Blog Post

How Lessons Learned from Digital Assets Investigations Can Inform and Improve Fraud Prevention Strategies

Tens of billions of dollars in digital assets have been subjected to theft, fraud and other misappropriation over the last several years. Such incidents often trigger lengthy disputes, litigation, regulatory inquiry and/or asset recovery efforts, all of which require complex digital forensics investigations to uncover facts and evidence.

Digital assets losses can be attributed to a wide range of attack vectors and forms of fraud, including hacking, insider theft, romance schemes, darknet markets and investment scams. Fortunately for organizations and individuals holding or transacting with digital assets, the process of tracking and tracing lost funds can be easier than doing so for traditional currencies. In traditional finance, access to critical transaction data is typically guarded by banks, brokers, exchanges and regulators. Gaining access to it often requires expensive and time consuming administrative proceedings that lead to precious time being lost while funds continue to move. Transaction data for digital assets on the other hand resides on blockchains, as public, auditable, immutable real-time ledgers, making it easier to access and respond to.

While there will always be risk, many criminal activities involving digital assets can be prevented or mitigated with strong compliance and fraud prevention frameworks. Moreover, many of the lessons learned during complex digital assets investigations can be applied to build systems and protocols that prevent theft and fraud, as well as strengthen preparedness for an effective response if an incident does occur.

For example, in a matter in 2022, a decentralized finance exchange was hacked, and experts from FTI Technology’s Blockchain and Digital Assets practice were engaged to investigate. The exchange had lost tens of millions in digital assets as a result of the incident and was facing class action litigation relating to allegations of conspiracy to defraud customers. The investigative focus was to identify the source of the attacks and validate or disprove claims relating to the stolen funds.

The investigation team independently analyzed the facts of the alleged conspiracy and fraud by performing on-chain track and trace analysis. Using digital forensics tactics and tools, the team was able to develop and validate timelines of transactions and verify the identity and relationships of account holders. The findings included an in-depth outline of all transactions with wallet addresses, to include time stamps and related transaction history, as evidence of activities on the exchange. This on-chain evidence served to refute the charges against the exchange. As a result, opposing counsel reconsidered filing the class action litigation, and the exchange was able to avoid a large, expensive and lengthy legal battle. 

Using the same expert-led track and trace methodologies, an organization could facilitate search and review of asset and transaction activity, destination, volume, patterns and other behaviors that may signal trouble. Close examination of the characteristics and evidence of suspicious transactions can help pinpoint the flow of funds and reveal patterns in activity that may provide further insights to help legal and compliance teams take action before funds are compromised.

Another example involves darknet markets interacting with legitimate organizations to launder illicitly obtained funds and purchase illicit items. In this matter, investigators identified a group of bad actors involved in various scams. Extensive information relating to the group’s activity and transactions across more than a dozen sites was compiled to shed light on how the network was operating and what platforms they were targeting. This provided a high degree of confidence as to the most vulnerable targets, so they could be adequately protected against money laundering and other financial crime.

Further, in the aftermath of an instance of theft, investigators can tag impacted wallets and establish alerts for movement of funds or other potentially concerning behavior happening with them. Once alerts are established, an organization can leverage investigative methods and available intelligence to identify known ownership of wallets and addresses to which affected funds are transferred. This can help to mitigate further losses and support proactive efforts by establishing alerts and controls around certain activities, such as if a suspect account interacts with mixers or opens certain protocols within a decentralized finance environment.

Compliance programs designed specifically for digital assets offerings are also essential. Organizations must implement specialized controls to prevent digital assets transactions from undermining existing compliance requirements. Transaction monitoring requirements are also different in cryptocurrency environments than they are in traditional models, requiring specialized expertise to develop a program that addresses the array of considerations unique to digital assets.

By understanding how digital assets fraud is investigated and remediated, organizations can better design systems to help minimize their exposures in these ecosystems. Many of the same expertise and tools leveraged to collect digital evidence from a blockchain and impacted accounts to piece together details and recover lost funds could be applied up front as a prevention method. Just like investigations require highly technical knowledge, digital forensics experience and specialized technology solutions, prevention programs should be developed with the support of experts who understand the controls, gates, tools and policies needed to effectively reduce the risk of exposure. 

The views expressed herein are those of the author(s) and not necessarily the views of FTI Consulting, its management, its subsidiaries, its affiliates, or its other professionals.