This session, led by one of the world’s leading cybersecurity, information governance, and legal discovery digital forensics experts, also presented an examination of raw data on blockchain ledgers, shared how to research specific addresses and transactions as part of an investigational process, and considered NFTs from an eDiscovery perspective.
While the entire recorded presentation is available for on-demand viewing, provided for your convenience is a complete transcript of the presentation.
[Webcast Transcript] Considerations and Challenges for Blockchain, Cryptocurrency and NFT Investigations
+ John Wilson, ACE, AME, CBE, Chief Information Security Officer and President of Forensics, HaystackID
As Chief Information Security Officer and President of Forensics at HaystackID, John provides consulting and forensic services to help companies address various matters related to electronic discovery and computer forensics including leading forensic investigations, cryptocurrency investigations, and ensuring proper preservation of evidence items and chain of custody.
+ Rene Novoa, Director of Forensics, HaystackID
As Director of Forensics for HaystackID, Rene Novoa has more than 20 years of technology experience conducting data recovery, digital forensics, eDiscovery, and account management and sales activities.
Hello, everyone, and welcome to today’s webinar. We’ve got a great presentation lined up for you today, but before we get started, there are just a few general admin points to cover. First and foremost, please use the online question tool to post any questions that you have, and we will share them with our speaker. Second, if you experience any technical difficulties, please let us know using that same questions tool and a member of our admin team will be on hand to support you. And finally, just to note, the webinar will be recorded and we’ll be sharing a copy of that with you alongside the slides via email within the next few days. So without further ado, I’d like to hand over to our speaker to get us started.
Well, thank you. Hello, and good morning, afternoon, and evening to today’s worldwide audience. I hope you’re all having a great week. My name is John Wilson. On behalf of the entire team at HaystackID, I’d like to thank you for attending today’s presentation and discussion titled, “Considerations and Challenges for Blockchain, Cryptocurrency and NFT Investigations”. Today’s webcast is part of HaystackID’s regular series of educational presentations developed to ensure listeners are proactively prepared to achieve their cybersecurity, information governance, and eDiscovery objectives.
So the presenters today were supposed to be myself and Rene Novoa. Unfortunately, Rene Novoa is not able to be with us today, due to some unforeseen circumstances, so you’re stuck with me, but we’ll get through it. I’m currently employed at HaystackID. Both of us are experienced veterans in digital investigations with specific expertise in digital forensics, collection of mobile devices, and emerging data types, formats, including Blockchain, cryptocurrencies, NFTs, or other digital assets. Having served as expert witnesses in investigations related to today’s topic, I am excited to be able to share with you today.
So from a formal introduction perspective, I am John Wilson. I am the Chief Information Security Officer and President of Forensics here at HaystackID. In this role, I provide expertise and expert witness services to help companies address various digital forensics and eDiscovery (electronic discovery) matters, including leading investigations and ensuring proper preservation of evidence items and chain of custody. I regularly develop processes, create workflows, and lead implementation projects for clients, including major financial institutions, Fortune 100 companies, and Am Law 100 firms. I’ve also been fortunate to work on some of the most significant matters on record in the United States and many of the 39 countries where I have had the opportunity to work on cases.
Today’s webcast presentation is being recorded for future on-demand viewing. A copy of the presentation will also be available for the attendees once the on-demand version is completed, and we expect those items to be available on the HaystackID website soon after we conclude today’s live presentation.
At this time, let’s move into our presentation on cryptocurrency and NFT investigations.
So today, we’re going to talk through what is a Blockchain for those that don’t have significant knowledge or understanding of what is a Blockchain and what are digital assets, what are the uses of those digital assets? Then we’ll get into investigating and the forensics around digital assets and Blockchain and cryptocurrencies, and all that fun stuff, how do you know if digital assets exist in the case that you’re working on, and then some tips and tricks or things that help advance those investigations.
So what is a Blockchain? Really, it’s difficult to get into a conversation about cryptocurrencies and digital assets if you don’t understand what a Blockchain is, to begin with. So really, from a simplistic standpoint, a Blockchain is a ledger of records that records transactions. So that ledger is public. The Blockchain is public. Anybody that has access to a client can access the Blockchain for that particular ledger. The transactions are recorded. Most of them say anonymously, but it’s really synonymous. A lot of the information can be tracked back, it’s not truly anonymous. The transactions are recorded to a hash or a crypto string, which is generally known as the public address for somebody. I mean, it has no identifying information, but there are ways to look up and find some of that information, but the key point is it’s an immutable ledger.
