Newton’s third law – for every action, there is an equal and opposite reaction. As criminals find more creative ways to leverage blockchain and cryptocurrency to collect and launder illicit funds, law enforcement has also been developing expertise and investigative capacity.
We are increasingly seeing the fruit of these efforts. This week, we begin a new Insights series that looks at - and draws lessons from - recent law enforcement successes fighting crypto-related crime across the globe.
We begin in North America, which has seen significant investment in crypto-specific training and tools. In our recent survey of US federal and state law enforcement, almost 90% of respondents said their agencies provided some crypto-related training, while nearly 80% said that investment in blockchain intelligence tools were critical or high priority for their agency.
Let’s take a look at key crypto-related investigative wins in the US and Canada from 2023.
1. US Secret Service and DOJ seize USD 9 million in USDT from pig butcherers
In November 2023, the DOJ announced the seizure of nearly USD 9 million worth of the stablecoin Tether (USDT) from cryptocurrency addresses allegedly associated with a Southeast Asia-based pig butchering scam operation. US Secret Service analysts who traced victim deposits observed that the funds were quickly laundered through 103 cryptocurrency addresses, exchanged for several different cryptocurrencies, and moved across multiple blockchains. All the victim funds were received on the Ethereum blockchain, and 88% of the corresponding withdrawals were then sent on the TRON blockchain.
These results are consistent with TRM’s intelligence that scammers engaged in pig butchering have a strong preference for Tether on TRON. With Tether having recently announced a new wallet freezing policy to aid law enforcement, there could be more opportunity to disrupt USDT-based financial crime in future. This case also demonstrates the importance of being able to follow the money across different blockchains, including tracing and freezing foreign assets.
“Often with traditional finance, law enforcement’s ability to crack cases and help victims is hindered or lost all together once the funds leave the country,” said Chris Janczewski, TRM’s Head of Global Investigations and former IRS-CI special agent. “But in the borderless world of blockchains, we can follow the money around the world in real time by leveraging our tools, expertise, and partnerships.”
2. FBI calls out North Korean hacking group in USD 41 million Stake.com heist
This borderless nature of cryptocurrency investigations is apparent in our next case, where the FBI was able to link the September 2023 theft of USD 41 million worth of crypto from Stake.com, an online casino, to North Korea’s notorious Lazarus Group. The FBI was also able to identify and publish 33 Lazarus-controlled blockchain addresses where the assets had been moved. By publicizing these addresses, the FBI enabled compliance professionals to identify and block suspicious deposits by North Korean hackers.
“The Stake.com hack is a prototypical example of recent North Korean hacks, which typically involve multiple assets, blockchains, cross-chain bridges, and mixers. The FBI really pushed the envelope in this case, not only by attributing it to North Korea so quickly, but also by publicly identifying and flagging the freshest addresses then in use by the hackers. That effort aided crypto businesses to identify and block tainted transactions from transiting their platforms,” explained Nick Carlsen, Global Investigator at TRM and a former FBI intelligence analyst.
With North Korea stealing at least USD 600 million in crypto assets in 2023, law enforcement and intelligence agencies must prioritize staying ahead of DPRK hackers. “The DPRK employs some of the most complex multi-chain crypto laundering strategies in the world,” adds Mr. Carlsen, “This is where TRM’s native cross-chain architecture and expansive blockchain coverage can really help investigators.”
3. US authorities arrest and charge DeFi smart contract hacker for the first time
In July 2023, US authorities published details of its first criminal case involving an attack on a decentralized exchange’s (DEX) smart contract. Trained security engineer Shakeeb Ahmed had exploited a vulnerability in one of the DEX’s smart contracts to fraudulently obtain over USD 9 million in crypto, which he then withdrew and laundered via a complex combination of token swaps, chain hops, privacy coins and offshore crypto exchanges.
Following the hack, the DEX worked with TRM’s incident response team, and investigators from HSI and IRS-CI to track and trace the flow of funds both before and after the exploit. Investigators used this on-chain data with an off-chain evidence of Ahmed’s search history to identify and arrest him. “These are complex cases, not just from an investigative standpoint but even from a legal standpoint. Is exploiting a weakness in a smart contract a crime? We are going to hear more and more arguments on this issue as legal precedent develops, ” said Ari Redbord, TRM’s global head of policy and former Assistant United States Attorney. “However, for now, anyone who attacks a smart contract should expect to be tracked by US and global law enforcement who now have sophisticated tools and training to go after bad actors in the decentralized space.”
This case exemplifies the importance of public-private partnerships, which is echoed in our law enforcement survey – 92% of respondents see private sector partnerships as crucial to investigative success.
4. Canadian and US authorities disrupt international darknet drug trafficker
In a first for the province, the Nova Scotia Royal Canadian Mounted Police (RCMP) Federal, Serious and Organized Crime (FSOC) arrested an international drug trafficker, John Nicholas Allen-Simec, who was using the dark-web to sell illegal drugs across Canada and the US. The Nova Scotia RCMP launched an investigation in February 2023, after receiving information from US Homeland Security Investigations (HSI) about the trafficker, who was advertising illegal drugs for sale on darknet websites, and collecting payment in crypto. On top of arresting Allen-Simec, RCMP investigators were able to locate, extract, and seize his crypto wallets.
This case illustrates the importance of cross-border information sharing, and equipping law enforcement officers to effectively identify and seize crypto-related items in an operation. Canadian police have also successfully tackled other drug-related crypto crimes this year, such as arrests and seizure of 88ETH (~USD 122,000 at time of seizure) from cocaine imports, and seizing USD 700,000 in crypto and drug equipment from an illegal cannabis trafficker who was laundering criminal proceeds for himself and others.
5. Local police in Cinnaminson, New Jersey recover victim funds from crypto fraudsters
We are also seeing successes in local law enforcement. In 2023, the Cinnaminson Township Police Department (CTPD) in New Jersey, working with a partner agency in Burlington County, New Jersey, was able to trace a scam victim’s cryptocurrency, untangle the fraudster’s money laundering efforts, and seize the majority of funds back from a foreign cryptocurrency exchange.
The scam involved a foreign-based individual posing as a US-based law enforcement officer and fake bank officials, who successfully extorted Bitcoin payments from the victim under duress. CTPD traced the fraud proceeds to a foreign crypto exchange, which they successfully contacted to recover the majority of the funds, and returned them to the victim.
“These cases not only expose the complexity of crypto investigations, but the diversity of offenders and methodologies used to commit these crimes,” commented Kyle Armstrong, TRM’s Head of Law Enforcement Relations and former FBI Supervisory Special Agent. “But the successes equally show that law enforcement agencies across North America - federal, state and local - will not be deterred by these complexities serving justice. It is encouraging to see these efforts. TRM is privileged to have supported many of these investigations and looks forward to continued partnership with our dedicated law enforcement officers.”
If you are a law enforcement officer wanting to expand your crypto investigative skills through learning and partnership with the global law enforcement community, join our law enforcement-only working group, LEO Labs, here.
Access our coverage of TRON, Solana and 23 other blockchains
Fill out the form to speak with our team about investigative professional services.
