This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
| 5 minutes read

Investigating Crypto Crime

The popularity and use of cryptocurrencies as digital assets and as an alternate medium of exchange is increasing rapidly. This is due to prominent industry leaders supporting their use and informing consumers that they would accept payments in virtual currencies for their products and services. However, the anonymous nature of identities in cryptocurrency transactions has made them an attractive tool to be used to perform fraudulent activity. Regulators, investigators, and law enforcement agencies are developing novel and innovative methods to prevent crypto crime and recover stolen digital assets.

Cryptocurrencies are revolutionizing business and consumer finance. But where there is money involved, there is fraud and, unfortunately, crypto crime is also growing rapidly. Globally, consumers lost more than $2.6 billion to cryptocurrency scams in 2020, according to Chainalysis, a Blockchain transaction analysis software company. [1]

Cryptocurrencies are the preferred vehicle for ransomware demands and are also increasingly being used to evade sanctions and launder proceeds of crime. In the U.S. alone, more than $80 million was lost in cryptocurrency investment scams between October 2020 and July 2021, which is a 1,000% increase from Autumn 2019, according to data published by the Federal Trade Commission (FTC). [2] 

This year saw Turkey’s first large-scale cryptocurrency fraud as the founder of a notable cryptocurrency exchange named Thodex, Faruk Fatih Ozer, fled the country with about $2 billion, having defrauded more than 391,000 users. This case coincided with an overnight decision by the Central Bank of Turkey to ban the use of digital currencies and assets to pay for goods and services from April 30, 2021. [3]

In what appears to be one of the most significant cryptocurrency thefts ever, Blockchain site Poly Network revealed that hackers had exploited a vulnerability in its systems and, as a result, had thousands of digital tokens stolen. In all, around $273 million of Ethereum tokens, $253 million worth of Binance Smart Chain tokens, and $85 million in USDC tokens were taken. [4]

The hackers began to convert the stolen digital tokens into Tether, which is known as a “stable coin”. Cryptocurrencies attempt to peg their market value to an external reference point. Tether tokens in circulation are backed by an equivalent amount of U.S. dollars, making it a "stable coin" with a price pegged to USD $1. Fortunately, in this particular case, Tether noticed the sudden, large transaction, which amounted to around $33 million, and froze it immediately. “We were really lucky”, Paolo Ardoino, Tether’s chief technology officer, told the Washington Post. “Minutes after we issued the freezing transaction, we saw the hackers attempt to move out their Tether. If we had waited five minutes more, all the Tether would be gone”. [5]

Traditionally, part of cryptocurrencies’ appeal to criminals and fraudsters is the idea that user data is not easily accessible. However, it’s now becoming increasingly possible to identify who is making transactions by analyzing transaction patterns on Blockchains, which are the distributed ledgers and technology that cryptocurrencies are based on. For example, earlier this year, following an attack on the Colonial pipeline - the largest pipeline system for refined oil products in the U.S. - the FBI seized $2.3 million in Bitcoin that the company had paid as a ransom to the hackers. [6] Similarly, last year, a cryptocurrency exchange called KuCoin recovered almost all $281 million that was stolen by those whom are thought to be North Korean hackers. The exchange subsequently had to refund the affected customers. [5]

In many of these cases, the authorities accessed and made use of the key or address associated with the fraudster’s cryptocurrency account. This key is a unique string of 25 characters that can provide information about the holder and which exchanges or “wallets” they use. Advanced analytics technology, such as AI and Machine Learning techniques, can identify all transactions connected with a specific address or key, and how digital currencies are flowing in and out of it. Intelligence can be used to link multiple-step transactions on the Blockchain using addresses or keys, and to identify network maps to track the flow of funds.

An address or key can be checked to identify if it has been active on the Dark Web. In some cases, it’s possible to detect the actual Internet Protocol (IP) address, which can then be used to determine the geolocation of where someone is accessing the web from. Dark Web and Deep Web Intelligence Monitoring can reveal public addresses or keys that have been associated with criminal activity.

In addition to being prepared to exploit the rapidly evolving technology and services that can trace fraudsters and illicit gains on Blockchains and through cryptocurrencies, organizations need to be aware of the origin of such scams in the first place. Although they are gradually becoming the norm as a form of payment, businesses should still be wary of any supplier who claims that they only accept payments in cryptocurrencies. 

One of the key limitations of monitoring and analyzing Blockchain transactions is a lack of KYC (Know Your Customer) protocols. As a result, differentiating between good and bad actors is not an easy exercise. On the other hand, it’s worth noting that, by its very nature, data cannot be altered or removed on the blockchain, and therefore all transactions are a matter of public record. Analysts and investigators can use this information along with leveraging advanced technology solutions such as network analytics to trace and link together cryptocurrency transactions.

The Wall Street Journal reported recently that the Biden administration is actively preparing a range of initiatives, including sanctions, to make it increasingly difficult for fraudsters planning to use cryptocurrencies to profit from their ransomware attacks, as well as those involved in money laundering and terrorist financing. [7]

The complex risks of virtual currencies grow with their increasing popularity and use as digital assets and as an alternate form of payment. Advanced digital forensic techniques and analysis methodologies will continue to evolve to mitigate these challenges and support technology-led investigations.

[1] Chainalysis: "The 2021 Crypto Crime Report - Everything you need to know about ransomware, darknet markets, and more" (16 February 2021). Link: “go.chainalysis.com/rs/503-FAP-074/images/Chainalysis-Crypto-Crime-2021.pdf”

[2] Consumer Protection: Data Spotlight, FTC reporting back to you - "Cryptocurrency buzz drives record Investment scam losses" (May 2021). Links: “www.ftc.gov/system/files/attachments/blog_posts/Cryptocurrency%20buzz%20drives%20record%20investment%20scam%20losses/cryptocurrency_spotlight.pdf”, “www.ftc.gov/news-events/press-releases/2021/05/ftc-data-shows-huge-spike-cryptocurrency-investment-scams?utm_source=govdelivery”, “www.cbsnews.com/news/bitcoin-cryptocurrency-investment-scams/”

[3] Arab News: "Thousands fall victim to $2bn Turkish cryptocurrency fraud" (23 April 2021). Link: “www.arabnews.com/node/1847671/middle-east”  

[4] The Block: "At least $611 million stolen In massive cross-chain attack" (10 August 2021). Link: “www.theblockcrypto.com/post/114045/at-least-611-million-stolen-in-massive-cross-chain-hack” 

[5] The Washington Post: "Tracking stolen crypto is a booming business: How blockchain sleuths recover digital loot" (22 September 2021). Link: “www.washingtonpost.com/technology/2021/09/22/stolen-crypto/”

[6] The United States Department of Justice: "Department of Justice Seizes $2.3 Million Cryptocurrency Paid to the Ransomware Extortionists Darkside (7 June 2021). Link: “www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside”

[7] The Wall Street Journal: "The US to Target Crypto Ransomware Payments with Sanctions (17 September 2021). Link: “www.wsj.com/articles/u-s-to-target-crypto-ransomware-payments-with-sanctions-11631885336”

© Copyright 2021. The views expressed herein are those of the author(s) and not necessarily the views of Ankura Consulting Group, LLC., its management, its subsidiaries, its affiliates, or its other professionals. Ankura is not a law firm and cannot provide legal advice.

Tags

f-risk, memo, digital forensics, anti-money laundering, forensics & investigations, risk & compliance