The Twitter hack that scammed people out of $100,000 worth of Bitcoin opened up a whole new discussion about the security of blockchain systems. And increasingly, the threat goes way beyond Bitcoin, to newer domains such as smart contracts.
In dealing with the aftermath of the hack, how does one investigate such cybercrimes? Through the correct application of blockchain forensics.
What are Blockchain Forensics?
Blockchain forensics and cryptocurrency forensics accounting involve both tracking and interpreting the flow of cryptocurrency assets on blockchains.
There are about hundreds, or even thousands of cryptocurrencies, with just as many blockchains containing a public record of every crypto transaction made.
However, blockchains only provide a limited amount of public user data. Moreover, their massive ledgers, which are supported by a network of servers, are not easy to parse through. One would need terabytes of storage and a certain level of skill to at least download and glean some insight into it. Thus, this enables criminals to hide their assets through cryptic account numbers, either by swiftly moving them from one wallet to another, or by spreading them out across multiple wallets.
Still, with the help of sophisticated technology, blockchain forensics and surveillance companies can scrape transactional data from blockchains and analyze it for illicit activity. This enables them to help law enforcement in tracking down criminals and where they are moving their funds.
Blockchain forensics is primarily a post-incident practice – but increasingly, as the technology becomes more sophisticated, it aims for preventative, pre-incident measures.
Analyzing the Data
According to the American Bar Association, there are a couple of things to consider when performing crypto forensics:
1. Wallets and Addresses
Addresses are similar to bank-account numbers, and contain a balance and history of transactions undertaken in the past. A wallet is a collection of addresses, and they may exist as a:
- “hot wallet” – where access to crypto funds are “stored” on a third-party exchange
- “cold wallet” – where funds are accessible via hardware or paper-based wallets—deemed the most secure
- desktop wallet software – where funds are accessible locally on a computer and/or mobile app.
Identifying addresses and wallets early in the case helps blockchain forensics teams understand the flow of the funds in question. Artifacts (e.g. wallet.dat files) or wallet software (e.g. metamask or myetherwallet.com) could help in recovering funds and piecing together crypto transactions.
2. Seed Phrases and Passwords
Analysis of system or user artifacts, such as password vaults, static text files, notes files, or encrypted archive files, will help unlock the wallets/addresses being investigated.
3. Web Browser History
Web-browser cache and history helps identify exchanges that can be corroborated with transactions during the blockchain digital forensics process. Usernames and passwords may appear in the history or browser cache, as well.
4. Email and Chat Messaging Services
Email and chat-messaging platforms (e,g., web-based email, Slack, Telegram, WeChat, WhatsApp, etc.) can provide additional context across the findings. Often, they help reveal additional parties involved or other methods to trace transactions.
These findings can include significant missives and communications between parties. Cryptocurrency forensics can uncover addresses, details of transfers taking place, or times/dates that might be pertinent to the investigation.
5. Blockchain Explorers
Blockchain explorers can help investigators track the flow of funds from within the blockchain itself, as the important addresses and transactions are determined.
However, bad actors may attempt to mask their blockchain transactions through what they call “mixers” or “tumblers”; tools that break up the flow of funds into smaller pieces, making them harder to trace.
Solving the Case with AnChain.AI
Clearly, crypto forensics requires the help of solution/s that leverage smart systems, like machine learning and AI. Manually trawling through crypto data is out of the question.
Still, not all blockchain forensics solutions can provide thorough review and analytics that would help teams “find their criminal”. A secure and adept solution should be able to conduct investigations in minutes, not hours. Such AI-powered blockchain forensics should also be trusted by the world’s leading regulators. Something like AnChain.AI.
AnChain.AI’s Compliance Investigation Security OperationsTM (CISO) solution provides such capabilities, as well as the following benefits:
- Our machine learning behavior analytics model evaluates the risk indicators associated with any addresses. Exclusive intelligence on 100+ Million addresses and counting, mapping pseudonymous wallets to real-world entities.
- 10X Boost on your investigation with artificial intelligence: AnChain.AI’s 1-Click Auto-Trace maps cryptocurrency transactions to criminal, financial, and other destinations within seconds.
- Interactive graph-based investigation tools augment your analytics efforts to reveal complex entity relationships involving thousands of addresses
- Live, customizable, round-the-clock alerts powered by our exclusive risk engine. Effortlessly monitor potentially illicit behavior, large transactions, and more.
AnChain.AI has also signed a deal with the SEC to help monitor and regulate the turbulent decentralized finance (DeFi) industry. AnChain.AI has further been strategically targeting smart contract based digital assets since 2018, and have secured 3 US patents on the innovations around smart contract security and compliance.
To learn more about AnChain.AI’s blockchain forensics capabilities firsthand, request a demo here: