As the market of stolen cryptocurrencies through various scams, hacks, and fraud is valued at $10b+, the process to recover these funds has presented challenges to our institutions of law. With new possibilities of tracing and recovering cryptocurrencies rising it is providing cases where the legal definitions of crypto assets as property or not are potentially being decided on.
Recent legal cases where forensic tools were used to find the destination of hacked, stolen, and blackmail related funds include one tied to a major exchange makes the case that “a crypto asset such as Bitcoin are property”. According to the final Judgement of the English Court announced at the end of 2019 and published on 17 January 2020 (Case No: CL-2019-000746), crypto assets deemed as property are: definable, traceable, possible to handle by a third party and permanent. As stated on page 28 “I am satisfied at least to the level required for the purposes of this application for interim relief that Bitcoins constitute property”.
According to the Case file linked above:
“The application relates to the hacking of a Canadian insurance company that I will refer to simply as the Insured Customer. What happened in relation to that company is that a hacker managed to infiltrate and bypass the firewall of that insured customer, who happens to be an insurance company, and installed malware called BitPaymer. The effect of that malware was that all of the insured customer’s computer systems were encrypted, the malware having first bypassed the system’s firewalls and anti-virus software. The Insured Customer then received notes which were left on the encrypted system by the first defendant. In particular, there was a communication from the first defendant as follows:
Hello [insured customer] your network was hacked and encrypted. No free decryption software is available on the web. Email us at […] to get the ransom amount. Keep our contact safe. Disclosure can lead to impossibility of decryption. Please use your company name as the email subject.”
The hacker proceeded to blackmail the company for $950k worth of Bitcoin at the time. The demanded 109.25 BTC was promptly paid to regain access to the company’s data. Due to insurance coverage against cybercrime the full amount lost was compensated by their plan.
A further investigation included tracing the destination of the cryptocurrency paid to the hackers. A few analytics methods that could be used in order to track funds include: FIFO, LIFO, Pro Data Distribution, Lowest Intermediaries Balance Rule, Poison, Haircut or TIHO. Some of them are able to distinguish tainted funds from untainted ones and count the percentage of affected inputs in each transaction. Others are characterized by strong propagation presuming that each transaction includes at least one taint input recognized as taint. The choice of analytics approach indicates the accuracy of final results. Creating a strategic mixture of them like the approach of Coinfirm, enables the extensive detection of paths to the Destination Address (the one where the funds end up), providing the most accurate forensic results.
The methodology used during the process of this case found that some of the lost cryptocurrency ended up on a well-known cryptocurrency exchange. The case was followed by a lawsuit in order to compensate for the loss and estimate the damage of the potential leak of the company’s private information. To do so, it was essential to make a legal decision about the interpretation of Bitcoin as property.
After examining all factors and considering crypto assets as a property, the court granted the injunction sought that instructed the controllers of the examined exchange to present detailed information about the hacker and block their accounts. Cases such as this persuaded the English court to underline the urgency of applications associated with crypto assets by enabling victims to report claims directly via mail.
In case of funds tracking, the aim is to indicate the destination addresses and to distinguish the tracked assets from others remaining on the address. In the cryptocurrency space by using dedicated solutions we can recognize a variety of wallets and mixing tools.
Coinfirm’s flexible approach allows tracking funds in a variety of tracing methods in order to maximize asset recovery along with the development of 3 primary tools: Standard / Enhanced AML Risk Reports, Visualizer and Monitoring Panel. Their use facilitates the tracking of assets even through a chain of thousands of transactions in order to examine the Source Address (originating) or Destination Address (holding funds) along with the identification of known services such as cryptocurrency exchanges, online wallets, payment processor, etc. These results are supplemented by tabular and graph evidence. Moreover, Coinfirm is able to identify the percentage of funds that have been sent from source to destination address and estimate how much of them are still remaining on the address. Altogether it creates a full visualization of transactions, identification of the percentage of tainted funds in each address and generated rating risk of the addresses in the ledger.
Without a doubt, the cryptocurrency market created a new scene for money laundering, dark market activities, Ponzi schemes and cybercriminals. Until recently this unregulated market for the most part left victims behind with no solutions to recover their loss.
Taking advantage of being legally defined as property, crypto assets obtain the status of belonging to the person, with the principles of property injunction.
The statement shines a light into some of the still uncertain definitions around cryptocurrencies and simplifies asset recovery. These decisions indicate further improvements of legislation around crypto assets, enabling more frequent dispute resolution. Moreover, it highlights the legal issues around the topic, underlying the necessity of legal clarification.
Pioneer disputes stimulate others, motivating victims to reopen old processes or pursue new claims. It structures groups of victims focused on the same illegal activity, increasing the probability of recovering funds for the case. Through more cases such as the above, and AML analytics tools with dedicated solutions such as AML Risk Management Platform or Reclaim Crypto, the cryptocurrency market is building the technical and legal framework for misappropriated funds.