Skip to content

Digital Forensics

Understanding Cryptocurrency Fraud

By Justin Tolman Forensic Subject Matter Expert and Evangelist | May 21, 2024

Cryptocurrency has revolutionized financial markets with its innovative blockchain technology, offering anonymity, decentralization, and unparalleled transparency. However, this rapid growth and the complexity of crypto transactions have also made it a fertile ground for fraudsters and cybercriminals. 

Keven Hendricks, a prominent figure in law enforcement and cybercrime investigation, underscores this sentiment in his opening remarks during the recent webinar Detecting and Investigating Cryptocurrency Fraud, hosted by Police1: "We're not even in the infancy of what we can do with crypto. We're still in the pregnancy. We're still trying to figure it out, right? We're still making the nursery." 

This analogy perfectly captures the emerging yet rapidly evolving nature of cryptocurrency and the corresponding rise in related fraud schemes. Understanding the mechanics of cryptocurrency and the nature of fraud within this space is essential for both investors and regulators.

The Nature of Cryptocurrency and Blockchain Technology

Cryptocurrency is a type of digital or virtual currency that uses cryptography for security, making it nearly impossible to counterfeit or double-spend. The most well-known cryptocurrency, Bitcoin, was described in a 2008 paper by Satoshi Nakamoto. Since then, thousands of alternatives, known as altcoins, have emerged.

The backbone of cryptocurrency is blockchain technology—a decentralized technology spread across many computers that manage and record transactions. Part of the appeal of this technology is its security. Each new transaction is recorded in a block and added to a chain of blocks. Once information is added, it is almost impossible to alter because it would require altering all subsequent blocks.

The Role of Exchanges in Cryptocurrency Trading

Centralized cryptocurrency exchanges (CEX) like Binance, Coinbase, and Robinhood play a crucial role in the crypto ecosystem. They act as intermediaries that facilitate the trading of cryptocurrencies for other assets, such as conventional fiat money or other digital currencies. However, these platforms also pose risks because they manage users' money and personal data. The catastrophic failure of FTX (one of the largest exchanges before going bankrupt)  underscored the dangers of inadequate oversight and operational transparency.

Decentralized exchanges (DEX) such as Uniswap, Jupiter, and Raydium, on the other hand, allow transactions directly between users, without an intermediary. These platforms are less likely to be targeted by hackers in the same way as centralized exchanges because they do not hold users’ funds. However, they are not entirely immune to fraud, often being susceptible to smart contract vulnerabilities.

Individuals may use these exchanges to purchase cryptocurrency using “real” money, and then transfer, invest, or purchase goods using that cryptocurrency. Many centralized exchanges are Know Your Customer/Anti-Money Laundering (KYC-AML) compliant, and can provide information on their users with proper court documentation in the event of an investigation. 

Listen in to Exterro FTK Evangelist Justin Tolman and Keven discuss drug crime on the dark web during Season 1 of FTK Over the Air.

Understanding Forms of Cryptocurrency Fraud

Cryptocurrency fraud has taken many forms, including but not limited to Ponzi schemes, fake ICOs (Initial Coin Offerings), phishing attacks, and sophisticated exploitation of software vulnerabilities. Moreover, the pseudo-anonymous nature of transactions can make it challenging to trace fraudsters.

A specific type of scam that has been increasingly prevalent is "Pig Butchering." This scam involves a manipulative process where fraudsters initially engage victims through social media or dating sites and gradually build trust. They then entice the victims into investing in cryptocurrency through a series of small, confidence-building transactions on fake platforms that simulate gains. Eventually, when a significant amount of money has been invested, the scammers cut off all contact, leaving the victims without their funds. This type of scam combines elements of romance and investment fraud, exploiting the emotional and financial commitment of victims. Understanding the mechanics of "Pig Butchering" scams is crucial for law enforcement to effectively intervene and support those affected.

According to the article “Crypto Crime Investigations, Tracking Down Criminals on the Web” posted to American Police Beat Magazine, Hendricks highlights that fraudsters frequently target vulnerable individuals through deceptive tactics. They may impersonate credible entities, such as utility companies or tax authorities, convincing victims to make urgent payments using cryptocurrency. This method capitalizes on the victim's panic and lack of knowledge about cryptocurrencies. Awareness and education about such common fraudulent schemes are essential for both potential victims and law enforcement officers handling these cases. This approach underscores the importance of vigilance and informed skepticism when dealing with unsolicited requests for cryptocurrency payments.

Preventing cryptocurrency fraud involves everyone understanding the technologies involved and staying informed about common fraud schemes.

For law enforcement and investigators, tackling cryptocurrency fraud presents unique challenges. The immutable and transparent nature of blockchain can be a double-edged sword; while it allows for the traceability of transactions, the pseudo-anonymity of blockchain addresses can obscure the identities of fraudsters. As Hendricks noted during the webinar, “Understanding what cryptocurrency is to begin with and what you can investigate with it, is essential for effective enforcement action.”

