There are several different types of cryptocurrencies, each with its own unique architecture and design. Our today’s discussion focus is illegitimate payments using cryptocurrencies and how to investigate then. Some of the most popular cryptocurrencies for making payments are:
| Blockchain | Consensus mechanism | Cryptographic hash | Natively supports smart contracts | Popular for illegitimate payments |
| Bitcoin | proof-of-work | SHA-256 | No | Yes |
| Ethereum | proof-of-work –> proof-of-stake | Ethash (formerly Dagger-Hashimoto) | Yes | Yes |
| Ripple | XRP Ledger Consensus | SHA-256 | No | No |
| Tether | Proof-of-Reserve | Omni Protocol (based on Bitcoin’s SHA-256) | No | No |
| Monero | proof-of-work –> RandomX | CryptoNight | No | Yes |
| Zcash | proof-of-work–> Overwinter | Equihash | No | Yes |
Blockchain forensics in cryptocurrency is a complex and time-consuming process. It typically involves the following steps:
- Identifying the ransom payment: To begin, you would need to determine which cryptocurrency was used the payment. Identify the relevant blockchain. This may involve analyzing transaction records, examining IP addresses and other network data, or using tracking tools or services.
- Tracing the funds: The next step is to trace the movement of the funds from the payment address to any other addresses or exchanges. This may involve using blockchain analysis tools to track the flow of funds. You will also be working with law enforcement agencies to obtain additional information.
- Analyzing transaction data: To build a complete picture of the payment, analyze transaction data, including the date and time of the payment. Also, the amount involved, and any other relevant details. This may involve reviewing blockchain records, such as the block height and transaction hash. Cross-referencing this data with other sources, such as exchange records or IP addresses is a key.
- Identifying the actors: Finally, you may need to identify the actors involved in the ransom payment. This includes the person or group behind the ransom, the person who made the payment, and any intermediaries or exchanges involved. This may involve using additional data sources, such as public records or online profiles. It is the important to follow-up with law enforcement agencies to obtain further information.
When investigating a cryptocurrency payment, the following tools can be useful:
- Chainalysis: Chainalysis provides a range of blockchain analysis and compliance tools including transaction tracking and visualization, address clustering, and suspicious activity reporting.
- CipherTrace: CipherTrace offers a range of blockchain forensics and anti-money laundering (AML) tools. Transaction tracking, address clustering, and cryptocurrency threat intelligence are noteworthy.
- Elliptic: Elliptic provides blockchain analytics and risk management solutions, including transaction monitoring, suspicious activity reporting, and cryptocurrency forensics.
- Blockseer: Blockseer offers a range of blockchain analytics tools, including transaction tracking, address clustering, and AML reporting.
- Blockchair: Blockchair is a powerful blockchain search and analytics engine. It provides access to historical data, transaction tracking, and advanced search and visualization tools.
Besides, blockchain explorer is also an indispensable tool that allows you to view the details of a blockchain and its transactions.