TLDR — Commercial Cryptoasset Recovery (CAR) services are still in their infancy. While blockchain explorers are available, risk and attribution — also known as off-chain — data is key to understanding any individual case’s odds of recovery. That said, big data analytics, risk and attribution data only get you so far.
In my last post, I wrote about the first step in establishing the objective facts around cryptoasset investment scams and the feasibility of recovery.
- Be aware that this is not meant to be an exhaustive description of of the investigative process but a general guide as to the steps a victim might encounter when working with a commercial cryptoasset recovery firm.
In this post, I’ll take a look at blockchain analytics and the OSINT (Open Source Intelligence) research required to support the recovery effort.
Outcome Analysis
Despite the name, this is the step most people think of when it comes to cryptoasset recovery.
Investigators, relying on leading blockchain analysis data and software providers — examples like CipherTrace, Chainalysis, Elliptic, QLUE, and Crystal — trace transactions through a given blockchain, provided it is a supported cryptoasset, and evaluate a variety of factors, including off-chain OSINT (Open Source Intelligence), to determine whether recovery is an option.
The focus at this point is identifying an exit point for any misappropriated funds; ideally through a compliant exchange in a FATF (Financial Action Task Force) member or affiliate country. A “compliant exchange” is one that abides by FATF standards for KYC / AML practices, collecting PII (Personally Identifiable Information) on individual account owners.
This last paragraph describes an ideal situation that rarely occurs; investigators are likely familiar with the concept that OSINT works best when one’s subject has terrible OPSEC (Operational Security). Many criminals do their best to take advantage of the inherent privacy-oriented nature of certain cryptoassets and cryptoasset service providers to avoid effective tracing by both private sector and law enforcement investigators.
A key component of this effort is the quantity and quality of the off-chain data that can serve to identify individual accounts and exchanges that each blockchain analytics provider uses to supplement their on-chain analytics. Collectively, this information is known as attribution data.
Attribution data alone is not sufficient; investigators need to have a solid understanding of how blockchains work and transactions take place to leverage the tools at their disposal effectively.
Once a determination is made regarding the viability of a particular case, consideration needs to be given to identifying the right legal partner for the next step of the recovery process.
