While part one of our Links recap focused on blockchain regulations and innovations, another emphasis of this year’s conference was on how investigators use blockchain analysis to fight cybercrime. With speakers from the IRS Criminal Investigations unit, Paxful, and Recorded Future presenting, part two of our recap offers an inside look into the techniques that stop criminal activity and the tools that make this possible.
IRS-CI Case Study with Jarod Koopman
In 2021, an Ohio man pleaded guilty to operating a darknet-based Bitcoin mixer known as Helix. This mixer allowed customers to send bitcoin to a new address in a manner designed to conceal the source and owner of the bitcoin. The laundering service moved more than 350,000 bitcoins (worth roughly $311 million at the time) before its operator’s arrest.
As a Bitcoin mixer, or tumbler, Helix received millions of dollars’ worth of cryptocurrency from addresses associated with cybercrime, including darknet market drug sales and scams. Its biggest criminal counterparty was the darknet market Alphabay, with which it formed a partnership to conceal sales on the drug marketplace.
As Jarod Koopman tells it, Helix’s demise was the result of the intuition of investigators, Chainalysis’ grasp of the criminal ecosystem, and the cryptocurrency forensics tool Reactor, which clusters transactions, calculates service-level exposure statistics, provides accurate and up-to-date attributions, traces unspent funds for asset seizure opportunities, and more. And given the growing fragmentation and sophistication of criminal activity—wherein hackers, launderers, and illegal service providers operate independently behind several layers of anonymity—accurate blockchain analysis is more important than ever before.
How Paxful Uses Chainalysis to Detect CSAM Activity
Yet another devastating impact of the COVD-19 pandemic has been the explosion of CSAM activity on the internet. Paxful, a leading peer-to-peer finance platform and long-time user of Chainalysis for compliance, has successfully curbed illicit use on their platform across categories, including scams and fraud shops. In this presentation, Paxful showcased how they have leveraged Chainalysis data for deeper investigations into CSAM and used advanced techniques to uncover previously unknown activity.
A Drink with “Ransomware Sommelier” Allan Liska
2020 was the ”Year of Ransomware”—growing faster than any other category in cybercrime—and yet 2021 has already surpassed 2020’s figures. Ransomware actors have attacked organizations ranging from schools, hospitals, and pipelines to entire municipalities. Even wine producers aren’t safe. That’s why we sat down with Recorded Future’s Allan Liska to uncork the ransomware problem and the themes that have accelerated its rise.
“A big part of the reason that early ransomware was successful was actually because of Blockbuster and Starbucks,” Liska began. Blockbuster was the first company to sell gift cards at the register, then Starbucks subsequently marketed them so effectively as holiday gifts that grocery stores began to carry them year-round. This gave birth to the first ransomware actors, who needed an easy and untraceable way to collect and keep their money.
However, there was a natural upper limit to this sort of extortion—it isn’t easy to demand $10,000 worth of gift cards—so for many years ransomware actors targeted personal computers and demanded only small sums. By 2012, however, ransomware groups had realized that if they asked for Bitcoin instead of gift cards and encrypted entire networks, rather than just computers, they could charge whatever price they pleased.
And if the last two years have proven anything, it’s the efficacy of this approach: this year, businesses have paid lump sums of as much as $40 million dollars in Bitcoin to decrypt their data. The good news, however, is that “we’re seeing more law enforcement action this year than in any other year,” Liska said. “And it makes a big difference.” In just the past few weeks, both REvil and Black Matter have announced their closure thanks to a combination of heightened political pressure, compromised Tor servers, and a flurry of law enforcement activity. The private sector has fought back as well, with companies exploiting errors by ransomware operators to decrypt the files of dozens of victims.
To the Moon: The Chainalysis Platform Vision
So, how can Chainalysis enable more success stories like those discussed above? In this session, Chainalysis CPO Pratima Arora shared her product strategy for creating the tools the industry needs to build trust in cryptocurrency.
On Chainalysis Reactor, our core investigations product, major upgrades are being made every day. Automated peel chain detection now allows investigators to unravel a peel chain with a single click—a feature that fifty percent of Chainalysis customers have used in just the last month. Enriched Ethereum investigations have also come to Reactor, with a collection of new tools to trace tokens transferred across blockchains, and cross-chain graphing is coming soon (in Q1 of 2022). Finally, our investigations API automates time-consuming and complex workflows, saving time and resources for analysts working high priority cases.
Chainalysis KYT, our core compliance product, is also evolving rapidly. We support transaction monitoring for all of the crypto-assets that exchanges have on offer, but support for layer two transactions are coming soon, too, starting with lightning networks this quarter. We’ve also introduced behavioral alerts with highly customizable parameters to make the job of compliance officers’ that much easier and more effective. Along with our forthcoming liquidity pool and DeFi counterparty monitoring tools, these upgrades help analysts of all stripes spot opportunities and manage risks in an industry where novelty is the norm.
We’re especially excited to introduce our community tab, currently in beta, that enables our customers to easily share information and OSINT with each other. Why did we implement this feature? Because for trust in cryptocurrency to become a reality, we believe that collaboration between all types of organizations must be the foundation.
‍These four sessions conclude part 2 of Chainalysis’ Links conference recap, which focused on cryptocurrency investigations of all kinds. Missed part 1? Check it out to learn more about the latest cryptocurrency innovations and regulations.