Insights
September 27, 2024

Combating Crypto Scams: The Power of Community Reports and On-chain Analysis

TRM InsightsInsights
Combating Crypto Scams: The Power of Community Reports and On-chain Analysis

In 2023, we saw crypto-facilitated scam and fraud schemes decrease year-over-year by 11%. But the total number is still staggering: USD 12.5 billion. So-called pig butchering scams make up a significant portion of this volume and are often perpetrated by organized scam networks with many victims. When a victim comes forward, one of the greatest superpowers available to investigators with TRM Labs is the ability to use on-chain exposure to identify additional victims — even individuals in the midst of being victimized.

Before we go further, a quick definition. Exposure analysis involves tracing the paths that funds take as they move between wallets and across different blockchain addresses, revealing the interactions between various parties. Exposure is used to identify patterns, trace illicit funds, link to known entities, and identify victims.

Let’s walk through how to find additional victims using exposure

Imagine you've identified a blockchain address linked to a scam group.

TRM automatically detects on-chain connections to various threat categories, such as darknet markets, terrorist financing, scams, and CSAM. For this scenario, you can filter for incoming exposure to "Community Complaints," which are addresses reported by victims as being involved in scams.

{{FYICard-CombatingCryptoScams-1}}

With just one click, you can map each path leading to a Community Complaint-labeled address. In a matter of minutes, you've likely identified wallets that have received funds from victims — an invaluable lead!

But let's take it a step further to find the victims themselves. By analyzing exposure again, you can see all counterparties within one hop, including exchanges. Why exchanges? Because victims often use them to transfer funds to scammers.

With another click, you can plot the exchanges and, thanks to TRM’s address-level tracing, obtain exact sending and receiving addresses, transaction hashes, dates, and amounts. This information is essential for submitting subpoenas to exchanges to obtain the victim's details.

The combination of multi-hop, multi-route exposure and address-level tracing makes it faster and easier to find actionable intelligence, which has proven invaluable in numerous investigations.

{{FYICard-CombatingCryptoScams-2}}

This same process can be repeated for other categories such as scams and cash-to-crypto to find investigative leads.

What about the cash-out point?

In the above example, we traced funds “backwards” using incoming transactions. Similarly, you can use exposure to trace “forwards” by following outgoing funds to identify potential cash-out points. This may lead to seizable assets and provide Know Your Customer (KYC) information on suspects—the other side of a thorough investigation.

To do this, you can filter for outgoing exposure to exchanges, either as a general category or by specifying individual exchange names. Once again, with just one click, you can plot the path to these exchanges, in the same way we traced victim transfers. The result will include the sending and receiving addresses, transaction hashes, and other crucial details needed to submit subpoenas for additional information.

Within TRM Forensics, we have detailed profiles for thousands of Virtual Asset Service Providers (VASPs) and crypto businesses. These profiles include key information such as headquarters location, KYC/AML compliance reviews, and law enforcement contact details, providing investigators with the resources they need to act swiftly.

Let's bring it all together and see the end-to-end investigation:

Some cases are as straightforward as the example above, but many are more complex. Obfuscation techniques can quickly increase the number of transactions involved. TRM Forensics adapts to both simple and complex cases, providing the tools needed to handle any investigation.

The leader in victim reports

Did you know that TRM has nearly 700,000 proprietary scam and fraud victim reports collected through Chainabuse.com? Combined with other sources, these reports are essential in powering TRM’s Community Complaint threat category, helping law enforcement protect victims and recover funds.

Want to learn more? Request a demo.

This is some text inside of a div block.
Subscribe and stay up to date with our insights
arrow right
September 3, 2024

August 2024 Product Highlights: Unlocking More Comprehensive Insights

arrow right
May 31, 2024

May 2024 Product Highlights: Efficient, insightful, and user-friendly

arrow right
May 1, 2024

April 2024 Product Highlights: Enhance Visibility and Precision

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

DID YOU KNOW?

TRM's capability to trace all connections, regardless of the number of hops or routes taken by the funds, is crucial, especially when scammers use consolidation wallets or other obfuscation tactics.

DID YOU KNOW?

We announced last month that TRM is the first to have cross-chain indirect exposure. So the capabilities described above work for cross-chain fund flows as well.

Illustration of a pig butchering chart featuring various cryptocurrency logos in each section, with a bright blue sheriff's badge on top, symbolizing law enforcement's role in combating fraud.
CASE STUDY
See how Deputy District Attorney Erin West and the REACT Task Force are fighting back against pig butchering
WATCH THE VIDEO →
Illustration of an eye, skull and crossbones, and a pie chart on a light blue background, symbolizing the dangers of crypto scams and financial fraud.
REPORT
Explore the key trends that shaped that the illicit crypto economy in 2023
GET THE REPORT →
Close-up photograph of the United States Capitol building with snow falling
BLOG
Learn why cryptocurrency has become a central issue in the 2024 US election
READ THE POST
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Take a deep-dive into the Russian-speaking illicit crypto ecosystem
READ THE FULL REPORT
Outline of pig with law enforcement shield overlaid
Case Study
Learn more about how the REACT Task Force is tackling pig butchering
Read the case study
Illustration of a Russian doll toy containing a ransomware attack inside the smallest one
REPORT
Explore recent ransomware trends in the Russian-speaking crypto ecosystem—including the role of ransomware groups in cybercrime around the world
GET THE REPORT
Person typing on a laptop keyboard with dark blue filtered overlay
BLOG POST
Learn about summer 2024’s spate of ransomware attacks, and the proliferation of RaaS around the world
READ THE POST
REPORT
Learn about cryptocurrency’s role in the international synthetic drug precursor market
GET THE REPORT