Blog Post

Cold Case? Uncovering Truth in Digital Assets Crimes through Data and Insight

  • LinkedIn icon
  • X/Twitter icon
  • Print icon

It remains a popular belief that cryptocurrency theft is an unstoppable, unsolvable crime. However, in recent years, law enforcement across the U.K. and Europe have recovered billons of euros in laundered or stolen digital assets. In cases involving sophisticated criminal networks and illicit transactions, cryptocurrency recoveries have outweighed the value of recovered fiat currency. This is possible through the work of investigators who understand the complexities and nuances of digital assets and how to leverage data, digital forensics and analytics to piece together details and identities related to fraudulent transactions or theft. 

Digital asset transaction data resides on blockchains, as public, auditable, immutable real-time ledgers of cryptocurrency transactions. Therefore, in the wake of theft or misappropriated assets, digital evidence can be collected from the blockchain and impacted accounts and wallets to establish origination, destination, volume, pattern and behaviour. These pieces of information help identify assets, document their flow between accounts and trace location. The course of an investigation can reveal the characteristics of transactions to pinpoint the flow of funds and reveal patterns in activity that may provide further insight as to the culprits’ identities and what was done with the assets. 

Attribution, wherein forensic experts look at artifacts including a transaction ID address, transaction history, account owner information and other details to assign ownership to assets or accounts, can be used to provide an additional trail of facts that may be used to resolve a matter. The ability to link some form of identity to funds and accounts can be critical in the process of recovering lost or stolen assets. Advanced data science techniques, including artificial intelligence, can be used to tag and cluster blockchain addresses into aggregated entity, individual and asset profiles that can be searched and assessed. 

Analysis is corroborated with off-chain investigative approaches to link wallet activity with potentially identifiable documentation or artifacts. In addition to tracking accounts, a forensic investigation of a user’s device(s) (e.g., laptop, desktop, mobile phone) can provide critical information to support attribution and identify advanced techniques and protocols used to commit fraud or theft. As one example, FTI Technology was engaged to trace a company’s funds on-chain for a liquidator and noticed this company was moving millions of dollars of crypto assets around, which were then being paid back to company-controlled wallets. It then became apparent these funds were being used to purchase other large items off-chain to disguise the funds.

As digital assets investigations grow more complex, there will be an increased demand for experts who can interpret blockchain-based data, perform accurate, defensible analysis of that data and provide testimony as to the reasonableness or validity of certain actions.

Several recent cases have raised questions about investigation accuracy, signaling blockchain analysis may be brought into question if not properly supported. This is partly due to the fact that cryptocurrency transaction data is difficult to understand and use in its raw, unprocessed form. Supplemental data, tools and specialists are necessary to make this accessible but opaque blockchain data reliable for asset tracking and recovery. 

Three case examples include:

  • Law enforcement agencies were relying heavily on blockchain analysis to track transactions linked to a suspected drug trafficking network. However, innocent parties were erroneously identified as being involved, emphasising the need for analysts to have a deep understanding of techniques and tools specific to the blockchain.
  • A company specialising in blockchain analytics faced scrutiny after reports emerged, showing its AI-driven tools incorrectly flagged legitimate transactions as suspicious. The issue arose due to the algorithm's overreliance on certain heuristics without ensuring sufficient human oversight. 
  • In a matter involving ransomware, challenges were revealed in attributing blockchain transactions to specific entities. While the investigation initially pointed to a wallet as the ransomware operators’ primary wallet, further analysis revealed the wallet belonged to a legitimate business that had been used unwittingly as an intermediary. 

Steps investigators can take to ensure their analytics tools are accurate, thorough and defensible follow below.

  • Watch for red flags: Unusually rapid or high-volume transactions, which may indicate wash trading or attempts to manipulate market prices; obfuscation techniques to conceal transaction origin; discrepancies between data sources; and sudden changes in wallet activity.
  • Review supplemental data: Data from Know Your Customer and Anti Money Laundering controls and systems to link blockchain addresses to real-world identities; off-chain data such as traditional financial records, communication data and social media activity; and legal/compliance records including regulatory filings and court documents.
  • Leverage tools to assist: Analytical tools designed specifically for blockchain data; blockchain explorers; and/or a bespoke suite of solutions developed by expert investigators. Importantly, each tool has weaknesses and potential deficiencies in the types of digital assets they can trace, therefore investigators often need to leverage numerous tools in concert, with expert guidance on the strengths and weaknesses of each. 
  • Implement quality control and authentication processes: Validate data by cross-referencing blockchain data across multiple sources; confirm findings through peer review; maintain clear records of data handling; and use historical data to refine algorithms and reduce false positives and negatives.

In addition to using analytics tools in these investigations, there’s also an increasing demand for adjacent investigatory insights to help uncover truth in complex cases. Meeting these needs may require specialized expertise in custodian research, social media analysis, regulatory evaluations, tokenomics review, smart contract and code examination and valuations. Additionally, many cases require involvement of testifying experts who can address issues of reasonableness of actions taken by companies in the crypto sector or the underpinnings and outputs of complex technical infrastructure. 

The digital assets industry will grow healthier as it becomes easier to prevent and combat cryptocurrency-related crimes. Effective investigative techniques and expertise will be critical to recovering assets lost to criminal activity, and in turn, help nurture trust in this new and evolving economy. 

Related topics:
Blockchain

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.

Related Solutions