Dive deep into the methods and tools investigators use to unmask crypto money laundering operations. This article reveals how OSINT and blockchain analytics can expose the flow of illicit funds across multiple blockchains.
This article is also published on my Medium page.
Our preceding article introduced the “Money Laundering Base OSINT Toolkit,” featuring tools like OpenSanctions and OCCRP Aleph, essential for constructing foundational profiles of targets. This groundwork is vital when pivoting to the domain of cryptocurrencies.
Today, we turn our attention to blockchain forensics, a burgeoning field within open-source intelligence that investigates cryptocurrency transactions. Unlike traditional banking, blockchain’s public nature makes it a prime target for OSINT. The growing adoption of blockchain analytics is a pivotal tool in the fight against money laundering.
This article aims to equip investigators with tools and knowledge to trace complex crypto laundering schemes, focusing on techniques such as “chain-hopping,” mixers, and nested exchanges.
Before we delve into the technical intricacies of blockchain forensics, we must understand the tools at our disposal. The effectiveness of an investigation often hinges on the capabilities of the analytical tools used to parse through complex data layers.
Maltego and Its Limitations: Maltego has been a significant player in the visualization of OSINT investigations, providing a graphical representation that aids in understanding complex networks. However, it faces limitations in blockchain forensics, such as a lack of specialized transformers and a user interface not tailored for in-depth crypto investigations. For a more refined experience, the CipherTrace transformer offers enhanced capabilities, though at a higher cost ($999 per year for the base tier last time I checked).
The Power of Free (and Affordable) Tools: For independent investigators who do not need enterprise systems, Breadcrumbs, MetaSluth and SlowMist emerge as vital resources. These tools offer free tiers and cost-effective subscription plans, making advanced blockchain analytics accessible to a broader audience. I should note that MetaSluth is my platform of choice but I have used all providers (except CipherTrace) mentioned in this article and would not have any issues with using them again if I was in a setting that subscribed to one of the other services.
Enterprise-Level Options (Brief Mention): While the focus of this discussion emphasizes accessible tools, it’s important to acknowledge enterprise-level options such as Chainalysis, TRM Labs, Elliptic, and Blockchain Intelligence Group. These platforms provide extensive capabilities for organizations with greater resources, but for most investigators, MetaSluth and Breadcrumbs offer the necessary functionality to effectively tackle money laundering investigations without substantial financial investment.
In the intricate world of cryptocurrency, money launderers utilize various obfuscation techniques to mask the origins of illicit funds. Primary methods such as CoinJoins, mixers, and bridges each play a role in complicating the traceability of transactions. CoinJoins amalgamate multiple users’ transactions into a single operation, obscuring individual paths.
Mixers, meanwhile, pool and scramble cryptocurrencies from numerous addresses, challenging the linkage to original sources.
However, with mixers facing increased regulatory scrutiny and sanctions, illicit actors are shifting towards more sophisticated methods like chain-hopping via bridges.
How Chain-Hopping Works: Chain-hopping involves cross-chain transfers that allow cryptocurrencies to seamlessly move between different blockchains, such as from Blockchain A to Blockchain B. This technique adds layers of complexity for investigators tracking laundered assets. The typical process unfolds as follows:
A user initiates a transfer via a bridge interface, sending cryptocurrency from Blockchain A to Blockchain B.
The cryptocurrency is then locked in a vault on Blockchain A.
Validator nodes note this lock and relay the information to Blockchain B.
Validators on Blockchain B confirm the lock’s validity.
Blockchain B mints proxy tokens, backed 1:1 by the locked funds, which are then credited to the user’s wallet.
Detecting Red Flags: While using CoinJoins, mixers, and chain-hopping isn’t inherently illegal — indeed, many legitimate cryptocurrency users employ these techniques — caution is warranted if they are linked with services sanctioned by authorities like The U.S. Department of Justice (e.g., Tornado Cash or Samourai Wallet). Tools such as OpenSanctions or OFAC can provide updates on such sanctions. Suspicious activities that may suggest illicit usage include:
Transactions involving mixers, sanction entities, and high-risk jurisdictions.
