How to spot cryptocurrency at a crime scene

How to know if crypto is involved in a crime scene

Since its inception, cryptocurrency has notoriously been employed to carry out illicit activities. From being used as a medium of exchange in dark web marketplaces like Silk Road and Alphabay, to being used to finance terrorism, criminals have often found ways to benefit from the anonymity and ease of cross-border transfers that cryptos provide. To begin investigating criminal cases involving crypto, it is essential for law enforcement officers to understand the industry and know where to look. This article details three types of evidence that criminals might leave behind at crime scenes.

 

1. Cryptocurrency address and seed phrase

Investigators should be aware of what a cryptocurrency address looks like. Bitcoin addresses have 34 characters, including random numbers and upper and lower case letters. An example of a Bitcoin address is: 1A1zP1eP5QGefi2DMPTfTL5SLmv7DivfNa. Some cryptocurrencies add the same prefix to all their addresses to differentiate them from others. For example, all Ethereum addresses start with the prefix “0x” and all XRP addresses start with “r”. The number of characters in an address may also vary from one cryptocurrency to another. Ethereum addresses have 40 characters while XRP addresses have 25 to 35 characters.

Investigators should also keep an eye out for lists of seemingly random words as these may, in fact, be seed phrases. Seed phrases are used to recover cryptocurrency wallets. A typical seed phrase consists of 12 words but some wallets may have more.

seed phrase

Example of a seed phrase. https://wiki.trezor.io/User_manual:Filling_out_your_recovery_card

Crypto addresses or seed phrases can be found on pieces of paper in a cash wallet, in diaries, in vaults, in a note on the suspect’s mobile phone or computer, etc. Seed phrases can also be stored on steel wallets like Billfodl or Cryptosteel.

crypto steel wallets

https://en.cryptonomist.ch/2019/07/06/billfodl-review/

2. Cryptocurrency applications

Law enforcement can search the suspect’s devices for cryptocurrency applications like software exchanges, crypto wallets and even authenticator apps as most exchanges require two-factor authentication. Apart from this, their internet history can also be searched to check if the suspect accessed web wallets, exchange websites, mining pools, mixers, etc.

It is important for law enforcement personnel to be aware of trends in the crypto industry and popular cryptocurrency service providers so that they know what to look for.

Here are some of the popular names in the crypto industry to take note of:

Exchanges: Binance, Coinbase, Bitfinex, OKEx, Huobi, HitBTC

Decentralized exchanges: Uniswap, Curve Finance, Sushiswap, Bancor, Balancer

Wallets: Exodus, Electrum, Mycelium, Metamask, MyEtherwallet

Cryptocurrency ATMs: Bitcoin Depot, Coinflip, Coincloud, Bitcoin of America, Bitcoinbon, BitcoinTeller, BitQuick, Digital Mint

Miners: BTC.com, Antpool, Slush, F2pool, Bitfury

 

3. Hardware wallets

Hardware wallets are gadgets that store cryptocurrency offline. They are a safer alternative to software wallets as they cannot be hacked. Investigators suspecting the involvement of cryptocurrency in a crime should know that these wallets come in various shapes and sizes. Some of the most popular hardware wallets that they should be aware of are Trezor One, Trezor Model T, Ledger Nano S, Ledger Nano X, and Keepkey.

Crypto Hardware wallets

https://www.cada.news/best-hardware-wallets/

Get started investigating cryptocurrency today. To start, BIG offers Certified Cryptocurrency Investigator training designed by financial compliance professionals and US government investigators. Learn how to effectively investigate crypto crimes from veterans of cryptocurrency forensics investigation. For more tips and insights, subscribe to our newsletter.


  • Solutions
  • Training
  • Resources
  • Support