Unraveling the Dark Side of Crypto

Terrorist financing expert Evan Kohlmann argues on-chain intelligence-gathering should not be relegated to telling us only after the fact about avoidable risks.

AccessTimeIconOct 20, 2023 at 3:07 p.m. UTC
Updated Oct 20, 2023 at 6:38 p.m. UTC
AccessTimeIconOct 20, 2023 at 3:07 p.m. UTCUpdated Oct 20, 2023 at 6:38 p.m. UTC
AccessTimeIconOct 20, 2023 at 3:07 p.m. UTCUpdated Oct 20, 2023 at 6:38 p.m. UTC

At the Financial Times’ recent Crypto and Digital Assets Summit, the director of the FBI’s National Cryptocurrency Enforcement Team (NCET), Eun Young Choi, acknowledged that “We are seeing cryptocurrency and digital assets really touch every aspect of criminal activity we investigate.” This includes illicit actors across a very broad spectrum of activity, everything from ransomware to narcotics smuggling to rogue states to terrorist financing. Cryptocurrency is now increasingly the preferred means of carrying out their dirty business.

This op-ed is part of CoinDesk's State of Crypto Week, sponsored by Chainalysis. Evan Kohlmann is the CEO of Cloudburst Technologies, a New York-based startup venture aimed at detecting and thwarting digital currency fraud.

The reason these actors have settled on cryptocurrency as a medium is hardly difficult to divine: digital currencies offer unprecedented pseudonymity and cash-out opportunities that simply do not exist within the highly-regulated SWIFT banking system. People can use crypto networks without any personal identifiers attached to their “accounts.” By building the Web3 financial universe, we have moved from a world with nearly perfect data to almost none. Nor has the open source nature of the blockchain been in and of itself enough to prevent market corruption.

Currently, without the use of expensive blockchain tools that many countries and agencies cannot afford, investigators are mostly relegated to running searches for anonymous digital wallet addresses in the blockchain and hoping to find transaction matches. There are a variety of reliable blockchain explorers available such as Chainalysis, TRM Labs, Elliptic and CipherTrace – but even if one finds a match through such a search, transaction data can be an awfully shallow pool if you are looking to answer the kind of critical questions that typically underscore a criminal investigation: the who, what, how, where and why.

SingleQuoteLightGreenSingleQuoteLightGreen
Many of the critical pieces that can help unravel a criminal scheme and identify the personas involved can be gleaned from traditional Web2 cyberintelligence sources, including mediums like Telegram and Discord
SingleQuoteLightGreenSingleQuoteLightGreen

In the words of Coinbase’s Special Investigations Team, “Unless you own an address yourself, it is very difficult to say with absolute certainty who an address is owned by. This is why it’s more fitting to consider blockchain analytics more of an art than science.”

Indeed, the blockchain is merely a ledger receipt, and to properly address these attribution questions other sources of data are required. If “ultimate attribution” is not possible via ledger analysis, “research shifts into the world of open source intelligence (OSINT)” — from which the investigations team at Coinbase has noted “much can be learned.” Plainly stated, illicit actors don’t organize and plan their activities on the blockchain, they do it in the deep and dark web.

Many of the critical pieces that can help unravel a criminal scheme and identify the personas involved can be gleaned from traditional Web2 cyberintelligence sources, including mediums like Telegram and Discord. There are chat rooms specifically dedicated to crypto fraud on those platforms with millions of actors present in them, illuminating in some small way the scale of the problem.

The challenge is in monitoring all those conversations simultaneously, parsing the actionable data in real time, discounting false positives and reliably locating the actors. Given that platforms like Telegram are specifically popular among fraud organizer, in part, due to their perceived security and anonymity protections, this isn’t a simple task by any means.

Nonetheless, a continued reliance on blockchain data alone for conducting cryptocurrency investigations creates major knowledge gaps and leaves both the public and private sector flat-footed and shockingly blind to major contemporary financial risks. Threat intelligence should not be relegated to telling us only after the fact about avoidable risks, and verifying an individual’s involvement in illicit online activity should not be narrowly predicated on knowing their precise digital wallet address.

Such an existential question should be able to be resolved with a real name, an address and a phone number – not any different from the traditional financial universe. This isn’t a challenge that fundamentally depends on new regulation from Congress, just ensuring that the appropriate investigative tools are in the hands of those tasked with financial monitoring and enforcement. Indeed, there is a potential vast future market for cryptocurrencies among the broader public — once those currencies shake their unwanted reputation as being a means for money laundering, scams and tax fraud.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.


Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Evan Kohlmann

Evan Kohlmann is the founder and CEO of Cloudburst Technologies, which provides automated realtime monitoring of cryptocurrency fraud for clients in both the public and private space.