《Chainalysis：2024加密貨幣調研報告：區塊鏈執法智能化（英文版）（25頁）.pdf》由會員分享，可在線閱讀，更多相關《Chainalysis：2024加密貨幣調研報告：區塊鏈執法智能化（英文版）（25頁）.pdf（25頁珍藏版）》請在三個皮匠報告上搜索。

1、Crypto InvestigationsBlockchain Intelligence forLaw EnforcementTable of ContentsOverview:Cryptocurrency and crime2Cryptocurrency basics:What investigators need to know3Bitcoin and the birth of blockchain3The introduction of Ethereum6How users store and make transactions8How crypto and crime intersec

2、t14Leveraging blockchain intelligence to investigate crypto crime15A holistic approach to tackling crypto crime17How law enforcement agencies use blockchain intelligence19How reliable is crypto evidence in criminal court?21The Chainalysis data advantage21Gain a strategic advantage in investigating c

3、rypto crime23Crypto Investigations:Blockchain Intelligence for Law Enforcement1Overview:Cryptocurrency and crimeWith a global market capitalization exceeding$2 trillion,regulation increasing worldwide,and adoptiongrowing each year,cryptocurrency is here to stay.What does this mean for law enforcemen

4、t?Its no surprise that where economic opportunity abounds,so do attempts to subvert it with financial crime.Much like fiat currency,crypto has been used in connection with scams,ransomware,money laundering,child exploitation,terrorist financing,sanctions evasion,and darknet market commerce.In 2023,$

5、24.2billion of total crypto transaction volume was tied to illicit activity.While this is a large figure,withoutcontext,it doesnt quantify the human toll of crypto-based crime.For example,one insidious crime with a crypto nexus “pig butchering”is a unique social engineeringscam in which scammers bui

6、ld trust with victims via social media apps and text messages,and trick theminto investing their money on fake platforms.The impact of these scams has been devastating,with somevictims losing pensions and lifetime savings,along with their peace of mind and confidence.Pig butchering scams are just on

7、e example of how criminals have been adapting their crypto crime tacticswith increasing sophistication in the last few years.Now more than ever,law enforcement must beequipped with the knowledge and capabilities to combat crypto crime.Theres a common misconceptionthat these investigations are the so

8、le responsibility of large,national-level law enforcement agencies orelite cybercrime units.While that has been true for cases with national security implications,crypto-basedcrime affects communities big and small worldwide.With the right training and capabilities,local agenciescan take action,too.

9、Given the relative novelty of the crypto financial system,learning how to conduct a crypto investigationmay feel daunting,but it doesnt need to be.To start,law enforcement agencies need a sharedunderstanding of:How crypto and blockchains work.What types of crimes and illicit actors jeopardize the cr

10、ypto ecosystem.And how to conduct an investigation into crypto-based crime.Many investigators today find themselves at the beginning of that education.Regardless of where you arein that learning process,this guide will demystify these topics by explaining the basics of cryptocurrency,highlighting ho

11、w crypto crime happens,and sharing how to apply that knowledge to crypto crimeinvestigations.Well also discuss how law enforcement agencies are successfully fighting crypto crime,andwhat capabilities theyre using to do it.Crypto Investigations:Blockchain Intelligence for Law Enforcement2Cryptocurren

12、cy basics:What investigators need to knowLicit use cases for cryptocurrency include saving,investing,making payments,and sending remittances.One of the biggest benefits of cryptocurrency is that,unlike fiat,crypto transactions are fully traceable,which makes solving crypto-related crime far less one

13、rous than crime committed using traditionalcurrencies.Today,there are thousands of cryptocurrencies available to buy,sell,and exchange.Bitcoin(BTC)and Ether(ETH)have the highest market capitalization of all cryptocurrencies and the image belowshows some other common types,along with their respective

14、 blockchain networks.BTC BitcoinETH EthereumUSDT TetherBNB Binance CoinUSDC USD CoinXRP RippleADA CardanoDOGE DogecoinMATIC PolygonSOL SolanaBitcoin and the birth of blockchainIn 2008,the renowned Bitcoin white paper was anonymously published by an individual or group underthe pseudonym of Satoshi N

15、akamoto.Since its launch in 2009,Bitcoin has challenged traditional monetarysystems,spurred advancements in financial infrastructure,and accelerated innovative thinking in how tomeet the worlds economic needs.In developing Bitcoin,Nakamoto introduced not only a new digitalcurrency but also a revolut

16、ionary technology infrastructure the blockchain.Unlike traditional financial transactions that require banks or other intermediaries,blockchain technologyenables direct transactions between individuals on a peer-to-peer network.The key innovation of theblockchain is its ability to record every trans

