This Week in Crypto Fraud - 10th August 2022 (#5)
This week in Crypto Fraud focuses on each weeks or months developments in crypto asset crime, fraud and investigations.
This week has seen Tornado Cash be designated for sanctions, challenges against blockchain analysis as part of the Bitfog indictment, and we recap on issues such as the new EU regulation announced in July.
We can’t cover everything so just the most interesting or noteworthy highlights, with some general reporting.
Sanctions against Tornado Cash
(US Treasury- https://home.treasury.gov/news/press-releases/jy0916)
Tornado Cash has been sanctioned by OFAC, following on from similar sanctions against Blender.io in May. The sanctions list designates 38 ETH addresses and 6 USDC addresses.
The service has been used to launder $7 billion worth of virtual currency since its creation in 2019, including from the DPRK-linked Lazarus group.
Earlier this year Tornado Cash began to conduct sanctions checks via its web interface, using the Chainanalysis sanctions oracle. This felt like an attempt to stave off sanctions against the service, and could potentially have been bypassed by calling the relevant contracts directly.
Notes for investigators
Details of the various addresses and identifiers used by the service are available from OFAC here.
The premise of smart contract or distributed services was they would be immune to central government interference, however the individuals involved are often the weak link. When a service is used for criminality to the level that Tornado Cash was investigators should expect sanctions to be forthcoming on both the service and its developers.
Investigators should not just rely on evidence of accessing Tornado.cash, but also interaction with the specific smart contract addresses that are designated.
Bitcoin Fog case challenges key investigative tools
(Wired - https://www.wired.com/story/bitcoin-fog-roman-sterlingov-blockchain-analysis/, TRMLabs - https://www.trmlabs.com/post/mixing-it-up and IPRDaily - http://www.iprdaily.com/article/index/16966.html)
Roman Sterlingov was arrested at Los Angeles airport in May 2021 accused of operating the Darknet mixer Bitcoin Fog since 2011.
The charges are denied and Sterlingov defence team have openly challenged the blockchain analysis on which much of the evidence against him may be based.
Tor Ekeland who is defending Sterlingov is reported as commenting by Wired and others:
“That means, he argues, that the government has based the core of its case on an unproven, relatively new form of forensics—one that he says led them to the wrong suspect. "Has it been peer-reviewed? No," Ekeland says of blockchain analysis. "Is it generally accepted in the scientific community? No. Does it have a known error rate? No. It's unverifiable. They can say total nonsense, and everyone has to take it on faith."
TRMLabs makes the point that one of the big issues here is the use of the Darkweb and its links to criminality. Previous cases have used these links as a way to demonstrate motive and intent.
Notes for investigators
Questions over cryptocurrency tracing are likely to persist until there is a well understood range of techniques, tested in multiple courts.
Investigators should be careful when selecting experts to help with crypto-tracing. Many have little experience of technology, having moved from more traditional investigatory fields or rely heavily on a specific platform.
Investigators should look to corroborate onchain investigations with suitable offchain approaches.
EU Cryptocurrency Regulation announced
(Financial Times - https://www.ft.com/content/38df2e75-76a8-4be9-bde5-ad410e3f95e0 and EU https://www.consilium.europa.eu/en/press/press-releases/2022/06/30/digital-finance-agreement-reached-on-european-crypto-assets-regulation-mica/)
New regulation within the EU will regulate trading of crypto assets within the bloc. The new rules are known as Regulation on Markets in Crypto-assets (Mica) and bring crypto-assets, crypto-assets issuers and crypto-asset service providers under a common regulatory framework for the first time.#
The scope of the rules is broad and includes:
“issuers of unbacked crypto-assets, and so-called ‘stablecoins’, as well as the trading venues and the wallets where crypto-assets are held”.
The rules will mean that regulated companies will not only face tougher standards to protect consumers but be liable in the event they lose investor funds. The sector will also have to disclose environmental impacts of its operations.
Much of the regulation focuses on stablecoins. Stablecoin issuers will be required to have a presence within the EU and have a “sufficiently liquid reserve”.
It is notable that NFTs do not fall within the proposed rules.
“Non-fungible tokens (NFTs), i. e. digital assets representing real objects like art, music and videos, will be excluded from the scope except if they fall under existing crypto-asset categories.”
Notes for investigators
The new requirements will provide an opportunity for due-diligence on EU based stablecoin projects, including audit information on 1/1 reserves.
Coinbase losses mount as trading volumes decline
(Bloomberg - https://www.bloomberg.com/news/articles/2022-08-09/coinbase-falls-after-second-quarter-revenue-misses-estimates and Decrypt https://decrypt.co/107112/coinbase-1-billion-net-loss-q2-stock-tumbles)
The Coinbase exchange has posted a $1.1 billion dollar loss this quarter as as result of continued low cryptocurrency prices and reduced trading volumes.
Notes for investigators
There have been reports of headcount reductions within Coinbase. This may provide an opportunity for the misuse of the Coinbase platform if compliance or risk functions are reduced, or of the organisation takes on a higher risk appetite. There is no evidence of this at present.
Crypto as a security - SEC rulings expected
(Wired - https://www.wired.com/story/crypto-web3-securities-ripple-sec-lawsuits/ and Coinbase - https://blog.coinbase.com/the-crypto-securities-market-is-waiting-to-be-unlocked-but-first-we-need-workable-rules-c0ba63eabab3 )
In July the SEC charged a former Coinbase manager and two others with insider trading. This is potentially part of an ‘enforcement first’ approach to regulating the crypto industry.
“In nearly a year, the defendants collectively earned over $1.1 million in illegal profits by engaging in an alleged insider trading scheme that repeatedly used material, nonpublic information to trade ahead of Coinbase listing announcements,”
These charges are similar to those for more traditional insider trading cases, and show how traditional issues from the securities world affect crypto.
Coinbase has petitioned the SEC for a specific regulatory regime related to crypto in line with the approach taken by the EU and others. The current enforcement regime can cause a level of investor risk, as enforcement action causes price movements.
Notes for investigators
There is likely to be further action from the SEC given the expansion of their crypto task force. Investigators should be alive to issues from the securities world such as disclosure requirements, insider trading or market and price-sensitive information when conducting investigations.
Enforcement action can have impacts on specific cryptocurrency valuations, which may be a consideration when considering asset recovery actions or holding specific coins.