The cryptocurrency space is rife with fraudulent ICOs and Ponzi schemes that take off and run with people’s money. Specifically, we’re referencing the common scheme with “anonymous teams” or falsified personas suddenly vanishing and absconding with assets; mismanagement and incompetence are another realms we’ll likely discuss in a future publication.
Even cryptocurrency exchanges do it sometimes. QuadrigaCX, Bitsane, and IDAX are some of the most recent examples of exchanges suspected of conducting an exit scam. There have been too many ICO exit scams to recollect without a novel’s length writeup. While some individuals involved in such schemes have been caught and even tried, many appear to have gotten away with it so far; but can they really continue to get away with stealing people’s money?
Blockchain Forensics
The utilization of blockchain forensics has typically been one of the key tools authorities and blockchain forensics tracking firms utilize to establish wrongdoing and often to find the suspects as well. Forensic tracking firms typically use proprietary tracking software to track down funds that have been moved around since blockchain explorers are impractical to use at scale to track the movement of assets. Plus, it’s common for suspects to attempt to obfuscate ownership of their cryptocurrency assets making attribution next to impossible without such tools. So while tracking can technically be done manually with the help of block explorers or by operating a full node, in many cases it’s simply unfeasible to do so due to the number of transactions involved, the lack of wallet attribution on public blockchain explorers, the use of coin mixing services or obfuscation techniques, and the amount of time it would take without such tools.
Blockchain Forensic tracking tools are considerably expensive, and take a long time to learn even if an individual has a solid foundation of how blockchains work and already understands basic forensic principles like address clustering. The tools take even longer to master.
But even with all the applicable knowledge of blockchain forensics, access to the right tools, and experience using those tools, that’s still only half the battle. Blockchain forensics and analytics software only presents data in a more parseable and easier to understand format. It’s still up to the analyst to decipher and interpret that data. The software won’t indicate when an individual is laundering money, just as one example. The analyst needs to determine that on their own based on the available data. Hence why when a company or individual needs to track cryptocurrency assets, whether an exit scam or for some other reason, working with an experienced blockchain forensics firm is not only advisable but necessary.
Catching the Scammers
There’s a variety of undertakings that all need to transpire in order to catch individuals involved in such illicit schemes:
Determine Their Identity
This is occasionally one of the most challenging aspects in any investigation, since in some cases the individuals who operated the exchange or ICO are anonymous, unknown, or may have even provided a fake identity. If their identity is unknown, the most common method of determining ownership of the cryptocurrency assets is by tracking cryptocurrency assets to a KYC endpoint since such exchange since the suspects typically want to ‘cash out’. The problem with this methodology is that if the suspect is smart, they may never end up ‘cashing out’ or ever connecting the funds or wallets to an endpoint with KYC that would allow them to be identified.
If tracing the cryptocurrency assets doesn’t lead to a KYC endpoint, the alternative options could include more traditional methods of determining identity, such as through OSint (Open Source Intelligence, which CipherBlade utilizes extensively), being tipped off by someone who is aware of the fraud, or by obtaining access logs. Fortunately, in a good portion of cases, individuals do at some point provide their real identity publicly, or list it on social media sites like Linkedin, in order to better solicit investment and adoption of their platforms before the ‘exit’. The identification step is not an issue in such cases.
Determining Location of Individuals
Once the names of the individual(s) are known, they need to be found so appropriate action can be taken by authorities. This is something that should be done exclusively by law enforcement. Not only is it incredibly dangerous for anyone outside law enforcement to do this, but also when vigilantes have done so, it has often lead to false positives, which in some cases has even lead to death of the vigilante or the person the vigilante suspects is a perpetrator, when in reality the person is completely innocent.
Depending on the jurisdiction and how common their name is, it may not be able to track down an individual with only their name. Further identifying information may need to be determined first, such as an address, date of birth, or other personal identifying information.
Intervention by Local Authorities, Law Enforcement or Regulators
Cryptocurrency forensic analysis is only able to locate where the funds are located. By itself, forensic analysis isn’t able to offer victims any justice nor is it able to help them recoup any funds. Authorities need to get involved.
In all likelihood, if you’ve found yourself to be a victim in a large exit scam, the perpetrator(s) won’t reside in the same jurisdiction that you do. Local authorities or regulators need to be notified of the fraud or exit scam along with who the suspects are.
A lot of cybercrime goes unreported since many people have the perception that filing a law enforcement report is a futile endeavour, and that the case will likely never be properly investigated. While there is some truth to this some of the time, one question people ought to ask themselves is why doesn’t law enforcement take time to properly investigate all legitimate cybercrime cases? At a core level, the answer to this question is that either the evidence isn’t strong enough or it’s not feasible for law enforcement to pursue many of the cases due to a lack of resources, but also because they need to judge how to appropriately allocate their resources.
There are a variety of factors law enforcement weighs when determining whether it makes sense for them to allocate resources to go after suspects:
- Size and scale of the fraud – How much money was stolen or how large is the fraud? If the loss isn’t large enough, authorities often won’t bother to pursue it.
