How crypto fraud and security breaches are investigated

It’s every exchange’s worst nightmare: Falling victim to a security breach. An incident can disrupt a trading platform’s operations for weeks, affect customer confidence and damage a carefully cultivated reputation — even causing crypto markets to fall in some cases.

Crypto companies have been ramping up their security measures in recent years, determined to ensure that malicious actors don’t get an opportunity to infiltrate their systems. This has prompted hackers, scammers and fraudsters to rely on more sophisticated techniques.

One crucial weapon has emerged that helps trading platforms take speedy action in the event that their infrastructure is compromised: Analytics software. But how do these companies go about their investigations whenever a breach is reported? What are the tools that can be relied upon to follow a thief’s tracks?

This is a step-by-step guide to investigating crypto fraud, security breaches and ransomware.

Hunting the hackers

Irrespective of whether cryptocurrencies are stolen through fraudulent activities or scams — with ransomware becoming an increasingly popular method for swindling victims — investigation techniques often follow a similar pattern.

The first step is to identify a criminal’s crypto address as soon as possible. This information can then be passed on to analytics software companies, which can immediately tag the address as high risk. Doing this quickly can ensure that the entity is easier to track. There can be times when there’s little information about an address hash, but this doesn’t mean that there’s a dead end. That’s because transaction and date filtering can be used instead.

Next, it’s a race against time to start tracking bad actors who may begin to obfuscate the funds that they have misappropriated. They may start sending transactions to other exchanges or use mixing services and darknet entities. Although this commonly happens immediately after crypto has been taken, it can sometimes take months or years for obfuscation to commence — when a criminal may think no one is looking. Analytics providers can offer transaction alerts to ensure that victims can be immediately notified when funds flow to or from an address.

These transaction alerts need to be acted upon as a matter of urgency, as work begins to follow the trail. A crucial step involves notifying exchanges that might end up receiving some of this crypto to ensure they are able to block stolen funds that flow into their accounts. Visualization tools can play a role in illustrating how misappropriated assets are distributed — and show the addresses that may be directly or indirectly connected to the criminal.

An investigation in action

Crystal Blockchain has shared an example of how investigations work in practice. The analytics software provider recently played an instrumental role in examining the aftermath of a hot wallet security breach that affected Eterbase in September 2020, which Cointelegraph reported on at the time.

Immediately after the theft took place, Eterbase sprang to action by publicly announcing the address that was used by the Bitcoin thief. This enabled Crystal to immediately tag this wallet as a high-risk entity.

Quickly, it became possible to piece together information about this address — including statistics on further transactions and connections. It soon emerged that this suspicious wallet had connections to 16 other addresses.

Through Crystal’s All Connections tool, it was revealed that this address had indeed received funds from Eterbase, as well as other exchanges, which had been sent on to a plethora of unnamed entities.

The company said it was able to look further than a one-hop distance — and include indirect connections in its results. From here, it was established that 80% of the total funds that were stolen had been sent to a mixing service.

Eterbase went live once again on Jan. 15 — with its team asking exchange users to stop using old crypto deposit addresses that belonged to their accounts. In an update at the end of January, the company said that an official investigation is still ongoing — and it stressed that affected users who are eligible for a refund will receive one as soon as possible.

Keeping track

Crystal Blockchain says crypto crime is growing in parallel with the crypto markets. The company recently released a map of security breaches and fraud within the digital assets sector over the past 10 years.

The interactive timeline tracks the number of incidents in every year since 2011, and also provides a total figure for the funds that were stolen. Its data suggests that $1.48 billion was taken across 28 incidents in 2020.

Users who visit this article can also use a spinning globe to find out the total volume of funds that have been stolen in countries around the world — with the hardest-hit nations colored in the darkest shade of red.

According to Crystal, the most common locations for exchange breaches include the U.S., the U.K., South Korea, Japan and China. The largest-ever crypto security breach remains the incident involving the Japanese exchange Coincheck in 2018, overtaking the Mt. Gox incident back in 2014.

Disclaimer. Cointelegraph does not endorse any content or product on this page. While we aim at providing you all important information that we could obtain, readers should do their own research before taking any actions related to the company and carry full responsibility for their decisions, nor this article can be considered as an investment advice.

