Blockchain Intelligence for Law Enforcement: An Introduction

With the rise of crypto crime, investigators must increasingly focus on obtaining blockchain intelligence that platforms like Merkle Science’s Tracker provide. Open source explorers hold only quantitative data that has limited usefulness. 

Blockchain intelligence refers to information gathered from a digital asset’s public ledger, such as those about the transaction, involved parties, or block. It may also involve data from clustering heuristics, fingerprinting, and open-source intelligence (OSINT)

This article will discuss the importance of blockchain intelligence - especially in the context of crypto crimes - what it involves, and how to obtain it. Most crucially, this article explains why law enforcement agencies should rely on advanced blockchain intelligence solutions rather than blockchain explorers or open source tools. 

For law enforcement professionals unfamiliar with digital assets, blockchain intelligence can seem intimidating. But it’s rather straightforward when you examine its component parts.

When cryptocurrency first emerged, blockchain was likened to a public ledger, one that happened to be immutable. The information that people can obtain from here is blockchain intelligence, and although it may vary from blockchain to blockchain, it generally consists of these three elements:

1. Transaction data - Digital asset transactions are publicly recorded onto the blockchain. This means people can see how much a transaction was for, any fees incurred, and the involved parties, at least in terms of the sender’s and receiver’s cryptocurrency addresses. 

This data is similar to line items on an accounting spreadsheet, only it has wallet addresses in place of business names.

2. Block data - The blockchain is composed of blocks that form the blockchain. Each block contains information that may be helpful to investigators as blockchain intelligence, including when a transaction was made (i.e. the timestamp), block height, size, and details about the miner or validator. While block data may be less directly helpful in crypto investigations, it does have a role in establishing timelines, cross-referencing details, and providing basic information. 

3. Network activity - Each transaction creates transaction and block data, representing blockchain intelligence on a micro level. When aggregated, transaction and block data also creates vast amounts of data that can be used to glean a larger and clearer picture about how the network and native token are being used. 

Network activity data reveals larger movements of funds, patterns, and volumes. This type of blockchain intelligence may provide investigators with insights into schemes, such as wash trading, where buying and selling activity between clusters of wallets indicates transactions with no change in beneficial ownership.

Why Blockchain Intelligence Matters for Law Enforcement 

Blockchain intelligence is crucial to any law enforcement agency. Here are some of the main reasons why blockchain intelligence solutions are vital in crypto crime investigations:

Old modus operandi are being modernized with crypto. For example, romance scams existed long before crypto, but fraudsters now request payments in digital assets. Before, they asked for funds through methods like international wire transfers or gift cards. The advent of crypto has added a layer of pseudonymity, making crimes like pig butchering more prevalent.  

The same is true for other types of crime, such as Ponzi schemes. Crypto enables a greater level of pseudonymity when cashing out illicit funds. Such criminals include money launderers, cybercrime groups, terrorist organizations, and more. To thwart these criminals, law enforcement agencies must gather blockchain intelligence pertaining to their use of different digital assets. 

There are also crimes that revolve principally around the use of digital assets. For example, in a rug pull, illicit actors will pump up the value of a coin, before selling all or a majority of their stake, which they often liquidate through other digital assets. Cyber criminals also hack exchanges to funnel the funds across different blockchains.

In other instances, crypto is less prominent but no less central. For instance, in pig butchering scams, criminals will use a fake online profile to gain the trust of an unsuspecting victim and eventually seek investment through digital assets. Addressing these crypto-centric crimes requires blockchain intelligence to understand how funds are moved and where they end up. 

3. Attribution

No matter the type of crime, law enforcement agencies must attain attribution, which is the process of connecting an address linked with a crime to a person’s real world identity. This is the key part of any crypto investigation. Without attribution, authorities would be unable to prosecute criminals or build a solid case.

Blockchain intelligence plays a key role in attribution. Investigators need to retrieve blockchain intelligence to prove a person’s funds are illicit, tracing their origin from the crime in question across multiple transactions designed to launder and obfuscate the trail.

3 Ways Gather Blockchain Intelligence for Investigations

There are three main methods of gathering blockchain intelligence for law enforcement agencies. We will discuss them from least to most effective

1. Native Blockchain Explorers

A blockchain is a public ledger: It provides a record of transactions that people can read through. The blockchain explorer serves this function. It is where people can examine different transactions that have occurred on the blockchain. 

These blockchain explorers generally provide similar information, such as when a transaction occurred, what addresses were involved, and how much it was for. While blockchain explorers can be a good starting point for retrieving blockchain intelligence, they are ill-equipped for advanced evidence gathering. For example, it would be difficult for law enforcement to visualize the flow of illicit funds through a blockchain explorer, which usually presents information in a tabular format. 

Some blockchains do not have a native explorer developed by the same developers, but have a third-party one that has since become the de facto resource, such as Etherescan for Ethereum. Others do maintain a native blockchain explorer: Solana, for example, has Solscan. 

Open-source tools offer more advanced analytics than blockchain explorers, such as detecting unusual transaction patterns, clustering related addresses, and tracking illicit funds.

For example, some open-source tools can detect unusual transaction patterns, cluster-related addresses, and track the movement of illicit funds. However, their main limitation is the lack of continual development, as they rely on resources from their core developers. As a result, open source tools often fall behind in their ability to gather blockchain intelligence, especially when criminals are always innovating new techniques to obfuscate their trail and evade authorities.

Private blockchain analytics tools are the most suitable for law enforcement. Developed by private companies, these tools have the resources to keep up with evolving criminal techniques. 

They offer comprehensive features such as monitoring, tracking, visualization, reporting, collaboration with the stakeholders in a crypto investigation, and more. 

Merkle Science’s Tracker is a preferred blockchain analytics solution among law enforcement: Its behavioral-based rules engine enables authorities to identify high risk transactions, follow illicit funds, and identify criminals. 

Why Law Enforcement Needs Blockchain Intelligence Solutions Like Merkle Science

Law enforcement needs blockchain intelligence,  and private blockchain analytics solutions are the best way to obtain it.

Support 

Law enforcement agencies can't rely on blockchain developers for support with explorers or open-source tools. Blockchain analytics solution providers offer valuable resources and training.  For example Merkle Science offers an Institute for training and certification related to crypto investigation as well as on-demand assistance from experienced investigators. 

Transparency

Even if open source tools are freely available, their methodologies might not be transparent, making them less reliable in a court of law. In fact, some may have a black box around their technology: Their code may not be easily understandable, or it may use third-party databases or APIs that do not provide full data disclosure. 

In contrast, blockchain analytics tools provide transparency into how they attributed wallet addresses and transactions to a service location like an exchange, which could then use KYC information to tie it to a person’s real-world identity. This ability strengthens the value of blockchain intelligence: Law enforcement professionals can prove probable cause, which is then proven to a prosecutor and a judge. 

Continuous Monitoring 

Criminals may use shell addresses that pass initial screenings but later become connected to illicit activities. Blockchain analytics tools provide continuous monitoring, ensuring that law enforcement has the broadest and latest available blockchain intelligence.

Conclusion

Law enforcement officials may find blockchain intelligence daunting, but using blockchain analytics solutions like Merkle Science makes gathering intelligence for crypto investigations easier and more effective. Learn more about Merkle Science’s Tracker, a best-in-class tool that helps investigators gather blockchain intelligence with speed, precision, and scale.