Their discoveries would be enough to make Conan Doyle’s hero jealous. On the Web, high-tech sleuths track down digital heists. Their playground? Blockchains, these large decentralized computer registers on which cryptocurrencies are built. A perimeter where there is no shortage of matters to be clarified. The reference firm, Chainalysis, estimates that in 2023 there was the equivalent of $1.7 billion in theft. An impressive amount, and yet well below the previous two years, which each recorded more than $3 billion in stolen cryptoassets.
“OKHotshot” (a pseudonym) is one of those web crypto detectives. This amateur specializes in scams around NFTs (non-fungible tokens), these unique digital objects. “The shortest investigations took me two weeks. But one of the last ones took me several months,” he says. In total, the mysterious detective, who jealously protects his anonymity, has carried out more than forty investigations. And sounded the alarm on many rug sweaters, these scams consisting of launching a cryptoasset with a lot of false advertising, to resell its shares at the highest level before its value collapses.
Like him, a handful of Internet users have made a name for themselves on the Web thanks to their research. The first of them is called “ZachXBT”, a crypto investigation star followed by 492,000 subscribers on the social network X (formerly Twitter). “It’s simple, we find it in half of the high-stakes cases that we handle at the firm,” summarizes lawyer Romain Chilly, of the firm specializing in crypto ORWL. Some of its investigations have had very concrete repercussions in France, such as these five indictments in the fall of 2022 in a case of theft of NFT “Bored Ape” with an estimated value of $2.5 million. “The action of these crypto detectives has a very interesting educational effect: by succeeding in tracing transaction flows, they can dismantle the mechanisms of a scam and help identify emerging scams,” greets computer science doctor Edouard Klein, a former gendarme specialist in blockchain and now legal expert. “It is a very unremunerative activity, and nevertheless essential for the ecosystem, because it allows us to introduce a form of self-regulation,” adds Jérôme de Tychey, president of the Ethereum France association.
Cryptocurrencies do not guarantee anonymity
Mostly volunteers, these crypto detectives are often former victims who have decided to give back to the crooks who stole from them. A way to alert the crypto community to the traps being set. For “OKHotshot”, the turning point occurs in 2021. While two of his friends have been fooled, he realizes that he could have easily warned them. Same pattern for John, a 44-year-old computer scientist from Quebec, aka “CryptoShields” on X. “There was buzz around cryptos, and I started buying them,” he remembers. One of the transactions takes time to arrive in his wallet. He then contacted Atomic Wallet in a private message on Twitter, without knowing that he was in fact speaking to an account that usurped the name of this crypto management service. His interlocutor sends him to a site, “to supposedly unblock the transaction, then I arrive at a window which asks me to enter my private key. Suddenly, my correspondent blocks me, and I realize that I have just get cheated,” summarizes John, who leaves around $8,000. Rebelote a few months later, this time with a rug sweater. This second disappointment pushes him to carry out his own investigations. “It has practically become an obsession,” confesses the Canadian amateur investigator. “I do it alongside my work, it can take a lot of time, around twenty hours a week. It’s like solving a puzzle. But knowing that in the end we manage to help someone, it’s a great satisfaction.”
How do these enthusiasts proceed? Contrary to stereotypes, virtual currencies do not guarantee anonymity. Of course, we do not immediately know the owner of a wallet, displayed as a rather indigestible series of numbers and letters. But we can track transactions in the public ledger. “There is nothing more traceable than bitcoin, for example with free access to the amount of transactions and their timestamp, as well as to the addresses of issue and destination,” summarizes Hugo Estecahandy, a researcher who is preparing a thesis on cryptocurrencies at the French Institute of Geopolitics. When the final wallet is identified, crypto investigators try to trace it back to its owner. THE wallet may have been communicated in the past on social networks to receive transactions, for example, or associated with an email address which has already left traces on the Web.
“Thousands of transactions to sift through”
This all sounds simple on paper. In practice, it is much more laborious. This careful exploration requires a solid technical background: you must understand how blockchains and smart contracts work and master computer science. “In a portfolio, there can be thousands of transactions to go through”, with some of the flows being dead ends, points out Edouard Klein. He generally uses an in-house computer script to automatically separate the wheat from the chaff. But crypto investigators can rely on a whole range of tools. John uses Etherscan, an online explorer for Ethereum, or relies on the BreadCrumbs analytics platform. At the other end of the spectrum, cutting-edge software like that of Chainalysis, a renowned player in the sector, can cost 50,000 euros per year for a basic license.
If these investigations are often welcomed in the crypto community, their methods sometimes make you cough. Arkham, a marketplace allowing searches for information on crypto transactions to be auctioned, has thus caused controversy. “Bitcoin purists are opposed to all forms of control and surveillance, recalls Hugo Estecahandy. This is the very essence of cypherpunk”, this movement born in the 1990s which defends online anonymity as the only defense to the omnipresence of the State. Furthermore, detecting suspicious movements does not solve all problems. The justice system must still have the human and technical resources to take up these cases and prosecute the perpetrators of theft.
In any case, consultants have clearly understood the benefit of specializing in blockchain investigations. Sébastien Martin, the boss of Raid Square, has already carried out more than fifty investigations for law firms in two years. One of them led him on the trail of around forty million euros in crypto that had disappeared after a judicial liquidation. “Our job is to say where and how the money evaporated,” he summarizes. The co-founder of Raid Square is primarily looking to identify exit wallets hosted by exchanges like Binance. These companies actually request a certain amount of identification information from their users. They can therefore inform the judicial authorities about the identity of the suspects. “This type of report makes it possible to considerably speed up the processing of the complaints that we file. Thanks to this, we increase the chances of obtaining the seizure of funds,” underlines lawyer Romain Chilly.
Ultimately, this type of crypto investigation should also interest the banking industry, predicts Edouard Klein. “When banks accept cryptos as a means of payment, they will need compliance services to know who they are transacting with,” he anticipates. The Sherlock Holmes of bitcoin are not about to put away their magnifying glass.