Foreword xiii Introduction xvii 1 A History of Cryptocurrencies and Crime 1 Where Did It All Start? 3 The Rise of the Smart Contract 7 The Next Targets? 14 The Future? More Crime! 16 2 Understanding the Criminal Opportunities: Money Laundering 19 There Is No Such Thing as Crypto Crime 36 Money Laundering 40 What Is an Investigator Looking For? 42 Centralized Exchanges 43 NFTs and NFT Gaming 45 Mixers 48 Decentralized Exchanges 53 Casinos. 56 Chain Hopping 57 Privacy Coins 59 Crypto ATMs 62 Peer-to-Peer Platforms 64 3 Understanding the Criminal Opportunities: Theft 67 Crypto Thefts 67 Social Engineering 67 Phishing 68 Hacks 71 Fraud 73 Rug Pull 74 Pig-Butchering/Romance Scams 76 Investment Scams 79 Support Scams 83 Simple Theft 84 Contract Manipulation 86 Fake Contracts 86 Exploiting the Contract 87 Phishing 89 Flash Loans 90 Playing by the Rules 92 Other Criminal Opportunities 96 Yield Farming 96 Funding of Groups 97 Sanctions Avoidance 99 Summary 108 4 Who Should Be a Cryptocurrency Investigator? 109 Individual Skills 111 Knowledge of Technological Systems 111 Knowledge of Digital Currencies 112 Understanding of the Cryptocurrency Market 112 Extensive Knowledge of Computer Networks 113 Cryptography 114 Financial Crime 114 Fraud Investigators 114 Open Source Investigations 115 Cybercrime Investigations 116 Setting Up a Cryptocurrency Investigation Department 117 Other Roles. 123 5 The Role of Commercial Investigation Tools 125 Do You Need a Commercial Tool? 129 Two Is One and One Is None 133 The Future of Investigation Tools 135 6 Mining: The Key to Cryptocurrencies 139 What Really Is Mining? 141 Validating Transactions 141 Minting New Coins 142 Proof of Work (PoW) Mining 142 How PoW Mining Works 142 Energy Consumption and Environmental Concerns 145 Proof of Stake (PoS) Mining 146 How PoS Mining Works 146 Advantages of PoS Mining 146 Does an Investigator Need to Understand Mining Technologies? 146 Cryptocurrency Mining Frauds and Scams 147 Cloud Mining Scams 147 Ponzi and Pyramid Schemes 148 Malware and Cryptojacking 149 Asset Discovery 149 Will Cryptocurrencies Always Be Mined? 150 7 Cryptocurrency Wallets 153 When a Wallet Is Not Really a Wallet 155 Types of Cryptocurrency Wallets 156 Hot Wallets 157 Desktop Wallets. 157 Mobile Wallets 158 Web/Online Wallets 158 Cold Wallets 160 Hardware Wallets 160 Paper Wallets 161 Software Wallets: Functionality and Security 162 Functionality 163 Security 163 Hardware Wallets: Functionality and Security 164 Functionality 164 Security 164 Choosing the Right Wallet 165 Wallet Vulnerabilities 166 Weak or Reused Passwords 166 Phishing Attacks 166 Malware 167 On-Path Attacks 167 Vulnerable Wallet Software 168 Lack of Two-Factor Authentication (2FA) 168 Social Engineering 169 SIM-Swapping Attacks 169 Supply Chain Attacks 170 8 The Importance of Discovery 173 Premises Searching: Legal Framework and Search Powers 176 Search Strategies 177 Handling and Securing Evidence 177 Evidence Bags 178 Body Cameras 179 Photography 179 Chain of Custody 180 Physical Clues. 181 Hardware Wallets 181 Paper Wallets 183 QR Codes 186 Documentation 186 Questioning 188 General Understanding 188 Involvement and Knowledge of Cryptocurrencies 188 Specific Details of the Alleged Crime 189 Technical Details 189 Searching Digital Assets 190 Legal Framework and Warrants 192 Digital Forensics 194 Hardware Examination 198 Storage Devices 198 RAM Analysis 200 What are you looking for? 202 Handling and Securing Digital Evidence 204 The Role of Exchanges 204 Senior Officers/Management 206 Summary 206 9 The Workings of Bitcoin and Derivatives 209 Bitcoin Is a Blockchain-Based UTXO Cryptocurrency 210 UTXO 211 What Does an Transaction Look Like? 215 How Does a UTXO Blockchain Help an Investigator? 