Sextortion, ransomware, money laundering, tax evasion, terrorism, fraud; just a few crimes getting a boost from cryptocurrency. Is your organization affected? Are you ready to fight blockchain crime? Yesterday’s toolkit is not going to cut it in the cryptoverse; it’s time to consider what your needs are and tool up.
According to the Association of Certified Fraud Examiners 2018 Report To The Nations, fraud can take 5 to 24 months to be detected. When we factor in vectors that are not being monitored – such as blockchain – the exposure can persist for much longer periods. It may take a while before some organizations realize that they have been affected by blockchain crime.
When criminals commit offences related to blockchains, they appropriate tokens of value stored in the blockchain by stealth, by force, or in collusion – to their benefit, and to the detriment of their victims. In my previous post “Following The Money In The Age Of Blockchain“, I explained how – through blockchain forks – a victim could remain oblivious to being victimized through sheer ignorance. Other transactions involve the movement of value tokens from one party to another to facilitate illicit transactions. The emerging threat of blockchain crime warrants attention.
Perceived anonymity has emboldened criminals to demand money in bitcoin to unlock computer files, or destroy purported webcam videos of victims in compromising states (fabricated threats given an air of legitimacy by providing the victim with a compromised password used by the victim and sold on the dark web). These are the obvious attacks, and they should be reported to law enforcement. The reports should include the bitcoin address to which the criminal requested to have funds sent. Even if your local law enforcement is not equipped today to do anything with these addresses, it is worth reporting so that they can build the repository of addresses associated with criminal activity.
As MIT Technology Review reported, these addresses are now being monitored; we can see how much funds are going into them and how the funds are spent. As the blockchain is monitored, all it takes is a single address owner to be identified as bitcoin is transferred from address to address, for the trace of real people to begin. Bitcoin is not anonymous. When a federal judge in California recently ordered a man to pay $750,000 in bail with bitcoin – as reported by the Daily Post – there was no mention of the potentially far reaching implications of the order. This was the work of a very tech savvy judge, or one that inadvertently tripped on a treasure trove of evidence. The brilliance behind the order – if deliberate – is simple; when the court receives a bitcoin payment from the suspect, they also receive his bitcoin address. Through a block explorer, the suspect’s bitcoin address can be interrogated for the balance. Additionally, funds entering and leaving the address could also be traced to identify other ill gotten gains. You can’t trace cash like that.
A recent Forbes report claimed that bitcoin is being incorporated into terrorist fundraising campaigns. While the report goes on to state that with the terrorists “Cold hard cash is still king”, it is noteworthy that they are exploring crypto. Some criminals are moving away from bitcoin toward more privacy-oriented cryptocurrencies such as Monero or Zcash to secure their anonymity. However, these cryptos are not generally paired to fiat currency – meaning that to cash out, they will need to be swapped for a crypto such as bitcoin which can be sold on an exchange for cash.
Law enforcement in some jurisdictions have employed the services of specialists to assist with blockchain analysis in criminal cases such as Silk Road. An industry of blockchain analysis services such as Chainalysis is emerging, with offers to support organizations with the detection and investigation of money laundering, fraud, and regulatory compliance violations on the blockchain. The Russian government is reportedly developing a system to monitor cryptocurrency wallets owned by criminal suspects. As governments and law enforcement agencies slowly begin to retool, entities with potential exposure will also benefit from a plan to confront the impending threat lurking around the corner.
Just as the innovations of cash and credit cards, before it, revolutionized commerce while creating unintentional opportunities for bad actors – so too will cryptocurrency and blockchain. What will it take to move toward a state of readiness to combat the unintended consequences? Crypto needs to become entrenched into the lexicon of crime and fraud fighters. Investigators need to ask the right questions, and we all need to prepare to interrogate the new frontier – the blockchain.