An estimated more than 42 million digital wallets are in use worldwide. The majority of these are anonymous, which is why digital currency is widely viewed as an enabler and contributor to illegal activity. Criminals have long enjoyed the simplicity of cryptocurrency as a means to funnel money undetected by governments. Illicit groups routinely request and receive funding via cryptocurrency because of its anonymity, lack of trackability and inaccessibility by regulatory bodies.
Even a year ago, investigators and governments struggled to identify and trace transactions on cryptocurrency exchanges. This made it easy for dark-market activity to proliferate and thrive. But as criminals have evolved, so too have the tools and expertise required for law enforcement to identify, track and intervene in illegal financing. Now, new forensic capabilities around cryptocurrency tracing have emerged. I studied this extensively at MIT and was part of the inaugural class to complete the school’s blockchain and cryptocurrency studies. In my work, I’ve found that digital currency transactions are much more traceable than cash. Experts in the field agree.
This new sophistication has spurred a flurry of activity in government crackdowns on dark-market sales, fraud, narcotics and funding for malicious groups. As senior managing director of the blockchain advisory and cryptocurrency disputes, investigations and litigation practice at FTI Technology, I’ve seen this firsthand. My team provides digital forensic consulting, cryptocurrency tracing and expert testimony for these types of matters.
We’ve experienced a sharp rise in demand around investigations into cryptocurrency transactions and tracing for criminal, civil and regulatory cases. In recent months, the number of clients reaching out for support has increased by more than 100%. Across all of these, the “good guys” are trying to answer questions such as, “How do we find out if people are skimming money from our digital accounts? How do we find out who owns a specific cryptocurrency wallet? Can we prove fraud occurred? Who are the biggest donors sending money to illegal organizations? Which ones are receiving the largest sums?”
So how do investigators trace cryptocurrency assets and transactions? And how do those insights help put a stop to fraud and illegal financing? It begins with a targeted investigative strategy aimed at tracing assets affiliated with known criminal entities and locating instances of those assets on U.S.-based exchanges.
Asset tracing for cryptocurrencies examines the full life cycle of a cryptocurrency account. Investigators may use software tools and traditional forensic methods to search, review and analyze the origination and transaction activity of digital wallets and cryptocurrencies across their history. During an investigation, forensics experts will look at artifacts including a transaction ID address, source and size. A closer look at the origination of a transaction on the blockchain (i.e., whether it was input into an exchange) can provide a trail for investigators to follow.
It’s critical for clients to retain proven experts in this field who know how to strictly follow chain-of-custody practices and document every step in their process. Investigators should rely on repeatable methodologies (an opposing expert should be able to follow your same steps and uncover the same results), support their narrative of findings with screenshots, and be prepared to have all of the work tested and examined in court proceedings. When possible, investigators should also seek a confidential peer review of the work to ensure nothing has been overlooked. Also, all parties should set expectations upfront — this is a new area of practice, and everyone involved needs to know what is and isn’t possible.
In one investigation looking at bitcoin transfers to an illegal group, tracing efforts revealed a multitude of suspect transactions that went through a U.S.-based cryptocurrency exchange. Taking a closer look at the characteristics of these transactions, investigators tracked the origination accounts and found specific wallets that were indeed transferring money to the group’s account. Additional clues in the transactions — such as dramatic variations in amounts — provided pivot points in the investigation to identify additional outputs to the same or other illicit entities. This gave adequate evidence to subpoena the exchange for the identity of the owners of the wallets in question and demand holds on their funds.
After tracing millions of transactions, executing hundreds of subpoenas and gathering donor information from exchanges, authorities were able to take action. Ultimately, the investigation resulted in a halt to funding, as well as the tracing of nearly every individual or party that donated to the group. Many of the donors traced had operated on U.S.-based exchanges and therefore could be personally identified and pursued. Moreover, the government now has a window to continue monitoring activity and ensure that no further transactions are completed.
While cryptocurrency is likely to remain under the microscope as a boon for criminal activity, robust and committed cryptocurrency tracing operations can actually be used to bring criminal parties to light. As the above example shows, in some ways, cryptocurrency is making it easier to account for the movement of terrorist and malicious parties and prevent finances from falling into the wrong hands.
Business looking to tap into the cryptocurrency and blockchain space can take a few steps to remain above board and conduct business in a transparent way. These include adhering to all regulations and guidance that exist, such as know your customer, anti-money-laundering and SEC parameters for tokens, and consulting with experts to verify that the proper protocols and processes are in place. It’s also critical to test new products and programs extensively for security, functionality and compliance.