- Number of people affected – Authorities do pursue cases in cases even when there’s only a single person affected by the fraud, however, when there are many people are affected, there is some additional pressure to pursue it.
- Lack of relevant information and evidence – Authorities sometimes neglect to pursue cases due to not having adequate information or evidence. This does not mean the evidence and information don’t exist. It merely means it hasn’t been provided to them, at least not in a clear concise way. And they can’t be bothered to allocate resources to both finding and requesting important information and/or sifting through useless information provided. Furthermore, law enforcement has to rely on facts and hard evidence. Not anecdotes or he said / she said claims. Not screenshots showing your ‘account balance’ on a platform. This brings me to my next point.
- Improperly formatted law enforcement report – A good portion of the time when victims come to us, they’ve already filed a law enforcement report, and most of the time, authorities either haven’t responded yet (and important time is being wasted) or authorities have neglected to pursue it. Frankly, this is not a surprise to us because we haven’t seen a single adequate properly filed law enforcement report. Without a properly filed report and clear, concise relevant information and evidence, the likelihood of law enforcement pursuing the case drops drastically.
- Lack of understanding concerning blockchain technology and cryptocurrency – due to how technical cryptocurrencies seem for people without exposure to the industry, when someone actually reads the report and sees mention of blockchain or cryptocurrency, they may try and find any excuse they can to decline to pursue it. Hence why it’s so important to explain important, relevant concepts concerning cryptocurrency in a manner that’s easy for anyone to understand instead of throwing a bunch of technical verbiage into the report as many people do. Fortunately, CipherBlade has extensive experience explaining such concepts concerning cryptocurrency to law enforcement, attorneys and judges in a concise easy to understand manner. We’ve had people testify as a credentialed expert witness when need be as well.
- Preference for going after “low-hanging fruit” – if a case appears ‘difficult’ or if there’s important information missing from the report, it’s less appealing for law enforcement to pursue as it requires more work on their part. Due to a lack of resources, they need to be selective about what cases they pursue. They would much rather take on a case where much of the legwork has already been done for them, as it’s a quick “slam dunk” for them that requires minimal resources on their part. If the case requires a lot of their resources, due to minimal work already being done, that takes away from resources they can allocate to other important cases. Law enforcement likes to look for “slam dunk” cases to pursue, and CipherBlade provides it to them on a silver platter.
Finding the Assets
Once the individuals in question have been found and located, a regulator or prosecutor will likely want to find the cryptocurrency if they intend on taking the matter before a court. Again, the primary tool here will be blockchain forensic analysis here. While forensic analysis is often conducted earlier in the investigation, it’s likely that followup forensics will need to be conducted after law enforcement has been involved. The investigation should reveal how the assets have moved over time and through what wallet addresses. It should also reveal if the cryptocurrency has been traded, liquidated, laundered, or sent to cryptocurrency exchanges.
Apart from blockchain forensics, other methods that can be attempted include device forensics, which in this case would be taking possession of electronic equipment in an attempt to discover wallet addresses, passwords, private keys and mnemonic seeds. Authorities could also issue local cryptocurrency exchanges subpoenas in order to find IP access logs, trading history, withdrawal and deposit history and wallets, and then use blockchain forensics to determine further wallet addresses from there.
Seizing the Assets
Even if exit scammers are found and brought to justice, victims still typically want to be able to recoup at least some, if not all of their funds in most cases. However, there is still no guarantee that funds can be recouped because cryptocurrency is a non-custodial asset. If scammers do elect to keep all their new-found wealth in the form of cryptocurrency in their own wallets, which is relatively rare based on our experience, individuals under pressure from authorities will typically settle or surrender such assets if ordered to do so due to the negative consequences that would result otherwise.
However, it’s far more common for scammers to at least partially liquidate holdings for fiat currency as well as keeping some funds on an exchange. Also, it’s common for scammers to spend a portion of what they’ve liquidated, whether on a boat, house, or Lamborghini just as some examples we’ve seen in the past. Generally speaking, the longer time from the ‘exit’ to the current time, the larger the percentage of funds there is that has already been spent. Whether it’s a physical asset like a Lambo, funds in a bank account, or cryptocurrency on an exchange, these can all be seized, and liquidated in the case of physical assets, so that at least a portion of the funds can be returned to victims, if not all.
Thoughts & Summary
There’s no doubt that exit scams and money-grabbing attempts will continue to occur in the cryptocurrency space. A sizable portion of people who elect to engage in exit scams don’t end up getting caught. In many cases, this is because authorities lack the necessary tools or knowledge to find the scammers, while in other cases, there are jurisdictional or legal issues that make it impractical to pursue. While there will always be a noticeable number of cases where perpetrators are not brought to justice, active pursuance by authorities and regulators around the world combined with thorough blockchain forensic analysis can significantly reduce the number of successful exit scams.
Note: Nothing in this article shall be construed as legal, financial, or tax advice
No comment