How Our Cryptocurrency Private Investigators find out who is behind Crypto Accounts

In 2020, consumers lost more than $2.6 billion to cryptocurrency scams, according to a Chainalysis report. Ransomware attacks more than quadrupled, and darknet market activity rose despite COVID-19 difficulties. 

Hackers are getting smarter. But cryptocurrency investigators are also getting better at tracing activity on blockchains and through sophisticated software, to identify the individual(s) behind specific accounts. 

There are hundreds of cryptocurrencies with hundreds of blockchains. These blockchains contain public records of every crypto transaction. But these records provide limited public user data and the massive documents require specialized skills and terabytes of computer store to download and go through. Because of this, criminals can hide behind cryptic account numbers and hide their assets by quickly moving them around, laundering them through “mixers”, or spreading them across multiple wallets. 

But our cryptocurrency private investigators scrape transactional data on the blockchain through software and analyze it for suspicious activity, such as illicit behavior on the Dark Web, to track stolen funds. 

Learn more about our crypto investigations

Trace Stolen Crypto through Blockchain and Forensic Tools

Every transaction starts with an account number.

Whether the transaction is a ransom payment or stolen funds, all crypto transactions are connected to a least one public crypto address with a string of more than 25 characters. A crypto address is like a public bank account number that can lead investigators to a variety of information that can lead them to the person behind it. By tracing the money, investigators can find other transactions that person made and identify involved exchanges and wallets of the account holder. If these identified exchanges or wallets are maintained by a third-party firm, their assets are “centralized”, and therefore subject to seizure. Coinbase, GDAX, Kraken, and Gemini are well-known centralized cryptocurrency exchanges. These exchanges also hold KYC (Know-Your-Customer) information and will generally cooperate with subpoenas from law enforcement. 

Decentralized protocols are not controlled by a centralized authority but by code. Therefore their assets can’t be frozen, unless they are in a compliant exchange..

When moving funds around, criminals sometimes unwittingly turn decentralized assets like bitcoin into other digital tokens that are controlled by a company. When the cryptocurrency is converted into a coin that is controlled by a single entity, this company can freeze the funds, or burn those tokens. This is what happened in August 2021, when hackers stole over $600 million from blockchain addresses controlled by Poly Network, and transferred some of the funds to Tether. Tether detected these funds and froze them immediately to prevent the hacker from moving the funds. 

Blockchains list transaction history for every coin, not the owner’s information. That is why investigators use sophisticated software to trace the flow of funds. 

Following Stolen Crypto through Chainalysis Reactor

Our cryptocurrency investigators use, among other digital forensic tools, Chainalysis. Tools like Chainalysis Reactor enable investigators to trace cryptocurrency movements between addresses.

Through Chainalysis, our investigators can tell if an account number has been active on the Dark Web or a gambling website. Sometimes it might reveal an IP address, which can be traced back to a home address through subpoenaing the Internet Service Provider. 

Other useful information to identify an account holder can be obtained through subpoenaing cryptocurrency exchanges, wallets, and custodians who require users to provide identifiable information if they wish to sign up. 

When the information is stored online, it’s more accessible because authorities can subpoena the exchange, or wallet operator, to obtain information about the account holder. When authorities can’t get into an account, they wait for the hacker to cash out, or move the funds. When they move it from a private wallet into an exchange, hoping to cash out into their bank account. Then the investigators subpoena the exchange to find out who owns the bank account and catch the criminal. 

Some tactics can throw investigators off the trail. When stolen funds are thrown into “mixers,” a wallet address that combines the coins with other transactions, it becomes significantly more difficult to trace funds. Some cybercriminals store their cryptocurrency keys in “cold” wallet devices, which are not connected to the Internet. They move the digital tokens in online wallets to addresses linked to their desktops or save the account information and private keys on thumb-drive-like devices.

Our Cryptocurrency Private Investigators can help you recover your stolen crypto and stolen Bitcoins.

Contact crypto investigators