Tips for Investigating Cryptocurrency Fraud

It is crucial that law enforcement investigators handle individuals who report cases of cryptocurrency fraud seriously. As highlighted in the webinar with Hendricks, a sensitive and informed approach is essential. He emphasized, "If somebody walked into a police station right now and said, I had $100,000 in my pocket. I was walking down the street. Someone threw me to the ground, stole my money, and ran away. There would be an all-hands-on-deck type approach for this." Conversely, individuals reporting cryptocurrency fraud often face skepticism or a lack of understanding from law enforcement.

Hendricks underscored the importance of taking these reports seriously and equipping law enforcement agencies with the knowledge and tools necessary to understand and investigate cryptocurrency-related crimes effectively. He advocated for law enforcement to avoid dismissing these cases with advice like "you should have known better," or deflecting them to federal authorities. 

Hendricks has emphasized three critical tips for more effective cryptocurrency investigations at any level of Law Enforcement:

1. Understanding Blockchain Technology: 

Investigators must have a thorough understanding of how blockchain and cryptocurrencies work. This knowledge is crucial for following the trail of transactions on a blockchain explorer, which can reveal the flow of illicit funds.

2. Utilizing Open Source Intelligence (OSINT): 

Many tools and platforms allow investigators to analyze transaction patterns and trace them back to service providers. For example, if fraudulent funds are transferred to an exchange, the exchange can sometimes freeze those funds and help identify the suspect.

3. Collaboration is Key: 

Due to the global and decentralized nature of cryptocurrency, effective investigation often requires collaboration between various law enforcement agencies and private sector specialists. Partnerships can provide additional resources and intelligence, crucial for tracking down sophisticated criminal networks.

Local agencies should be prepared to initiate investigations and leverage resources such as Interpol red notices, even on state or local charges, to effectively address and mitigate the harms of cryptocurrency fraud. Hendricks highlighted this important aspect during the webinar: "Most people don't know this, but you do not need a federal warrant to get an Interpol red notice issued, an international arrest notice issued for somebody. You can have that done on a state or local charge."

This approach not only aids in effectively resolving individual cases but also reinforces public trust in the capability of law enforcement to handle emerging digital crimes.

Many investigators may not know what questions to ask to get the investigation started. The following questions may provide a starting place for gathering detailed information about the incident, helping to identify the nature of the fraud, trace the fraudulent transactions, and understand the context in which the fraud occurred.

Transaction Detail Questions:

  • Can you describe the transaction that you believe was fraudulent?
  • What type of cryptocurrency was involved?
  • How much was transferred, and what was the date and time when the transaction occurred?
  • How did you send the payment?
  • Do you have the account(s) or wallet ID(s) that was used for the transaction?

Method of Contact Questions:

  • How were you first contacted by the person or organization that led to the fraudulent transaction?
  • What information do you have about the recipient of the funds?
  • Can you provide details of continued communication (emails, messages, calls) with this person or organization?

Find out how Exterro FTK can help you collect necessary data including emails and web history in a forensically sound manner

Follow up and Documentation Questions: 

  • Can you provide any documentation (emails, messages, etc) related to the fraudulent transaction?
  • Have you taken any steps to secure your account or prevent further unauthorized transactions?

Concluding Thoughts about Cryptocurrency Fraud Investigations

As the digital currency landscape continues to evolve, so too do the strategies employed by cybercriminals. Staying ahead of cryptocurrency fraud means continuously updating knowledge bases, improving security measures, and fostering international cooperation among regulatory bodies. As highlighted by experts like Kevin Hendricks, understanding the intricacies of blockchain technology and the typical tactics used by fraudsters is essential in safeguarding one's digital assets. 

Law enforcement officers should equip themselves with a foundational understanding of cryptocurrencies to navigate the rapidly evolving digital landscape effectively. Understanding of the basics, coupled with an investigative mindset that includes asking the right questions, is crucial in addressing the complexities of crypto-related crimes. As the ecosystem continues to evolve, staying updated and adaptable will empower officers to tackle these challenges more effectively. 

Justin Tolman has been working in digital forensics for 12 years. He has a bachelor’s degree in Computer Information Technology from BYU-Idaho and a master’s degree in Cyber Forensics from Purdue University. After graduating he worked as a Computer Forensic Specialist with the Ohio Bureau of Criminal Investigation and currently works as the Forensic Subject Matter Expert and Evangelist at Exterro. Justin has written training manuals on computer and mobile device forensics, as well as (his personal favorite) SQLite database analysis. He frequently presents at conferences, on webinars, produces YouTube content, and hosts the FTK Over the Air podcast. 

Sign Up for Alerts

Get notified when new content for specific topics is available.

Sign Up