17、action on a public ledger that is both immutable andtransparent.This means once a transaction is added to the ledger,it cannot be altered or deleted,makingevery transaction traceable and uniquely identifiable.The image below shows an abstraction of what isrecorded on the Bitcoin blockchain when a tr

18、ansaction is made.Crypto Investigations:Blockchain Intelligence for Law Enforcement3What gets recorded in a Bitcoin transactionSo,just what is a blockchain?At its core,a blockchain is a digital ledger that records cryptocurrency transactions across many computersglobally.These computers,or nodes,val

19、idate and store each transaction,ensuring theres no central pointof control or failure.Imagine a blockchain as a detailed bank statement thats public and contains a recordof all transactions ever made,viewable by anyone.Blocks,the individual records on a blockchain,contain transactions and their det

20、ails.They are securelylinked to the previous block,creating a chain that is virtually impossible to tamper with.Their transparencyand security make blockchain an invaluable tool for law enforcement to track financial movements wheninvestigating crypto crimes.While there are four types of blockchain

21、technology public,private,hybrid,and consortium Bitcoin isa public blockchain,and this type of blockchain is the focus of this guide.Public blockchains employcryptography to enable trustless transactions using a decentralized,permissionless infrastructure.Here aredefinitions for the attributes of a

22、public blockchain:Trustless:Participants dont need to know one another or rely on a third party for a blockchain tofunction.No single person or group has control over the blockchain.Decentralized:Blockchain activity is distributed among many nodes,or individuals running Bitcoinsoftware,for transpare

23、ncy and redundancy.Permissionless:Participation in the blockchain consensus process does not require authorization.Censorship-resistant:By design,a blockchains public ledger can be added to,but not edited.Doing such would create a hard fork,rendering the crypto on the newly forked chain incompatible

24、with the original blockchain.Bitcoin Cash is one example.Open source:The network functions autonomously without a centralized authority and anyonecan view its activities.Crypto Investigations:Blockchain Intelligence for Law Enforcement4On public blockchains like Bitcoin,any user can run a node and e

25、very node has the same privileges.Byinstalling some computer software and either a)having enough computing power,or b)staking enoughcryptocurrency(staking is locking crypto holdings for a time to support blockchain operations),anyone inthe world can help maintain and expand a permissionless blockcha

26、in.Nodes(the computers sustaining theblockchain)are rewarded with cryptocurrency for adding new blocks.Blockchains differ in how theyreward these nodes,but the mechanisms for doing so share a common name:consensus.How Bitcoin is minedThe Bitcoin network operates on a Proof-of-Work(PoW)consensus mech

27、anism.PoW mechanismsincentivize nodes to become“miners”of new blocks by solving energy-intensive cryptographic puzzles.When the solution is found,the node broadcasts the result to the network and is rewarded with bothnewly minted cryptocurrency and the fees from the transactions in the block.A new b

28、lock is added to thechain every 10 minutes,and thus,this is also the frequency at which new Bitcoin enters the ecosystem as areward to miners for their work.While this way of operating makes the Bitcoin blockchain secure,it alsomakes the speed of transaction processing somewhat slow.The mining opera

29、tions for Bitcoin and other types of PoW networks may also consume significant amountsof electricity,and these systems are often expensive to set up and operate.While cryptomining is a crucialpart of the industry,it also holds special appeal to bad actors as it provides a means to acquire money with

30、a totally clean,on-chain original source.Because of this,heavily sanctioned nation states like Iran haveturned to cryptocurrency mining to build capital without going through the traditional financial system.Crypto Investigations:Blockchain Intelligence for Law Enforcement5Equipment associated with

31、a cryptocurrency mining operationQuestions to ask cryptocurrency mining operators in an investigationWhat is this used for and how does it work?Are you a part of a mining pool?What wallet is linked to this mining rig?Who funded this setup?How long has this been in place?Why some criminals prefer Bit

32、coinBecause Bitcoin has a finite supply with a cap set at 21 million BTC,it is scarce.Bitcoin is often referred toas digital gold,and presents an enticing alternative to fiat currency or traditional investment strategies.Bitcoin is an attractive investment option given its demonstrated history of an

33、d potential for high gains.The introduction of EthereumSeveral years after Bitcoin came on the scene,the Ethereum network launched in 2015 with Ether(ETH)asits native token.Vitalik Buterin invented Ethereum to address the scalability issues of the Bitcoin network,and Ethereum revolutionized blockcha