So it’s a ledger that once it’s written to, it can’t be changed, because as you write new blocks to the chain, it’s the older blocks, the validation, and the hash for the validation of those blocks, is what builds the key for the new block. So if you alter any of the previous blocks, it would invalidate the entire Blockchain, and so hence, it’s immutable, if you change anything, it’s going to break the Blockchain, new transactions, the new blocks, wouldn’t be able to be successfully mined or validated, and we’ll get into a bunch of these terms here shortly. But again, the transactions are on this public ledger, so they are traceable. You can follow, “Hey, I’ve got this public address, this hash key, that’s related to a transaction or sets of transactions”, and you can follow that hash key and see where those currencies have gone and where they were spent. Now, you’re only able to understand the hash key that it’s associated with or the address that it’s associated with, and you have to utilize other methodologies to then understand what that address is or who it belongs to.
It’s really also important to understand that there are many Blockchains and public ledgers. You get Bitcoin, Ethereum, Tether, Ripple, Dogecoin, ad infinitum. There are hundreds of them in the marketplace, or thousands, really. And then you can also have private ledgers. So you have financial institutions that might run a Blockchain or any kind of entity, but it’s common in logistics and financial institutions, where a financial institution has locations in multiple countries, for instance, and so they’ll use their own private Blockchain to address transfers to different accounts or different locations through their Blockchain, instead of using Swift or international wires, and the methodologies that banks traditionally have used. It allows them to account for and track those transactions much faster.
And so, a lot of interesting things are being done around that, and we’ll talk about there are many more uses than just digital assets and just cryptocurrencies. You have logistics. Companies are using the Blockchain to track – there’s a big poultry company, for instance, that tracks the eggs that they delivered to the grocery from the conception of the egg, what hen house it was made in, all the way through packaging, into shipment to the store, and then actually dispensing at the store, who purchased that dozen eggs. They have very involved Blockchain systems that track all of that information. And then you also have smart contracts. You have the NFTs. There’s just a lot of activity, a lot of things that Blockchain is very well suited for.
Again, it’s this immutable public ledger. It becomes very intriguing for doing a lot of these different types of things. Smart contracts are very interesting. To break a smart contract down into simple terms, a smart contract is kind of like a vending machine, those old school vending machines. It’s got all this stuff in there, and then it’s got a keypad with some letters and some numbers. So you walk up to the machine and you punch in I want B2, and so B2 is going to drop you out those Bugles chips or whatever it may be in that particular slot. So you can think of a smart contract as very similar to that. So once somebody goes up to the machine, they meet the conditions to trigger the smart contract. So like in the vending machine, the condition is that I’ve put in the appropriate amount of currency into the vending machine, I’d then punch the key that says, hey, I want B2, and then it dispenses B2, and that’s pretty much how a smart contract works.
Once the conditions are met, you put in the appropriate currency, or the appropriate input, whatever that may be, the smart contract triggers and it does whatever instructions that smart contract is supposed to do, and that can be signing a real estate contract, it can be establishing a process to deliver a vehicle to somebody, it can be a lot of different things, and it can be very complex with multiple steps. But in the end, it’s really just a vending machine. It’s a process when the conditions are met, the process triggers, goes through whatever steps it has, and there may be checkpoints or new activities that have to occur. So similar to the vending machine, you start the smart contract by putting the coins in, then it’s waiting for input. You have to select the letter first, and then the smart contract’s like, okay, I now have a letter, so now I’m going to ask for a number, and then you select a number, and then it gives you the particular item related to that. There’s a lot of steps involved in that, though it seems very simple. You have the currency going in, you have validating, did I get the appropriate amount of currency? Yes. Okay, now I can ask for the input to say what I want to be dispensed out of the machine, and boom, okay, I’ve got A and I’ve got 2. Okay, now I’ve got my proper inputs. Now I have to spin the coil. Spit out the single item. Did the single item fall through the trapdoor? Yes, it did. Did the trapdoor get opened? Yes, it did. Did the item get pulled out of the trapdoor? Yes, it did. Now the contract is fulfilled, it’s completed. So that’s really the main gist.