Leave a Reply

Your email address will not be published. Required fields are marked *

bitcoin
Bitcoin (BTC) $ 38,029.00 3.37%
ethereum
Ethereum (ETH) $ 2,342.29 4.13%
tether
Tether (USDT) $ 1.01 0.74%
polkadot
Polkadot (DOT) $ 22.10 7.29%
cardano
Cardano (ADA) $ 1.49 2.48%
binance-coin
Binance Coin (BNB) $ 354.75 1.63%
xrp
XRP (XRP) $ 0.840851 2.23%
litecoin
Litecoin (LTC) $ 165.90 3.68%
chainlink
Chainlink (LINK) $ 22.76 6.50%
bitcoin-cash
Bitcoin Cash (BCH) $ 596.90 3.50%
stellar
Stellar (XLM) $ 0.316600 3.71%
usd-coin
USD Coin (USDC) $ 1.00 0.24%
dogecoin
Dogecoin (DOGE) $ 0.304505 2.52%
wrapped-bitcoin
Wrapped Bitcoin (WBTC) $ 38,010.00 3.52%
uniswap
Uniswap (UNI) $ 21.64 4.89%
aave
Aave (AAVE) $ 285.37 6.16%
cosmos
Cosmos (ATOM) $ 13.20 4.15%
monero
Monero (XMR) $ 278.40 0.32%
eos
EOS (EOS) $ 4.88 3.67%
bitcoin-sv
Bitcoin SV (BSV) $ 163.74 0.98%
tron
TRON (TRX) $ 0.074562 3.52%
nem
NEM (XEM) $ 0.160901 4.85%
iota
IOTA (MIOTA) $ 1.07 3.66%
vechain
VeChain (VET) $ 0.106040 3.96%
tezos
Tezos (XTZ) $ 3.25 1.41%
theta-token
Theta Network (THETA) $ 9.67 2.59%
havven
Synthetix Network Token (SNX) $ 8.71 7.35%
avalanche-2
Avalanche (AVAX) $ 14.61 4.36%
neo
NEO (NEO) $ 47.68 4.47%
terra-luna
Terra (LUNA) $ 6.29 1.58%
dash
Dash (DASH) $ 163.81 4.94%
huobi-token
Huobi Token (HT) $ 13.11 3.13%
okb
OKB (OKB) $ 13.29 3.47%
elrond-erd-2
Elrond (EGLD) $ 82.85 5.23%
crypto-com-chain
Crypto.com Coin (CRO) $ 0.113413 2.92%
the-graph
The Graph (GRT) $ 0.659956 6.75%
compound-ether
cETH (CETH) $ 46.91 4.34%
solana
Solana (SOL) $ 38.68 5.56%
maker
Maker (MKR) $ 2,868.10 5.98%
filecoin
Filecoin (FIL) $ 67.96 3.02%
cdai
cDAI (CDAI) $ 0.021541 0.02%
dai
Dai (DAI) $ 1.01 0.43%
ftx-token
FTX Token (FTT) $ 32.04 2.62%
celsius-degree-token
Celsius Network (CEL) $ 6.72 0.16%
sushi
Sushi (SUSHI) $ 8.34 7.52%
kusama
Kusama (KSM) $ 335.90 9.10%
compound-governance-token
Compound (COMP) $ 304.68 4.50%
zcash
Zcash (ZEC) $ 141.18 1.39%
ethereum-classic
Ethereum Classic (ETC) $ 54.70 3.38%
decred
Decred (DCR) $ 127.58 4.35%
binance-usd
Binance USD (BUSD) $ 1.01 0.55%
compound-usd-coin
cUSDC (CUSDC) $ 0.022098 0.02%
zilliqa
Zilliqa (ZIL) $ 0.102963 4.11%
uma
UMA (UMA) $ 11.63 4.75%
yearn-finance
yearn.finance (YFI) $ 36,125.00 3.28%
leo-token
LEO Token (LEO) $ 2.60 1.77%
pancakeswap-token
PancakeSwap (CAKE) $ 16.30 2.44%
waves
Waves (WAVES) $ 17.37 4.95%
near
Near (NEAR) $ 3.17 0.10%
amp-token
Amp (AMP) $ 0.092002 19.13%
0x
0x (ZRX) $ 0.870170 2.82%
huobi-btc
Huobi BTC (HBTC) $ 37,932.00 3.45%
algorand
Algorand (ALGO) $ 1.03 3.07%
digibyte
DigiByte (DGB) $ 0.052558 6.73%
icon
ICON (ICX) $ 1.03 6.43%
