Crime

The Chainalysis Law Enforcement Crypto Field Guide

Rapid identification of cryptocurrency assets can help facilitate arrests, increase asset seizure and recovery, and aid prosecutions. The items described in this post are common indicators of cryptocurrency usage that law enforcement may find during consensual encounters, routine stops, field interviews, and search warrants.

Common cryptocurrencies

There are dozens of different cryptocurrencies known as altcoins that you may encounter on a suspect’s mobile device or computer in the course of investigation. While they share similar characteristics to the first cryptocurrency, Bitcoin, these altcoins — such as Ethereum — can operate on different types of blockchains and can be traded, or swapped, in the same way as currency. You can recognize these altcoins by their logo or abbreviation, shown below.

Common types of crypto

Wallets, hashes, and keys

These crypto-related artifacts can be found in multiple forms. For example, you may encounter an address written on a piece of paper, on a crypto ATM receipt, or on a suspect’s device, located in notes, text messages, app messages, or even photos. More sensitive information, such as private keys, will likely be hidden in a more secure format, whether on a piece of paper stored in a safe location or hidden inside a mobile app.

Example bitcoin addresses, transaction hash, and private key

Questions to ask

  • What crypto do you own? Where did you get it?
  • What are you doing with it (i.e., sending, receiving)?
  • How did you get involved with crypto?
  • How does this crypto work? How do you transfer value?

Seed phrases

A series of random words — seed phrases — are generated by a cryptocurrency wallet that secures access to the funds in that wallet. These words can be written on paper, stored in a file on a device, or even imprinted into metal to protect from fire damage. Seed phrases are often 12, 24, or 25 words.

Seed phrase example

Questions to ask

  • What does this seed phrase belong to?
  • How much value is held in this wallet?
  • Who have you shared this with? Who shared it with you?
  • What is the source of the funds?

ATM receipts

ATM receipts can be paper receipts from a traditional ATM, or digital receipts sent via text message or email that contain the date of transaction, the amount of crypto and coin purchased, and the deposit address. Specific formats and details vary from ATM to ATM.

Crypto ATM receipts

Questions to ask

  • Where is this ATM located? Why did you use this ATM?
  • Did you send or receive cryptocurrency? Why?
  • How does this process work? Who gave you instructions?
  • What type of wallet did you use?

Software, mobile, and web-browser wallets

A wallet generates keys that allow access to cryptocurrency and may be found on phones, tablets, computers, and web browsers. Wallets can be hosted, where the private keys are maintained by a third party (e.g., Coinbase, Binance, Gemini), or unhosted, where the user maintains control of the private keys (e.g., Trust Wallet, Electrum, Exodus). It’s important to know this distinction for follow-on investigation.

Questions to ask

  • What crypto apps do you have? Can you show me how the app works?
  • How much is in this wallet? Where did the funds come from?
  • How did you backup this wallet?
  • Where did you record the seed phrase? Who else knows where it is?

Hardware wallets

Also known as “cold storage”, hardware wallets are offline wallets used for storing cryptocurrency that protect the wallet from online threats.

Hardware wallets

Questions to ask

  • What is the PIN to access this wallet?
  • Who does this wallet belong to?
  • How much cryptocurrency is stored here?
  • Where did you record the seed phrase?
  • Who else knows where the seed phrase is?

Cryptocurrency mining operations or rigs

Cryptocurrency miners are computers that create cryptocurrency and may consume significant amounts of electricity. These systems are often expensive to set up and operate.

A server rack for crypto mining

Questions to ask operators

  • What is this used for and how does it work?
  • Are you a part of a mining pool?
  • What wallet is linked to this mining rig? Who funded this setup?
  • How long has this been in place?

This material is for informational purposes only, and is not intended to provide legal, tax, financial, or investment advice. Recipients should consult their own advisors before making these types of decisions. Chainalysis has no responsibility or liability for any decision made or any other acts or omissions in connection with Recipient’s use of this material.