So what types of digital assets are we talking about? Again, we’ve gone through most of this but you have virtual currencies, cryptocurrencies, and NFTs. NFTs are artworks that are tied into a Blockchain so you can show sole ownership, who owns that particular item, lots of discussion around NFTs, and we’ll get a little more into that in a bit. Stablecoins. Stablecoins are pegged to something or backed by something. So you have USDT, the US dollar tether, you have a bunch of different tethers of that nature, and that’s really interesting territory because there have been some challenges in that recently, and we’ll talk more about that shortly as well.
Then you have Blockchains, your digital assets that are strictly digital coupons and vouchers, like Burger King will send out to customers that submit for a certain thing or do certain things, they’ll give them digital vouchers or coupons that are tracked on the Blockchain, so they can track the redemption, who redeemed it, where they redeemed it, how they redeemed it, and all sorts of other information. So it’s a very useful marketing tool.
And then you have the smart contracts, and smart contracts, again, can do many different things. They require that you have that appropriate input, they require that appropriate actions are taken, and the conclusion.
One last comment about smart contracts that’s really important is once the triggering conditions are met, the smart contract will execute. It’s built into the Blockchain that way. So you have to be – a whole area that’s going to need to be looked at is really going to be… how well the smart contract itself was written, because again, once conditions are met, the smart contract triggers, so if you have a programming error and that smart contract triggers because of that programming error, it’s going to execute, it’s going to do what it’s supposed to do and follow through with that process.
So who uses digital assets? What are the uses of digital assets? Certainly, most people have heard about the criminal or bad activity, ransomware, dark market, dark web, where people are transacting and paying for things in cryptocurrency, but there are a million legitimate reasons. A lot of industries are using it. It’s used to resolve geographic issues. So you’re in a market space, where maybe the traditional currency in that market, in that geographic area is not very stable or reliable or accessible, and digital assets can certainly provide some advantages there.
When you start talking about the industries that get involved in cryptocurrencies, there are a lot of businesses now accepting cryptocurrencies. There are a lot of financial institutions using it to, again, run private ledgers that transfer currencies back and forth across their organizations. Many, many different industries that partake and have some very valid uses for it. It’s no longer strictly seen as a criminal activity where initially a much larger percentage of the activity on the cryptocurrencies was criminal. Today, there is a lot of valid activity, a lot of uses, a lot of investing and trading, day trading, like hedge funds that are being backed by cryptocurrencies. There’s a lot of activity around the cryptocurrency usage and certainly adoption across the financial marketplace.
It’s still highly unregulated, it’s still very young. The EU is just now starting to do some regulation around cryptocurrencies and that will continue to mature, and then the Blockchain, digital assets will continue to evolve and mature as the marketplace evolves and matures around it.
So what are some of those valid uses? Why would a business get involved in it? So, there are a lot of financial uses, where organizations are utilizing the cryptocurrencies to sell goods, receive goods; some organizations are using cryptocurrencies as a hedge against the volatility in the traditional currencies. You have very significant applications in the micropayments world where it’s much harder to deal with micropayments, pennies and cents. A lot of currencies are starting to eliminate some of that, or a lot of places are starting to not carry the change, but cryptocurrencies can go down to decimal points of cents. A single bit of Bitcoin is down into the hundredth of cents and can be divided in much smaller chunks, and it’s also a lot of activity around reducing or minimizing the costs per transaction.
So, the cost per transaction in some cryptocurrencies can be much lower than, say, a standard credit card exchange rate. So when a business takes a credit card, they pay a percentage fee of that transaction in order to receive those funds, and for businesses, those cryptocurrencies can reduce what those fees are, and make it so that the actual organization selling the goods can capture more of the value that they’re getting paid, and whether that’s passed on as cost savings to the consumer or passed on as better profitability for the organization, there a lot of possibilities there, but that reduced fee structure’s certainly making significant gains in the commerce marketplaces. You can see there’s a lot of
consumer activity around this, around the use of cryptocurrencies. It’s easier. They can maintain one wallet with multiple currencies in it. It has password control or access controls, so it’s much harder to be stolen in general terms, but people don’t always manage their passwords properly, and so that can also become a problem. A lot of interesting things there.
So this is a really interesting one because this slide was done a month ago as we were preparing to do this presentation, and so Bitcoin, when we did this, was worth 43,207. Well, the whole cryptocurrency marketplace actually has significantly dropped. So today’s price this morning, a Bitcoin is worth about 28,953, so you can see it’s a 25% drop, almost 30% drop over the course of the last 30 days. Ethereum when we did this was worth $3,341, and today it’s worth $1,952. Again, a significant drop. Tether is an interesting one and we’re going to talk more about this in a few moments, but Tether is a stablecoin, it is pegged to the US dollar, and it’s supposed to always be worth $1. Today’s marketplace, it’s worth 99 cents because there’s been extreme volatility and so they’re having trouble maintaining that peg. Very interesting stuff. Very challenging. BNB, another one made a significant loss. 498 was the value when we did this, it’s now worth 290. So, as you can see, the crypto market cap was over 2 trillion when we presented this slide. Today’s market value, cryptocurrencies, the total amount is only worth 1.24 trillion. So as you can see, a very significant drop in the marketplace.
Now we’re going to start getting towards companies that are using or adopting cryptocurrency so we can start getting into the actual investigation side. Why do we need to understand investigations? All of this was foundational information, but now you can see, you’ve got Starbucks, Subway, Microsoft, pro sports teams, Tesla, all of them trading, accepting cryptocurrencies in one shape or another – Whole Foods, Burger King. Burger King’s one of the big ones that uses those digital coupons. Very interesting stuff. Whole Foods Market, so staple items, your grocery store, taking cryptocurrencies. Very intriguing stuff, or hedging with cryptocurrencies.
Okay, so now we’re going to talk about non-fungible tokens. Obviously, it’s been a hot topic, everybody has been talking about NFTs, and so what is an NFT? Why is it important to understand what’s going on there? So, NFTs are really digital items, music, art, videos, whatever, digitally. There are tweets that are captured as images that can be sold on the Blockchain and ensure that there’s a sole owner that has full rights to it that owns it. And then that person can transfer it. So it’s like art ownership, is one way of looking at it, but with a much easier to access marketplace. It can be easily transferred, and again, it’s an immutable ledger and the ownership can be proven very easily and quickly by going through the ledger and seeing who has the last rights to it, who transferred the last rights to it.
So, again, there’s been a lot of interesting things. You have “Beeple” who had never sold anything over $100. In March 2020, his first work, his first NFT, The First 5,000 Days, sold for an astounding $69 million. A lot of interest there and in the marketplace itself. It definitely drove some value for him. The global market for NFTs is currently about 22 billion, but it is rapidly growing. There are new NFT marketplaces being launched almost daily. You’ve got celebrities and brands that are all joining in now. One of the latest NFTs that’s being talked about is you have Gucci and other brands that are selling digital versions of a purse, for instance, for use within the metaverse, in the virtual world, so you can buy a Gucci bag, and some of those Gucci bags are selling for more than the physical counterparts in the real world, which is completely insane. So you own a copy of the digital version of it, and it’s being sold for more than actual physical devices.
Stablecoins, we talked about that a good bit. Why do you have to understand them? So they’re digital currencies backed by some sort of asset, and that’s typically a physical asset like gold or silver, or fiat currency, the US dollar, or the euro, or the pound, the sterling. They’re a stablecoin, they’re backed, and they’re pegged to those currencies. So that’s where things start to get interesting. We can talk about Terra that was done in the… it was a US dollar-based stablecoin. The market collapsed in the sell-off last week on May 9, and so a Terra that was supposedly pegged to a dollar, so its value should always be $1, is now worth approximately 10 cents, and it has been de-pegged from the US dollar since May 9, since the market tanked that day, and it has yet to recover and is likely to never recover, but really important to understand how that happens and where that comes from. So basically, you have a cryptocurrency that’s backed by some sort of asset, and they have a promise to pay or maintain enough assets to sustain the value of that currency. And can be very interesting stuff.
Smart contracts, we went through this a good bit already. Ethereum is one of the platforms that a lot of smart contracts are done on. A lot of the smart contracts are being utilized by various companies. Starbucks is using smart contracts to engage and transact with their coffee growers and ensure that they’re using acceptable practices, meeting the terms of their contracts and their agreements, so that the those smart contracts are being executed to purchase, control the price, and transact the coffee purchases, for instance.