hedera-hashgraph
Hedera Hashgraph (HBAR) $ 0.219951 6.89%
nexo
NEXO (NEXO) $ 1.77 5.36%
xsushi
xSUSHI (XSUSHI) $ 9.69 7.48%
ethos
Voyager Token (VGX) $ 2.42 1.10%
loopring
Loopring (LRC) $ 0.286097 3.12%
thorchain
THORChain (RUNE) $ 8.80 10.00%
ontology
Ontology (ONT) $ 0.890457 5.34%
renbtc
renBTC (RENBTC) $ 37,986.00 3.54%
nano
Nano (NANO) $ 6.00 4.20%
basic-attention-token
Basic Attention Token (BAT) $ 0.640031 6.31%
omisego
OMG Network (OMG) $ 5.02 5.17%
republic-protocol
REN (REN) $ 0.427401 3.17%
zencash
Horizen (ZEN) $ 84.15 4.50%
bittorrent-2
BitTorrent (BTT) $ 0.003270 3.66%
swissborg
SwissBorg (CHSB) $ 0.648771 5.40%
ravencoin
Ravencoin (RVN) $ 0.070591 3.84%
iostoken
IOST (IOST) $ 0.026761 2.22%
qtum
Qtum (QTUM) $ 8.53 4.09%
paxos-standard
Paxos Standard (PAX) $ 1.01 0.27%
venus
Venus (XVS) $ 28.32 13.86%
blockstack
Stacks (STX) $ 0.871722 4.86%
matic-network
Polygon (MATIC) $ 1.46 5.83%
curve-dao-token
Curve DAO Token (CRV) $ 2.13 0.34%
siacoin
Siacoin (SC) $ 0.015594 0.61%
quant-network
Quant (QNT) $ 70.50 11.72%
bancor
Bancor Network Token (BNT) $ 3.73 4.64%
reserve-rights-token
Reserve Rights Token (RSR) $ 0.030102 3.97%
fantom
Fantom (FTM) $ 0.332599 11.20%
mdex
Mdex (MDX) $ 2.06 3.49%
enjincoin
Enjin Coin (ENJ) $ 1.34 6.95%
energy-web-token
Energy Web Token (EWT) $ 7.26 5.04%
lisk
Lisk (LSK) $ 2.72 6.89%
ampleforth
Ampleforth (AMPL) $ 0.895162 6.08%
balancer
Balancer (BAL) $ 21.94 4.63%
terrausd
TerraUSD (UST) $ 1.01 0.43%
ocean-protocol
Ocean Protocol (OCEAN) $ 0.531733 8.68%
husd
HUSD (HUSD) $ 1.00 0.09%
nxm
Nexus Mutual (NXM) $ 89.56 4.14%
1inch
1inch (1INCH) $ 3.29 10.87%
bitcoin-gold
Bitcoin Gold (BTG) $ 55.80 6.82%
kyber-network
Kyber Network Crystal Legacy (KNCL) $ 1.89 6.71%
verge
Verge (XVG) $ 0.027252 4.32%
decentraland
Decentraland (MANA) $ 0.674062 5.59%
alpha-finance
Alpha Finance (ALPHA) $ 0.586224 4.81%
flow
Flow (FLOW) $ 11.36 6.76%
band-protocol
Band Protocol (BAND) $ 6.83 3.75%
status
Status (SNT) $ 0.069040 5.11%
dodo
DODO (DODO) $ 1.33 2.63%
bitcoin-cash-abc-2
Bitcoin Cash ABC (BCHA) $ 24.60 11.99%
compound-usdt
cUSDT (CUSDT) $ 0.021251 0.04%
xdce-crowd-sale
XDC Network (XDC) $ 0.071873 12.51%
staked-ether
Lido Staked Ether (STETH) $ 2,334.33 4.04%
arweave
Arweave (AR) $ 16.90 6.65%
polymath-network
Polymath Network (POLY) $ 0.207007 0.98%
safepal
SafePal (SFP) $ 1.05 6.75%
true-usd
TrueUSD (TUSD) $ 1.01 0.54%
zkswap
ZKSwap (ZKS) $ 0.829847 8.95%
polkastarter
Polkastarter (POLS) $ 1.29 5.18%
ethlend
Aave [OLD] (LEND) $ 2.80 7.22%
helium
Helium (HNT) $ 13.85 1.00%
civic
Civic (CVC) $ 0.245433 4.61%
pundi-x
