Uncover the story behind the 'Biggest Heist Ever' — a gripping new Netflix documentary! Watch the trailer.

Combating Crypto Scams: The Power of Community Reports and On-chain Analysis

TRM InsightsInsights
Combating Crypto Scams: The Power of Community Reports and On-chain Analysis

In 2023, we saw crypto-facilitated scam and fraud schemes decrease year-over-year by 11%. But the total number is still staggering: USD 12.5 billion. So-called pig butchering scams make up a significant portion of this volume and are often perpetrated by organized scam networks with many victims. When a victim comes forward, one of the greatest superpowers available to investigators with TRM Labs is the ability to use on-chain exposure to identify additional victims — even individuals in the midst of being victimized.

Before we go further, a quick definition. Exposure analysis involves tracing the paths that funds take as they move between wallets and across different blockchain addresses, revealing the interactions between various parties. Exposure is used to identify patterns, trace illicit funds, link to known entities, and identify victims.

Let’s walk through how to find additional victims using exposure

Imagine you've identified a blockchain address linked to a scam group.

TRM automatically detects on-chain connections to various threat categories, such as darknet markets, terrorist financing, scams, and CSAM. For this scenario, you can filter for incoming exposure to "Community Complaints," which are addresses reported by victims as being involved in scams.

{{FYICard-CombatingCryptoScams-1}}

With just one click, you can map each path leading to a Community Complaint-labeled address. In a matter of minutes, you've likely identified wallets that have received funds from victims — an invaluable lead!

But let's take it a step further to find the victims themselves. By analyzing exposure again, you can see all counterparties within one hop, including exchanges. Why exchanges? Because victims often use them to transfer funds to scammers.

With another click, you can plot the exchanges and, thanks to TRM’s address-level tracing, obtain exact sending and receiving addresses, transaction hashes, dates, and amounts. This information is essential for submitting subpoenas to exchanges to obtain the victim's details.

The combination of multi-hop, multi-route exposure and address-level tracing makes it faster and easier to find actionable intelligence, which has proven invaluable in numerous investigations.

{{FYICard-CombatingCryptoScams-2}}

This same process can be repeated for other categories such as scams and cash-to-crypto to find investigative leads.

What about the cash-out point?

In the above example, we traced funds “backwards” using incoming transactions. Similarly, you can use exposure to trace “forwards” by following outgoing funds to identify potential cash-out points. This may lead to seizable assets and provide Know Your Customer (KYC) information on suspects—the other side of a thorough investigation.

To do this, you can filter for outgoing exposure to exchanges, either as a general category or by specifying individual exchange names. Once again, with just one click, you can plot the path to these exchanges, in the same way we traced victim transfers. The result will include the sending and receiving addresses, transaction hashes, and other crucial details needed to submit subpoenas for additional information.

Within TRM Forensics, we have detailed profiles for thousands of Virtual Asset Service Providers (VASPs) and crypto businesses. These profiles include key information such as headquarters location, KYC/AML compliance reviews, and law enforcement contact details, providing investigators with the resources they need to act swiftly.

Let's bring it all together and see the end-to-end investigation:

Some cases are as straightforward as the example above, but many are more complex. Obfuscation techniques can quickly increase the number of transactions involved. TRM Forensics adapts to both simple and complex cases, providing the tools needed to handle any investigation.

The leader in victim reports

Did you know that TRM has nearly 700,000 proprietary scam and fraud victim reports collected through Chainabuse.com? Combined with other sources, these reports are essential in powering TRM’s Community Complaint threat category, helping law enforcement protect victims and recover funds.

Want to learn more? Request a demo.

This is some text inside of a div block.
Subscribe and stay up to date with our insights

Access our coverage of TRON, Solana and 23 other blockchains

Fill out the form to speak with our team about investigative professional services.

Services of interest
Select
Transaction Monitoring/Wallet Screening
Training Services
Training Services
 
By clicking the button below, you agree to the TRM Labs Privacy Policy.
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.

DID YOU KNOW?

TRM's capability to trace all connections, regardless of the number of hops or routes taken by the funds, is crucial, especially when scammers use consolidation wallets or other obfuscation tactics.

DID YOU KNOW?

We announced last month that TRM is the first to have cross-chain indirect exposure. So the capabilities described above work for cross-chain fund flows as well.