34、in technology with the introduction of smart contracts,which gaveEthereum network users the ability to connect their self-hosted wallets directly to a website and transferCrypto Investigations:Blockchain Intelligence for Law Enforcement6their crypto in a permissionless way,all recorded on the Ethere

35、um blockchain.Smart contracts alsofacilitate the deployment of decentralized applications,or dApps.DApps operate though the use of smartcontracts and run autonomously on a blockchain network.Since 2015,many other cryptocurrencies have launched on the Ethereum network,and dApps haveproliferated there

36、,too.Here are a few common types of dApps:Decentralized exchanges(DEXs):DEXs are essentially codebases running on open blockchainnetworks that allow individuals to trade crypto assets without relying on an intermediary,so thatusers have full control of their funds.Most DEXs are built on blockchains

37、like Ethereum,using smartcontracts.Borrowing/lending protocols:Decentralized platforms that allow users to lend theircryptocurrencies or take out loans in crypto without the need for a traditional financialintermediary,such as a bank.These protocols use smart contracts to automatically manage loanpa

38、yments,interest rates,and collateral requirements,ensuring trust and security betweenanonymous parties.Participants can also earn interest on their loaned assets,while borrowers canaccess funds by providing collateral in cryptocurrency,all managed directly on the blockchain.Yielding protocols:Often

39、referred to as“yield farming platforms”,these protocols let users lock up(or stake)their cryptocurrencies in smart contracts to earn rewards or interest.These rewards aretypically generated through various crypto trading strategies implemented by the protocol,including lending out assets,providing l

40、iquidity to DEXs,or staking.Yield farming has become apopular way for crypto holders to potentially earn passive income on their holdings,with theoperations and transactions securely recorded on the blockchain.NFT collections and marketplaces:NFTs(non-fungible tokens)are unique digital assets oftenc

41、ollected by hobbyists which cannot be copied.They can be bought using cryptocurrency,andthe transaction is recorded on the associated blockchain to verify authenticity and ownership.NFTs are commonly bought and sold on specialized marketplaces and,similar to traditional art,thevalue of an NFT may in

42、crease over time.Blockchain games:Simply put,these are video games that are administered with or built in partusing blockchain technology.Depending on the exact way these games leverage blockchaintechnology,theyre sometimes referred to as crypto games,NFT games,web3 games,ormetaverse games.By contra

43、st with Bitcoin,Ether and other cryptocurrencies on the Ethereum network are based on theProof-of-Stake(PoS)consensus mechanism,though Ethereum was initially launched as a PoW blockchain.PoS chains encourage nodes to become“validators”by locking up(i.e.,staking)some of theircryptocurrency in a smart

44、 contract.Validators are then chosen at random to create new blocks and receivethe rewards.PoS blockchains are typically viewed as less secure than PoW blockchains,but they arefaster.Crypto Investigations:Blockchain Intelligence for Law Enforcement7BitcoinEthereumTRONNative tokenBTCETHTRXLaunch20092

45、0152018Time per block10 minutes15 seconds3 secondsAddress type1.,3.,bc1.0 x.T.Market cap in 20241,398 T430 B10.5 BConsensusmechanismPoWPoSDPoSBlock explorerBetherscan.iotronscan.orgComparing types of blockchain networksWhy some criminals prefer the Ethereum networkAs compared with Bitcoin,Ethereum i

46、s less scarce since its supply isnt limited.Though its considereddigital silver,Ethereum has more uses than Bitcoin given the dApp ecosystem.While Ethereumcryptocurrencies may be considered less valuable,since they have more practical applications,theres moreopportunity to employ them in crypto-base

47、d crime.How users store crypto and make transactionsCryptocurrencies can be stored and managed in different ways.A persons portfolio,or collection of cryptoassets,is commonly referred to as a wallet.There are two predominant methods of managing a wallet:Custodial wallets are usually referred to as o

48、nline services through which crypto assets can beacquired and stored and managed within the users account.Similar to a bank account,the actualassets,in this case the private keys,are stored on the providers servers.As with bank deposits,the user does not have full control,but does have the advantage

49、s of online access,securityguarantees,and other additional functions of the service.Well-known examples are cryptoexchanges such as Binance and Coinbase.Non-custodial wallets are usually local applications,clients,or apps that facilitate themanagement of crypto assets.The user stores their private k

50、eys locally,and retains full controlover their assets.Common non-custodial wallets include Electrum,Exodus,and BRD.Paperwallets,hardware wallets,or full nodes can also be categorized as non-custodial wallets,as theuser retains the power of disposal over the private keys.Crypto Investigations:Blockch

