Enhancing Cryptocurrency Investigations with OSINT
Cybercriminals are having a field day with online bitcoin scams. And when every Tom, Dick, and Harry can be easily tempted by the easy money bitcoin promises, the situation seems unlikely to improve anytime soon. It’s easy to be wise in hindsight, and whenever a bitcoin scam goes up in flames, the common sentiment is disbelief: “How could they have fallen for that?” But in all fairness, even the best of us get bested sometimes.
Cryptocurrency scammers are sophisticated, canny, and rely heavily on the anonymity bitcoin and other cryptographic forms of money assure. And it’s this pseudonymous nature of crypto transactions that makes blockchain analysis a nightmare to conduct. To get around this issue, investigators have to combine traditional investigative techniques with digital forensics, and that's where OSINT in blockchain comes into play.
Written in collaboration with Roman Erokhin, a Sales Account Executive for our private OSINT solution SL Private Platform, this article distills a lot of industry information which has come straight from the horse’s mouth. Read on to get the details.
The Explosion of Crypto Crime
While some might argue that bitcoin gives power back to the people or ‘sticks it to the man’, there's no doubt that the rise of cryptocurrencies has contributed to crime rates spiraling to unprecedented levels. In 2021, cryptocurrency transactions involving illicit addresses reached a staggering $14 billion – an 80% increase compared to the previous year. In fact, this figure sets new records in the entire history of cryptocurrency.
Crimes involving cryptocurrencies not only place a huge barrier in the way of its further adoption, but also increase government restrictions, and, worst of all, victimize innocent people across the globe. And to make matters worse, investigating and exploring blockchain remains intractably difficult due to its obscure nature – every cryptocurrency transaction is defined by a set of evolving protocols.
As cryptocurrency criminals become ever more effective at covering their tracks, it's imperative that investigators develop accordingly to stay ahead of the game. In such a climate, open-source intelligence tools have become indispensable in successfully conducting bitcoin investigations. By uncovering and amassing vast amounts of data from the Surface, Deep, and Dark Web, OSINT solutions can be essential in flushing out the anonymous perpetrators and resolving bitcoin cases.
There are several examples of such investigative feats including the Department of Justice’s seizure of $56 million in a Bitconnect scam investigation, and the consiscation of an unspecified amount by Israel's National Bureau for Counter Terror Financing in a terrorism-related case.
Cryptocurrency Threat Analysis Using OSINT
OSINT tools and techniques are ideally suited for generating predictive intel in cryptocurrency investigations, providing valuable insights into hidden data sources and situational environments. Furthermore, software for extracting and analyzing open data can be specially configured to effectively unravel and examine multiple forms of informational entanglement.
While the cryptocurrencies in use today are not specifically tailored to the needs and purposes of terror groups, they can still serve financial functions for such organizations. In the event that a new cryptocurrency emerges facilitating better anonymity and improved security while being subject to inconsistent regulation, terrorist organizations would widely adopt such a money system for carrying out their operational strategies.
OSINT procedures have a wide application in cryptocurrency investigations. By sifting through ledgers and the Dark Web, malicious actors can be tracked, and terrorists linked to donor wallets. Moreover, through viewing the overarching transactional frameworks, connections between any number of addresses can be made, revealing criminal actors.
In recent news, the Justice Department announced that it had taken down three terrorist-financing, cyber-enabled campaigns, including those supporting Al-Qassam Brigades, Al-Qaeda, and the Islamic State of Iraq and Levant (ISIS). As part of the Justice Department's investigation, millions of dollars, four websites, 300 plus cryptocurrency accounts, and four Facebook pages were all seized in connection to terrorist enterprises.
Analyzing Wallet Addresses
Blockchains are open-data sources. Theoretically, this means that anyone with the relevant knowledge and tools can access and analyze all blockchain transactions. For some, this transparency represents a significant privacy flaw with the format, but for investigators, it means a wealth of possibilities.
Cryptocurrencies such as bitcoin have become the preferred means of transaction for swindlers and frauds who want to avoid the restrictions and regulations of traditional banking. The attraction lies in the cryptographic protection provided by blockchains, and a decentralized peer-to-peer payment system that makes the ownership of money implicitly anonymous.
In cryptocurrency investigations, public cryptocurrency ledgers are critical resources for analysts, who can compile the information held within to examine transactions and wallet addresses. By exploring blockchains in this way, illicit funds can be traced, and the malevolent techniques used by criminals can be identified to inform more effective countermeasures.
The popularity of cryptocurrencies as a format for money laundering is soaring. Questionable funds which have been attained through illicit transactions – both online and offline – can be potentially legitimized through certain strategies, in particular via so-called ‘mixers,’ which obscure the origins of a given asset.
The amount of money being laundered via cryptos is colossal. According to Chainalysis, criminal actors laundered a total of $8.6 billion in cryptocurrency in 2021 – a 30% increase from 2020. Meanwhile, individual seizures of illicit crypto assets have been recorded as exceeding $1 billion.
Exchanges in digital currencies are transparent, meaning investigators can map and analyze the links between transactions and addresses affiliated with laundering activities. Furthermore, analysts can decode structured transactions to reveal the intricate trails of illegal funds. Through this process, two individuals were arrested in Manhattan while conspiring to launder $4.5 billion in cryptocurrency that was stolen during the 2016 Bitfinex hack.
Detection of Financial Fraud
When conducted in cryptocurrency, illegal financial actions can easily slip beneath the radar. As a result, cryptos are frequently being leveraged for a variety of financial crimes including bitcoin scams, tax evasion, embezzlement, fraudulent accounting, tax evasion, and oppressor financing. Such activities result in losses of hundreds of millions of dollars every year.
However, by analyzing a range of data sources and forensic blockchain identifiers such as IP addresses, websites, usernames, and even sometimes bank details, such infractions can be traced back to the malicious actors behind them.
In a recent example, investigators uncovered a "rug-pull" scam before unsuspecting investors lost a fortune. The "Squid Game crypto-token," based on the Netflix show's popularity, was built as a "play-to-earn cryptocurrency," and consequently its value quickly ballooned. However, on noting that people couldn't cash in upon winning, crypto experts were able to discredit the crypto as a probable scam. The website and its connected social media accounts vanished soon after.
Finding the Right OSINT Tools
With efforts to obscure criminal transactions constantly evolving, it's becoming increasingly important to trace and investigate illegal transactions in blockchains, and the adoption of specialized tools is imperative for achieving this. Security professionals and investigators can now facilitate and accelerate the investigation process with a wide range of AI-powered tools.
When used through link analysis solutions such as Maltego and i2, Social Links products allow users to identify crypto wallets and trace them back to the accounts behind them. Additionally, various financial flows can be mapped to determine the ultimate origins and recipients of suspect funds, as well as the entire chain between the two. Also, automated search methods powered by custom-built ML algorithms (like in SL Private Platform) , and a seamless integration with the client infrastructure can streamline investigation processes and bring a higher percentage of investigations to a successful result.
From fraud and scams to money laundering and tax evasion, it’s clear that OSINT plays a considerable role in the many types of investigations connected with cryptocurrencies. While criminal actors may feel untouchable behind the wall of anonymity that cryptos provide, the techniques and tools of open-source intelligence stand as proof that their illegal activities can be checked.