One of the biggest concerns facing cryptocurrency seizures is ‘‘What do you do with the coins once you have seized them’‘?. Do you “cash them out’‘ and convert them into fiat currency or hold them as they are? These issues are quite significant and can cripple an investigation if these questions are not answered. Secure storage is unlike traditional storage, wherein monies seized are banked securely, and the seized coins remain on the blockchain, protected by the new private keys or keys. The problem with this is if anyone gains access to the private key, for instance, by taking a picture on a smartphone, they could potentially gain access to the funds.
Cashing out ‘‘live’‘ should be a fairly simple process. Once the bank accounts and exchange are in place to accept the money, a second investigator should be present to ensure accuracy and reduce errors. The second investigator can ensure the process is conducted fairly and not compromised.
The first step would be to access the suspect’s computer.
The challenge is twofold:
- You must have access to the suspect’s password(s), which need to be obtained from the suspect. You should also be aware of local laws of obtaining information from the suspect, which may be incriminating.
- You must ensure the computer is connected to the internet. Most wallets would allow you to generate a transaction without actually being online, with the transaction only being sent to the network once you are connected. A pre-check of the wallet might be invaluable to ensure that no pending transactions are waiting to take place.
You can then access the wallet software and send the complete value of the wallet to all of the addresses you have on file with a balance to the address the account has been set up with. It might be good to involve the second person in this transaction to ensure the monies are sent to the right person. By checking the address on the blockchain, you can safely assume that the transfer has taken place and is completed. I would suggest using a trusted computer to access the exchange for this purpose and not the suspect’s computer.
Seizure from a wallet
Many companies offer online high-security wallet storage companies. The actual seizure of the funds can also be achieved in several ways. Some companies require a password-recovery process which in most cases needs to have the suspect’s email address, so it is not a problem. The biggest obstacle would be the security questions and access to that information which should be achievable in the store with the customer databases. Once the username and password are accounted for, ask the suspect for his password and attempt to carry out a forensic analysis, searching for passwords to other resources.
Once funds are established and you have access to the online account, you should transfer the funds to a storage wallet without incident.
Much like the great Wayne Gretzky once said ‘‘You miss 100 percent of the shots you don’t take’‘ practice truly makes perfect, so practice all you can and then practice some more.
It may be good to set up some training lab and train people through role-playing to understand cryptocurrency better and the many seizures involved. This is simply not going to be done your first time out. Purchase a small amount of cryptocurrency and create different scenarios. Copy a backup seed to paper and delete the storage account and re-create the wallet with the seed.
The key to understanding cryptocurrencies, tracking the funds involved through blockchain, and locating all service providers will all be for naught if you do not seize the assets once they are located.
It can be daunting to get the financial investigators on board with the digital investigators for many reasons. Egos and jurisdictional boundaries abound. Having the ability to obtain and share data is the key, and without it, you are swimming upstream.