From May 2024 to January 2026, a cybersecurity engineer from Shenzhen was investigated by multiple police departments for holding and trading Bitcoin, leading to cross-regional collaboration in the case, which saw numerous reversals over the course of more than a year. Initially, the Zhangjiajie police classified the case as online gambling based on an anonymous tip, subsequently launching an investigation against the individual, Li Dong (pseudonym), for "operating a casino" and seizing the Bitcoin under his name. However, by January 2026, when the court in Changge, Henan Province, opened, the charges had changed to "theft and infringement of personal information," with Bitcoin being treated as suspected criminal proceeds. During this period, the police seized a total of 183 Bitcoins, valued at over 80 million yuan at the time of the incident, corresponding to the 35.5 million yuan in commission funds from the gambling website as alleged by the prosecution, completing a narrative reconstruction from a "gambling case" to a "theft case." The core mystery surrounding these 183 Bitcoins and the substantial funds behind them emerged: Li Dong allegedly obtained commission funds from an overseas gambling website through a program vulnerability, which in the eyes of the technical community might be closer to "hacker bounties" or exploit profits, but from the perspective of the investigating authorities and the prosecution, it was pushed into the legal framework of "theft," leading to a fierce clash between two entirely different narratives in court and public opinion.
From Anonymous Tip to Seizure of 183 Bitcoins in Two Locations
The public timeline of the case began in May 2024. At that time, the Zhangjiajie police received an anonymous tip and initiated an investigation based on clues related to online gambling, targeting a group of technical personnel and agents suspected of profiting through overseas platforms. By September 2024, the focus of the investigation further narrowed to Shenzhen engineer Li Dong, with the Zhangjiajie police summoning him under the pretext of "operating a casino" and simultaneously conducting a property investigation that identified the Bitcoin assets he held. In this operation, the police seized 103 Bitcoins, valued at approximately 49.61 million yuan at the time, becoming the earliest publicly confirmed record of cryptocurrency seizure in this case.
Subsequently, the investigation forces from Changge, Henan, intervened, tracking the same source of funds. According to public information, the Changge police seized approximately 80 Bitcoins from related wallets and accounts, valued at over 40 million yuan, bringing the total amount of seized Bitcoins in the case to 183, with a total value recognized as exceeding 80 million yuan. Geographically, this series of actions spanned Hunan, Henan, and Guangdong, reflecting a typical characteristic of multi-regional police collaboration: the clues originated in Zhangjiajie, the funding chain extended through online payments and digital assets, and were then completed in the hands of the Changge investigative authorities, until Bitcoin became the core target in the evidence chain. Because of this, the 183 Bitcoins were not just an astonishing asset figure but also a pivot for the investigative authorities in the case's classification: they were both a tool for tracking the flow of funds and a key object for proving "criminal proceeds" in court.
Gambling Website Vulnerability Funds: Spoils or Stolen Proceeds
The source of the seized Bitcoins points to a stream of digital gray money. The prosecution and police claim that Li Dong used technical means to exploit a program vulnerability in a certain overseas gambling website to obtain commission funds originally intended for agents, with the amount recognized as over 35.5 million yuan. Under the premise that technical details have not been fully disclosed, the framework presented in the case files is as follows: the website system had logical flaws, and Li Dong intervened through programming or script calls to transfer rebates and commissions that should have gone to the platform or agent accounts to his own controlled account, with some of the funds subsequently exchanged for Bitcoin and transferred to a personal wallet.
This accusation triggered concentrated questioning from public opinion and the defense. Supporters of the defense argue that in the context of the cybersecurity and vulnerability reward industry, obtaining funds through system vulnerabilities does not necessarily equate to traditional "theft"; the key lies in the boundaries of platform authorization, usage rules, and whether there exists some form of tacit or agreed mechanism between the parties. Some legal and technical observers emphasize that traditional theft often revolves around the classic scenario of "secretly taking and possessing another's property," while in the world of code, whether invoking public interfaces and triggering system logical flaws should be uniformly classified as "theft" remains a matter of debate. In contrast, the prosecution views this series of operations as malicious encroachment on the platform's fund pool, believing that Li Dong subjectively knew and exploited the vulnerability, objectively causing significant financial loss to the platform, thus meeting the elements of theft.
Adding to the tension, this dispute is compounded by the gray nature of the gambling platform itself. The involved website is defined as an online gambling platform, and its operational legality stands outside the legal red line. Under such circumstances, whether the platform can still fully enjoy the status of a "victim" in the criminal law sense has sparked social discussion. Some commentators point out that when an illegally operating gambling platform becomes the "victim" in an indictment, the judiciary inevitably faces a dual standard in fact-finding and value judgment: on one hand, it must combat the act of seizing platform funds through technical means, while on the other hand, it must recognize that the platform itself is also engaged in large-scale illegal profit-making. This complexity makes the question of whether "vulnerability exploitation is a bounty-like hacker reward or must be prosecuted as criminal proceeds for theft" extend far beyond a single case, reflecting the long-standing debate over the boundaries of gray economy in cyberspace and criminal law intervention.
