+353-1-416-8900REST OF WORLD
+44-20-3973-8888REST OF WORLD
1-917-300-0470EAST COAST U.S
1-800-526-8630U.S. (TOLL FREE)

There's No Such Thing as Crypto Crime. An Investigative Handbook. Edition No. 1

  • Book

  • 528 Pages
  • November 2024
  • John Wiley and Sons Ltd
  • ID: 5982206

Hands-on guidance for professionals investigating crimes that include cryptocurrency

In There’s No Such Thing as Crypto Crime: An Investigators Guide, accomplished cybersecurity and forensics consultant Nick Furneaux delivers an expert discussion of the key methods used by cryptocurrency investigators, including investigations on Bitcoin and Ethereum type blockchains. The book explores the criminal opportunities available to malicious actors in the crypto universe, as well as the investigative principles common to this realm.

The author explains in detail a variety of essential topics, including how cryptocurrency is used in crime, exploiting wallets, and investigative methodologies for the primary chains, as well as digging into important areas such as tracing through contracts, coin-swaps, layer 2 chains and bridges. He also provides engaging and informative presentations of:

  • Strategies used by investigators around the world to seize the fruits of crypto-related crime
  • How non-fungible tokens, new alt-currency tokens, and decentralized finance factor into cryptocurrency crime
  • The application of common investigative principles - like discovery - to the world of cryptocurrency

An essential and effective playbook for combating crypto-related financial crime, There’s No Such Thing as Crypto Crime will earn a place in the libraries of financial investigators, fraud and forensics professionals, and cybercrime specialists.