So, why do we need to get into investigations? Why are we here today? So, as we said, there was a lot of criminal activity early on in cryptocurrencies. That has somewhat diminished, but there’s still a lot of criminal activity there, but beyond that, you have a lot of valid business reasons now. So you have organizations that are utilizing those cryptocurrencies for legitimate purposes, and so when legitimate purposes come, lawsuits start getting tied in, incidents occur where a company’s being acquired or an insolvency, and how do you understand what crypto assets that entity owns? How do you understand where they’re, what’s happened to them? The list goes on and on, but there’s a big need to really understand what transaction things occur. Insurance claims, “Hey, my paper wallets got stolen”, cyber losses; ransomware events where organizations pay ransomware in cryptocurrencies; the valuations of damages, if someone stole cryptocurrencies from you, how do you figure out what that cryptocurrency’s worth? Is it worth what it was the day it was stolen?
Again, as you can see, when we talked about it, cryptocurrencies are highly volatile. They go up and down sometimes large percentages in a day, and so, how do you evaluate those damages? Is it the damages based on today’s value, the damages based on the day that those currencies were stolen? Can any of it be recovered? How do you figure that out? Fraud and corruption activity? One of the case studies that I talk about frequently involved a merger and acquisition scenario where the company had acquired cryptocurrency – that the company that was acquired had acquired cryptocurrencies as a hedge or as protection for the eventuality of a ransomware event, and so they had this nest egg of cryptocurrencies sitting on the books, so to speak, in the event an event occurred, then they got acquired, so the new company acquired them. The new company didn’t understand that they had those cryptocurrencies and really had no awareness of it, and as that transaction occurred, shortly after the acquisition, the new company, the fuller entity, did get ransomwared. So then they’re sitting in a board meeting and, “Hey, I think Company X had acquired some cryptocurrency as a hedge to be able to pay for the ransom”, the board had decided they needed to pay the ransom because they couldn’t afford the downtime and various other issues, and decided to go figure out where that cryptocurrency was, and they couldn’t find it. Nobody had any records of it. They couldn’t find where it was. We had to do an investigation and we were able to determine that the former CFO of the organization decided that nobody knew about that cryptocurrency so he would just move it to some of his own wallets, and we were able to trace that, track that, unwind that, and successfully recover the large majority of that cryptocurrency for the organization.
There are commercial tools. There are also public, free tools. You have the commercial tools CipherTrace and Chainalysis and Maltego that do a lot of this. They have a lot of great features that help you unwind or understand probably one of the most critical things in relation to a cryptocurrency investigation, which is attribution, who owns that particular hash key, that particular wallet, who’s the owner or user of that wallet, and so those softwares do maintain some attribution as entities get learned, as well as have tools to allow you to build your own entities as you understand what entities own certain coins, and start building an attribution database, which can be really important for your investigations.
They do a bunch of other things as well, like provide risk ratings, how much activity has a particular wallet had in the dark market, or how much activity of pushing currency through spinners or mixers, and which are tools to obfuscate or launder the money and prevent people from being able to figure out where the currency went or how much currency there was et cetera.
So, those tools can be extremely useful and beneficial in that regard. But it can be done with Blockchain.com Explorer that does Bitcoin. You can go and look up transactions directly on those platforms. You can do the research. You can figure out – you can follow the trail of a transaction, but it’s manual whereas you have some more automation in the commercial tools.
So, what sorts of things do you need to understand if you’re going to get into investigating cryptocurrencies? You need to understand wallet types, a cold wallet, a hot wallet, software, hardware wallets, paper wallets, getting a valid understanding of what the wallets are, what you can do with a wallet. The addresses, the public address versus the private keys. So, typically for the owner of a wallet, you have your public address, that’s the address where people can send currency to, or you can spend your currency. And you have to authenticate with your private key. Your key is what unlocks it. It says, “Hey, I own this”. And cryptocurrency is very much like fiat currency in that way. If you have it in your hand and you control it, you can spend it. And so, in the cryptocurrency world, that means if I have the public address and the private key, I can spend that currency, I can do whatever I want with that currency, I can transfer it. And that’s where a lot of risk comes into play.
