Crime

How To Use Blockchain Intelligence To Investigate Crypto Crime

Hands holding Bitcoin and a magnifying glass

With a global market capitalization exceeding $2 trillion, regulation increasing worldwide, and adoption growing each year, cryptocurrency is here to stay. What does this mean for law enforcement?

It’s no surprise that where economic opportunity abounds, so do attempts to subvert it with crime. Much like fiat currency, crypto has been used in connection with scams, ransomware, money laundering, child exploitation, terrorist financing, sanctions evasion, and darknet market commerce. In 2023, $24.2 billion of total crypto transaction volume was tied to illicit activity. While this is a large figure, without context, it doesn’t quantify the human toll of crypto-related crime.

For example, one insidious crime with a crypto nexus — “pig butchering” — is a unique social engineering scam in which scammers build trust with victims via social media apps and text messages, and trick them into investing their money on fake platforms. The impact of these scams has been devastating, with some victims losing pensions and lifetime savings, along with their peace of mind and confidence.

Pig butchering scams are just one example of how criminals have been adapting their tactics with increasing sophistication in the last few years. Now more than ever, law enforcement must be equipped with the knowledge and capabilities to combat crypto crime. This blog post will discuss how criminals are using crypto and why, and how law enforcement agencies both large and small leverage blockchain intelligence to investigate crypto-related crime.

How crypto and crime intersect

Cryptocurrencies have criminal relevance due to their versatility as both a means of payment and an investment vehicle, and are appreciated for their pseudonymity. Cryptocurrency is often employed in darknet trading, ransomware attacks, forms of hacking like cryptojacking — in which criminals secretly use victims’ computing power to mine crypto — and money laundering. In 2023, over $22 billion in crypto worldwide was used for that purpose. Crypto is also used in various types of fraud, and has been associated with theft via hacking incidents, as well as facilitating CSAM (child sexual abuse material), sanctions evasion, terrorist financing, and commercial offenses (e.g., weapons dealing, counterfeiting money, forged documents, and the sale of narcotics and medicine).

Here are some of crypto’s attributes and capabilities that make it desirable for criminal use:

  • Pseudonymity: Some criminals mistakenly perceive crypto as anonymous, when it’s actually pseudonymous because crypto exchanges are required to maintain customer information in order to comply with know your customer (KYC) and anti-money laundering (AML) regulations. Still, a crypto transaction on a blockchain ledger is only initially identifiable by a public address, and finding the person or entity who controls that address takes some footwork.
  • Speed, cost, and ease of use: Crypto transactions, including those made across borders, are faster and far less expensive than a standard wire transfer, in addition to being pseudonymous.
  • Deception tactics: Criminals attempting to launder funds are often drawn to crypto mixers, services that obfuscate the origin and destination of crypto transactions.
  • Potential return on investment: Again, crypto poses an attractive investment opportunity for some criminals, especially since it’s not tied to traditional financial markets.

Leveraging blockchain intelligence to investigate crypto crime

While the blockchain is transparent, it’s hard to read. Consider also, that the Bitcoin blockchain alone has processed nearly one billion transactions. When it comes to efficiently and effectively investigating crypto crime, blockchain intelligence provides a game-changing advantage for law enforcement as it offers the ability to analyze extensive on-chain datasets, graphing capabilities to organize that data, and contextualized insight into illicit crypto activity. By contrast, anyone can search for crypto transactions using a block explorer, but those tools don’t aggregate data in actionable ways.

Screenshot of a block explorer

 

The image above shows a single transaction as displayed on a block explorer. That data shown above may be public, but it’s not very insightful; it begs more questions than it answers. For example:

  • Who are the pseudonymous entities? Are they cryptocurrency exchanges, merchant processors, or darknet markets?
  • Why are they transacting? Is it a payment, an investment, or a smart contract?
  • How much value are they transacting? Is it hundreds, thousands, or millions of dollars worth of cryptocurrency?

