In technical terms, blockchain forensics is the use of science and technology to investigate and establish facts in criminal or civil courts. In other words, blockchain forensics is primarily concerned with the recovery and analysis of latent evidence left on the blockchain digital ledger as a result of transaction activities on a blockchain.
Blockchain forensics enables organizations and experts to manage financial crime and reputational risks associated with cryptocurrencies and other blockchain applications from onboarding new customers to ongoing maintenance of existing customers. Blockchain forensics provides user confidence in the blockchain ecosystem and provides transparency to blockchain transactions to deter potential use of illicit transactions.
In the case of this year’s high-profile Colonial Pipeline ransomware attack, the organization was ransomed for 75 Bitcoins. By using blockchain forensics and other undisclosed techniques and methods, the US FBI was able to recover 63.7 Bitcoins after the ransom was paid. The ransom payment was necessary to allow the FBI to follow the money to trace specific transactions and possibly identify the IP addresses of the perpetrators. Once the IP address was obtained, the FBI was able to geolocate the host running the Bitcoin core operated by the DarkSide affiliate and seize the host along with the private keys via a seizure warrant.
The event showcased various other techniques for searching for partial blockchain addresses, the challenges of seizing custodial vs. non-custodial addresses, and pooling techniques, among other topics. The Colonial Pipeline case demonstrates that, in the hands of expert investigators, crime still does not pay as it is still possible to identify the perpetrators using a pseudo-anonymous blockchain platform like Bitcoin using a combination of skills, tools and techniques. , and to recover ill-gotten gains or ransom payments.
Blockchain implementation has advanced significantly in the last year with an explosion of use cases as proof of ownership of tangible digital goods such as collectibles, music and art through the implementation of non-fungible tokens (NFTs). Decentralized finance or DeFi has also become one of the newest and most efficient paths to generate additional income for existing cryptocurrency holders through yield farming or, for bad actors, a highly liquid mechanism for laundering bad profits. had. DeFi remains the crypto Wild West due to the lack of regulatory guidance and oversight and the autonomous nature of these DeFi smart contracts.
I’m looking forward to sharing the details of some of the open source intelligence (OSINT) tools and techniques used to crack the Colonial Pipeline hack and other investigations in my presentation later this month at the Evolve Emerging Technology virtual conference at ISACA. Blockchain forensics is becoming an important skill for cybersecurity and auditing professionals as blockchain technology, the use of cryptocurrency, and derivative applications are here to stay.
Reference: Tuan Phan, Founder, Zero Friction LLC