Uncover the story behind the 'Biggest Heist Ever' — a gripping new Netflix documentary! Watch the trailer.

INVESTIGATOR SPOTLIGHT

Jonno Newman

Formerly

SAPOL, Kraken

Location

Adelaide, Australia

TRM Team

Global Investigations

Investigative Specialities

Hacks, cross-chain swaps/bridges

Jonno Newman

Jonno Newman is a member of TRM’s Global Investigations team, based in Adelaide, Australia. He previously spent almost 13 years in the South Australia Police (SAPOL), including as head of its Cybercrime Training and Prevention Section, and a year as a senior investigator and trainer within Kraken Digital Asset Exchange’s Financial Intelligence Unit.

Talk us through your background with SAPOL and how you became involved in crypto investigations.

My crypto journey began after I’d been with SAPOL for a decade. Formerly a patrol officer, I was promoted to Sergeant and made head of its Cybercrime Training and Prevention Section. I became responsible for devising and delivering training programs to elevate the organization’s cybercrime investigative capabilities and leading community outreach initiatives to raise awareness of cybercrime.

"[Crypto] was increasingly being used in scams, money laundering, drug offenses, terrorist financing and other traditional crimes, so it was no longer something investigators could ignore."

Like many people, I felt daunted by crypto initially. Though well-versed in traditional cybercrime, I’d had less exposure to crypto. Yet it was increasingly being used in scams, money laundering, drug offenses, terrorist financing and other traditional crimes so it was no longer something investigators could ignore. I began to build knowledge by immersing myself in the crypto ecosystem. I opened an account at an exchange, bought and sold cryptocurrency, joined online communities and experimented with NFTs. My interest and knowledge grew from there.

I honed my blockchain investigative skills when I joined Kraken. I conducted high volumes of wide-ranging investigations into suspicious activity linked to money laundering, darknet markets, ransomware and other areas. I also covered Incident Response, working complex and time-sensitive matters linked to blockchain exploits and hacks, tracking some of the largest and most sophisticated actors in the space. 

How did working at a crypto exchange change your perspective on investigations and compliance?

Joining Kraken from SAPOL marked the first time my role was 100% focused on crypto. My perspective widened to cover the global criminal landscape, rather than just the Australian context. This gave me a deeper understanding of money laundering and crypto-crime typologies and their prevalence in certain geographies. 

On the compliance side, I learned to appreciate the complexity of the current operating environment for exchanges. The majority strive to be compliant and are taking proactive steps to achieve this. For example, they are developing initiatives to proactively identify bad actors, and building compliance into their products and services at the design stage, rather than solely reporting suspicious activity to regulators.

What does your current role as an investigator at TRM involve?

My role at TRM is divided into two main pillars. The global pillar centers on looking at potentially notable on-chain criminal activity and working the cases. TRM's mission is to enable a safer crypto ecosystem for all, so if there's illicit activity happening, we want to make sure we understand how it’s being facilitated and the steps required to disrupt it – often in collaboration with law enforcement in affected jurisdictions or a service or protocol that's been exploited.

This proactive threat-hunting helps keep our tracing skills sharp – and means we are constantly putting TRM's tracing tool to the test. Often we anticipate features and capabilities that could make an investigator's job easier before a customer even has a chance to request it.

"Proactive threat-hunting helps keep our tracing skills sharp – and means we are constantly putting TRM's tracing tool to the test."

The most rewarding part of my role hinges on supporting local law enforcement across APAC. This pillar harks back to what I was doing with SAPOL. That is, working to upskill officers of all stripes in crypto. This involves jumping on calls with investigators from across the region to talk through their cases and offer input to help them drive their investigations forward.

What’s the most interesting case you’ve worked on recently?

I led TRM’s investigation into North Korea’s June 2023 hack on Atomic Wallet, a non-custodial wallet provider. That incident resulted in the theft of around USD 100 million in cryptocurrency from more than 4,100 individual addresses, across seven different blockchains. We supported federal law enforcement by sharing real-time data and information about financial flows to aid their investigation and surface potential opportunities for interception.

A complex and long-running case, the majority of funds were on the move for around six weeks. And, as is becoming increasingly common, the hackers engaged in cross-chain swaps – moving the cryptocurrency from blockchain to blockchain – to try and obfuscate the financial flows. Fortunately, the multi-chain and multi-asset tracing capabilities of TRM Forensics, our crypto asset-tracing tool, allowed me to keep pace with the flow of funds across various cryptocurrencies and blockchains. This made the investigation infinitely easier to manage (and yielded some eye-catching ‘graph art!’), shown below.

What advice would you give investigators who are learning the crypto space?

The best way to demystify crypto is through hands-on experience – both as an end user and an investigator. When starting out, I set up a digital wallet and opened a cryptocurrency exchange account. I saw firsthand what those processes involved, how they differed and what user data points could be collected by law enforcement. My top tip for investigators seeking a better understanding of what they see on a block explorer is to review transactions that they have themselves made. I still use this approach today when learning about how a new bridge or DeFi swap service works.

Learning in crypto never stops and leveraging others’ expertise is invaluable. I am lucky enough to work alongside some of the world’s top investigators, whose knowledge of more niche areas I can count on to support my own development!

Ready to get started?

Fill out the form to schedule a demo with our team.

Subscribe to our latest insights