Investigators are increasingly using cryptocurrency tracing techniques as part of criminal and civil cases to chase down the proceeds of fraud. In a recent record-breaking seizure, US authorities have recovered $3.6 billion worth of Bitcoin, believed to have been the criminal proceeds of a hack committed against a cryptocurrency exchange in 2016. The case not only shows an increased level of capability to use innovative methods to pierce the veil of anonymity associated with crypto transactions, but also demonstrates some of the laundering techniques used, and how the difficulties in laundering huge amounts of cryptocurrencies gives an advantage to investigators.
On 7th February, United States authorities filed a criminal complaint against two individuals suspected of laundering the proceeds of a network compromise likely committed against the Bitfinex cryptocurrency exchange in 2016. The complaint revealed an impressive investigation showing that the Inland Revenue Service (IRS) were able to seize $3.6Bn in Bitcoin using a mixture of cryptocurrency tracing and traditional investigative techniques.
In August 2016, hackers breached the victim organisation’s security systems and infiltrated their network resulting in over 2000 unauthorised Bitcoin transactions made to a single wallet. The transactions totaled nearly 120,000 Bitcoin, valued at $71m at the date of the hack, and now worth a staggering $4.5Bn at the time of the complaint.
The investigators traced the movement of the stolen funds after the hack, likely using a combination of specialised cryptocurrency tracing technology and disclosure from third parties. They were able to follow the funds through a series of complex transactions out of the wallet, ultimately tracing them to accounts held or controlled by two individuals at other exchanges. This was despite efforts by the launderers to conceal their identities and activity through techniques such as layering and “peeling” transactions through multiple addresses, using a darknet market as an intermediary, and “chain-hopping” - the technique of converting Bitcoin into other virtual currencies, including the use of high-anonymity currencies like Monero. The pair were also accused of providing false information to the various exchanges with respect to the source of their funds.
After following the flow of funds to the two suspects, the investigators obtained a search warrant against one of the individual’s cloud storage services, leading them to find and decrypt a file with a list of 2,000 virtual currency addresses and the private keys, essentially giving the investigators full access to the wallets. With the help of authority to execute a lawful seizure, the US government secured the funds.
Many of the tools and techniques used by law enforcement for tracing stolen cryptocurrency are also available to private investigators and law firms operating in the civil arena. If stolen crypto is traced into a customer account held at a third-party cryptocurrency exchange or service, it may be possible to obtain court-ordered disclosure from the third party which reveals the identity of the customer who received the funds, and thereby helps to expose the perpetrators of the fraud. It may also be possible to obtain an order freezing the account in question or the funds therein, pending recovery action. Pursuing civil remedies should be considered in the event of frauds and thefts involving cryptocurrencies.
Mishcon de Reya litigators and our investigations practice, MDR Cyber, frequently use tracing techniques to chase the money from frauds, thefts and hacks and work together to secure legal orders to compel disclosure of information, freezing of funds and recover losses on behalf of our clients. For more information contact firstname.lastname@example.org.