On February 8, 2022, the United States Department of Justice (DOJ) announced a landmark seizure of 94,000 Bitcoin valued at over US$3.6 billion, the DOJ’s largest seizure of cryptocurrency ever and the largest single financial seizure in the department’s history. Two individuals were arrested and charged with conspiracy to commit money laundering and conspiracy to defraud the United States.
This landmark seizure is an early victory for the DOJ’s new initiative, the National Cryptocurrency Enforcement Team (NCET), first announced in October 2021. The seizure also highlights law enforcement’s growing ability to trace and recover digital assets used or obtained in connection with cybercrime, as well as the importance of the private sector’s role in helping to thwart unlawful activities involving cryptocurrencies.
The case began when a hacker infiltrated a virtual currency exchange
In 2016, a hacker infiltrated one of the world’s largest virtual currency exchanges and transferred 119,754 Bitcoin from the exchange into private wallets. At the time of the hack, the stolen funds were valued at approximately US$71 million. Since that time, the value of the stolen Bitcoin has increased to more than US$4.6 billion. Over the course of the last five years, and with the assistance of multiple cooperating cryptocurrency exchanges, law enforcement was able to trace those funds across thousands of additional transactions through a bevy of complicated laundering schemes.
Ultimately, law enforcement traced these thousands of transactions to multiple accounts affiliated with the defendants. Executing a search warrant on a cloud account held by one of the defendants, law enforcement discovered files containing the private keys to the wallet in which most of the stolen funds had been stored since the initial 2016 hack, as well as over 2,000 other BTC addresses. Using those private keys, law enforcement seized over US$3.6 billion in cryptocurrency.
Blockchains and new analytical tools enable effective long-term tracing of digital assets
Authorities hunted the funds by using public blockchain data, searching through thousands of transactions conducted over the course of nearly six years, which ultimately led them to accounts maintained by the defendants. Many of these transactions were the result of complex laundering schemes, including (i) “chain hopping,” in which coins are converted from tokens on one blockchain to another; (ii) “peeling” transactions, in which the funds undergo a series of progressively smaller transfers to different destinations; and (iii) various “mixing” attempts in which transactions of various users are mixed together to obfuscate the details of any particular transaction.
A recently unsealed district court opinion reveals that authorities relied on sophisticated analytical methods developed in the private sector to thwart these techniques. The opinion, which was tied to the government’s search warrant application, explains that the DOJ used “clustering analysis” – essentially pattern recognition algorithms – to scan the blockchain for transaction patterns, thereby assisting investigators in untangling attempts to obfuscate the flow of funds.
US Magistrate Judge Zia Faruqui praised the method as “one of the most reliable bases for a search ever.” Federal law enforcement agencies have signed multimillion-dollar contracts with multiple developers of such tools, highlighting law enforcement’s focus on the cryptocurrency space and the important role the crypto community can play in helping the government root out illicit activity.
Anti-money laundering and know-your-customer procedures play an important role in thwarting cybercrime
In addition to the use of innovative technology, authorities relied on the private implementation of anti-money laundering and know your customer procedures to help uncover the alleged crimes. In a video statement released on Twitter, Deputy Attorney General Lisa O. Monaco highlighted the work of several exchanges that “asked questions about where the money came from or even froze funds based on their suspicions.” These exchanges “enforced anti-money laundering policies and know-your-customer requirements that proved key to this investigation, showing how cryptocurrency can become safer and more reliable when we work together to root out its abuse.”
Many cryptocurrency exchanges operating in the United States are regulated as money services businesses (MSBs) subject to the requirements of the Bank Secrecy Act (BSA). MSBs are required to maintain anti-money laundering (AML) policies and know-your-customer (KYC) procedures to guard against illicit use of their platforms. They also must register with the Financial Crimes Enforcement Network (FinCEN) and report suspicious activity. Compliance with these requirements is key, and in this case proved essential.
In the case of the stolen exchange funds, representatives of multiple virtual currency exchanges sought to verify a number of the accounts used as part of the scheme, including by inquiring about the sources of funds being transferred, requesting supplemental identification information from the alleged perpetrators, and inquiring as to the nature of business entities involved in some of the transactions.
The accused launderers allegedly responded with a variety of explanations: the source of the currency involved in one transaction was derived from “early crypto assets,” which were amassed through “investing in and mining [Bitcoin] since 2013,” and representations such as “I’m a tech entrepreneur . . . looking to diversify,” and that all trades would be “from my own personal funds” and “the LLC is simply there to manage my assets.” In some instances, the virtual currency exchanges’ AML detection methods worked well, and the exchanges froze activity on what were perceived as suspicious accounts. In other instances, the answers were allegedly “belied by the blockchain,” which purportedly showed the alleged perpetrators were misrepresenting their sources of funds.
Law enforcement will continue to make blockchain analysis a priority to keep pace with new and innovative schemes
In a marketplace as technologically sophisticated as the rapidly expanding and evolving cryptocurrency market, tools of deception are also expanding at pace, and even proven methods of detection will continue to require updating. Both law enforcement agencies and the private sector are on the case: going forward, expect them to harness the evolving and growing power of the blockchain technology that gave rise to the global cryptocurrency market. This burgeoning technology will better enable virtual currency exchanges, banks, and other financial institutions subject to BSA/AML requirements to comply with regulatory requirements, avoid risk to their customers and clients, and avoid potential regulatory or civil liability for themselves. Governments will likewise be better able to prevent, detect, and deter crime, including cybercrime, involving digital assets and the blockchain.
While some policymakers and regulators in Washington may view digital assets and the blockchain with skepticism, this case demonstrates how the immutable and public nature of blockchain transactions can help authorities follow the money and track down wrongdoers, and it highlights the essential role played by the crypto industry in helping law enforcement stay one step ahead of bad actors.
- The public nature of blockchains and impressive new analytical tools have enabled effective tracing and recovery of digital assets.
- Anti-money laundering and know-your-customer procedures play an important role in thwarting cryptocurrency-related crime.
- Law enforcement will continue to make blockchain analysis a priority to keep pace with new and innovative criminal schemes.
Details on the scheme and its unraveling are available at: Two Arrested for Alleged Conspiracy to Launder US$4.5 Billion in Stolen Cryptocurrency - Statement of Facts (justice.gov)
For more information, please contact the authors of this article or your DLA Piper relationship attorney.