
• Wallet transfers
• Communications among conspirators

Judgment

Convictions for concealing and disguising criminal proceeds.

Significance

Recognized as a representative case concerning crypto-based laundering techniques.

Case 6: Ningbo Cryptocurrency Theft Case

Facts

A hacking group distributed malware through fake websites.

Victims' computers were compromised.

USDT and ETH were stolen and converted.

The group extracted approximately RMB 28 million in virtual assets.

Investigation

Police used:

• Cyber forensics
• Malware analysis
• Blockchain tracing
• Exchange records

Judgment

Seven defendants received prison terms ranging from three to nearly five years.

Significance

Represents one of China's early major prosecutions involving cryptocurrency theft through cyber intrusion.

6. Evidentiary Standards in Chinese Crypto Fraud Cases

Chinese courts generally require:

Electronic Evidence

• Chat logs
• Emails
• Exchange records
• Server logs

Blockchain Evidence

• Wallet addresses
• Transaction histories
• Hash verification

Financial Evidence

• Bank statements
• Asset tracing reports
• Exchange KYC records

Expert Evidence

• Digital forensic reports
• Blockchain analysis reports
• Accounting examinations

7. Challenges Faced by Investigators

Technical Challenges

• Privacy coins
• Mixers
• Multi-chain transfers
• DeFi protocols

Jurisdictional Challenges

• Foreign exchanges
• Offshore entities
• Cross-border fraud groups

Evidentiary Challenges

• Anonymous wallets
• Encrypted communications
• Rapid asset movement

8. Conclusion

China's cryptocurrency fraud investigation model is characterized by aggressive cybercrime enforcement, extensive blockchain tracing, telecom and financial intelligence integration, rapid asset-freezing mechanisms, and strong prosecutorial coordination. Cryptocurrency fraud cases are commonly prosecuted under fraud, cybercrime, illegal business operations, money laundering, and concealment-of-criminal-proceeds provisions. Recent cases demonstrate that Chinese authorities increasingly rely on blockchain forensics, electronic evidence, and cross-border cooperation to dismantle cryptocurrency fraud and laundering networks.