Matt Zbrog
Blockchain forensics is the art and science of tracking complex blockchain transactions, particularly those involving cryptocurrency. This area isn’t as niche as it used to be: over $20 billion was estimated to be laundered through the blockchain in 2022, a 68 percent increase over the year prior. Everyone with a smartphone now has access to the blockchain and the ability to send funds to anyone anywhere in the world.
Today’s financial investigators can no longer afford to ignore blockchain forensics. Blockchains provide a new angle of attack for scammers and fraudsters; they also offer myriad ways to obfuscate illicit transactions. But for those who know what to look for, blockchains provide a transparent and immutable record upon which one can begin to track the steps of the guilty and the innocent alike.
To learn more about the evolution of blockchain forensics and how investigators are using it, read on.
Suzanne Lynch is a professor of practice in economic crime at Utica University. She holds a bachelor’s degree in criminal justice from Wayne State University and a master’s in economic crime management from Utica University. Lynch is also the director of the financial crime and compliance management programs at Utica University, and has previously served as the assistant executive director of The Economic Crime Institute.
Lynch has extensive experience in risk analysis, fraud control implementation, and investigations in the financial services industry. Formerly vice president for security and risk management at MasterCard Worldwide, she has held fraud management positions at Goldman Sachs and Comerica Bank.
Lynch has conducted numerous training sessions on fraud detection and investigations for both global law enforcement groups and financial institutions throughout the world. She was also responsible for a university partnership with the Association of Certified Anti-Money Laundering Specialists (ACAMS) and CipherTrace, an investigation and software company in financial investigations and blockchain forensics.
“Blockchain forensics is another way to follow the money,” Lynch says. “It’s become far easier over the years. Even though it’s encrypted, there’s a trail, and now we have some really unique software—like that developed by Chainalysis and CipherTrace—to help law enforcement and private sector investigators follow it.”
One of the biggest misconceptions about Bitcoin, the world’s largest cryptocurrency, is that its transactions are private. On the contrary, they’re completely transparent: each transaction is stored on a decentralized ledger, visible by anyone at any time. The misconception lies around identity.
When someone makes a transaction on a blockchain, it is attributed not to their name and physical address, but to their wallet’s public key (with Bitcoin, that’s a string of 34 alphanumeric characters). For years, investigators could tell when one wallet was transacting with another—they could even see how much was sent and how much remained in the account’s balance—but they could not associate wallets with individuals.
Things changed in 2013 when security researcher Sarah Meiklejohn published her paper “A Fistful of Bitcoins: Characterizing Payments Among Men with No Names.” In the paper, Meiklejohn and other researchers demonstrated ways to follow the money along a complex set of transactions until it arrived at a point associated with a particular person, organization, or address—typically via an exchange when trading cryptocurrency for cash.
Investigators could then subpoena the exchange for identifying information, associate the wallet with a single entity, and back-trace all transactions made throughout its history (Fraud Magazine 2023).
Blockchain usage has changed tremendously since 2013. Today, most transactions occur not with Bitcoin, but on protocols like Ethereum, powered by smart contracts: self-executing code that functions like a futuristic version of a Rube-Goldberg machine, with a vending machine’s user interface. For legitimate users, this makes complex financial transactions cheaper, faster, safer, and more efficient; for illicit users, it provides several new and ingenious ways of hiding their footsteps.
“You’re still tracing assets, but it’s a murky world, with a confusing regulatory climate, and there’s still no single standard,” Lynch says.
One of the most popular privacy tools available on modern blockchains is what’s known as a mixer: a piece of self-executing code that helps users obscure the source, destination, and amount of their transaction by bundling it with several others and distributing it in small amounts at different intervals.
While many legitimate use cases exist for mixers, regulators are taking a tough stance, with the US Treasury sanctioning Tornado Cash, a popular mixer, in 2022. Authorities arrested the person who wrote the lines of code, Alexey Pertsev, but unlike with traditional websites, Tornado Cash has no operator, no manager, and no independent databases; the code itself cannot be shut down.
“It’s getting more complex, with added layers of technical difficulty,” Lynch says. “We’re seeing a convergence of financial crime and cybersecurity. They’re very much intertwined these days.”
Today, blockchain forensics is as complex as the transactions it traces. Chainalysis and CipherTrace remain industry leaders. But a whole crop of internet sleuths, small consultancies, and DIY tools are available to help investigators follow the digital money. Financial investigators and blockchain forensics may soon find themselves in a similar position as other investigators do with digital forensics.
“You need to know enough to be dangerous,” Lynch says. “I don’t expect new investigators to be skilled in the intricacies of encryption, but you need to know when certain tools are needed.”
Blockchain itself comes with tiers of understanding, from the basics of its infrastructure (DEXs, CEXs), to utilization of available tools (Nansen, Etherscan), to mastering the underlying code (Solidity).
At a very basic level, investigators should recognize the signs of when blockchain is involved: hardware wallets like Ledger and Keystone; seed phrases and private keys; centralized exchange accounts; hot wallets and software extensions like Metamask and TrustWallet. A generalized knowledge can help investigators know just enough to know when to call upon experts.
Lynch has worked with organizations like the Anti-Human Trafficking Intelligence Initiative and the Defenders League to use blockchain forensics for hunting down those who would engage in (and profit from) forms of exploitation. Cryptocurrency has sadly proven to be a staple of transnational crime and will likely continue to be, facilitating the movement of funds between illicit entities across borders and jurisdictions.
“This is global, and that’s where part of the challenges are,” Lynch says. “It doesn’t matter where someone is located.”
Blockchain is continuing to evolve. Cryptocurrencies like Zcash and Monero have been built with privacy as a priority. Other forms of zero-knowledge proofs—verifying transactions without revealing extraneous information to the rest of the blockchain—will further complicate forensic efforts. But many things look untraceable until, suddenly, they aren’t anymore.
“When we build a ten-foot wall, the bad guys show up with an eleven-foot ladder,” Lynch says. “It’s always going to be a challenge to understand the different ways that this new type of money can flow. But just in the last two or three years, we’ve come a long way in our capability to trace different types of transactions.”
Lynch sees the basics of blockchain forensics being integrated into more financial crime curriculums. She also sees technological advances in forensics keeping pace with criminals. But one of the most significant aids to the cause, she notes, has been a string of successful prosecutions, which provide case studies of how the bad guys got caught and lessons in how investigators can do the same.
“It sends a message,” Lynch says. “You can run, but you can’t hide.”
Matt Zbrog
Matt Zbrog is a writer and researcher from Southern California. Since 2018, he’s written extensively about the increasing digitization of investigations, the growing importance of forensic science, and emerging areas of investigative practice like open source intelligence (OSINT) and blockchain forensics. His writing and research are focused on learning from those who know the subject best, including leaders and subject matter specialists from the Association of Certified Fraud Examiners (ACFE) and the American Academy of Forensic Science (AAFS). As part of the Big Employers in Forensics series, Matt has conducted detailed interviews with forensic experts at the ATF, DEA, FBI, and NCIS.