Alabama: The Unlikely Frontline for America's Crypto Fraud Crackdown

Alabama's securities agency has led the way on enforcement against ICO fraudsters, using investigation techniques pioneered chasing gun runners.

AccessTimeIconNov 20, 2018 at 5:01 a.m. UTC
Updated Sep 13, 2021 at 8:36 a.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

"Of the states, I think we've got about 20 percent of all the active cease-and-desists."

That's Greg Bordenkircher, the chief litigator at the Alabama Securities Commission, describing the extent to which his state, just the 24th largest by population, has nonetheless come to play a leading role in the ongoing fight against U.S. crypto fraud.

"We've issued nine orders shutting down businesses that are advertising in Alabama," he told CoinDesk. "We have another 20, 22 that we are looking at right now."

But Bordenkircher's agency is hardly alone. As a member of the North American Securities Administrators Association (NASAA), it's part of a coalition that's been conducting a continent-wide sweep of initial coin offerings in an effort to sniff out illicit activities. To date, regulators in South Carolina, Colorado and Texas have taken on suspect ICOs as well, and Canadian prosecutors have also played an important role in the sweep.

NASAA's website lists a number of actions taken by the State of Massachusetts, too.

The sweep started with a list of 300 or so projects, but the latest numbers have those being investigated down to 200 (some have been determined not to be fraudulent).

While much of the attention in crypto has been on the U.S. Securities and Exchange Commission (SEC), state action is an important facet of chasing bad actors out of the market, he argued.

Bordenkircher told CoinDesk:

"The SEC does a great job and CFTC does a great job, but the states have really got the boots on the ground. There's more of us than there are of them."

Still, federal and state-level agencies are coordinating, sharing information and breaking up the work.

"It's almost a task force view of all of us coordinating together," he said.

Bordenkircher (pictured above, seated) runs the Alabama wing of the operation, mainly with Michael Gantt (also pictured), a special agent assigned to the sweep, running the day-to-day efforts. The state contracts with Cyber Forensics, a consultancy that helps them keep all the digital evidence they gather defensible in court.

And that's really key to getting the ICO industry in control, because "wherever the hot issue is, that's where the fraudsters go," Bordenkircher said.

Through almost all of 2017 and the first part of 2018, no doubt, that was ICOs.

From arms to coins

To stop the toxic ICOs, Bordenkircher has imported a battle plan he used at the U.S. Department of Justice (DOJ) for fighting arms traders.

Prior to his work with the state of Alabama, Bordenkircher served at the DOJ as an assistant U.S. attorney for the Southern District of the State of Alabama. There, he took a leadership role in complex litigation. One part of the strategy as it related to chasing arms dealers across the internet was looking for buyers and sellers and matching up their deals.


So when the NASAA began the sweep, Bordenkircher sought the same resources to repeat that and other strategies used during his time in the federal government.

The strategy involves setting up computer systems that are firewalled off (using virtual private networks) from the state systems that can visit suspicious websites and track activity without the people who built the site realizing they are being visited by law enforcement.

The system even uses a technique familiar to the cryptocurrency community – cryptographic hashes. These hashes preserve a website, proving the data was logged at a certain time and that it hasn't been changed, even though the system dismantles the site to keep other users from interacting with it.

To build this system, Alabama has contracted with online evidence gathering consultancy, Cyber Forensics, which Bordenkircher first worked with at the DOJ. Cyber Forensics make the first pass at various sites to determine whether or not a given project (or group of projects) has enough red flags to refer to Alabama's investigators for further action.

Both the contractors and the state investigators are looking for signs that projects are luring unsuspecting investors who lack the savvy to spot impossible claims.

Gus Dimitrelos, the president of Cyber Forensics and a former special agent with the U.S. Secret Service, told CoinDesk:

"There's probably 12 to 17 different ways for these fraudsters to get victims to come to them."

The red flags

Echoing this, Bordenkircher said, "When we get X amount of red flags, then we have to make a legal determination at that point that this needs to be at least shut down, if not prosecuted."

