Crypto Is Here To Stay: Here’s How Digital Technology Benefits Investigators
By Leeor Ben-Peretz – chief strategy officer at Cellebrite
When considering criminal and corporate investigations, some may see the analysis of cryptocurrency as daunting. After all, if funds are transferred anonymously via a decentralized system, how can investigators identify suspects and eventually close a case? Understanding how cryptocurrency transactions work, however, can uncover valuable leads that can accelerate justice and close tough cases faster. And with new Digital Intelligence solutions, like Cellebrite Crypto Tracer, tracking illicit crypto transactions is easier than ever.
Cryptocurrency’s role in the modern financial world continues to evolve and mature rapidly. What started out decades ago as a concept for an electronic payment system drawing from a virtual bank has now blossomed into a multi-faceted market of hundreds to thousands of “coins,” each vying to fill a niche market task and in the process, revolutionizing the way business is conducted around the world. As CNBC noted in a recent article, the cryptocurrency market topped $2 trillion dollars for the first time this year, with Bitcoin accounting for more than half of that sum.
How Crypto Crimes Break Down
This brings us back to the big question: what’s the next step after determining a crime has taken place and an investigator has a crypto transaction as a starting point?
Having a starting point is the most important part, however it may be more complicated than a victim simply recognizing a crime has been committed. Investigators must have a hash, aka transaction ID, an address, or know someone is using a specific exchange if law enforcement is able to subpoena that exchange.
With any of these pieces as the cornerstone of your investigation, odds are your case will lead to a location where personal identifying information can be collected. Most centralized US cryptocurrency exchanges practice similar protocols as those used by traditional financial institutions when it comes to “know your customer” (KYC) rules.
After a transaction occurs on the blockchain, inevitably the receiving party will want to eventually cash out their earnings. And this is where we find one of our main chokepoints.
“It’s a waiting game,” Ms. Clegg said.
However, once the funds are moved through an exchange, your wait is over. Thanks to KYC practices, your bad guy is a search warrant or subpoena away from being identified by the exchange.
7 Steps to a Successful Crypto Investigation
To better understand how crypto investigations work, let’s walk through the progression of a typical criminal investigation involving cryptocurrency. In this fictitious case, a suspect is arrested for distributing designer drugs.
- Get the phone: At the time of the arrest, you seize their phone and author a search warrant for its contents.
- Look for Crypto: Results of the search warrant will come in the form of a UFED extraction report. There you may find any number of crypto-related activities including outgoing text messages with what might be Bitcoin addresses, crypto-related apps, browsing history involving crypto-related websites, and more.
- Evaluate the Evidence: At this point, the investigator has several options. They can seek outside help through Cellebrite Advanced Services whose experts can help with the investigation. They can also choose to proceed on their own using CipherTrace Inspector. In this example, let’s assume they proceed ahead on their own. CipherTrace Inspector alerts you that the Bitcoin address found in the phone extraction has a “high risk score” indicating the owner of the address has a high probability of being involved in illegal transactions.
- Use Your Tools: You take the identified “high risk” address into CipherTrace Inspector to dig further to see where the transactions orbiting that address bring you.
- Find a Chokepoint: Crypto exchanges and other virtual asset service providers (VASPs) provide the critical offramp to cash out. Using blockchain data and CipherTrace’s attribution, investigators can trace both backwards and forwards showing how funds were moved in and out of the address. In this case, you find indications the suspect obtained payment to his address via a dark web marketplace and then off-loaded those funds into fiat currency (USD, EUR, YEN, etc.) via an identified VASP.
- Lock Down the Funds: Now you have all the evidence you need to freeze any assets associated with that exchange account and track down the bank or service the funds were transferred to as fiat currency via court process. Alternatively, transfer the crypto funds to a wallet under your agencies’ control.
- Finalize Lead Trails: Wrap up your case by looking for more incoming funds to the address discovered on the phone and see if you can identify any other person-to-person transactions that indicate co-conspirators or other victims.
This process may seem oversimplified, but it really can be that easy using Cellebrite UFED and Crypto Tracer. Investigators also need to build their knowledge base by getting trained in the best practices to use in cryptocurrency investigations.
Investigators need to come to terms with the fact cryptocurrency is here to stay. While the façade of anonymity hovering around cryptocurrency crimes may at first seem too daunting a challenge to overcome, Cellebrite offers the solutions, training, and support services to resolve these investigations and accelerate justice quickly and efficiently for those you serve.
Sidebar: Resources and Skill Builders
Because the crypto environment is changing so quickly, investigators need to use every resource available to build their cryptocurrency investigation skills. Here are some of her favorite resources:
- The Cellebrite Learning Center offers an array of crypto-centric training for those who want to master the idiosyncrasies of these investigations.
- CipherTrace’s quarterly anti-money laundering reports provide an in-depth and timely source of information because they collect all the major trends in cryptocurrency throughout the year. This information can be downloaded for free from their website.
- Cellebrite Advanced Services is also available to assist in these or other technical investigations that may be outside the current capabilities of your investigative team.
- Webinars are an excellent source for skill building and many are offered for free.
- Articles and crypto-centric content are also a great way to learn from the leading experts in the field.
About the Author: Leeor Ben-Peretz leads Cellebrite’s strategy and corporate business development functions. He brings over 20 years of experience in the forensic, telecom, and software security markets, having served in key business development and product management related positions at industry-leading companies such as Aladdin Knowledge Systems (NASDAQ: ALDN), Pelephone Communications, Comverse (NASDAQ: CMVT), and InfoGin.
During his 11-year tenure with Cellebrite, Leeor has been instrumental in driving the evolution of the company’s offering from a single product to a rich portfolio of innovative products, solutions, and services. Leeor holds an Executive MBA degree from the Hebrew University of Jerusalem, and a BA degree in Business and Economics from the Academic College of Tel-Aviv.
Image sources: Shutterstock