As the popularity of cryptocurrencies continues to skyrocket, unfortunately, threat actors are flocking to it to commit crimes as they can hide through the heightened anonymity.
Tom Sadon, Product Marketing Director at Cognyte, discusses the leading methodologies used by law enforcement to perform their investigations.
In recent years, the popularity of cryptocurrencies has skyrocketed, revolutionizing the way people do business, and it’s easy to understand why – secure payments and low transaction fees offer an easy way to send and receive money. But the use of cryptocurrencies has also created an ideal platform for criminals to perform diverse types of crime, including drug trafficking, organized crime activities, and cyber-attacks.
With more bad actors turning to crypto to leverage the anonymity it provides, law enforcement agencies must employ unique strategies that can identify transactions, reveal the real identities of transaction makers, and bring suspects to justice. To do this, they need technology solutions that support those methodologies.
Top Cryptocurrency Crime Investigation Trends
Let’s look at some of the most prevalent methodologies that law enforcement agencies are using today as part of their crypto-based investigations:
1. “Follow the money” methodology
A popular choice for law enforcement to identify fraudulent crypto activity is called the “follow the money” methodology. This method allows financial investigators to track and analyze fund movement around the cryptocurrency blockchain. It can also expand investigations by tracking associated transactions on the public ledger. In many cases, “follow the money” includes the attempt to identify illicit transactions and tag diverse entities using open-source methodologies in tandem with blockchain analytics. Ultimately, this methodology must be used in conjunction with cryptocurrency conversion exchanges or wallet application vendors to discover the identities of transaction makers.
2. Open-source intelligence analytics
Open-source methodologies are another option for law enforcement investigators that prove helpful in identifying criminals. Open-source intelligence (OSINT) analytics equip law enforcement with insights on the web activity of online users, financial institutions, businesses, and private sector organizations.
By employing OSINT, investigators can covertly analyze helpful information from various sources, including the surface web, deep and dark web, social networks, and apps. Once OSINT has been employed and the data retrieved, law enforcement can identify and tag various services on the blockchain, such as online cryptocurrency conversion exchanges, mixers and shapeshifters, payment services, gambling sites, donation addresses and additional platforms. Some services, such as mixers, are suspicious since they enhance anonymity and are often used for unlawful activities or money laundering, often on a mass scale. Tagging these services can help reveal money laundering attempts or illicit activities.
In addition, OSINT enables law enforcement to identify and tag multiple illicit crypto addresses, such as addresses published by drug dealers on the darknet or terror-related addresses linked to terror financing campaigns promoted via terror groups’ websites or social media.
3. Blockchain analytics
Blockchain analytics is the process of collating and analyzing the information on the distributed blockchain ledger to identify and visually present blockchain transactions and data. This process also clusters addresses used by the same digital wallets. Since blockchain transactions are public records, law enforcement agencies can get information regarding transactions and addresses, yet they cannot reveal the identities of transaction makers. As mentioned, law enforcement agencies can identify illicit transaction makers by combining blockchain analytics and cooperation with exchanges or digital wallet vendors.
4. Clustering techniques
Blockchain analysis also includes clustering crypto addresses to digital wallets and expanding investigations by tracking transactions on public ledgers. Clustering is defined as grouping together crypto addresses belonging to the same digital wallet, owned by the same person or service, regardless of whether the person or service behind the cluster is known or tagged. Once clustering is performed, law enforcement can track the movement of funds from one digital wallet to another, rather than from one address to another, which allows them to identify the overall transferred amounts and activity picture, making the tracing process more efficient.
5. The combination approach
This is the primary trend in cryptocurrency investigations heading into 2022. Since each of the mentioned methodologies has its benefits and limitations, law enforcement and security organizations have realized that a combo approach is the best way to crack financial investigations. The complexity of blockchain investigations means that technological solutions need more than a single data source.
Gaining a holistic picture of crypto investigation requires fusing siloed data sources. All investigative sources must come together to track suspects from different angles and identify bad actors.
One example of a multi-methodology investigation involves using the “follow the money” methodology in conjunction with blockchain analysis techniques and collaboration with exchanges. This method allows financial investigators to track fund movement on the blockchain to an exchange, which should be subject to strict regulations requiring verification of the identity of its customers (KYC – Know Your Customer). Law enforcement can collaborate with this service to identify the persons behind withdrawals from a suspicious crypto wallet. Yet even this kind of investigation may face challenges since some exchanges have minimal or non-existent KYC compliance or because suspects are using fake identities in their registration to exchanges.
An advanced solution should not depend on any third-party collaboration, such as exchanges or wallet vendors. This would also lead to the introduction of autonomous technology in managing cryptosecurity.
Criminal exploitation will only increase with interest in cryptocurrency showing no signs of slowing down. It is essential for law enforcement to be prepared with the latest investigative techniques and equipped with advanced technology solutions going into 2022. Using one or more of the investigation methodologies described above, and ultimately all of them together, can effectively aid law enforcement in their investigations, helping to identify crypto-related criminal activity accurately.