51、ain Intelligence for Law Enforcement8Common custodial and non-custodial wallet providersQuestions to ask a suspect about their crypto usageWhat crypto apps do you have?Can you show me how the apps work?How much is in this wallet?Where did the funds come from?How did you backup this wallet?Where did

52、you record the seed phrase?Who else knows where it is?Some crypto users prefer to store their cryptocurrency on hardware wallets.Also known as“cold storage”,hardware wallets are offline wallets used for storing cryptocurrency that protect the wallet from onlinethreats.Crypto Investigations:Blockchai

53、n Intelligence for Law Enforcement9Examples of hardware walletsQuestions to ask a suspect about their hardware walletWhat is the PIN to access this wallet?Who does this wallet belong to?How much cryptocurrency is stored here?Where did you record the seed phrase?Who else knows where the seed phrase i

54、s?If a person loses or forgets the password to access their crypto wallet,they can restore access using aseed phrase or recovery phrase which is a series of random words a crypto wallet intially generatesto ensure access to funds.Seed phrases are often 12 or 24 words,which users can write on paper,s

55、tore ina file on a device,or even imprint into metal to protect from fire damage.Crypto Investigations:Blockchain Intelligence for Law Enforcement10Example of a seed phraseQuestions to ask a suspect about their seed phrase1.What does this seed phrase belong to?2.How much value is held in this wallet

56、?3.Who have you shared this with?Who shared it with you?4.What is the source of the funds?As for how crypto transactions work,they are facilitated through the interaction of wallets,keys,andaddresses.A wallet generates keys that allow access to cryptocurrency and may be found on phones,tablets,compu

57、ters,and web browsers.As mentioned,wallets can be hosted,where the private keys aremaintained by a third party(e.g.,Coinbase,Binance,Gemini),or unhosted,where the user maintainscontrol of the private keys(e.g.,Trust Wallet,Electrum,Exodus).Its important to know this distinction forfollow-on investig

58、ation.Hosted(or custodial)wallets,like C,can be likened to email service providers like Gmail.Theygenerate and securely store private keys and communicate with a blockchain network to facilitatetransactions.Private keys(which can be likened to passwords that unlock email accounts)create uniqueidenti

59、fiers called addresses(which can be likened to email accounts),and private keys unlock funds forthose addresses.Crypto Investigations:Blockchain Intelligence for Law Enforcement11Bitcoin address18yWFVddqNrGE966zwXTpyJgYJgr82SvMsTransaction hashceb5304895374496f37665ec9f894e5b1f805739d18f6c6360600257

60、e39427a9Private keyL11tBmJwP9hWHPctxR2V4YaVT8g4rWAPvPhbntMxm9CspgreSssiExample of a Bitcoin address and associated transaction hash and private keyQuestions to ask a suspect about their crypto holdings1.What crypto do you own?Where did you get it?2.What are you doing with it(i.e.,sending,receiving)?

61、3.How did you get involved with crypto?4.How does this crypto work?How do you transfer value?Buying cryptoCryptocurrency exchanges replicate the traditional role of a marketplace like any of the worlds major stockexchanges,but instead allow users to buy,sell,and exchange cryptocurrencies.Many are bu

62、ilt usingcentralized systems where the exchange controls user funds and facilitates crypto transactions.Manyexchanges,like C,offer hosted wallets that store your crypto for you.Alternatively,users canstill purchase crypto through cryptocurrency exchanges,and store it in their own software or hardwar

63、ewallet.Crypto(typically Bitcoin)can also be purchased via crypto ATMs.Receipts from such purchases could bepaper ATM receipts like those provided by a traditional ATM,or digital receipts sent via text message oremail that contain the date of transaction,the amount of crypto and coin purchased,and t

64、he depositaddress.Specific formats and details vary from ATM to ATM.Crypto Investigations:Blockchain Intelligence for Law Enforcement12Bitcoin ATM receiptsQuestions to ask a suspect about crypto ATM receiptsWhere is this ATM located?Why did you use this ATM?Did you send or receive cryptocurrency?Why

65、?How does this process work?Who gave you instructions?What type of wallet did you use?Sending cryptoSending crypto to another user requires having their public address to perform the transaction,andcreating a digital signature encrypted with your private key.In verifying ownership of crypto in your

66、wallet,the network decrypts your signature with your public key,and authorizes the movement of crypto fromyour wallet to the other users wallet.The chain of events to generate keys and addresses occurs in awaterfall flow,so the user receiving crypto cannot reverse engineer the process to steal funds

67、 from thesenders wallet.By now,youve noticed that blockchain technology provides unprecedented transparency into the flow offunds as compared to traditional finance.The public ledger facilitates a unique form of transactionanalysis,making crypto inherently more traceable than fiat transactions.With

