Hands-on guidance for professionals investigating crimes that include cryptocurrency
In There’s No Such Thing as Crypto Crime: An Investigators Guide, accomplished cybersecurity and forensics consultant Nick Furneaux delivers an expert discussion of the key methods used by cryptocurrency investigators, including investigations on Bitcoin and Ethereum type blockchains. The book explores the criminal opportunities available to malicious actors in the crypto universe, as well as the investigative principles common to this realm.
The author explains in detail a variety of essential topics, including how cryptocurrency is used in crime, exploiting wallets, and investigative methodologies for the primary chains, as well as digging into important areas such as tracing through contracts, coin-swaps, layer 2 chains and bridges. He also provides engaging and informative presentations of:
- Strategies used by investigators around the world to seize the fruits of crypto-related crime
- How non-fungible tokens, new alt-currency tokens, and decentralized finance factor into cryptocurrency crime
- The application of common investigative principles - like discovery - to the world of cryptocurrency
An essential and effective playbook for combating crypto-related financial crime, There’s No Such Thing as Crypto Crime will earn a place in the libraries of financial investigators, fraud and forensics professionals, and cybercrime specialists.
Table of Contents
Foreword xiii
Introduction xvii
1 A History of Cryptocurrencies and Crime 1
Where Did It All Start? 3
The Rise of the Smart Contract 7
The Next Targets? 14
The Future? More Crime! 16
2 Understanding the Criminal Opportunities: Money Laundering 19
There Is No Such Thing as Crypto Crime 36
Money Laundering 40
What Is an Investigator Looking For? 42
Centralized Exchanges 43
NFTs and NFT Gaming 45
Mixers 48
Decentralized Exchanges 53
Casinos. 56
Chain Hopping 57
Privacy Coins 59
Crypto ATMs 62
Peer-to-Peer Platforms 64
3 Understanding the Criminal Opportunities: Theft 67
Crypto Thefts 67
Social Engineering 67
Phishing 68
Hacks 71
Fraud 73
Rug Pull 74
Pig-Butchering/Romance Scams 76
Investment Scams 79
Support Scams 83
Simple Theft 84
Contract Manipulation 86
Fake Contracts 86
Exploiting the Contract 87
Phishing 89
Flash Loans 90
Playing by the Rules 92
Other Criminal Opportunities 96
Yield Farming 96
Funding of Groups 97
Sanctions Avoidance 99
Summary 108
4 Who Should Be a Cryptocurrency Investigator? 109
Individual Skills 111
Knowledge of Technological Systems 111
Knowledge of Digital Currencies 112
Understanding of the Cryptocurrency Market 112
Extensive Knowledge of Computer Networks 113
Cryptography 114
Financial Crime 114
Fraud Investigators 114
Open Source Investigations 115
Cybercrime Investigations 116
Setting Up a Cryptocurrency Investigation Department 117
Other Roles. 123
5 The Role of Commercial Investigation Tools 125
Do You Need a Commercial Tool? 129
Two Is One and One Is None 133
The Future of Investigation Tools 135
6 Mining: The Key to Cryptocurrencies 139
What Really Is Mining? 141
Validating Transactions 141
Minting New Coins 142
Proof of Work (PoW) Mining 142
How PoW Mining Works 142
Energy Consumption and Environmental Concerns 145
Proof of Stake (PoS) Mining 146
How PoS Mining Works 146
Advantages of PoS Mining 146
Does an Investigator Need to Understand Mining Technologies? 146
Cryptocurrency Mining Frauds and Scams 147
Cloud Mining Scams 147
Ponzi and Pyramid Schemes 148
Malware and Cryptojacking 149
Asset Discovery 149
Will Cryptocurrencies Always Be Mined? 150
7 Cryptocurrency Wallets 153
When a Wallet Is Not Really a Wallet 155
Types of Cryptocurrency Wallets 156
Hot Wallets 157
Desktop Wallets. 157
Mobile Wallets 158
Web/Online Wallets 158
Cold Wallets 160
Hardware Wallets 160
Paper Wallets 161
Software Wallets: Functionality and Security 162
Functionality 163
Security 163
Hardware Wallets: Functionality and Security 164
Functionality 164
Security 164
Choosing the Right Wallet 165
Wallet Vulnerabilities 166
Weak or Reused Passwords 166
Phishing Attacks 166
Malware 167
On-Path Attacks 167
Vulnerable Wallet Software 168
Lack of Two-Factor Authentication (2FA) 168
Social Engineering 169
SIM-Swapping Attacks 169
Supply Chain Attacks 170
8 The Importance of Discovery 173
Premises Searching: Legal Framework and Search Powers 176
Search Strategies 177
Handling and Securing Evidence 177
Evidence Bags 178
Body Cameras 179
Photography 179
Chain of Custody 180