Table of Contents

Foreword xiii

Introduction xvii

1 A History of Cryptocurrencies and Crime 1

Where Did It All Start? 3

The Rise of the Smart Contract 7

The Next Targets? 14

The Future? More Crime! 16

2 Understanding the Criminal Opportunities: Money Laundering 19

There Is No Such Thing as Crypto Crime 36

Money Laundering 40

What Is an Investigator Looking For? 42

Centralized Exchanges 43

NFTs and NFT Gaming 45

Mixers 48

Decentralized Exchanges 53

Casinos. 56

Chain Hopping 57

Privacy Coins 59

Crypto ATMs 62

Peer-to-Peer Platforms 64

3 Understanding the Criminal Opportunities: Theft 67

Crypto Thefts 67

Social Engineering 67

Phishing 68

Hacks 71

Fraud 73

Rug Pull 74

Pig-Butchering/Romance Scams 76

Investment Scams 79

Support Scams 83

Simple Theft 84

Contract Manipulation 86

Fake Contracts 86

Exploiting the Contract 87

Phishing 89

Flash Loans 90

Playing by the Rules 92

Other Criminal Opportunities 96

Yield Farming 96

Funding of Groups 97

Sanctions Avoidance 99

Summary 108

4 Who Should Be a Cryptocurrency Investigator? 109

Individual Skills 111

Knowledge of Technological Systems 111

Knowledge of Digital Currencies 112

Understanding of the Cryptocurrency Market 112

Extensive Knowledge of Computer Networks 113

Cryptography 114

Financial Crime 114

Fraud Investigators 114

Open Source Investigations 115

Cybercrime Investigations 116

Setting Up a Cryptocurrency Investigation Department 117

Other Roles. 123

5 The Role of Commercial Investigation Tools 125

Do You Need a Commercial Tool? 129

Two Is One and One Is None 133

The Future of Investigation Tools 135

6 Mining: The Key to Cryptocurrencies 139

What Really Is Mining? 141

Validating Transactions 141

Minting New Coins 142

Proof of Work (PoW) Mining 142

How PoW Mining Works 142

Energy Consumption and Environmental Concerns 145

Proof of Stake (PoS) Mining 146

How PoS Mining Works 146

Advantages of PoS Mining 146

Does an Investigator Need to Understand Mining Technologies? 146

Cryptocurrency Mining Frauds and Scams 147

Cloud Mining Scams 147

Ponzi and Pyramid Schemes 148

Malware and Cryptojacking 149

Asset Discovery 149

Will Cryptocurrencies Always Be Mined? 150

7 Cryptocurrency Wallets 153

When a Wallet Is Not Really a Wallet 155

Types of Cryptocurrency Wallets 156

Hot Wallets 157

Desktop Wallets. 157

Mobile Wallets 158

Web/Online Wallets 158

Cold Wallets 160

Hardware Wallets 160

Paper Wallets 161

Software Wallets: Functionality and Security 162

Functionality 163

Security 163

Hardware Wallets: Functionality and Security 164

Functionality 164

Security 164

Choosing the Right Wallet 165

Wallet Vulnerabilities 166

Weak or Reused Passwords 166

Phishing Attacks 166

Malware 167

On-Path Attacks 167

Vulnerable Wallet Software 168

Lack of Two-Factor Authentication (2FA) 168

Social Engineering 169

SIM-Swapping Attacks 169

Supply Chain Attacks 170

8 The Importance of Discovery 173

Premises Searching: Legal Framework and Search Powers 176

Search Strategies 177

Handling and Securing Evidence 177

Evidence Bags 178

Body Cameras 179

Photography 179

Chain of Custody 180

Physical Clues. 181

Hardware Wallets 181

Paper Wallets 183

QR Codes 186

Documentation 186

Questioning 188

General Understanding 188

Involvement and Knowledge of Cryptocurrencies 188

Specific Details of the Alleged Crime 189

Technical Details 189

Searching Digital Assets 190

Legal Framework and Warrants 192

Digital Forensics 194

Hardware Examination 198

Storage Devices 198

RAM Analysis 200

What are you looking for? 202

Handling and Securing Digital Evidence 204

The Role of Exchanges 204

Senior Officers/Management 206

Summary 206

9 The Workings of Bitcoin and Derivatives 209

Bitcoin Is a Blockchain-Based UTXO Cryptocurrency 210

UTXO 211

What Does an Transaction Look Like? 215

How Does a UTXO Blockchain Help an Investigator? 220

Blockchain Explorers 222

What Else Can You Learn in a Transaction? 226

Times and Dates 227

Values 229

Omni Layer 231

Taproot 232

The Lightning Network 235

Summary 237

10 Bitcoin: Investigation Methodology 239

Building an Investigation in Bitcoin 251

Address Clustering 253

How Are Clusters Defined? 255

Co-spend Heuristic 255

Change Analysis 256

Nominal Spend 257

Address Type Analysis 259

Multisig Analysis 260

Round Number Payments 261

Some Other Things to Note 262

Change of Ownership 263

Change of Wallet 263

Look at the Amounts 263

Address Triage 265

Attribution 271

Investigating Bitcoin 271

11 The Workings of Ethereum and Derivatives 273

History of the Ethereum Cryptocurrency 274

Ethereum Fundamentals 276

Types of Tokens 279

Ethereum Transaction Types 282

One Address for All Tokens 286

A User’s Address Can Be the Same on Other Blockchains 288

Reading Basic Transactions 290

Transaction Methods 291

Transaction and Address Types 293

What Are These Contracts We Keep Mentioning? 294

Identifying Contract Transactions 295

Conclusion 296

12 Ethereum: Investigation Methodology 297

Following ETH-to-ETH Transactions 297

Smart Contracts Deep Dive 304

Methods, Functions, and Events 307

Code 309

Read Contract 310

Write Contract. 310

Logs 314

ETH-to-Contract Transactions 316

Token-to-Token Transactions 324

NFTs 329

Decentralized Exchanges 335

Reading Decentralized Finance Contracts 342

The Approve Transaction 351

Summary 353

13 Investigating Binance Smart Chain 355

What is Binance Smart Chain? 355

Investigating Funds on Binance Smart Chain 357

What Have You Learned? 364

14 Applying What You Have Learned to New Cryptocurrencies 367

Stable Coins Such as USDT, USDC, and Paxos 368

Tron 372

Tron Fee Structure 372

What Transactions Look Like 372

Layer 2 Chains 377

Bridges 383

Mixers 388

Bitcoin Mixing 389

Ethereum Mixing 393

Privacy Coins 395

Monero (XMR): The Vanguard of Privacy Coins 396

Zcash (ZEC): Selective Transparency 396

Dash (DASH): Privacy as an Option 397

Horizen (ZEN): Extended Privacy with Sidechains 397

Grin and Beam: Mimblewimble Protocol 398

What Have You Learned? 398

15 Open Source Intelligence and the Blockchain 401

Mindset 402

Just “Search Engine” It 404

Attribution of Individuals 412

NFT Metadata 421

OSINT and the Dark Web 423

Summary 425

16 Using Wallets for Investigations 427

Understanding Cryptocurrency Wallets 427

Seed Words and Wallet Recovery 428

Step-by-Step Guide to HD Wallet Re-creation 428

What Can Be Seen? 429

The Benefits of Wallet Re-creation in Investigations 434

Understanding Derivation Paths in Cryptocurrency Wallets 435

The Importance of Understanding Derivation Paths for Investigators 435

Avoiding Oversight and Ensuring Legal Admissibility 436

The Concept of a Derivation Path 436

Bitcoin vs Ethereum Derivation Paths 437

Changing Derivation Paths in Software Wallets 438

To Sum Up 444

17 Crypto Seizure 445

What Do You Need to Carry Out a Crypto Seizure? 463

Recording Seed Words 466

Seizing to Your Own Wallet 467

Considerations for a Software Wallet 467

Considerations for a Hardware Wallet 468

Establishing an Organizational Process 469

Document Your Processes 469

Methods of Recording 470

Paperwork 470

Video 470

Preparation and Administration 471

Documentation in Law Enforcement Systems 471

Questions to Ask before Carrying Out a Crypto Seizure 471

Preparing for a Time-Sensitive Seizure 472

On-Site Seizure Considerations 472

Managing Access and Potential Threats 472

On-Site Toolkit and Practice 473

Where to Store Seized Assets? 473

Seizing to an Exchange 473

Specialist Custodians 474

Seizing to a Law Enforcement-Controlled Wallet 475

Final Thoughts 477

Acknowledgments 483

About the Author 485

About the Contributors 487

About the Technical Editor 493

Index 495

Authors

Nick Furneaux