Mason Wilder, CFE
ACFE Research Manager
The U.S. Department of Justice (DOJ) announced in early February 2022 that they had arrested two individuals, Ilya Lichtenstein and his wife Heather Morgan. When the couple was arrested in connection with the theft of cryptocurrency from the Bitfinex cryptocurrency exchange in 2016 and subsequent laundering of the proceeds, it led to one of the most valuable seizures of illicit proceeds in law enforcement history. It also drew the public’s attention with many poking fun at the couple’s personas as crypto-caricatures and Morgan’s “Razzlekhan” alter ego, star of numerous “sexy horror comedy” rap videos.
As tempting as it is to pile on, there is a bigger and more important message in the context of this salacious story — if fraud examiners want to succeed in recovering fraud losses going forward, they’re going to need to be prepared to identify cryptocurrency involvement in schemes, trace the related transactions and then acquire court orders that might include the seizure of digital assets.
The official figure featured in most headlines related to the couple’s arrest was $3.6 billion in cryptocurrency. While that eye-popping amount distorts the scale of the original crime (the stolen cryptocurrency was only worth $71 million at the time), it should serve as a warning for criminals who believe that transacting in cryptocurrency will protect their ill-gotten loot. Furthermore, it should encourage other law enforcement agencies and agents to develop the tracing and seizure protocols that could help them recover such a windfall.
In 2021, cryptocurrency addresses, or digital wallets known to be associated with illicit activity, took in $14 billion worth of cryptocurrency — which was a 79% increase from 2020 according to blockchain analysis firm Chainalysis. Although that figure represents only a miniscule fraction of the $15.8 trillion total cryptocurrency transaction volume in 2021, illustrating that while the vast majority of activity is not illicit, it is still a huge amount of funds that could potentially be targeted by authorities in recovery efforts.
High-profile seizures of cryptocurrency funds related to crimes are a recent phenomenon, but far from unprecedented. During the fiscal year 2021, 93% of the assets seized by the U.S. Internal Revenue Service (IRS) were cryptocurrencies. Valued at a total of $3.5 billion, almost one-third of that total came from the seizure of funds related to the original Silk Road dark web marketplace. Other notable cases contributing to the IRS’s 2021 cryptocurrency haul included a Microsoft software developer’s insider fraud, and the operator of a dark web money laundering service named Bitcoin Fog that handled more than 1 billion bitcoins.
Another newsworthy seizure of illicit cryptocurrency occurred in June 2021 when the DOJ seized 63.7 bitcoins, then valued at $2.3 million, that were paid to criminals who carried out a ransomware attack against Colonial Pipeline.
Several of these law enforcement seizures occurred after the agencies reportedly obtained digital files that included private encryption keys the agencies used to access digital wallets and transfer cryptocurrency into their control. Many jurisdictions now require cryptocurrency exchanges, digital wallet providers and other cryptocurrency-related money services to implement anti-money laundering (AML) controls and know-your-customer (KYC) protocols to collect information about their customers that can be targeted in court orders. However, turning over custody of a customer’s cryptocurrency is not a common practice since many jurisdictions classify cryptocurrency differently or have not yet settled regulations related to cryptocurrency’s status as property or currency.
Public and private organizations are responding to this increase in cryptocurrency utilization by criminals; shortly after the arrest of Lichtenstein and Morgan, the DOJ announced a new National Cryptocurrency Enforcement Team to combat the use of digital assets in crimes. Private companies such as CipherTrace, Chainalysis, Maltego, Palantir and others are rapidly developing and expanding cryptocurrency-related capabilities like tracing and blockchain forensics, with some of them offering certificate programs.
Fraud examiners in both the public and private sectors can expect to encounter cryptocurrencies as the technology is more broadly adopted. If they are not prepared to identify, trace and recover illicit cryptocurrency they will be missing out on the chance to participate in a seizure like those mentioned above. If they do not seek out training or educate themselves on this emerging anti-fraud field and stay up to date with regulations and legal precedents it may be to the detriment of their employers or clients.
SOURCE: ACFE Insights – A Publication of the Association of Certified Fraud Examiners