Physical Clues. 181
Hardware Wallets 181
Paper Wallets 183
QR Codes 186
Documentation 186
Questioning 188
General Understanding 188
Involvement and Knowledge of Cryptocurrencies 188
Specific Details of the Alleged Crime 189
Technical Details 189
Searching Digital Assets 190
Legal Framework and Warrants 192
Digital Forensics 194
Hardware Examination 198
Storage Devices 198
RAM Analysis 200
What are you looking for? 202
Handling and Securing Digital Evidence 204
The Role of Exchanges 204
Senior Officers/Management 206
Summary 206
9 The Workings of Bitcoin and Derivatives 209
Bitcoin Is a Blockchain-Based UTXO Cryptocurrency 210
UTXO 211
What Does an Transaction Look Like? 215
How Does a UTXO Blockchain Help an Investigator? 220
Blockchain Explorers 222
What Else Can You Learn in a Transaction? 226
Times and Dates 227
Values 229
Omni Layer 231
Taproot 232
The Lightning Network 235
Summary 237
10 Bitcoin: Investigation Methodology 239
Building an Investigation in Bitcoin 251
Address Clustering 253
How Are Clusters Defined? 255
Co-spend Heuristic 255
Change Analysis 256
Nominal Spend 257
Address Type Analysis 259
Multisig Analysis 260
Round Number Payments 261
Some Other Things to Note 262
Change of Ownership 263
Change of Wallet 263
Look at the Amounts 263
Address Triage 265
Attribution 271
Investigating Bitcoin 271
11 The Workings of Ethereum and Derivatives 273
History of the Ethereum Cryptocurrency 274
Ethereum Fundamentals 276
Types of Tokens 279
Ethereum Transaction Types 282
One Address for All Tokens 286
A User’s Address Can Be the Same on Other Blockchains 288
Reading Basic Transactions 290
Transaction Methods 291
Transaction and Address Types 293
What Are These Contracts We Keep Mentioning? 294
Identifying Contract Transactions 295
Conclusion 296
12 Ethereum: Investigation Methodology 297
Following ETH-to-ETH Transactions 297
Smart Contracts Deep Dive 304
Methods, Functions, and Events 307
Code 309
Read Contract 310
Write Contract. 310
Logs 314
ETH-to-Contract Transactions 316
Token-to-Token Transactions 324
NFTs 329
Decentralized Exchanges 335
Reading Decentralized Finance Contracts 342
The Approve Transaction 351
Summary 353
13 Investigating Binance Smart Chain 355
What is Binance Smart Chain? 355
Investigating Funds on Binance Smart Chain 357
What Have You Learned? 364
14 Applying What You Have Learned to New Cryptocurrencies 367
Stable Coins Such as USDT, USDC, and Paxos 368
Tron 372
Tron Fee Structure 372
What Transactions Look Like 372
Layer 2 Chains 377
Bridges 383
Mixers 388
Bitcoin Mixing 389
Ethereum Mixing 393
Privacy Coins 395
Monero (XMR): The Vanguard of Privacy Coins 396
Zcash (ZEC): Selective Transparency 396
Dash (DASH): Privacy as an Option 397
Horizen (ZEN): Extended Privacy with Sidechains 397
Grin and Beam: Mimblewimble Protocol 398
What Have You Learned? 398
15 Open Source Intelligence and the Blockchain 401
Mindset 402
Just “Search Engine” It 404
Attribution of Individuals 412
NFT Metadata 421
OSINT and the Dark Web 423
Summary 425
16 Using Wallets for Investigations 427
Understanding Cryptocurrency Wallets 427
Seed Words and Wallet Recovery 428
Step-by-Step Guide to HD Wallet Re-creation 428
What Can Be Seen? 429
The Benefits of Wallet Re-creation in Investigations 434
Understanding Derivation Paths in Cryptocurrency Wallets 435
The Importance of Understanding Derivation Paths for Investigators 435
Avoiding Oversight and Ensuring Legal Admissibility 436
The Concept of a Derivation Path 436
Bitcoin vs Ethereum Derivation Paths 437
Changing Derivation Paths in Software Wallets 438
To Sum Up 444
17 Crypto Seizure 445
What Do You Need to Carry Out a Crypto Seizure? 463
Recording Seed Words 466
Seizing to Your Own Wallet 467
Considerations for a Software Wallet 467
Considerations for a Hardware Wallet 468
Establishing an Organizational Process 469
Document Your Processes 469
Methods of Recording 470
Paperwork 470
Video 470
Preparation and Administration 471
Documentation in Law Enforcement Systems 471
Questions to Ask before Carrying Out a Crypto Seizure 471
Preparing for a Time-Sensitive Seizure 472
On-Site Seizure Considerations 472
Managing Access and Potential Threats 472
On-Site Toolkit and Practice 473
Where to Store Seized Assets? 473
Seizing to an Exchange 473
Specialist Custodians 474
Seizing to a Law Enforcement-Controlled Wallet 475
Final Thoughts 477
Acknowledgments 483
About the Author 485
About the Contributors 487
About the Technical Editor 493
Index 495