Recently, an American law firm asked for strategic advice on a multi-million-dollar crypto recovery case.
Their plan was to use securities laws that required the scammers’ genuine identities from the outset. The list of defendants was endless: bogus usernames, individuals across the globe using VPNs, spurious connections based on social media.
It was clear, not everyone is familiar with the alternative method: follow the money and the ghosts materialise.
According to the Chainalyasis 2024 Crypto Crime report, revenue from different species of crime, including romance/pig-butchering scams jumped from $5.9bn (£4.4bn) in 2022 to $6.5bn in 2023.
Similarly, Immunefi’s Crypto Losses Q2 2024 report details a 112 per cent rise in hacks and scams compared with the previous year.
Although cryptoassets are at play in these cases, to quote Aidan Larkin of Asset Reality, Ari Redbord of TRM Labs, and Nick Furneaux of both: There is no such thing as crypto crime.
Instead, if we treat it like any other crime, we remove the inertia and can start the recovery process.
For many, the hope of recovery dies on the pretence the assets disappear into the ether, bad actors are sophisticated masked hackers in faraway lands, that processes for recovery lack maturity or that authorities have no appetite.
In the clearest terms, recovery of cryptoassets, or their equivalent monetary (fiat) value is a very real, established and carefully considered process.
However, often with cryptoassets, hackers and fraudsters operate in increasingly sophisticated ways.
Examples of hacks and scams
In 2019, a Canadian hospital was hit with a ransomware attack demanding $1,200,000 to recover the data. Computer screens read: “No free decryption software is available on the web…You have to make the payment in bitcoins”.
Here, my task was to help trace the bitcoin paid using blockchain analytics tools and prepare novel court procedures to freeze funds. This now seminal case AA v Persons Unknown [2019], set the precedent that “a cryptoasset such as bitcoin is property” – the genesis of all cryptoasset recovery cases.
Over the past few years, I have acted on matters involving a North Korean-sponsored $100mn hack at a major crypto exchange, scams in which the perpetrators utilise dating apps (which includes blackmail after sending explicit photos), as well as fake investment platforms promoted via forums like Reddit, which promise lucrative returns, falling apart when the return of capital and profits are refused until further withholding taxes (not a real thing here) are paid, usually via bank transfer.
A contact of mine once met with Disney executives to pitch a Web3 gaming product, only to immediately receive a convincing phishing email offering a contract, and which led to the complete drain of his crypto wallet.
Another attended a gaming event showcasing facial recognition technology, which was later exploited to sideline iPhone biometrics safeguards leading to loss of significant cryptoassets.