68、these insights,lawenforcement and government agencies can track and trace crypto transactions tied to illicit activities,freeze funds obtained through ill-gotten gains,apprehend cyber criminals,and even prevent crypto-relatedcrime from happening.Crypto Investigations:Blockchain Intelligence for Law

69、Enforcement13How crypto and crime intersectCryptocurrencies have criminal relevance due to their versatility as both a means of payment and aninvestment vehicle,and are appreciated for their pseudonymity.Cryptocurrency is often employed indarknet trading,ransomware attacks,forms of hacking like cryp

70、tojacking in which criminals secretly usevictims computing power to mine crypto and money laundering.In 2023,over$22 billion in cryptoworldwide was used for that purpose.Crypto is also used in various types of fraud,and has beenassociated with theft via hacking incidents,as well as facilitating CSAM

71、(child sexual abuse material),sanctions evasion,terrorist financing,and commercial offenses(e.g.,weapons dealing,counterfeitingmoney,forged documents,and the sale of narcotics and medicine).Here are some of cryptos attributes and capabilities that make it desirable for criminal use:Pseudonymity:Some

72、 criminals mistakenly perceive crypto as anonymous,when its actuallypseudonymous because crypto exchanges are required to maintain customer information in orderto comply with know your customer(KYC)and anti-money laundering(AML)regulations.Still,acrypto transaction on a blockchain ledger is only ini

73、tially identifiable by a public address,andfinding the person or entity who controls that address takes some footwork.Speed,cost,and ease of use:Crypto transactions,including those made across borders,are fasterand far less expensive than a standard wire transfer,in addition to being pseudonymous.De

74、ception tactics:Criminals attempting to launder funds are often drawn to crypto mixers,services that obfuscate the origin and destination of crypto transactions.Potential return on investment:Again,crypto poses an attractive investment opportunity for somecriminals,especially since its not tied to t

75、raditional financial markets.Crypto Investigations:Blockchain Intelligence for Law Enforcement14Leveraging blockchain intelligence toinvestigate crypto crimeWhile the blockchain is transparent,its hard to read.Consider also,that the Bitcoin blockchain alone hasprocessed nearly one billion transactio

76、ns.When it comes to efficiently and effectively investigating cryptocrime,blockchain intelligence provides a game-changing advantage for law enforcement as it offers theability to analyze extensive on-chain datasets,graphing capabilities to organize that data,andcontextualized insight into illicit c

77、rypto activity.By contrast,anyone can search for crypto transactionsusing a block explorer,but those tools dont aggregate blockchain data in actionable ways.A single transaction as displayed on a block explorerThat data shown above may be public,but its not very insightful;it begs more questions tha

78、n it answers.For example:Who are the pseudonymous entities?Are they cryptocurrency exchanges,merchant processors,or darknet markets?Why are they transacting?Is it a payment,an investment,or a smart contract?How much value are they transacting?Is it hundreds,thousands,or millions of dollars or eurosw

79、orth of cryptocurrency?Blockchain intelligence helps organizations answer these questions.Using it,law enforcement agenciesidentify criminal entities by examining on-chain activity like the movement of stolen or laundered crypto.The teams that support this technology cultivate extensive on-chain dat

80、asets and offer graphingcapabilities that help law enforcement visually trace the flow of funds over time,and connect cryptotransactions to real-world entities.These platforms also provide contextual information that facilitates agreater understanding of illicit on-chain activity.Crypto Investigatio

81、ns:Blockchain Intelligence for Law Enforcement15A graph in a blockchain intelligence platform displaying multiple,contextualized crypto transactions and the entities that initiated themBlockchain intelligence helps investigators map crypto transactions and present them in an easilydigestible format.

82、For example,the graph above shows the transaction relationships between eight drugbuyers and vendors,each of which have ties to the same darknet market.Blockchain intelligence helps lawenforcement progress investigations,apprehend criminals,present cases for prosecution,and prepare theway for the se

83、izure and recovery of crypto funds to victims when possible.In the course of an investigation,blockchain intelligence also facilitates faster and more effectivecollaboration between law enforcement departments as well as government agencies.Using the samedataset contributes to a shared understanding

84、,which drives better investigative outcomes.And whileblockchain intelligence is useful for fighting crime,it can also help law enforcement be proactive inCrypto Investigations:Blockchain Intelligence for Law Enforcement16preventing crime,too.Its possible to detect illicit activity early on by analyz