Provided prosecutors verify that the offering appears to be a security and that its soliciting citizens of their state without a license to deal securities, the state can then move forward on an investigation and further action.


To shut these projects down, the state will send suspected fraudsters a cease-and-desist letter that gives the operation 30 days to report back to the state if they believe their company has been erroneously targeted. So far, Bordenkircher told CoinDesk, no team has tried to defend their operation. Instead, they just close up shop in the state and disappear.

Although, one British company did respond, agreeing that it shouldn't solicit U.S. investors and then firewalled off the country.

While there's no official checklist that guarantees an operation is fraudulent, the investigators walked CoinDesk through a number of the things they look for – some of which would be difficult for an average web user to detect.

Multiple IPs – Multiple IP addresses that all point back to one company or person is not normal. In many cases, this can mean one operation is setting up multiple phony ICOs (or frauds of other kinds) and running them out of the same office.

Phony physical addresses – The street address might not square with what should be a legitimate business location. For instance, one ICO project's address turned out to be the same as that of the Ohio Attorney General.

Location masking – Is there evidence that the operation is making an effort to appear to be in the United States when it is, in fact, located overseas?

A non-sensical pitch – A frequent critique made about token projects is that companies are applying blockchain just to build buzz. Bordenkircher took that further for fraudulent ICOs, saying, "Some of them, they have the verbiage, but I don't think they really understand what blockchain is."

Copy-and-paste – If data is copy-and-pasted across multiple websites that appear to be marketing different projects, that's a clear red flag. This is a broadly used tactic by fraudsters in the crypto space, with the easiest area to use this being team photos, where the same stock photo faces are showing up across multiple project websites.

Unrealistic claims – "What are they saying the returns going to be? A lot of them are using language like 'guaranteed return of 1 percent a day,' which is, it has to be fraudulent," Bordenkircher said. Or if they claim to have assets that don't make sense. For example, projects that claim to be backed by a diamond mine or projects that claim part of the returns will be paid out in actual gold sent to investors.

The next frontier

On top of these initial red flags, there are also a couple of behaviors that require investigators to take some kind of action first.

Aggressive sales – "One of the badges of fraud is trying to see how aggressive they are trying to get us to send them money," Bordenkircher said. If an investigator emails once and they get multiple calls in return, that's a strong sign further investigation is needed. Good brokers will always follow up, he said, but it's fraudsters that do it to excess.

Selling to the wrong customers – Since the rules surrounding crypto token sales in the U.S. are still a bit opaque, many ICO projects have eschewed U.S. investors. While some projects state in their white papers and on their website that they won't accept U.S. investors, they still buy U.S. hosting services and run ads targeting U.S. customers. Then if a U.S.-based investor shows interest, the company won't hesitate to encourage them to send money.

To verify this kind of behavior, law enforcement needs to reach out. Since fraudsters wouldn't respond to such inquiries if they were suspicious law enforcement was behind them, the ability to hide behind a virtual private network is important.

But the next frontier for law enforcement in catching fraudsters will be setting up profiles that lure them in. Cyber Forensics has already begun building fake social profiles of people who show interest in investing and making money.

Just as the fraudsters have devised websites that lure victims, the company hopes it can find a formula that lures the predators.

And with these new techniques in the queue, Bordenkircher said, the action they've taken so far is nowhere close to all the action that will be taken to bring down phony crypto token projects. This is especially true since the courts have affirmed the authority of various agencies to bring action.

Speaking to this, Bordenkircher told CoinDesk:

"It's only going to accelerate until there is a more regimented regulatory system."

Yet, still, Bordenkircher is quick to acknowledge that the regulatory agency is trying to tread carefully so as not to stifle innovation in the space.

"We don't want to limit in any way legitimate ICOs or legitimate utility coins or people who are trying to raise legitimate businesses," he said.

Smokey Scales of Justice statue image via Shutterstock


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to to register and buy your pass now.