BigData Behind Blockchain Forensics
It seems a week doesn’t go by without more news of another cryptocurrency hack, fault, failure, scam, or what have you. Just this week saw EOS have a hacker lift $7.7 million in EOS after a mistake by one of their validators. You will often hear about how these types of transactions get resolved later, but not a lot of information is provided about how that happened. Last week I saw the news that controversial Italian surveillance vendor Neutrino was acquired by Coinbase (which Coinbase has already come to regret) and when I read up on them, I realized that it was companies like Neutrino that are able to help repair those hacks, track down the terrorist funding, ransomware, the gun running, and drug sales and other nefarious activity that can take place on blockchain. This led me to research the companies in this space and the one that looked the most robust to me was CipherTrace and speaking with CEO and co-founder Dave Jevans to find out more about what they do and how they do it.
CipherTrace aims to make cryptocurrency safe and trusted with cryptocurrency intelligence that enables the blockchain economy to thrive, mature and avoid pitfalls by differentiating legitimate participants from bad actors, as Dave told me “they help catch the bad guys”. To that end, we can’t get into details on their sources and methods, because the bad guys can read as well, but the services provided by CipherTrace run the range from helping law enforcement to AML for a crypto exchange, such as:
- Anti-Money Laundering (AML) — For Exchanges, Funds and MSBs
- Financial Investigations — For Researchers and Law Enforcement
- Blockchain Threat-Intel™ — For Banks and Financial Institutions
- Compliance Monitoring — For Government and Auditors
- Maltego Transform — For Researchers and Investigators
Today there are hundreds of crypto exchanges with new ones coming and old ones going every day. Regulators are struggling with how to provide consumer safety with these companies in addition to now looking at decentralized exchanges and crypto to crypto exchanges. Financial regulators will at times want to evaluate how financial license holders are performing and audit that performance to ensure they are compliant and this is where much of the growth for CipherTrace and similar companies is coming from now. The growth is so explosive that new customers cannot be onboarded fast enough.
One of my big questions how to do with the data, the sheer volume, velocity and unstructured nature of much of it, and it was here that Dave had to keep a tight lip on specifics, but when I asked about their “datalake” he laughed and said “you mean the seven seas?”. What Dave mentioned a lot in our conversation was how to eliminate false positives when they are working a trace or investigation. For example, let’s say there is a bitcoin address at a regulated crypto exchange and it suddenly receives money from a known money laundering address and then sends it on to a suspected terrorist address, however, the other 50 transactions were perfectly legitimate. What are we looking at here? How do you gauge the address and the exchange? Are they involved in illegal behavior? Hacked? You can’t just yell out “shut down this exchange” based on this, so there is a lot of grey area involved.
Part of the volume of data that is involved is collected through OSInt, which provides a context and deeper analysis, but this is more unstructured data. You are looking for chatter on Twitter or Instagram for example that has to do with terrorist activities, and that gets collected along with all the scammer companies that will publish a partial blockchain address on the dark web to look legit, but they just lend themselves to the false positive, so that is a scam you have to filter out typically, unless you are looking for a scam to bust.
Security data is gathered by monitoring criminal activity, forums, dark markets and such. Getting intelligence off of open source and closed source and building a reputation in the ecosystems where this data lives, that is the starting point to get the initial tail, then you apply big data analytics to what you’ve gathered for ways to use forensic analysis and detection. The in house analytics tools were developed over years of processing and understanding the data and how the trails develop, this involved the creation of incredibly sophisticated machine learning algorithms as well.
So a typical walkthrough would be a client or agency coming to CipherTrace and say they have a problem, can you help us. Someone got ripped off through fraud or committed a crime activity, or maybe an ICO raised money and then disappeared (what are the odds of that? lol), how can people become financially whole again? This is where they start asking questions about particular transactions and addresses and start tracking things down.
Outside the who “bad guy” hunting, is KYC/AML and CipherTrace provides an AML product that can be easily leveraged at any institution that needs it, but the power in the API is in the ability to customize it for your business type. Take for example a scenario where a company is evaluating a customer from the US and one in Monaco. If the person in the US has a lot of gambling transactions, this would be flagged as risky and require reporting, however, someone doing a lot of gambling in Monaco is a desirable trait and would not get flagged, so they need to be able to address both scenarios and provide an appropriate risk score based on those different environments.
In my years of writing in this space, I had never done a deep dive into this particular segment of it and I have to say that personally, I find this space utterly fascinating, the sheer volume of data involved and the challenges it presents to be effective is amazing. While it might seem slightly counter-intuitive, the team at CipherTrace are big privacy advocates, what they are doing is helping stop the lawbreakers and help get the average Joe safe and financially whole. Most people aren’t even going to realize this market segment exists, but when or if your hot wallet on an exchange gets compromised, you’ll be glad they are there. Interestingly, the news hit as I was talking to Dave that they had just closed a $15 million funding round from Aspect Ventures and Galaxy Digital which I imagine will help accelerate their growth.