From Operating a Casino to Theft: The Legal and Perceptual Shift Behind the Charges
As the investigation progressed, the charge path in Li Dong's case underwent a significant turn. The case initially approached online gambling, with the Zhangjiajie authorities making preliminary accusations by viewing him as a participant in the operation and traffic generation of the gambling platform, launching an investigation under the notion of "operating a casino." The logic at this stage was to place Li Dong within the ecosystem of the platform: participating in the organization and operation of illegal gambling through technical or promotional means. However, when the case was transferred and led by the Changge authorities for prosecution, the framework of the charges underwent a clear reconstruction. By January 2026, when the prosecution was filed in the Changge City Court, the core charges were "theft and infringement of personal information," completely transforming Li Dong from a "suspected gambling operator" into an "attacker encroaching on platform funds and data."
This shift has a significant impact on sentencing expectations and public perception. If the case had progressed along the "operating a casino" line, the public's intuition about the case would often be that technical personnel were deeply involved in the illegal gambling industry chain. However, when the focus of the charges shifted to "theft of platform funds and infringement of personal information," Li Dong was portrayed as a multiple criminal subject infringing on both property rights and personal information security. Particularly in the prosecution's accusations, in addition to the financial aspect, it also included the content of "stealing the personal information of over 1.84 million Chinese citizens," attempting to outline a picture of large-scale data capture and utilization. However, based on currently available materials, this accusation still has certain information gaps in key aspects such as data sources, acquisition methods, and actual uses, making it difficult for the outside world to fully restore the causal chain between it and the gambling commission funds: whether the personal information was obtained for the purpose of executing financial operations or derived from other technical actions; whether the relationship between data capture and Bitcoin asset exchange was sufficiently proven has become a point of concern for observers.
On the legal operational level, the transition from "participating in gambling operations" to "encroaching and stealing funds, infringing personal information" also means that the investigating authorities have redefined the essence of the behavior, which directly affects the sentencing range and public moral evaluation of technical actions. Some public opinion believes that this later reconstruction of charges reflects the confusion of investigative and prosecutorial agencies in how to "place" technical actions in new types of network cases: whether to embed them into existing gambling, fraud, and illegal operation clauses, or to actively expand the applicable boundaries of traditional theft and information crimes.
Bitcoins in Personal Wallets and the Invisible Risks for Holders
If the change in charges reflects the judicial system's reorientation of technical actions, then those 183 Bitcoins concentrate the legal fate of crypto assets in the Chinese context. According to the case disclosure, the involved funds, after circulating through gambling platforms, agent commission accounts, and other multiple paths, were partially used to purchase Bitcoin and transferred in batches to personal wallets controlled by Li Dong. These addresses, viewed as "settlement locations" for funds, were subsequently closely tracked in the investigation and ultimately became the direct targets of police seizure actions. The 103 Bitcoins and approximately 80 Bitcoins seized by Zhangjiajie and Changge, respectively, were unified from these wallets and controlled as "involved assets."
In the current domestic regulatory and judicial practice, once crypto assets are linked to a chain of funds suspected of criminal activity, they are likely to be treated as proceeds of crime overall. This presumption of "account and asset integration" has been common in traditional bank account freezes, and when applied to on-chain assets, the risk boundaries become even more ambiguous for ordinary holders. For technical practitioners like Li Dong, who are engaged in cybersecurity and also have on-chain asset allocations, once part of their funding sources is alleged to be illegal, the entire wallet and even a larger range of related on-chain assets may face the risk of being included in the "suspected criminal proceeds" pool.
This reality extends to broader anxieties: within the tech and quantitative trading communities, many people are accustomed to aggregating work income, side business profits, and investment returns in the same batch of addresses or wallets, resulting in a highly mixed state of funding sources. Once a particular inflow is labeled as "suspicious" from a judicial perspective, ordinary holders often lack sufficient evidence and compliance traces to finely distinguish which coins are directly related to specific actions and which are derived from long-term accumulation. In Li Dong's case, Bitcoin quickly flipped from a personal wealth carrier to the "core material evidence" of the case; this role change itself has made many technical practitioners acutely aware of their vulnerability: on-chain, identity and assets are highly bound, and when law enforcement logic views "technical operations + asset accumulation" as part of an overall criminal chain, how to prove the boundary between "clean assets" and "disputed assets" becomes a social issue that has yet to find a mature answer.