Now, you have to start getting into an exchange. Exchange transactions, interesting things there. In the exchanges, if they’re US-based, they follow the KYC banking rules. And so, they have to know your customer, they’ve got to have that attribution built out for that particular address that gets created on an exchange.
Then you have the investment platforms where you don’t actually own the asset. So, if you go out on Robinhood today, and you buy Bitcoin you don’t actually own the Bitcoin, you own an asset registered with Robinhood that is tied to that Bitcoin.
Now, Robinhood, in particular, is launching its own wallets, and they’re going to start giving you the ability to own your actual cryptocurrency and be able to transact in it and transfer it. They’re launching their own wallet. But in today’s market with Robinhood, if you were to go look at the public ledger when you made a purchase of Bitcoin, you won’t see your transaction there because Robinhood owns a large portfolio of cryptocurrency and they just move around assignment as to who owns it and acquire additional currency if they need. But it’s done with a shadow ledger that says, “OK, so we’re going to assign X dollars of X points of Bitcoin to this user”. And so, that ledger just tracks what your portion of ownership of that particular asset is.
Then you can start talking about privacy coins. Privacy coins, like DOGE and monero where they’re much harder to unwind, they’re much closer to an anonymous currency because they do things to obfuscate the ownership, they do things to create new addresses for each transaction. When the transactions get put into the blocks, they seed it with other transactions. They do things to help really obfuscate and keep the ability of tracking down that cryptocurrency – to make it more difficult essentially.
And then the last thing, just more of an awareness and understanding is mining. What is mining? Why is mining a term related to cryptocurrencies? So, mining is the process of validating a block within the Blockchain and creating the new currency. So, Bitcoin, every time you mine a block, there’s a payment of cryptocurrency to the successful miner of that block. Now, the successful mining is the process of running the mathematical equations and doing the hashing to determine what the hashes that solves – what’s the hash for a particular block. So, as you go through on a new block, you get all the information – they get all the information about the transactions contained in that block that have been verified and are in that block. And then you have to solve for the hash of that block. And that’s a mathematical formula that gets scaled. Typically, it just gets harder and harder as hardware advancements occur and as software advancements occur, but it could actually simplify it as well because it’s maintaining the process to ensure that it takes 10 minutes to mine a block in the Bitcoin world. So, that process is really trying to ensure that it takes 10 minutes to mine each block. And that creates the new segment of Bitcoin that gets put into the marketplace with each block that’s mined. And that gets halved at regular intervals until there will be no more Bitcoin to be added to the block, and there’ll be 21 million Bitcoin on the block. And then at that point, it’ll just be movement of the Bitcoin, and then the transactional fees related to that Bitcoin. That would be the only payment.
So, really important to understand in an investigation context, you’ve got to go out and you’ve got to do forensics. You’ve got to go look at the computers. You’ve got to determine, “Hey, are there cryptocurrencies involved in this particular asset?” As I said, sometimes, you’re going to be doing an investigation and know that there’s cryptocurrencies involved there. You may even know some wallet addresses. You may have already gone to Blockchain.com Explorer and traced some of those transactions, and then figured out some new wallet addresses maybe. And you need to go find them on the devices that you’ve accessed. That’s where these regexes come into play. And these are the basic regexes that will help you find any Bitcoin, Ethereum, monero, or dash. And there’s a whole library of these. You can build – the hashes do have a particular pattern, typically. So, you can build and develop these for just about any cryptocurrency that you want. Certainly, a very helpful tool.
But you do have to understand, doing that forensic investigation is still the best and most tried and true way of beginning an investigation because you may or may not know that cryptocurrencies are involved in a particular organization or a particular matter as you’re starting to do the investigation. It’s a great practice in today’s day and age to start looking for these cryptocurrency signatures, trying to determine are there wallets installed? Do they have a hardware wallet or software wallet that has been accessed? Or a web wallet that’s been accessed by a particular endpoint, whether it’s a mobile device or a computer. Understanding the presence of those cryptocurrency tools is certainly an indication that you may want to start investigating it and figuring it out.