220 Blockchain Explorers 222 What Else Can You Learn in a Transaction? 226 Times and Dates 227 Values 229 Omni Layer 231 Taproot 232 The Lightning Network 235 Summary 237 10 Bitcoin: Investigation Methodology 239 Building an Investigation in Bitcoin 251 Address Clustering 253 How Are Clusters Defined? 255 Co-spend Heuristic 255 Change Analysis 256 Nominal Spend 257 Address Type Analysis 259 Multisig Analysis 260 Round Number Payments 261 Some Other Things to Note 262 Change of Ownership 263 Change of Wallet 263 Look at the Amounts 263 Address Triage 265 Attribution 271 Investigating Bitcoin 271 11 The Workings of Ethereum and Derivatives 273 History of the Ethereum Cryptocurrency 274 Ethereum Fundamentals 276 Types of Tokens 279 Ethereum Transaction Types 282 One Address for All Tokens 286 A User''s Address Can Be the Same on Other Blockchains 288 Reading Basic Transactions 290 Transaction Methods 291 Transaction and Address Types 293 What Are These Contracts We Keep Mentioning? 294 Identifying Contract Transactions 295 Conclusion 296 12 Ethereum: Investigation Methodology 297 Following ETH-to-ETH Transactions 297 Smart Contracts Deep Dive 304 Methods, Functions, and Events 307 Code 309 Read Contract 310 Write Contract. 310 Logs 314 ETH-to-Contract Transactions 316 Token-to-Token Transactions 324 NFTs 329 Decentralized Exchanges 335 Reading Decentralized Finance Contracts 342 The Approve Transaction 351 Summary 353 13 Investigating Binance Smart Chain 355 What is Binance Smart Chain? 355 Investigating Funds on Binance Smart Chain 357 What Have You Learned? 364 14 Applying What You Have Learned to New Cryptocurrencies 367 Stable Coins Such as USDT, USDC, and Paxos 368 Tron 372 Tron Fee Structure 372 What Transactions Look Like 372 Layer 2 Chains 377 Bridges 383 Mixers 388 Bitcoin Mixing 389 Ethereum Mixing 393 Privacy Coins 395 Monero (XMR): The Vanguard of Privacy Coins 396 Zcash (ZEC): Selective Transparency 396 Dash (DASH): Privacy as an Option 397 Horizen (ZEN): Extended Privacy with Sidechains 397 Grin and Beam: Mimblewimble Protocol 398 What Have You Learned? 398 15 Open Source Intelligence and the Blockchain 401 Mindset 402 Just "Search Engine" It 404 Attribution of Individuals 412 NFT Metadata 421 OSINT and the Dark Web 423 Summary 425 16 Using Wallets for Investigations 427 Understanding Cryptocurrency Wallets 427 Seed Words and Wallet Recovery 428 Step-by-Step Guide to HD Wallet Re-creation 428 What Can Be Seen? 429 The Benefits of Wallet Re-creation in Investigations 434 Understanding Derivation Paths in Cryptocurrency Wallets 435 The Importance of Understanding Derivation Paths for Investigators 435 Avoiding Oversight and Ensuring Legal Admissibility 436 The Concept of a Derivation Path 436 Bitcoin vs Ethereum Derivation Paths 437 Changing Derivation Paths in Software Wallets 438 To Sum Up 444 17 Crypto Seizure 445 What Do You Need to Carry Out a Crypto Seizure? 463 Recording Seed Words 466 Seizing to Your Own Wallet 467 Considerations for a Software Wallet 467 Considerations for a Hardware Wallet 468 Establishing an Organizational Process 469 Document Your Processes 469 Methods of Recording 470 Paperwork 470 Video 470 Preparation and Administration 471 Documentation in Law Enforcement Systems 471 Questions to Ask before Carrying Out a Crypto Seizure 471 Preparing for a Time-Sensitive Seizure 472 On-Site Seizure Considerations 472 Managing Access and Potential Threats 472 On-Site Toolkit and Practice 473 Where to Store Seized Assets? 473 Seizing to an Exchange 473 Specialist Custodians 474 Seizing to a Law Enforcement-Controlled Wallet 475 Final Thoughts 477 Acknowledgments 483 About the Author 485 About the Contributors 487 About the Technical Editor 493 Index 495.
There's No Such Thing As Crypto Crime : An Investigative Handbook