Pundi X [OLD] (NPXS) $ 0.002279 42.33%
kava
Kava.io (KAVA) $ 4.01 4.31%
golem
Golem (GLM) $ 0.269523 8.63%
harmony
Harmony (ONE) $ 0.078424 3.75%
nucypher
NuCypher (NU) $ 0.308946 6.51%
holotoken
Holo (HOT) $ 0.007559 3.60%
nusd
sUSD (SUSD) $ 1.01 0.55%
electroneum
Electroneum (ETN) $ 0.007075 5.89%
nervos-network
Nervos Network (CKB) $ 0.017146 5.27%
derivadao
DerivaDAO (DDX) $ 2.53 2.27%
district0x
district0x (DNT) $ 0.132109 2.95%
bitcoin-diamond
Bitcoin Diamond (BCD) $ 2.57 7.99%
trust-wallet-token
Trust Wallet Token (TWT) $ 0.348712 5.60%
rif-token
RSK Infrastructure Framework (RIF) $ 0.169300 4.06%
swipe
Swipe (SXP) $ 2.15 6.49%
gnosis
Gnosis (GNO) $ 169.62 3.83%
numeraire
Numeraire (NMR) $ 39.19 3.07%
rook
KeeperDAO (ROOK) $ 152.22 15.98%
kucoin-shares
KuCoin Token (KCS) $ 8.59 5.95%
btc-standard-hashrate-token
BTC Standard Hashrate Token (BTCST) $ 28.30 5.68%
aragon
Aragon (ANT) $ 4.47 6.65%
fetch-ai
Fetch.ai (FET) $ 0.292006 1.39%
litentry
Litentry (LIT) $ 3.41 1.83%
funfair
FUNToken (FUN) $ 0.020238 1.60%
chiliz
Chiliz (CHZ) $ 0.311888 5.13%
seth
sETH (SETH) $ 2,340.43 4.43%
oasis-network
Oasis Network (ROSE) $ 0.069562 5.19%
injective-protocol
Injective Protocol (INJ) $ 8.11 6.43%
vethor-token
VeThor Token (VTHO) $ 0.007644 4.15%
saffron-finance
saffron.finance (SFI) $ 417.21 11.11%
augur
Augur (REP) $ 17.60 6.66%
the-sandbox
The Sandbox (SAND) $ 0.267337 4.12%
singularitynet
SingularityNET (AGIX) $ 0.194765 6.45%
secret
Secret (SCRT) $ 1.50 5.72%
telcoin
Telcoin (TEL) $ 0.030164 4.92%
serum
Serum (SRM) $ 3.98 6.92%
gatechain-token
GateToken (GT) $ 3.82 3.88%
mainframe
Hifi Finance (MFT) $ 0.008592 2.40%
sbtc
sBTC (SBTC) $ 38,045.00 3.61%
compound-uniswap
cUNI (CUNI) $ 0.436923 4.78%
ardor
Ardor (ARDR) $ 0.163183 3.14%
vai
Vai (VAI) $ 0.902182 1.02%
utrust
UTRUST (UTK) $ 0.282001 5.94%
prometeus
Prometeus (PROM) $ 14.74 1.17%
reddcoin
Reddcoin (RDD) $ 0.002434 10.35%
monacoin
MonaCoin (MONA) $ 1.87 1.86%
noia-network
Syntropy (NOIA) $ 0.210307 1.10%
compound-0x
c0x (CZRX) $ 0.017793 2.97%
wink
WINkLink (WIN) $ 0.000523 12.66%
ankr
Ankr (ANKR) $ 0.078489 3.30%
bytom
Bytom (BTM) $ 0.078733 2.31%
rocket-pool
Rocket Pool (RPL) $ 10.50 1.22%
origintrail
OriginTrail (TRAC) $ 0.302311 3.99%
steem
Steem (STEEM) $ 0.386461 6.28%
maidsafecoin
MaidSafeCoin (MAID) $ 0.732422 3.03%
tomochain
TomoChain (TOMO) $ 1.86 1.34%
edgeware
Edgeware (EDG) $ 0.008081 17.14%
skale
SKALE (SKL) $ 0.305092 0.63%
stratis
Stratis (STRAX) $ 1.27 1.42%
hegic
Hegic (HEGIC) $ 0.104934 5.77%
komodo
Komodo (KMD) $ 0.953659 11.73%
bitshares
BitShares (BTS) $ 0.051479 0.30%
unibright
Unibright (UBT) $ 1.25 1.59%