This is where things start to get a lot more complicated because, again, you do have to go out and start tracking those transactions. One of the investigations we did, we had to track the transactions, over 700 transactions deep. If you’re using those free tools, that can be pretty time-consuming, going single transaction by single transaction and working down a tree versus using some of the commercial tools. But the commercial tools are very, very pricey. And everything that they do can be done by the free tools. It’s just a more manual process, with the exception of the commercial tools do provide ratings. Again, they have like a score. Almost think of it like a – you can think of it like a credit score. And so, a particular wallet will have a credit score that says, “Hey, this is higher risk, it’s been involved in a lot of dark web transactions, or it’s been involved with other wallets of known nefarious actors” because they have that attribution built out. And so, therefore, it has a higher risk score that says, “Hey this is a much more risky thing”.
From there, I’m going to start tackling some of the questions that have come in today. Again, your best approach for any cryptocurrency investigation is really delving into the forensics first. And then if you have a significant amount of transactions or a significant amount of IDs and stuff, I really recommend having a professional that’s got significant experience dealing with cryptocurrency investigations, because they can be complicated. They can be quite challenging, especially as you start having cross-Blockchain transactions where people are going through an exchange. So, they have Bitcoin, and they’re going through an exchange and they’re buying Ethereum or they’re buying monero or other cryptocurrencies that can make things extremely more complicated to follow and track.
So, we have our first question that was asked is, “Using Blockchains to track real-world assets like eggs, does this logistically work? How do I stop one egg being swapped for another egg? Do you need some kind of tattoo or product like a QR code linking to the NFT or is there another way?”
So, they do have barcodes like on the packaging, and sometimes even within the actual items where the logistics chains are using it. It’s extremely interesting, where they can actually follow an egg from the hen house all the way to the grocery store until the point of checkout when somebody actually purchases that particular package of eggs.
And so, then that person goes home and they get salmonella from those particular eggs, they can easily backtrack on to what trucks it was on. Some of them are getting even more sophisticated where that Blockchain, that logistics Blockchain is actually tracking the temperature of the truck. It’s getting recorded inputs from the temperature of the truck to know if there was a temperature variation within the truck that was shipping them from the manufacturer location to the distributor location, or from the distributor location to the actual store.
So, there are a lot of interesting controls around there. There are a lot of things being done with RFID chips linking into these logistics Blockchains. So, they’re getting automated inputs from these RFID chips. There’s a lot of really interesting activities and things going on around it. But yes – so they can actually do that tracking. It is done through barcode/QR code type information on those devices that allows them to do that tracking.
So, the next question is related to somebody just stating they didn’t know that they didn’t actually own the Bitcoin in Robinhood.
And so, that’s correct. So, in the Bitcoin public ledger, Robinhood actually owns those Bitcoins currently. Again, that is changing with Bitcoin, and some of the other platforms. But in Robinhood, they have an internal ledger that says, “Hey, we own 500 Bitcoin, for instance, and that 500 Bitcoin is distributed across these people, that each person owns a bit of it”. And so, they have their own internal ledger that tracks that ownership versus being out on the actual public ledger.
That public ledger only says, “Hey, Robinhood has all of these coins”. So, then when you’re talking about doing investigations, you do have to actually go out and subpoena Robinhood and say, “Hey…” if the company owned a Bitcoin through Robinhood, you would have to actually subpoena the information from Robinhood versus looking at the Blockchain itself. And that’s just a simple finite example, but there’s a lot of different things that have to happen around that and it can be very interesting.
So, then we have – the next question is, “Is ownership of Bitcoin always public? Is it possible to know how much Bitcoin is in cold storage at any time?”
Interesting question. Complicated answer. So, the ownership of the Bitcoin is public. It is a public ledger. Every movement – every creation of Bitcoin, and then every movement of that Bitcoin from that creation is tracked in that public ledger. Again, it is tracked by these public addresses, by your wallet address. And so, those addresses are public and they’re there.
Now, can I tell what’s in cold storage? You can’t because it – all you know is that that wallet exists, that address, that public address exists. What type of address it is, is it a cold storage wallet where they’re just printing it out, putting it on paper? There’s no way to track or know that.
Generally, they say that at least 25% of Bitcoin is dead currency, currency that people no longer have access to. That currency can no longer be accessed, because the people don’t have the private keys to access it, or they transferred it to an invalid address, and so that invalid address has no – there is no owner of it. So, there’s some interesting things that occur around that.
