Cryptocurrency is said to be anonymous; a way to transfer money without banks and governments. It is the preferred currency for whistleblowers and advocates of privacy. But the promise of secrecy has also enticed countless crypto scammers, thieves and fraudsters trying to take advantage of other people’s costs.
And because blockchain is anonymous, their crimes can’t chase them, they thought. They were completely wrong. A sector of forensic private investigators has emerged, often working hand in hand with law enforcement officers to track the digital footsteps of criminals and restore their illicit gains for their victims.
In the world of crypto forensics
Decrypt shotgun with one of these white-hired sleuths, Rich Sanders, CEO and founder of blockchain research and crypto-forensic company CipherBlade. Since 2018, Sanders’ six-person company – along with a retinue of 30-40 white hatters – claims to have recovered millions of dollars in stolen cryptocurrencies in hundreds of cases.
But free yourself from mental images of hooded teenagers in dark rooms lit only by endless lines of code. “People have this image in their heads of these super-sophisticated black-hat hackers who go after Binance and Coinbase and steal hundreds of millions in one fell swoop. That’s not it, ”Sanders said Decrypt while closing his apartment in Pittsburgh. (On Zoom of course).
It is the soon-to-be ex-wife who hides cryptocurrency to support her way with the gardener; a shady barter who transfers the money from his customers via mixers; a sneaky friend who got greedy after forgetting a cum on the counter. Sanders spends his days following these threads of betrayal and deception to find his clients’ money. He calls it ‘victim management’.
Sanders is ex-military. He left the military just three months ago after 12 years of service (he had joined at the age of 17). He first gave artillery support to troops in Afghanistan and later served in a psychological operators unit – where he was told “to win hearts and minds and eventually turn thoughts into behaviors that are within the national interests of the US.”
Understanding what people want and, he says with a hint of regret, “taking advantage of it,” can be very powerful. “If I know someone has a lot of speeding tickets or a lot of tickets for not wearing a seat belt, I know they’re going to gamble sooner.”
That came in handy when he fell into the crypto rabbit hole years later. “These cases are never just about chain investigations. I’ve never had one study where we only had to work with the blockchain, “he said.
When crypto influencer Ian Balina was robbed of $ 2 million in crypto in 2018, Sanders tracked the hackers to a Discord server, where they hung out and played video games. He entered and pretended to be a 19-year-old girl about the same age as the hackers. “They want validation,” he explained. “They want approval; they are on social media and flash with their watches and their drinks. ‘
“I’ve never had one study where we only had to work with the blockchain.”
“That was the downfall of some of them,” he said. Using tools such as a voice changer, Sanders spent several weeks gaining the trust of the hackers, who later boasted about their plan: they had purchased databases of leaked usernames and passwords online and went through the records for cryptocurrency accounts, in hoping they would find someone with significant interests. They had found their jackpot in Balina. In Sanders, a siren.
Diagnosis of a crypto breach
Sanders’ first job in hiring a client is to “diagnose” the incident.
“The vast majority of these situations are not complicated infringements,” he said. “They are people who make simple mistakes, such as saving a start sentence on Google Drive. How many people still fall for the “send me an ETH and I’ll send you ten back?”
Simple mistakes can be disastrous. “If I plug your email address into a leaked database and I find you’ve reused a password. Guess what? Now I have the keys to the castle and if those keys to the castle bring me to your Dropbox, which is also unsecured, I have your seed sense. It’s never too complicated, “he said.
He describes a typical first exchange between him and a customer:
“Let’s pretend they use a Trezor. Okay, great, you used a Trezor. Where did you keep your seed phrase? ‘
“Well, in a book. ‘
“Have you ever taken a picture of the book? ‘
“Oh shit. Yes I did.’
Do you use Google Photos? ‘
“” Yes I do. “
“It’s in your Google photos, isn’t it? ‘
What security does your Gmail have? ‘
“I don’t use Google Authenticator. ‘
Have you used a password again? ‘
And so on, until Sanders has enough data to track the money on the blockchain, usually to a stock exchange – the last stop before trading for fiat currencies and withdrawing into a bank account. Hackers’ mistakes often help speed up the process: they can reuse an email address or forget to use a VPN while on their cousin’s Wi-Fi.
How crypto sleuths track stolen money
Technically, anyone can track money using a blockchain explorer, but most of Sanders’ on-chain scavenger hunt is done with industry-leading analysis tools from CipherTrace and Chainalysis, which automatically maps the flow of transactions, making it much faster to find out where the money has gone.
When funds reach their most common final destination – crypto exchanges – Sanders picks up the phone. “If most people just contact a stock exchange out of the blue and ask to lock up money, the exchange will likely be,” Who the hell are you? ”
Through experience he has learned which buttons to press. Analysis tools can ‘visually demonstrate’ how stolen money got into a customer’s account, meaning victims ‘have the chance that the money will actually be frozen in the exchange – at least temporarily until the police email them’.
Law enforcement can be slow, however. For example, getting the FBI to work with the Nigerian police is a huge hassle, and it’s not worth $ 5,000 in stolen money, for example, Sanders said. And the average response time for the FBI’s cybercrime reporting tool, he said, is three months. Summonses and other court orders further extend the process. Some cases are never solved by a lack of “the right information shown to the right people.”
“It’s a monolithic bureaucratic process and it can take a long time,” he said. Law enforcement is “incredibly understaffed; incredibly few resources,” he said. But “they are hungry to learn. I have never worked with anyone in law enforcement who was reluctant to learn a particular methodology or best practice.”
While the law awaits further funding, crypto sleuths like Sanders will fill in the cracks.