85、ing on-chain transactionpatterns and relationships that could be indicative of criminal behavior.Here are some examples:Observing an unusual increase in transaction volumes or patterns commonly associated withmoney laundering or fraudDisrupting criminal networks by mapping the financial flows of cri

86、minal organizations,which couldhinder their operations and prevent future crimeTargeting darknet marketplaces.Proactive transaction monitoring linked to known darknetmarkets allows law enforcement to gather intelligence on buyers and sellers,identify emergingthreats,and take action before illicit tr

87、ansactions escalate.A holistic approach to tackling crypto crime1.Prepare:Building a foundation for crypto crime responseFor local governments wanting to tackle crypto crime investigations,establishing a comprehensiveknowledge base across all teams and departments is critical.This shared understandi

88、ng enables seamlesscollaboration and communication throughout an organization and across agencies,from field officers tojudges.In building a foundation to begin fighting crypto crime,leadership support for these initiatives is crucial,necessitating a commitment to capacity building and ongoing train

89、ing to keep abreast of trends anddevelop effective policy-making,regulation,and operational strategies.Building a community of dedicated experts is essential,too.Erin West,Deputy District Attorney for SantaClara County,who has extensive experience with pig butchering cases says,“you need a lot of pa

90、rtners.This is not something that one investigator can do by themself.You need private partners,you need publicpartners,you need local law enforcement.You need federal law enforcement,and the idea of puttingtogether task forces,smaller task forces nationwide,I think is a great way to tackle this.”2.

91、Prevent:Identifying and disrupting crypto crimesRecognizing the use of cryptocurrency in criminal activities can be pivotal to modern investigativetechniques.Agencies must enhance their ability to detect and understand crypto-related activities crucialfor uncovering illicit patterns,analyzing the fl

92、ow of these funds,and supporting broader blockchaininvestigations or policy-making.Staying informed about criminals evolving tactics,such as assetlaundering,requires the latest technological and investigative methods.Understanding the leverage points of crypto in criminal activities including on/off

93、 ramps and digitalwallets like CashApp and tracing these elements through tools like government databases is essentialfor effective crime prevention.Disrupting crypto crime hinges on continuously updated,reliable data,andlaw enforcement must have access to current,accurate information.Crypto Investi

94、gations:Blockchain Intelligence for Law Enforcement173.Pursue:Actively chasing down offenders and recovering illicit gainsLaw enforcement agencies are encountering crypto in their investigations more frequently.When theseassets are discovered,they should be seized and stored until they can be invest

95、igated,and ultimately,soldfor fiat money.When it comes to stolen funds,crypto is more recoverable than many law enforcement agencies mightthink.Partnerships with district attorneys offices are vital,as they place a significant role in deciding whichcases to pursue towards recovering stolen funds.Rec

96、overing crypto funds through seizure is also a technical process that demands proficiency in using seedphrases to gain access to a wallet,and conducting manual verifications to link associated wallets andassess balances.Simply put,identifying the opportunity to seize assets is complex,and the stakes

97、 havenever been higher.This underscores the necessity for specialized skills and frontline training in identifyingand handling critical crypto evidence,as crypto artifacts can often be discovered during search of cars,devices,premises,or when making arrests.The U.K.s Metropolitan Police significant

98、Bitcoin seizure of over 2 billion in March 2024 exemplifies thepotential success of these operations.This event,along with notable seizures from the past few years,underscores the global scale of the challenge and critical impact of skilled interventions.Hezbollah and Iran Quds Force seizure,June 20

99、23In the first Hezbollah-related digital currency seizure,Israeli authorities recovered roughly$1.7million in crypto from Hezbollah,a heavily sanctioned terrorist group based in Lebanon,andfrom Irans Quds Force,which funds and works extensively with Hezbollah.Learn more.ChipMixer seizure,March 2023S

100、upported by Europol,a group of international authorities seized over 40 million from thisunlicensed cryptocurrency mixer.Learn more.Bitzlato seizure,January 2023Europol seized over$19 million in crypto after the exchanges founder was charged withmoney laundering.Learn more.Ronin Bridge hack recovery

101、,September 2022Law enforcement seized$30 million in crypto stolen by North Korean-linked hackers,the firsttime that crypto stolen by a North Korean hacking group was recovered.Learn more.Bitfinex hack recovery,February 2022The IRS Criminal Investigation division,the FBI,and Homeland Security Investi

102、gationsrecovered$3.6 billion in crypto(the largest ever recovery of assets from a theft)in connectionwith the 2016 Bitfinex hack.Learn more.Crypto Investigations:Blockchain Intelligence for Law Enforcement18Silk Road hack recovery,November 2021Law enforcement seized over$3.36 billion in cryptocurren