Now, if you start talking about monero and privacy coins, again, still a public ledger that can be fully traced, to the extent that that particular address has access to the coin. The challenges are really that a lot of those privacy coins, they are taking your $10 transaction, for instance, breaking it up into five $2 transactions, or more typically, a $1, a $3, a $2, and a $1.50, and a $1.50. And all those transactions are being combined to make your transaction. And so, they’re breaking it up into those multiple transactions through automation. And it becomes very hard to follow and trace that currency because of the way they function. But a lot of activity around that, but it is still a public ledger. And you can still look at that public ledger, and we are still able to build some level of attribution on those ledgers.
So, next question. “Just to be clear, can the forensic investigation uncover who the actual individual is in the control of the wallet i.e., to issue legal proceedings against a specific person?”
Great question. It is possible. It is not necessarily built into the Blockchains themselves. But again, through the development of attribution, through the development of the forensics investigation, you seize a person’s computer, you find the actual wallets they have, once you have those addresses, maybe you determine they came through an exchange like Coinbase here in the US, and so then you can then turn around and subpoena Coinbase. You can issue orders to have that currency frozen. There are a lot of possibilities.
How that all gets interpreted in the legal system is still kind of young. There’s not a lot of case precedent. But there is a lot of activity there. There are a lot of things that you can do through… when somebody owns that currency through an exchange where they do have KYC requirements, you can get a lot of that information, and you can proceed with that in a legal court.
Now, is that going to say that you’re going to be successful with that all the time or every time? Absolutely not. It’s a matter of figuring out, are they using an exchange? Is their wallet based through an exchange? Or are they just using a hardware wallet where they have direct control and access to their currency? Or in other cases, you have the Robinhood where you don’t actually own the currency. Much harder to perpetrate fraud with the currency involved in the platforms like Robinhood. That’s coming because they’re launching their own hardware wallets, their own software wallet where people will have access to their currency and be able to actually transact with the currency that they’ve invested in through that platform. So, a lot of possibilities there that can be taken advantage of.
But the parting thought here is it is sophisticated, it is challenging. They are not simple investigations. Typically, even though there is a public ledger, there’s a lot of work to be done to unwind them, investigate them, track it back, build attribution to who are the individuals involved in those particular transactions and items.
Your best method of unwinding most cryptocurrency things starts with a good forensic process. Collecting the device. Collecting the cell phone. If you’re specifically doing a crypto investigation and have malfeasance with the cryptocurrency, getting that device, that mobile device in an unlocked state where you might get access to the wallet and be able to determine the actual wallet addresses and stuff can be extremely beneficial.
Again, some of that information can be gained through the forensic process, doing the forensic images of it, and then searching for the addresses and identifying the cryptocurrency addresses. But your mileage may vary depending on the sophistication of the user, the particular types of transaction and activities that they’re doing.
All that being said, I think we’re just about at the top of the hour. I’ll ask if there are any last questions before we move on.
Looks like we’re good. So, I want to thank all of you who took the time out of their schedules to participate in today’s webcast. We know how valuable your time is and appreciate you sharing it with us. We also hope you have the opportunity to attend our next monthly webcast currently scheduled for June 22nd, 2022. Important topic for this upcoming webcast will be Data Protection and Privacy with Cross-Border Transfers. You can find information on this forthcoming webcast as well as on-demand versions of past webcasts on HaystackID.com.
Thank you for attending, and we hope you have a great day.
If anyone does have any questions, please feel free to reach out. We’re happy to answer the questions or engage with you, provide whatever information we can. This is a topic that’s near and dear to my heart and I’d love to dig in and talk about it. So, please feel free to reach out.
This concludes today’s webcast. I hope you have a wonderful day.
See more »
Refine your interests »
Back to Top
Explore 2022 Readers’ Choice Awards
Copyright © var today = new Date(); var yyyy = today.getFullYear();document.write(yyyy + ” “); JD Supra, LLC
[Webcast Transcript] Considerations and Challenges for Blockchain, Cryptocurrency and NFT Investigations – JD Supra
This session, led by one of the world’s leading cybersecurity, information governance, and legal discovery digital forensics experts, also presented an examination of raw data on blockchain ledgers, shared how to research specific addresses and transactions as part of an investigational process, and considered NFTs from an eDiscovery perspective.