Blockchain intelligence helps organizations answer these questions. Using it, law enforcement agencies identify criminal entities by examining on-chain activity like the movement of stolen or laundered crypto. The teams that support this technology cultivate extensive on-chain datasets and offer graphing capabilities that help law enforcement visually trace the flow of funds over time, and connect crypto transactions to real-world entities. These platforms also provide contextual information that facilitates a greater understanding of illicit on-chain activity. The Chainalysis graph below displays multiple, contextualized crypto transactions and the entities that initiated them.

Chainalysis Reactor graph tracking illicit transactions between buyers and vendors

 

Blockchain intelligence helps investigators map crypto transactions and present them in an easily digestible format. For example, the graph above shows the transaction relationships between eight drug buyers and vendors, each of which have ties to the same darknet market. Blockchain intelligence helps law enforcement progress investigations, apprehend criminals, present cases for prosecution, and prepare the way for the seizure and recovery of crypto funds to victims when possible.

In the course of an investigation, blockchain intelligence also facilitates faster and more effective collaboration between law enforcement departments as well as government agencies. Using the same dataset contributes to a shared understanding, which drives better investigative outcomes. And while blockchain intelligence is useful for fighting crime, it can also help law enforcement be proactive in preventing crime, too. It’s possible to detect illicit activity early on by analyzing on-chain transaction patterns and relationships that could be indicative of criminal behavior. Here are some examples:

  • Observing an unusual increase in transaction volumes or patterns commonly associated with money laundering or fraud
  • Disrupting criminal networks by mapping the financial flows of criminal organizations, which could hinder their operations and prevent future crime
  • Targeting darknet marketplaces. Proactive transaction monitoring linked to known darknet markets allows law enforcement to gather intelligence on buyers and sellers, identify emerging threats, and take action before illicit transactions escalate.

A holistic approach to tackling crypto crime

1. Prepare: Building a foundation for crypto crime response

For local governments wanting to tackle crypto crime investigations, establishing a comprehensive knowledge base across all teams and departments is critical. This shared understanding enables seamless collaboration and communication throughout an organization and across agencies, from field officers to judges.

In building a foundation to begin fighting crypto crime, leadership support for these initiatives is crucial, necessitating a commitment to capacity building and ongoing training to keep abreast of trends and develop effective policy-making, regulation, and operational strategies.

Building a community of dedicated experts is essential, too. Erin West, Deputy District Attorney for Santa Clara County, who has extensive experience with pig butchering cases says, “you need a lot of partners. This is not something that one investigator can do by themself. You need private partners, you need public partners, you need local law enforcement. You need federal law enforcement, and the idea of putting together task forces, smaller task forces nationwide, I think is a great way to tackle this.”

2. Prevent: Identifying and disrupting crypto crimes

Recognizing the use of cryptocurrency in criminal activities can be pivotal to modern investigative techniques. Agencies must enhance their ability to detect and understand crypto-related activities crucial for uncovering illicit patterns, analyzing the flow of these funds, and supporting broader blockchain investigations or policy-making. Staying informed about criminals’ evolving tactics, such as asset laundering, requires the latest technological and investigative methods.

Understanding the leverage points of crypto in criminal activities — including on/off ramps and digital wallets like CashApp — and tracing these elements through tools like government databases is essential for effective crime prevention. Disrupting crypto crime hinges on continuously updated, reliable data, and law enforcement must have access to current, accurate information.

3. Pursue: Actively chasing down offenders and recovering illicit gains

Law enforcement agencies are encountering crypto in their investigations more frequently. When these assets are discovered, they should be seized and stored until they can be investigated, and ultimately, sold for fiat money.

When it comes to stolen funds, crypto is more recoverable than many law enforcement agencies might think. Partnerships with district attorney’s offices are vital, as they place a significant role in deciding which cases to pursue towards recovering stolen funds.