103、cy from James Zhong,who stoleBitcoin from the Silk Road darknet marketplace in 2012.Learn more.International money laundering operation seizure,July 2021In June and July,British police seized a total of 294 million in cryptocurrency tied to aninternational money laundering investigation.Learn more.S

104、ilk Road hack recovery,November 2020The U.S.DOJ seized$1 billion in Bitcoin from cryptocurrency from a wallet tied to a Silk Roadhacker known as Individual X.Learn more.4.Protect:United front against crypto crimeUltimately,successfully combating crypto crime requires a unified effort from government

105、 institutions,lawenforcement,and legislators.They play an essential role in developing,implementing,and enforcing cryptopolicies and regulations related to cryptocurrencies and blockchain technology.This united approach is keyto creating a secure yet innovative environment that keeps pace with the r

106、apid developments of digitalassets and blockchain technology.Central to law enforcements arsenal against crypto crime is the sharing of blockchain intelligence acrossagencies.Such inter-agency collaboration,coupled with strategic public-private partnerships,strengthensregulatory frameworks and enhan

107、ces compliance monitoring,thus playing an important role in crimedeterrence and prevention.Much like traditional financial investigations are a routine law enforcement responsibility,cryptocurrencyinvestigations will need to become the same.By utilizing blockchain intelligence,government agencies ca

108、nactively monitor crypto transactions.This proactive monitoring can aid crime prevention and ensureagencies are ready to respond to significant events in the financial ecosystem like the sanctioning ofmajor entities or the collapse of a blockchain that could affect financial stability or pose system

109、ic risks.Adopting this proactive approach,backed by robust regulatory oversight,is crucial for upholding theintegrity and safety of the crypto ecosystem.It highlights the importance of regulation and lawenforcement in protecting against the threats posed by crypto-enabled crimes.How law enforcement

110、agencies use blockchain intelligence incrypto investigationsOver the years,weve seen many law enforcement agencies run successful crypto crime investigationsusing blockchain intelligence everything from disrupting national security threats to protecting localcommunities from fraud.Crypto Investigati

111、ons:Blockchain Intelligence for Law Enforcement19One recent successful investigation was the LockBit ransomware takedown.On February 20,2024,a jointinternational operation was announced by U.K.s National Crime Agency(NCA),U.S.Department of Justice(DOJ)and among others,Germanys Bundeskriminalamt(BKA)

112、and the LandeskriminalamtSchleswig-Holstein(LKA-SH),stating the disruption of LockBit,one of the most prolificRansomware-as-a-Service(RaaS)groups operating in the last few years.According to the DOJ,LockBitattacked over 2,000 victims and made over$120 million in revenue.It was also among the most re

113、silientstrains in the ransomware ecosystem,and remained active for longer than most others.In the takedown operation,the NCA,FBI,and international law enforcement partners worked together toseize servers and public-facing websites that were integral to LockBits operations,and obtaineddecryption keys

114、 for LockBit victims to recover their data without paying a ransom.Leading up to this event,NCA used the Chainalysis Crypto Investigations solution to carry out its investigation.On-chain data revealed that LockBit affiliates were working with an Iranian ransomware strain anddepositing at an Iranian

115、 exchange,suggesting the LockBit affiliate in the graph below is likely Iranian.Chainalysis Crypto Investigations solution used to trace crypto transactionsIn another graph,on-chain data demonstrates that Russian ransomware gang Evil Corp had begun usingLockBit ransomware,as indicated by payments fr

116、om Evil Corp to a wallet controlled by LockBit.Evil Corpfirst sent funds to an exchange,and from the exchange,sent to an intermediary wallet and on to LockBit.Crypto Investigations:Blockchain Intelligence for Law Enforcement20Chainalysis graph showing how Evil Corp attempted to obfuscate payments to

117、 LockBitThe graphs above show how law enforcement can use blockchain analytics software to trace and trackcrypto transactions in the course of an investigation.How reliable is crypto evidence in criminal court?When conducting crypto investigations,law enforcement agencies must keep in mind the possi

118、bility of atrial.How might using on-chain data as evidence play out in court?Relatedly,in United States v.RomanSterlingov a case in which Chainalysis data was referenced the court ruled that blockchain analyticsis reliable,and therefore,could be admitted as substantive evidence in trial.This case se

119、ts a precedent forChainalysis blockchain analytics and equips prosecutors with another tool to prove guilt at trial.It alsorepresents a significant mark of maturation for the broader crypto industry.The Chainalysis data advantageIn the world of blockchain intelligence,having the right data is critic

