On May 3, 2024, Merkle Science hosted a three-hour crash course in Mastering Crypto Investigative Strategies. The full video can be watched on-demand here.
The two instructors were Keven Hendricks, the founder of Ubivis Project and a former member of the FBI Task Force along with Merkle Science’s own Ian Lee, its director and product strategist in forensics.
Read on below to find out the 3 key takeaways from the webinar:
-
Don’t overlook open-source intelligence (OSINT)
Cryptocurrency schemes are becoming more complex. For example, a pig butchering scheme may involve a criminal first targeting a victim on a social media site, luring them for a deeper conversation on a chat platform like Telegram, and finally asking them to deposit crypto into a fake investment platform.
While these operations have become multifaceted, the one advantage is the digital breadcrumbs: there is more open-source intelligence for investigators to track. Investigators can examine communications on social media websites or darknet forums; examine domain registrations, IP addresses, and company profiles; and, of course, analyze the blockchains themselves which, as digital ledgers, contain a record of all transactions. Investigators can even use free tools like Etherscan to manually track suspicious activities.
Investigators should not discount open-source intelligence. This information can be a useful starting point for launching an investigation and even putting together a picture of how the crime operates, who is involved, and where the illicit funds go.
-
Complement open-source intelligence with blockchain analytics
The most effective investigators will combine open-source intelligence with information that can be gleaned from blockchain analytics tools, such as Merkle Science’s own Tracker.
Blockchain analytics tools like Tracker offer features that are crucial to any investigation. The first is visualization. A good blockchain analytics tool will enable investigators to map out the flow of funds, even when criminals use obfuscation tactics like coin mixers or chain hopping. The latter is accomplished by offering support for multiple chains, especially those frequently used for laundering.
This visualization enables authorities to understand how transactions are connected. For example, clustering heuristics can identify when a group of seemingly separate wallets is controlled by the same criminal group, which expands the scope of an investigation.
The second crucial benefit is attribution, which is the process of tying cryptocurrency addresses to real-world identities. Without attribution, investigators cannot take enforcement action, such as freezing assets on centralized exchanges, or legal action, such as charging alleged perpetrators with crimes. Blockchain analytics tools can aid investigations by providing independently verified attribution.
With Tracker, investigators can begin their investigation by simply inputting wallet addresses or transaction hashes to retrieve detailed information about past transactions, and associations with illicit actors are highlighted.
Still, every tool has its limitations, which investigators should minimize by using both open-source intelligence and blockchain analytics. This point was underscored by a startling anecdote: a law enforcement officer nearly overlooked over $100,000 in assets because they were stored in a wallet that MetaMask did not support; only by testing the wallet on a different platform did they uncover the hidden assets.
-
Automate your crypto crime investigations as much as you can
Investigators go into the field because they like doing the leg work that comes with any investigation. While this hands-on, manual approach may work fine for investigating traditional crimes, it will stretch investigators thin for crypto-related investigations, which can be resource-intensive.
Crypto investigations typically have unclear jurisdiction, due to the transnational nature of the crimes and the blockchains they use. These solutions will also have more legal complexity because of the still-emerging policy around crypto regulation. Finally, these investigations may have a sprawling digital footprint due to the nature of the crime.
Relying exclusively on manual tracking and other techniques will prevent investigators from focusing on other crucial areas of an investigation, where their time and expertise will be more needed.
Investigators thus need to use tools that offer some level of automation. To this end, Merkle Science’s Tracker tool offers an auto-investigate feature, which facilitates the analysis of transactions associated with specific entities, such as KuCoin or Binance. Tracker’s auto-investigate feature automatically calculates transaction paths so that investigators can identify complex transaction patterns and the entities associated with them, minimizing the time and effort that goes with manual tracing.
By accelerating the investigation with automation, investigators can focus on higher-value areas, such as attribution, evidence gathering, and prosecution.
Get on track with Tracker
Investigating crypto crime is challenging. Investigators need to put themselves in the best position to succeed with the right tools. With Tracker, investigators can complement their open-source intelligence with a leading blockchain analytics tool that will aid with visualization, attribution, and automation of some parts of an investigation.
Click here to watch the full webinar on investigative strategies for combating crypto crime and make sure to follow us on LinkedIn to sign up for future webinars.