Repeated transactions just below reporting thresholds.
Activity that deviates from the customer’s typical profile.
Extensive layering across multiple wallets, chains, and transfers.
Leveraging of nested exchanges to cash out.
These indicators, especially when combined, might necessitate a comprehensive investigation into the subject’s transaction history to uncover potential money laundering activities.
Example: In the center of this graph is a wallet belonging to OFAC-sanctioned individual Ivan Gennadievich KONDRATIEV. As the funds flow to the right, it’s evident that this wallet exhibits activity on eight different blockchains, suggesting a high level of chain hopping. MetaSluth lets users easily click on each blockchain and track the address’s activity across various chains. What we observe here is that the individual’s primary wallet transfers funds to another wallet, which then engages in extensive chain hopping, warranting further investigation.
Note: To keep this article concise and straightforward, I have chosen not to cover privacy coins.
Navigating the labyrinth of cryptocurrency transactions demands precision and clarity. MetaSluth, with its robust capabilities, is an indispensable tool for tracing funds across multiple blockchains. Here are a few ways you can set up and organize your investigations using MetaSluth:
1. Initialization: Begin by setting up your MetaSluth dashboard and inputting the target cryptocurrency addresses or transaction IDs.
2. Transaction Tracing: Use MetaSluth to track the flow of funds. The tool visualizes the path of transactions across various blockchains, highlighting nodes and connections clearly.
3. Analysis: Delve deeper into each transaction to understand the origin, destination, and intermediaries involved. MetaSluth’s analytical features allow for the dissection of each step in the blockchain transfer.
4. Label & Memos: Label and add memos to key findings and suspicious transactions for further investigation.
Orientation: Arrange your graph from right to left. Place the Wallet of Interest (WoI) in the center, with incoming funds to the left and outgoing funds to the right, to visually represent the flow of transactions.
Color Coding: Enhance graph readability by color-coding elements. For instance, color the WoI red, with associated transactions in light red. Centralized exchanges could be marked in blue, decentralized exchanges in orange, and sanctioned entities in dark red. Feel free to customize the color scheme to suit your analysis needs.
Correlation Analysis: Utilize MetaSluth’s ability to correlate disparate data points. This can help identify patterns or anomalies that are not immediately obvious.
Alerts Setup: Configure alerts to continually monitor transactions by your wallet of interest.
When I complete my investigations using MetaSluth I will then import the final results into Maltego, attaching a comprehensive MetaSluth investigation graph as an “Exhibit.” This allows anyone reviewing my reports to easily reference a specific Exhibit to see the rationale behind attributing a particular wallet to our person of interest.
As we wrap up this detailed exploration into the world of blockchain forensics, it’s clear that the landscape of financial crime is evolving rapidly, and so must our methods of investigation. The tools and techniques we’ve discussed are not just advanced technologies; they are essential allies in the ongoing battle against money laundering in the cryptocurrency space.
From the foundational use of the Money Laundering Base OSINT Toolkit to the sophisticated deployment of MetaSluth and Maltego, each tool serves a pivotal role in unveiling the obscured paths of illicit funds. The practical insights provided here aim to educate and empower investigators and analysts. The step-by-step guides and advanced tips ensure that every reader can confidently navigate the complexities of blockchain transactions.
As you apply these methods, remember that the key to successful investigations lies in understanding the technical mechanisms and behavioral patterns underpinning crypto laundering. Whether you’re dissecting chain-hopping maneuvers or scrutinizing Tornado Cash transactions, the ability to interpret and act on these insights will ultimately disrupt criminal activities.
I encourage you to continuously evolve your toolkit and stay informed on the latest developments in blockchain forensics. Doing so contributes to a more transparent and secure financial environment. Harness these tools to their fullest potential, and you’ll follow the digital breadcrumbs and possibly lead the charge in preventing future financial crimes.
Discover how blockchain is transforming industries on the Blockchain Insights Hub. Follow me on Twitter for real-time updates on the intersection of blockchain and cybersecurity. Subscribe now to get my exclusive report on the top blockchain security threats of 2024. Dive deeper into my blockchain insights on Medium.