120、al to conducting a successful cryptocrime investigation.Chainlaysis has built the industrys most complete mapping of real world activity toon-chain activity.With this comprehensive blockchain knowledge graph,weve helped law enforcementrecover more than$11B in illicit funds.How do we cultivate this d

121、ata?Chainalysis has a large team of blockchain intelligence and forensicsexperts collecting cryptocurrency addresses they can attribute to the specific real-world entities whocontrol them.Crypto Investigations:Blockchain Intelligence for Law Enforcement21The simplest and most common way of doing thi

122、s in the case of services is by observing knowntransactions involving them,which allows us to identify deposit and withdrawal addresses for a givenservice.We maintain online personas and engage strategic targets to capture ephemeral,unique datasets.We canalso collect deposit addresses via open-sourc

123、e intelligence(OSINT),across both clear and dark websources.Keep in mind that simply seeing the address isnt enough we also need to check the blockchainand confirm the on-chain behavior matches the profile associated with the entity,and document theappropriate on and off-chain evidence for our recor

124、ds.Chainalysis customers also regularly share with us their own specific address attributions for inclusion inour dataset.We forward those addresses along with our customers evidence,context,and rationale to our intelligence team,which then verifies before including them as ground truth addresses an

125、d pushingthem into our knowledge graph.Additionally,the team separates these addresses into categories likescam,ransomware,exchange,etc.based on the attribution.Our research and development team then applies hundreds of clustering heuristics on top of ground-truthattributions to deterministically gr

126、oup potentially millions of other addresses together that must also beowned by the entity.These attributions and clusters begin to create a map of which entities control which crypto addresses.Wethen calculate risk exposure between different entities.To date,Chainalysis has clustered over a billiona

127、ddresses across more than 65,000 services,wallets,and protocols.All of this work creates a completemapping of on-chain activity,providing actionable intelligence for law enforcement.Building the intelligence layerCrypto Investigations:Blockchain Intelligence for Law Enforcement22Four key tenets of t

128、hat demonstrate the Chainalysis data advantage1.Breadth:Mapping complete on-chain activity requires access to a comprehensive dataset.Ourteam of blockchain intelligence and forensics experts have identified over 65,000 unique entities.2.Depth:Our team has also mapped more than 1 billion addresses to

129、 real-world entities withgeneric and service-specific heuristics,which offers customers a deep view of on-chain activity.3.Accuracy:Starting with incorrect data is worse than missing data and can lead to reputationalrisk,as well as wasted time and money.We have over 1,200 customers,many of which are

130、exchanges that send us transfers daily that help us validate our clusters.Additionally,many lawenforcement agencies and regulators use our platform to reference the same datasets,as well asshare investigative insights with us,which bolsters the accuracy of our data.4.Speed:Criminals move fast,and la

131、w enforcement must react even faster to freeze funds orprevent off-ramping to fiat currency.We offer dynamic token support so that investigators cantrack transfers within seconds.Our global team of experts is also hyperfocused on attributingentities in specific areas,such as sanctioned regions.Gain

132、a strategic advantage ininvestigating crypto crimeAs demonstrated throughout this guide,blockchain intelligence plays a critical role in combatingcrypto-enabled crimes and threats.With the increasing regulation of cryptocurrencies by governments andthe continued growth in digital currency adoption,t

133、he imperative to address crypto-enabled criminalactivities will intensify.If you and your team are ready to enhance your investigative capabilities,exploreour comprehensive Crypto Investigations solution.Learn more about how you can gain a strategicadvantage in your efforts against crypto crime with

134、 blockchain intelligence.Chainalysis industry-leading intelligenceCrypto Investigations:Blockchain Intelligence for Law Enforcement23Building trustin blockchainsAbout ChainalysisChainalysis,the leader in blockchain intelligence,makes it easy to connect the movement of digital assetsto real-world ser

135、vices.Organizations can track illicit activity,manage risk exposure,and develop innovativemarket solutions with intelligent customer insights.Our mission is to build trust in blockchains,blendingsafety and security with an unwavering commitment to growth and innovation.For more information,.FOR MORE

136、 INSIGHTSFOLLOW US ON X IN TOUCHFOLLOW US ON LINKEDIN material is for informational purposes only,and is not intended to provide legal,tax,financial,or investment advice.Recipients should consult their own advisors before making these types of decisions.Chainalysis has no responsibility orliability

137、for any decision made or any other acts or omissions in connection with Recipients use of this material.Chainalysis does not guarantee or warrant the accuracy,completeness,timeliness,suitability or validity of the informationin this report and will not be responsible for any claim attributable to errors,omissions,or other inaccuracies of any partof such material.