Mastering Crypto Investigative Strategies: Crash Course Preview

Merkle Science
October 21, 2024

On Wednesday, November 6 at 10 am ET, Merkle Science will be hosting a webinar, A 3-Hour Crash Course in Mastering Crypto Investigative Strategies.

This crash course follows on the success of other three-hour crash courses on crypto crime investigation previously organized by the blockchain analytics company and features Merkle Science’s Senior Solution Architect Justus Delp along with independent blockchain investigator and detective Scott Simons.

Register for the crash course here.

This article will provide background on the two facilitators and an overview of the different topics that will be covered during the crash course, focusing particularly on why they matter to law enforcement.

Meet our experts

Justus Delp (Merkle Science’s Senior Solution Architect)

Justus Delp has a PhD in International Business from the University of Edinburgh’s Business School. With a fascination in crypto, especially in tokenomics in the DeFi space, he has worked in the sector for the last several years. He now serves as a Senior Solution Architect at Merkle Science.

Justus is also a frequent speaker on crypto crime investigation. During a webinar with Halborn in October 2024 about the biggest hacks of the year, Justus discussed the changes in the regulatory environment that are shaping cybersecurity.

“The U.S. Department of Treasury published [guidelines] in April 2023 saying it doesn't really matter if a service is decentralized or not, the key obligation—if it has any association with the United States at least—is that you need to comply with anti-money laundering and counter-terrorist financing guidelines,” he said, adding that the only way to achieve this goal is by monitoring and screening transactions.

Connect with Justus here.

Scott Simons (Blockchain investigator and former DEa)

Scott Simons has worked in local and federal law enforcement since 2002 with an emphasis in pharmaceutical, international cyber drug investigations (Darknet, ClearNet, cryptocurrency), and illicit asset forfeiture. He has presented case studies and instructed federal, state, and local authorities, as well as foreign law enforcement authorities, throughout the United States and overseas. Topics covered were pharmaceutical and cyber drug trafficking investigations (DarkNet, crypto currency, PGP encryption, and more).

Connect with Scott here.

What you will learn  

During the three-hour crash course, Dr. Justus and Dr. Simon will cover the following topics, all of which are essential for law enforcement agencies in fighting crypto crime.

Bitcoin fundamentals and tracking

Bitcoin is the first and still most widely used cryptocurrency, so much so that all others are collectively referred to as “alt coins.” Bitcoin is also one of the most widely used cryptocurrencies for criminals.

Bitcoin is based on blockchain technology. There is public access to Bitcoin’s public ledger, where all transactions are recorded. People can see details of each and every transaction, including transaction data (i.e. how much the transaction was for, how much were the fees) and block data (i.e. timestamp, block height and size). People can also see the overall network activity, such as the pattern and volume of fund movement.

During a crypto crime investigation, investigators should be able to link wallets and transactions, so they can trace the flow of illicit funds. Because cryptocurrency is pseudonymous (i.e. they are not tied to a real world identity), investigators must eventually tie a wallet linked to a crime to an exit node like an exchange that conducts KYC. That way, investigators can pin the Bitcoin-related crime to an actual person.

Ethereum, ERC20 tokens, and tracking

After Bitcoin, Ethereum is the second largest blockchain by market capitalization. It is particularly ideal for smart contracts, self-executing contracts based on code, that are also prone to a laundry list of vulnerabilities.

According to Merkle Science’s 2024 HackHub report, Ethereum was the most targeted blockchain in both 2022 and 2023. Although the value lost fell from $2.8 billion in 2022 to $1.49 billion in 2023, Ethereum is still a critical blockchain that investigators must be familiar with.

ERC-20 tokens are a standard type of token offered on Ethereum. They are popular for a wide variety of use cases, including stablecoins, such as USD Coin (USDC) and Tether (USDT). Ethereum is also a popular blockchain for non-fungible tokens (NFTs)—CryptoKitties, which started the trend in November 2017—operates on the ERC-721 token standard. Finally, Ethereum is also a hub for both decentralized finance (DeFi) and decentralized exchanges (DEXs) because of its smart contract capabilities. Both DeFi and DEXs tend to be havens for criminals because they do not typically comply with the KYC or AML policies set by regulators.

Given the importance of Ethereum to the crypto sector, law enforcement agencies must be able to understand its common vulnerabilities, particularly those related to smart contracts, and learn how to track criminals that use the blockchain.

Investigative avenues for furtherance

Law enforcement agencies have several means of gathering evidence. They can choose native blockchain explorers like Solscan for Solana or open source explorers and tools like Etherescan for Ethereum. While these tools can be a useful starting point—they are free and easy to begin using—they offer only quantitative intelligence and do not have advanced features to streamline the investigative process.

A much better solution for law enforcement agencies are blockchain analytics tools. These tools provide additional modules that help law enforcement agencies. One such example is Merkle Science’s Tracker.

Tracker can assist law enforcement agencies across the investigative process. With Tracker, law enforcement agencies can input an address to monitor it in real-time, even if the criminals engage in chain-hopping, because the product offers multi-chain support. Addresses are also continuously monitored in the event that one passes an initial screening but is later used for criminal activity.

Law enforcement agencies can visualize the connections between wallets and transactions through the advanced graphing capabilities of Tracker. Law enforcement agencies can share these dashboards with other collaborators, such as other state, local, tribal, or territorial (SLTT) authorities, through Tracker’s one click sharing. Together, the collaborators in an investigation may even take corrective action, such as freezing assets, when they act fast enough.

When building a case, law enforcement agencies may work with common exit nodes, such as exchanges, to properly identify the owner of wallets linked to crime. Law enforcement may then provide this information to prosecution. Because Tracker’s attribution mechanism does not operate as a black box, judges may feel confident in using its findings to charge, convict, and sentence perpetrators.

As a blockchain analytics tool, Tracker’s feature set is vast. Merkle Science’sJustus Delp will provide an introduction to them during the crash course and all attendees will be given a free trial access to Tracker, so they can further explore how it can aid them in a crypto crime investigation. He will also show how Tracker can be used to investigate the latest schemes, such as the recent spate of fraud involving crypto ATMs.

Conclusion

Law enforcement agencies that want to understand the process of crypto investigation would be well-served to attend the A 3-Hour Crash Course in Mastering Crypto Investigative Strategies on November 6, the latest entry into Merkle Science’s successful crash course series, which started with webinars in Mastering Crypto Investigative Strategies and Crypto Compliance.

They will gain an end-to-end understanding of crypto crime investigation, including everything from the fundamentals of Bitcoin to schemes involving crypto ATMs. Attendees will also be given a hands-on demonstration and a free trial license for Tracker, Merkle Science’s transaction and monitoring tool, so they can put their knowledge into practice. Finally, attendees who complete the training session will  be given a certificate of completion.

The event will take place on Wednesday, November 6 at 10 am ET. Register for the 3-Hour Crash Course in Mastering Crypto Investigative Strategies here.