An Article by two Prominent Former DOJ officials Presently Investigating Crypto Fraud in the Private Sector

By Robert Appleton & Ren McEachern**

Investor funds losses continue to mount in the wake of the numerous cryptocurrency firm meltdowns as well as by the recent spate of misuse of investor funds by centralized cryptocurrency exchanges, including the now infamous implosion of FTX, with early estimates of 1 million creditors impacted and representing a potential shortfall range between $8 to $10 billion. Many are falling victim to classic frauds updated for the Web3 age: crypto investment schemes promoted by fake influencers or scammers posing as investment advisors. Other new types of hacks, thefts or fraud are focusing on the continued rise of decentralized finance, in which criminals try to exploit a decentralized system, blockchain or smart contract.

Investor crypto fraud losses resulted in losses of an estimated $680 million last year, and by all accounts, that number will grow exponentially this year. Formerly licensed and unlicensed investment managers soliciting investment in crypto projects and others continue to prey on the unwary investor.

Crypto was designed to provide a safe medium to medium direct form of exchange. The draw to crypto is obvious and apparent. Besides the prior run ups in asset prices, crypto transfers can be accomplished in minutes with minimal fees. No other third party intermediaries are needed to transfer crypto assets, and can be made by direct wallet to wallet transactions. However, cryptocurrency remains at its infancy, and the FTX disaster and other recent centralized exchange meltdowns have exposed the immaturity of the industry.

Centralized exchanges continue to undermine the central purpose of cryptocurrency, that investors have a medium of direct transfer of assets, across borders, without the costs, bureaucracy and slowdowns of middlemen and the banking world. The lack of regulatory oversight has resulted in considerable challenges in attempting to identify who is orchestrating the fraud and where the ill-gotten gains are being stored. Unlike some exchanges which might collect know-your-customer information, private digital wallets are essentially owned by individuals with no requirements to provide personal identification information (PII), which is most often used to properly evaluate ultimate beneficial ownership (UBO) of an individual or entity. Another significant current concern in addition to the lack of regulatory framework, is that, unlike regulated financial institutions, there is no FDIC or government insurance to compensate innocent investors who have lost custodied funds or crypto assets left on exchanges.

There is recourse for victims, however. Cryptocurrency is transacted and transferred using the blockchain, and as a result the ability to identify various cryptocurrency movements and volumes is far easier than most people realize. The blockchain is essentially public information and court authorizations are not required to conduct a comprehensive tracing of cryptocurrency. For comparison, if you wanted to identify traditional bank transfers you would need to leverage a civil subpoena or if the government was investigating, they could leverage grand jury subpoenas and court authorized search warrants to collect banking information. The purpose of blockchain technologies was to create a permanent and decentralized digital record while maintaining a robust level of transparency for purposes of attribution, via a linked peer-to-peer network. For this reason, investigations into crypto fraud is growing more sophisticated and achievable. As in many types of illegal activity, the interaction between the perpetrator and the victim swings like a pendulum. As the fraudster's techniques for theft and misuse are used, investigators grow more adept at chasing the stolen proceeds.

We have learned much in the recent spate of frauds and meltdowns on how the stolen and misappropriated assets move. Because the blockchain records every transfer and transaction undertaken, there is a trail. Bad actors have implemented new techniques, using "mixers" to try and obfuscate the stolen and removed tokens, by sending them into "pooling" wallets. Similarly, bad actors have traditionally moved stolen cryptocurrency through the use of a single blockchain. Recently, however, bad actors are using chain hopping to disguise the flow of stolen funds. Chain hopping involves swapping cryptocurrencies from one token to another, such as on Uniswap, in an effort to cloud the flow and movement of the illicitly obtained assets.

With the transaction IDs of a victim's assets, the movement of stolen and misappropriated funds can be traced. Many exchanges are determined to operate within the U.S. jurisdiction, where "Know Your Customer" (KYC) requirements are generally required for exchanges, because of the significance of the market share to be gained. In an attempt to be considered "compliant", many exchanges outside the U.S. that do not have KYC requirements and as such, are not otherwise required to, are voluntarily collecting KYC information and responding to requests for information. As a result, investigations are having more success at tracing and compelling exchanges to identify account holders, balances, and transactions. In recent investigations undertaken by the authors, exchanges have been served with subpoenas and some have indicated a willingness to cooperate.

Victims also have the option of engaging law enforcement to help. In 2021, the DOJ announced the formation of the National Cryptocurrency Enforcement Team (NCET), to specifically investigate and prosecute the criminal misuse of cryptocurrency. Similarly, the FBI and other federal investigative agencies have established special units to investigate federal violations involving cryptocurrency. This increase in government resources and capabilities has resulted in several high-profile indictments, arrests, and successful prosecutions. If the FTX case is any indicator, these investigations will only increase in size and complexity.

Successfully referring a matter to investigative authorities has numerous challenges because of the complexity and speed of technology used to steal cryptocurrency. The government will need to conduct their own independent investigation, however a proper referral using accepted investigative procedures coupled with known tracing technologies could potentially accelerate a government case. Time is a critical component in these investigations and any opportunity to locate and track misappropriated assets should be prioritized. The authors have been successful in a number of recent cases in referring cryptocurrency loss cases to appropriate law enforcement bodies.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.