TLDR — Commercial Cryptoasset Recovery (CAR) services are still in their infancy. While blockchain explorers are available, risk and attribution — also known as off-chain — data is key to understanding any individual case’s odds of recovery. That said, big data analytics, risk and attribution data only get you so far.

Last week, I introduced the idea of cryptoasset recovery as an emerging industry. In this post, I take a look at the first step of any investigation.

• Be aware that this is not meant to be an exhaustive description of of the investigative process but a general guide as to the steps a victim might encounter when working with a commercial cryptoasset recovery firm.

Information Collection 

The goal of this first step is essentially the same as in any other forensic investigation, the need to establish the objective facts of a particular case.

In the cryptoasset context, that means identifying the fraud that has taken place, for example, whether it’s a social media enabled “investment” opportunity, exit scam or pyramid scheme.

Part of that process is collecting as much data as available on the criminals; the social engineering or other TTPs (Tactics, Techniques and Procedures) employed; and as many selectors as possible used to communicate with the victims.

The range of data can cover emails, WhatsApp / Telegram / Facebook Group chats / calls, records of individual cryptocurrency transactions and so on. As many scams are organized fraud, there may be other victims, and in the event individual recovery is unfeasible there may be a future possibility of a class-action approach to funds recovery.

Depending on the level of severity, monetary loss or nature of the fraud, the commercial asset recovery firm may recommend outreach and reporting to local and / or national law enforcement and regulatory bodies if the victim has not already done so.

Please note this is not a comprehensive list of data for collection or a detailed enumeration of the investigative approach.