Pushing the Boulder: Our Journey to Solving Crypto Crimes

This post is as much for the investigation companies and law enforcement, as it is for the victims of crypto related crime.

Over the past 2 years we have contributed to many state, local, and federal investigations (totalling over $1b in fraud volume). We have guided local PD with zero previous experience to the final steps of a successful freeze on an exchange. We have, as a company, guided civil process to successfully restrain over $36 million in wallets we identified during our investigation.

As happy as I am to be able to say this, the reality is that we have so much work to do in order to make real progress. We, as a company, are touching less than 0.1% of the total cases. And it's such a challenging process.

As 99% of victims can attest, there is rarely law enforcement engagement.

And as 99% of law enforcement can attest, they may not have time (they're busy on violent crimes, etc), or they may not have the software (it's wildly expensive - $25k-$60k/year per user), they may not have the knowledge/experience, or even they may not have enough probable cause. About 95% of the time, we get reports whereby a victim has reported to their local law enforcement and are told that nobody can help.

And as 99% of lawyers can attest, the civil side is often much more expensive than the victim's losses, and therefore "not worth it."

Fortunately there is a percentage of people, companies, and law enforcement that are working together on real solutions.

Solving crypto crime in 2024 reminds me of the early 1980s regarding fingerprints. If a police department in LA had someone's fingerprints and that person did something else in Seattle, it wasn't likely that they'd be connected or caught. So why, now, when there is so much data,?there's AI being used, there are real solutions sitting right there, are we not all just sharing data? Sharing labels, attributions, tracings, reports, alerts? Why isn't it being shared with the other people who can contribute to a solution?

That last bit may be an entirely different discussion for another time.

Interestingly, our first few cases/investigations had great results. We recovered money for victims through civil processes and negotiations with the scam operators, we received confessions and admissions, we got results for our clients. As anyone now knows, in the crypto space, this is an anomaly. Getting recovery for a client as a private company is rare. And lengthy.

We've had cases where we can determine the identity of the operator. We've hired retired FBI to go chat with the target operator. In some cases the operator confesses and we come to a civil agreement for repayment. In other cases the target operator tells us to kick rocks or they'll sue us.?

In most cases, the scam operators are in different countries, creating?significant jurisdictional challenges or even impossibilities.

We've had cases where the forensics were clean and clear: funds moved directly from a victim, to a scam wallet and then into an exchange. Simple right? Wrong. Up until recently, exchanges have rarely cooperated. They hide behind privacy laws and actively put up obstacles for a private company to get results. It should be pretty simple for an exchange to review a report, confirm its veracity and then freeze an account right? They don't. They claim they need law enforcement to do that, meanwhile your money (or your mother's money) is being off-ramped to a bank account or another wallet for further obfuscation. They don't even make it simple for law enforcement to create a request.

Sometimes they'll help us and freeze an account for a week given the evidence we provide, while they wait for law enforcement. However, as mentioned, getting law enforcement to act inside of a week is extremely difficult. They first need to understand the crime, do their own analysis, corroborate our findings, find their own probable cause, get permission from a superior and then can pursue the crime. This takes time. This is why exchanges (and laws regulating exchanges) need to change ASAP.?

We've had cases that involve social media profiles. It should be fairly straightforward to report this to the social media company, present enough evidence and get cooperation, right? Wrong. Social media companies, much like exchanges, do NOT want to stop these profiles, the engagement or the financial volume. Social media or chat apps are the beginning of a vast majority of the scams we see and need to change ASAP.

We've had cases where we approach law enforcement on behalf of the victim and are told "we can't help, report it to IC3". Everyone reading this, I am sure, understands that IC3 reporting is a big pile of reports and data that are too numerous to effectively pursue. Imagine if they shared those reports or data with a select few companies that can investigate and solve them for law enforcement? I'd be willing to guess we could solve thousands inside of weeks, connecting multiple cases, connecting websites, urls, social media profiles, easily attributing large groups as a main scam operator, and actually get results.

We've had cases where we have investigated everything from forensics, OSINT, gotten lists of victims, ensured the admissibility of evidence collected, created complete 50+ page reports and successfully handed them to federal law enforcement to continue. This still takes months if not years before a result.

We've had cases where clients are losing their homes to foreclosure, need to sell their homes to survive, need loans from parents, and certainly, need our company to work for free because they have nothing and law enforcement has told them that they can't help.

We've had cases involving a large group of individuals. Telegram and discord groups of angry, upset, and anonymous people. You can imagine how difficult it is to manage hundreds of comments, questions, accusations, assumptions from the Internet. We've been harassed, called names, threatened, accused that we are part of the scam ourselves, meanwhile we are doing everything within our power as a private company to achieve results.

You can never make everyone happy.

We've been impersonated. A scam operator has tried to create emails that look like ours in order to reach out to victims to solicit money for recovery. We've had clients fall for it too, and there goes another $1500 from the victim.

And so often clients don't understand what's taking so long. They don't understand the civil or criminal process, they are left upset. I don't blame them.

But we keep trying for solutions. Whether that be civilly or criminally. With exchanges or with law enforcement. Regarding regulations or law. Even tech-based solutions. We are SO excited about the tech we have developed that simply doesn't exist anywhere else.

We are working on real solutions daily. Because we see how many people are affected and how challenging it is to get real results. We've made some incredible partnerships, met people and companies that are truly doing phenomenal work, and I can't speak highly enough of these companies who are, like us, pushing a boulder up a hill.

We often say that our tech and our efforts are doing 99% of the work for law enforcement or lawyers, handing them completed investigations on a silver platter.

But we need to do another 0.9% more if we are going to actually affect change. This is why we have been building tech to do 99.9% of an agent or officer's job. So that the hurdles to pursuing a case are so low they can't deny it. So that exchanges have NO possible way of not assisting in a given investigation.?

This has been a slow, painstaking, but immensely rewarding journey. And we'll happily continue to push this boulder up the hill until we get a world where law enforcement can work with private data companies, where data companies share results, where exchanges can participate in stopping the off-ramping of victim funds, where social media companies stop the onboarding of scammers who snag?victims, and where victims can actually get some help and real results to continue on with their lives.

Everyday we are tired. And every day we are incredibly motivated.

Onward.