How to Catch Criminals on the Blockchain
Ready to become a real blockchain sleuth? In this article, JP from Intelligence on Chain takes you through the process of catching criminals on-chain; concluding your introductory journey to solving crypto crimes.
Top Tip: If you’re in Web 3.0 for any duration, I recommend two words for you – STAY PARANOID!
It takes a lot of time, effort, and resources to catch criminals and there are never any guarantees of a full recovery. After running the Blockchain Investigation a.k.a ‘Sleuthing’ company Intelligence On Chain (IOC) for a few years now, one of the most disheartening things about the profession is that few thefts will result in criminals being found and prosecuted. The majority get away with their crimes, especially the smaller thefts. Crypto theft alone rose by 7% in 2022, which contributed to $20 Billion in illicit transaction activities throughout 2022.
When a victim wants to have a crime investigated (most don’t,) there are usually only a handful of outcomes to achieve: justice, recovery of funds, or simply writing off losses in their portfolio. Initial assessments inform the victim on what may or may not be possible as each case is reviewed on its merit.
Law enforcement tends to deliver only on cases where high-value assets were taken, assuming the victim OR the suspect resides in a jurisdiction (such as the US or UK) that supports prosecuting cybercrime. Thefts greater than $75,000 are more likely to be prioritized by law enforcement, but the amount differs between the different national jurisdictions. If your theft doesn’t reach that threshold there may be ways of still making the case economically viable to pursue, such as grouping victims who were targeted by the same suspect. Though it may seem grim, arrests and recovery can happen. Let’s take a look at some of the ways Sleuths (or maybe even you) have the highest chances of catching a cybercriminal and/or recovering some of those stolen funds for victims.
So, what do you need to catch crypto criminals?
To catch a criminal successfully, the following are required:
- A fully documented report – Include a timeline of events, wallets, charts, exchanges, and transactions.
- A powerful network – Law enforcement, investigation organizations, lawyers, contacts at centralized exchanges and with wallet providers, and more.
- Perseverance and determination – Catching criminals is emotionally draining for everyone involved. The slightest hope of a positive outcome can be quickly dashed. The most important thing to note is that these cases take time.
- Luck – There is a lot of information to uncover during a case, the thief may have gotten sloppy. For every case IOC takes on, we are dependent on a little bit of luck coming our way. This may be in the form of new evidence, tip-offs from the community, or clues found during the investigation.
Did you know? There are many different ways scammers use to attack victims. Methods include older techniques used in Web 2.0, like phishing, as well as newer techniques like sophisticated contract exploits or malicious rug pulls.
I’ve seen even the most security-conscious individuals fall victim to social engineering. They downloaded what was supposedly a “Play to Earn” game, only to find out that it was malicious code. The malware in question was specifically designed to steal the seed phrases of web 3.0 wallets, like Trust Wallet or MetaMask, giving attackers unlimited access to the victim’s wallets.
In another case, criminals targeted individuals through fake job interviews. Sophisticated actors attacked the Ronin Bridge through spear phishing developers. It only took one developer to take the bait and open what they thought was a PDF, only to find out it contained malicious code, granting the criminals access to $600M. Everyone is only one wrong click away from losing all of their digital assets in crypto. Stay Paranoid.
A Fully Documented Report
Depending on the complexity of the case, the time needed to build a report varies drastically. I’ve worked on cases requiring only four hours to document as well as other reports that have taken months to prepare.
At a minimum, the report should include an overview of what happened, the path of the funds thereafter, any identifiable information about suspected bad actors, and finally all of the links and transactions associated with the theft. There are various methods or frameworks that you can use to structure a report but understanding who the recipient of the report is and what they require will be a determining factor here.
A Powerful Network
Having a powerful network around you is critical. You need to be able to cross-pollinate ideas or hypotheses, validate data, and centralize information. On top of that, pseudonymous crypto transactions and complexities of local and global law require a network of specialists to navigate the landscape appropriately.
You may be able to uncover the identity of an individual or group suspected of stealing funds by yourself. However, that alone may not be enough to capture a criminal… and what happens if you are wrong? Releasing someone’s identity can result in negative consequences for them, even if you are wrong. Problems include: endangering them and their families, professional career or reputation damage, and monetary loss, all of which can land you in legal trouble at a minimum.
Perseverance and Determination
Catching a cybercriminal is not as easy as posting a thread on X, although some threads have been used by law enforcement as part of prosecution. Typically, prosecution and recovery are time-consuming and require a lot of effort. Emotional stability is hugely important due to the stresses of experiencing euphoric highs on finding the criminal to darkest lows when hearing victims’ stories or having a lead you’ve been working on for weeks disappear. Regardless, the person delivering the report and coordinating between the network does need to have the right mindset and needs to be doing the work for the right reasons. Without a passion for helping victims, sleuths can become deflated, depressed, or worn out! It is never-ending!
A Little Bit of Luck
Whilst our work at ‘Intelligence On Chain’ is based on objectivity, luck does need to be on your side. By luck, I mean that reports leading to an arrest are more likely to contain information from a mistake, an oversight, or naivety from the criminal. This may manifest in different guises but the information can always be used to provide context in one form or another. Criminals with an ego are the most likely to leave clues, often posting on social media.
In my experience, more dots joined together to build a stronger narrative. Transactions going to an exchange might not be enough for a conviction because KYC at the exchange may have been faked, for example. Additional information like an IP address, a social media profile, or any other piece of identifiable information can point toward further leads. Photos, images, readings, videos, blogs, usernames, and many more types of data may be used in a case to build out a suitable and sufficient report.
Catching Criminals On-Chain Requires a Delicate Balance of Ingredients
The pursuit of justice against cyber criminals, on the blockchain, is an intricate dance between determination, expertise, collaboration, and a touch of luck. The knowledge shared in this article underscores the multifaceted nature of crypto-related theft and the demanding efforts required to combat it effectively.
Building a comprehensive and meticulously documented report is the foundation of pursuing justice. Such reports can be bolstered by a network of experts and support, including law enforcement, legal specialists, and crypto professionals. Cross-domain collaboration is paramount, as the unique challenges posed by cryptocurrency transactions require a multidisciplinary approach.
The path to catching crypto criminals is marked by emotional highs and lows. Perseverance through setbacks and triumphs alike, fueled by a dedication to the cause, is what drives investigators forward. It’s important to recognize that not every case will yield a successful outcome, but every effort contributes to building a safer crypto ecosystem.