By Jacob Parks, J.D., CFE
Due to its skyrocketing value over the past year (from
around $10 per Bitcoin in November 2012 to over $900 per a year later), Bitcoin
has been gaining popularity beyond just the tech community. Specifically,
anti-fraud professionals are taking an interest in the digital currency. Bitcoin
has been involved in a range of financial crimes, including theft, price
manipulation, sale of illicit goods, money laundering and even Ponzi schemes.
Virtual currencies, perhaps most notably Bitcoin, have captured the imagination of some, struck fear among others and confused the heck out of the rest of us, including me,” said Senator Tom Carper, chair of the Senate Homeland Security and Government Affairs Committee, during a meeting this November. Bitcoin is an online peer-to-peer currency that uses principles of cryptography to validate transactions between users. Much like trading in national currencies, a person can go online and exchange bitcoins for dollars, euros, and a host of other national currencies (and vice versa). One of the key features of Bitcoin is that it is decentralized, meaning individual users around the world running Bitcoin software on their digital devices form the backbone of the system. This trait has separated Bitcoin from some other virtual currencies — such as e-gold and Liberty Reserve — which operated through centralized servers and were shut down for violations of anti-money laundering regulations. To read more about the origins of Bitcoin, see this previous article from The Fraud Examiner.
Bitcoin has often been called an "anonymous" currency, but
recent criminal enforcement actions have shown that individuals who use the
currency for fraudulent purposes are not as nameless as they might hope.
Investigators do not always reveal criminals by looking at
the books. Reflecting the online nature of the currency, the Bitcoin community
is also active through social media, online forum posts, chat rooms and comment
sections. For some reason, many cybercriminals have a tendency to discuss or brag
about their methods in online settings.
The FBI recently busted the operator of the most popular
online drug site, the Silk Road. This site was essentially the eBay of drugs
and other illegal items, and only accepted payment in Bitcoins for the purpose
of maintaining the anonymity of buyers and sellers. The investigation involved
many sources that eventually led to the identification of the suspected
operator, Ross Ulbricht. One of those sources, surprisingly enough, was the
suspect's LinkedIn profile.
According to the federal criminal
complaint against Ulbricht, his profile obliquely stated his goal was "creating
an economic simulation," designed to "give people a first-hand experience of
what it would be like to live in a world without the systemic use of force by
institutions and governments." That description fits that of a Silk Road
advocate, and Ulbricht's profile gave investigators more evidence.
Those who use Bitcoin as a means for crime often operate on
the "dark Web," using Tor (a tool that makes tracking a person's IP address
very difficult) and other techniques to cover their tracks. As a result, law
enforcement agencies such as the FBI have successfully turned to undercover
operations to foil such schemes. In the same Silk Road investigation,
investigators posed as users of the illegal site to learn information about it,
as explained in another
Additionally, Ulbricht had an employee who had stolen funds
from Silk Road users and was arrested by federal law enforcement. Ulbricht
wanted to punish the former employee for stealing, and also feared that the
employee would give information to the police. Ulbricht decided to hire (with
Bitcoin payments worth $80,000) another person to murder the extortionist — or
so he thought. The hired assassin was actually an undercover agent, who happily
accepted payment for the murder contract. The police staged and photographed
the fake murder of the former employee, who, indeed, was working with them. The
undercover agent then sent the photos to Ulbricht as "proof" of the crime. This
undercover operation gave the investigation team solid evidence to indict the
Cybercriminals are at continual risk of being "doxed," which
occurs when one person (generally a hacker) reveals the true identity of an
anonymous person in public fashion. The person doing the doxing has typically
found vulnerabilities in the subject's strategy to remain anonymous and takes
advantage of them to obtain identification information. Doxing is sometimes done
as a means to harass or cause harm, but there are also times when someone who
commits fraud or other grievances against the community is targeted for doxing
as a way of punishment. As a result, reading these public posts can help
investigators develop leads.
For instance, in July 2013, the SEC accused an individual of
operating an illegal $5 million Ponzi scheme with Bitcoin-based investments. The
subject, known as the online handle "pirate40," used all of the obvious
hallmarks of a Ponzi scheme. First of all, with a name like "Bitcoin Savings
and Trust," suspicion should have been aroused. The subject also promised 7 percent
returns on investment every week,
made statements that the investment was virtually risk-free, that he never was
close to operating at a loss, and so on. In truth, he actually was trading at a
loss and was paying early investors with new investors' funds — a scheme that
soon collapsed. He also spent a large amount of his investors' funds on
However, "pirate40" was doxed at some time near September
2012 on Bitcoin forums, revealing his identity as Trendon Shavers of McKinney,
Texas. The doxing in this case was a community effort to recover the stolen
funds. Those who claimed to help uncover his identity also claimed to have
notified various law enforcement agencies. The following year, the SEC brought
its charges against Shavers.
Fraud examiners should exercise caution in using this type
of information for several reasons. First, it is not necessarily reliable. The
wrong person could be doxed and the information could be inaccurate,
purposefully falsified or contain other problems. Additionally, evidence that
is obtained illegally can cause issues if the case were to go to trial,
especially if the illegal search was conducted at the behest of investigators.
Therefore, legal counsel should be consulted before attempting to access or use
such information in a fraud investigation.
Analyzing the Block
Bitcoin is more accurately described as pseudonymous than anonymous, meaning that while a user's name is
not attached directly to an underlying transaction, the transaction history
itself is permanently stored on an online public ledger for all to see. This
ledger is referred to as the "block chain," and is searchable at http://blockchain.info/. Researchers and
data analysis professionals are developing techniques that might be used to
detect suspicious activity in Bitcoin transactions, and perhaps even trace them
to specific people.
Researchers at the University of California at San Diego and
George Mason University undertook research to identify ways in which Bitcoin
transactions could be grouped and traced back to specific users. While the
public information alone probably would not reveal the person's identity, a
warrant or subpoena served on the user's Internet service provider (ISP) might
be effective. For instance, the researchers were able to map transactions from
certain parties (e.g., the Silk Road) that were related to users believed to be
customers. The researchers created a transaction link diagram, as seen here.
Additionally, government and private organizations are
working on tools to detect Bitcoin fraud, in case the digital currency
continues its rise in popularity. Markus Rothenhöfer, CFE, works for
Contelligence GmbH, a company that is working with German law enforcement and the
European Union to develop data analysis software for Bitcoin. Rothenhöfer
states that the tool "makes it possible to trace and detect fraudulent
transactions via mathematical methods by combining graph theory with
statistical models." A screenshot of the tool is provided below.
The Future of Bitcoin
Bitcoin has the potential to benefit legitimate parties,
such as merchants who might incur much lower transactional fees for payment
processing. Many Bitcoin advocates believe that the currency or one like it
will be the next disruptive development in payment technology, much as credit
and debit cards were in the 20th century. While that prediction is far from
certain at this point, it is good to know that there will be ways for fraud
examiners to investigate crimes involving Bitcoin.
For more information, contact Mandy Moody, Media Manager, at (512) 478-9000 ext. 167 or