coinmetro
CoinMetro (XCM) $ 0.301826 11.61%
ark
Ark (ARK) $ 1.06 3.09%
mirror-protocol
Mirror Protocol (MIR) $ 5.69 25.92%
keep-network
Keep Network (KEEP) $ 0.553691 15.04%
neutrino
Neutrino USD (USDN) $ 1.01 0.82%
iexec-rlc
iExec RLC (RLC) $ 3.53 9.39%
harvest-finance
Harvest Finance (FARM) $ 53.85 5.34%
iotex
IoTeX (IOTX) $ 0.022097 2.16%
badger-dao
Badger DAO (BADGER) $ 12.67 4.65%
redfox-labs-2
RedFOX Labs (RFOX) $ 0.081863 8.59%
empty-set-dollar
Empty Set Dollar (ESD) $ 0.050864 11.40%
ultra
Ultra (UOS) $ 0.497007 3.07%
wanchain
Wanchain (WAN) $ 0.719072 4.26%
iris-network
IRISnet (IRIS) $ 0.083901 6.39%
perpetual-protocol
Perpetual Protocol (PERP) $ 7.30 3.30%
trustswap
Trustswap (SWAP) $ 1.00 3.31%
tokenlon
Tokenlon (LON) $ 3.48 5.95%
orion-protocol
Orion Protocol (ORN) $ 8.05 7.13%
titanswap
TitanSwap (TITAN) $ 3.99 3.16%
tether-gold
Tether Gold (XAUT) $ 1,793.41 0.41%
wax
WAX (WAXP) $ 0.134380 0.26%
yfii-finance
DFI.money (YFII) $ 1,823.85 6.41%
aelf
aelf (ELF) $ 0.201199 3.48%
haven
Haven (XHV) $ 11.19 4.99%
pax-gold
PAX Gold (PAXG) $ 1,816.65 0.21%
defipulse-index
DeFiPulse Index (DPI) $ 299.60 4.74%
math
MATH (MATH) $ 1.40 0.01%
api3
API3 (API3) $ 2.84 4.49%
sora
Sora (XOR) $ 278.78 2.42%
dent
Dent (DENT) $ 0.003261 5.56%
loom-network
Loom Network (OLD) (LOOMOLD) $ 0.059432 4.65%
nftx
NFTX (NFTX) $ 48.83 12.11%
gala
Gala (GALA) $ 0.009279 0.51%
axie-infinity
Axie Infinity (AXS) $ 4.84 7.37%
beefy-finance
Beefy.Finance (BIFI) $ 1,741.04 7.03%
swingby
Swingby (SWINGBY) $ 0.092243 1.00%
parsiq
PARSIQ (PRQ) $ 0.806870 3.08%
akropolis
Akropolis (AKRO) $ 0.023005 5.94%
nest
Nest Protocol (NEST) $ 0.012728 7.55%
stakehound-staked-ether
StakeHound Staked Ether (STETH) $ 3,719.75 0.00%
akash-network
Akash Network (AKT) $ 3.07 1.20%
cream-2
Cream (CREAM) $ 157.93 2.40%
auto
Auto (AUTO) $ 1,342.37 1.26%
storj
Storj (STORJ) $ 0.867455 5.28%
e-radix
e-Radix (EXRD) $ 0.162333 10.46%
hive
Hive (HIVE) $ 0.331249 4.47%
chainx
ChainX (PCX) $ 6.01 2.63%
wrapped-nxm
Wrapped NXM (WNXM) $ 59.90 3.84%
hathor
Hathor (HTR) $ 0.433894 1.95%
gemini-dollar
Gemini Dollar (GUSD) $ 1.01 0.53%
frontier-token
Frontier (FRONT) $ 0.762973 4.29%
everid
Everest (ID) $ 0.405973 0.41%
lto-network
LTO Network (LTO) $ 0.223953 5.50%
power-ledger
Power Ledger (POWR) $ 0.185725 6.29%
livepeer
Livepeer (LPT) $ 24.84 2.90%
xdai-stake
xDAI Stake (STAKE) $ 11.38 8.43%
rari-governance-token
Rari Governance Token (RGT) $ 5.67 3.77%
cashaa
Cashaa (CAS) $ 0.028173 4.00%
energi
Energi (NRG) $ 2.14 3.74%
bytecoin
Bytecoin (BCN) $ 0.000448 2.11%
duckdaodime
DuckDaoDime (DDIM) $ 13.93 3.73%