Courtroom Offense and Defense: Not Guilty Defense and the Pull of Ambiguity
In January 2026, the case reached a high point in public view—the Changge City Court began hearing the case. According to public reports, in this trial, the prosecution built a framework around "theft and infringement of personal information," attempting to present a complete chain to the court and observers: Li Dong secretly stole the commission funds of over 35.5 million yuan that should have been distributed to agents by the gambling platform through technical means, and in the process, illegally obtained and utilized the personal information of over 1.84 million Chinese citizens, subsequently exchanging and transferring part of the criminal proceeds into Bitcoin to conceal the source and ownership of the funds. Under this narrative, the 183 Bitcoins constituted a key pivot for the direction of funds and the characterization of actions, used to support the prosecution's position of "obvious subjective intent, huge amounts, and serious circumstances."
In contrast, the defense team's not guilty defense approach confronted this. The defense lawyer explicitly stated in court that they did not recognize the charges of "theft" and "infringement of personal information," with the core focus concentrated on two levels: first, what is the legal nature of vulnerability exploitation, whether Li Dong exceeded clearly defined authorization boundaries in technical operations, or merely triggered the platform's own design flaws under existing system rules; second, whether the identification of the victim is reasonable, whether a gambling platform engaged in high-risk or even illegal business can fully enjoy the same victim status as compliant entities within the criminal law framework. The defense thus questioned whether simply categorizing changes in platform funds as "theft" overlooked the background of the platform's operation in a gray area and its long-term failure to fulfill its own system security and risk control obligations.
Public opinion outside the court discusses the judicial gray areas exposed by this case from a more macro perspective. On one hand, in the cybersecurity community, hacking behaviors and data scraping are highly diverse in practice, ranging from traditional malicious intrusions and ransomware to relatively common activities in the industry such as vulnerability verification, interface calls, and data analysis, creating an extremely broad spectrum of behaviors. On the other hand, in the world of crypto assets, the conversion between fiat funds and digital assets is a routine operation for many technical practitioners and investors. Current judicial practices in these two areas still lack unified and detailed standards, making it easy for many technical actions to be broadly classified as part of a "criminal chain" once they intertwine with sensitive platforms or gray funds. The courtroom offense and defense in Li Dong's case, in a sense, represents a tug-of-war over boundaries: what types of vulnerability exploitation should be strictly regulated by criminal law, what types of data scraping constitute substantial harm to citizens' personal information, and under what conditions the conversion of on-chain assets will be viewed as tools for "money laundering" and "concealing criminal proceeds." These questions remain far from fully answered within the existing rules.
A Case of an Engineer Leading to a Sample of Crypto Law Enforcement
From anonymous tips to multiple investigations, from "operating a casino" to "theft and infringement of personal information," and then to the seizure of a total of 183 Bitcoins valued at over 80 million yuan, the case surrounding Shenzhen engineer Li Dong has far exceeded the scope of an individual case. Each adjustment in the classification of charges, multi-regional collaboration, and the handling of crypto assets actually provides a vivid sample for observing China's law enforcement path in new types of network and crypto cases: how investigative authorities connect technical actions with the flow of funds, how they coordinate responsibilities and rights across regional links, and how they incorporate on-chain assets into the traditional criminal litigation evidence and property disposal system are all reflected in this case.
Looking ahead, cases related to cybersecurity, hacking behaviors, and crypto assets will only increase. How the judiciary finds a balance between combating crime and protecting technological innovation will become the main theme throughout the industry. On one hand, in the face of actions that harm property rights and personal information security through technical means, the intervention of criminal law is necessary and justified; on the other hand, if the judiciary overly relies on post-factum results and the scale of funds to retroactively define "crimes," while lacking a nuanced consideration of technical details, industry practices, and authorization boundaries, it will inevitably create a chilling effect on legitimate security research, vulnerability disclosure, data analysis, and even compliant crypto asset allocation.
For domestic crypto asset holders and technical practitioners, a clear signal released by this case is that "proof of asset source" and "compliance traces" will increasingly become key to self-protection. Whether participating in security testing, quantitative trading, or arbitraging across multiple platforms, mixing and accumulating funds of different sources and natures in a few wallets will amplify risks in potential judicial reviews. How to retain sufficient transfer records, contract proofs, tax and income documentation in daily operations, and leave a traceable link for every fund will be a reality that everyone dealing with digital assets must confront in the future.
Join our community to discuss and become stronger together!
Official Telegram community: https://t.me/aicoincn
AiCoin Chinese Twitter: https://x.com/AiCoinzh
OKX Benefits Group: https://aicoin.com/link/chat?cid=l61eM4owQ
Binance Benefits Group: https://aicoin.com/link/chat?cid=ynr7d1P6Z
免责声明:本文章仅代表作者个人观点,不代表本平台的立场和观点。本文章仅供信息分享,不构成对任何人的任何投资建议。用户与作者之间的任何争议,与本平台无关。如网页中刊载的文章或图片涉及侵权,请提供相关的权利证明和身份证明发送邮件到support@aicoin.com,本平台相关工作人员将会进行核查。
