Extending the Long Arm of the Law: How the Top Five Use Cases of Blockchain Analytics can Help Law Enforcement

In 2022, victims of cryptocurrency hacks collectively lost over $3.9 billion. Compared to other crimes, such as vehicle theft, most victims of cryptocurrency schemes will never recover their assets again. 

Combatting crypto-related crime is difficult because affiliated transactions are difficult to trace manually. While blockchain data is public, many criminals use obfuscation techniques like mixers to hide the flow of funds. Some opt for privacy coins altogether, which have anonymity-enhancing features baked in. 

This opacity is complicated by the fact that Bitcoin has no borders. In other words, criminals operate across state lines, making cooperation and coordination among law enforcement agencies inherently complex.

Blockchain analytics, a subset of digital forensics, can push the tide back in favor of law enforcement, enabling them to investigate illegal transactions, fraud, and criminal activities within cryptocurrencies. As criminals become more sophisticated in using cryptocurrency as a conduit for their illicit funds, law enforcement must increasingly rely on blockchain analytics to prevent, thwart, and identify crypto-related crimes. 

1. Intelligence Gathering

Many law enforcement agencies assume that blockchain analytics can only help them after a crime is committed. Such cannot be further from the truth. Solutions in this space can also be a proactive tool in gathering intelligence about different threats, including organized crime syndicates, cyber criminal groups, and terrorist organizations.

For example, monitoring the flow of cryptocurrency to a dormant terrorist cell in the United States may suggest a forthcoming attack, providing law enforcement with an opportunity to thwart the crime. The use of blockchain analytics may unmask other similar crimes. 

It is in this spirit that the United Nations Office on Drugs and Crime (UNODC) and the European Union conducted a training program for specialized officers in 2019 as part of Pakistan's Action to Counter Terrorism (PACT) Projects. This initiative equipped officers with advanced digital forensic tools and taught them how cryptocurrencies and the dark web intersect with terrorist activities. To combat this threat, they emphasized the critical role of blockchain analytics in monitoring, tracing, and interpreting crypto transactions associated with illicit activities. 

2. Incident Response 

In the immediate wake of any crime, law enforcement has to go into incident response mode to prevent further damage and minimize victims. This goal is best accomplished through blockchain analytics, as they can trace the flow of funds and take appropriate action. 

The effectiveness of incident response with blockchain analytics is best illustrated with ransomware. By analyzing historical blockchain data and off-chain information, authorities can identify criminals and trace laundered cryptocurrency that matches ransomware-related patterns. Bitcoin, used in 98% of ransomware cases, only offers pseudo-anonymity, making it traceable by following transaction patterns. 

3. Asset recovery 

Most headlines related to crypto crimes naturally focus on the initial value involved: X amount was stolen from the exchange, or Y amount was taken away from the pig-butchering victim. While these figures may be eye-catching, they are not set in stone: Many times, funds are recovered, either by the victims, white hacker groups, or authorities, often with blockchain analytics. 

One example is James Zhong, who pled guilty in 2022 to wire fraud after unlawfully obtaining over 50,000 Bitcoin from the Silk Road dark web marketplace back in 2012. For ten years, the whereabouts of the missing Bitcoin was unknown. Through what the authorities called "state-of-the-art cryptocurrency tracing and good old-fashioned police work," they recovered the stolen assets.   

As this example illustrates, blockchain analytics can be used to trace the movement of illicit funds and take appropriate action, such as freezing affiliated accounts, recovering the assets, and returning them to their rightful owners. 

4. Prioritization of cases

The cryptocurrency world is ripe with criminal activity, and law enforcement has limited resources. It would thus be necessarily impossible to hunt down all crypto-related criminals in the same way that police in the real world don't arrest every person who litters or jaywalks across a street. 

Law enforcement needs a triage system to prioritize crypto crimes and criminals that are the most time-sensitive, harmful, or costly. Blockchain analytics is the closest tool that law enforcement will have to a triage system, as it can enable them to identify crimes associated with more money, more dangerous criminals, or more harmful crimes. 

For example, in 2016, there was a massive cyberattack on the cryptocurrency exchange Bitfinex in which hackers stole an astonishing $4.5 billion worth of Bitcoin. Over five years, the stolen Bitcoin passed through a convoluted money laundering process, eventually landing in financial accounts controlled by a New York City couple in their 30s. 

Eventually, cryptocurrency exports used sophisticated techniques to trace the stolen cryptocurrency, and they worked with investigators to seize the funds and arrest the couple. This investigation showcases how blockchain analytics can help law enforcement identify and prioritize what are known as "whales" in sales - the criminals that represent the most significant value, figuratively and literally. 

5. Investigation

The world of cryptocurrency is not as opaque as the world assumes (every stock photo relating to cryptocurrency seems like it has an unseen person cowering menacingly behind a computer). Cryptocurrency is pseudonymous: While the actors' identities are unknown, they can be identified by their addresses.

Because of pseudonymity, blockchain analytics can help with investigating. This one is by far the broadest of the five use cases named. Despite this breadth, blockchain analytics can help across the entire value chain of investigative procedures, including:

• Evidence gathering - The movement of funds can be used as critical evidence and any additional information uncovered by following these breadcrumbs. 

• Identification of criminals - Criminals can be identified by following the money, such as when stolen funds are washed in a mixer but end up in a known account of a criminal. 

• Capture and prosecution - Blockchain analytics can help build strong cases against criminals during prosecution vis-a-vis relevant laws. 

• Sentencing - Most judges and juries are naturally not cryptocurrency experts - blockchain analytics can help them better understand the gravity of various crimes. 

For example, Binance's Operation FANCYCAT, with several international agencies, brought down a ransomware group responsible for over $500M worth of damages. Using its enhanced Anti-Money Laundering (AML) detection capabilities, Binance identified suspicious on-chain activities linked to large-scale cyber attacks. This identification provided insights into the group's operations, which eventually led to their arrest, illustrating how blockchain analytics is not only a digital tool: It ultimately brings criminals to justice in the real world.

The time for blockchain analytics is now 

In light of these five use cases, law enforcement agencies must recognize the critical role of blockchain analytics in combating crypto-related crime. The cryptocurrency world is plagued with illicit activities, and limited resources necessitate the prioritization of different investigations. Blockchain forensics provides a powerful tool to identify high-risk activities, maximize incident response and asset recovery, and prioritize combatting and investigating the most harmful criminals.

The challenges presented by the anonymity of criminals using privacy-focused coins and the technical complexities of obfuscation techniques highlight the need for specialized tools and expertise in blockchain forensics. Embracing Merkle's product, Tracker empowers investigators to forensically analyze cryptocurrency transactions, track stolen funds, and conduct in-depth investigations.

By utilizing blockchain analytics, law enforcement agencies can gain actionable intelligence, generate comprehensive investigation records, and effectively combat financial crime in the ever-evolving world of cryptocurrencies. Embracing innovative tools like Tracker is crucial for staying ahead of criminals and safeguarding the integrity of economic systems in the digital age.