Recovering crypto funds through seizure is also a technical process that demands proficiency in using seed phrases to gain access to a wallet, and conducting manual verifications to link associated wallets and assess balances. Simply put, identifying the opportunity to seize assets is complex, and the stakes have never been higher. This underscores the necessity for specialized skills and frontline training in identifying and handling critical crypto evidence, as crypto artifacts can often be discovered during search of cars, devices, premises, or when making arrests.

The U.K.’s Metropolitan Police significant Bitcoin seizure of over £2 billion in March 2024 exemplifies the potential success of these operations. This event, along with notable seizures from the past few years, underscores the global scale of the challenge and critical impact of skilled interventions.

Hezbollah and Iran Quds Force seizure, June 2023: In the first Hezbollah-related digital currency seizure, Israeli authorities recovered roughly $1.7 million in crypto from Hezbollah, a heavily sanctioned terrorist group based in Lebanon, and from Iran’s Quds Force, which funds and works extensively with Hezbollah. Learn more.

ChipMixer seizure, March 2023: Supported by Europol, a group of international authorities seized over €40 million from this unlicensed cryptocurrency mixer. Learn more.

Bitzlato seizure, January 2023: Europol seized over $19 million in crypto after the exchange’s founder was charged with money laundering. Learn more.

Ronin Bridge hack recovery, September 2022: Law enforcement seized $30 million in crypto stolen by North Korean-linked hackers, the first time that crypto stolen by a North Korean hacking group was recovered. Learn more.

Bitfinex hack recovery, February 2022: The IRS Criminal Investigation division, the FBI, and Homeland Security Investigations recovered $3.6 billion in crypto (the largest ever recovery of assets from a theft) in connection with the 2016 Bitfinex hack. Learn more.

Silk Road hack recovery, November 2021: Law enforcement seized over $3.36 billion in cryptocurrency from James Zhong, who stole Bitcoin from the Silk Road darknet marketplace in 2012. Learn more.

International money laundering operation seizure, July 2021: In June and July, British police seized a total of £294 million in cryptocurrency tied to an international money laundering investigation. Learn more.

Silk Road hack recovery, November 2020: The U.S. DOJ seized $1 billion in Bitcoin from cryptocurrency from a wallet tied to a Silk Road hacker known as Individual X. Learn more.

4. Protect: United front against crypto crime

Ultimately, successfully combating crypto crime requires a unified effort from government institutions, law enforcement, and legislators. They play an essential role in developing, implementing, and enforcing crypto policies and regulations related to cryptocurrencies and blockchain technology. This united approach is key to creating a secure yet innovative environment that keeps pace with the rapid developments of digital assets and blockchain technology.

Central to law enforcement’s arsenal against crypto crime is the sharing of blockchain intelligence across agencies. Such inter-agency collaboration, coupled with strategic public-private partnerships, strengthens regulatory frameworks and enhances compliance monitoring, thus playing an important role in crime deterrence and prevention.

Much like traditional financial investigations are a routine law enforcement responsibility, cryptocurrency investigations will need to become the same. By utilizing blockchain intelligence, government agencies can actively monitor crypto transactions. This proactive monitoring can aid crime prevention and ensure agencies are ready to respond to significant events in the financial ecosystem — like the sanctioning of major entities or the collapse of a blockchain — that could affect financial stability or pose systemic risks.

Adopting this proactive approach, backed by robust regulatory oversight, is crucial for upholding the integrity and safety of the crypto ecosystem. It highlights the importance of regulation and law enforcement in protecting against the threats posed by crypto-enabled crimes.

Gain a strategic advantage in fighting crypto crime

Over the years, we’ve seen many law enforcement agencies run successful crypto crime investigations using blockchain intelligence — everything from disrupting national security threats to protecting local communities from fraud. Blockchain intelligence plays a critical role in combating these crimes. With the increasing regulation of cryptocurrencies by governments and the continued growth in digital currency adoption, the imperative to address crypto-enabled criminal activities will only intensify. Learn how you can gain a strategic advantage in your efforts against crypto crime with blockchain intelligence.