Insights from the National White Collar Crime Center: Bitcoin Investigative Field Guide
Global proliferation of digital currencies like bitcoin has meant the increased incidence of financial crime and fraud committed online.
Thus, to assist law enforcement efforts, the National White Collar Crime Center’s (NWCCC) Bitcoin Investigative Field Guide underlines a number of observations including how bitcoin is stored, its importance to law enforcement and how a suspect’s bitcoin should be seized.
What is Bitcoin?
Bitcoin is the first open-source, peer-to-peer cryptocurrency that allows transactions to be processed from one party to another without the intervention from a third-party financial institution (i.e. bank). Bitcoin can be exchanged to fiat currency (i.e. AUD) through a variety of online exchanges. Every bitcoin transaction is recorded on a general ledger, known as the blockchain. Bitcoin can also be obtained through “mining” which requires a person to solve complex algorithms to validate virtual currency transactions.
How is Bitcoin stored?
A “wallet” is the bitcoin equivalent of a bank account. Wallets provide an interface for an individual to receive, store, and send bitcoin to other people.
There are four types of wallets:
- Computer wallets are the most common way of storing and securing bitcoin. This type of wallet runs as an application on a computer.
- Mobile wallets exist on a user’s Android or iOS smartphone. This type of wallet is generally easy to use and is designed for the average end-user who is just getting into bitcoin.
- Online wallets typically function as an extension of the Internet exchange on which bitcoins were purchased. Log-in information and some form of 2-factor authentication are required to access an online wallet.
- Cold storage is by far the most secure way of storing bitcoin because a private key (that is never exposed to the Internet) is required to access the wallet. These wallets are difficult to identify because the key could be written down on paper, stored on a USB stick, or memorised by a suspect.
Why is Bitcoin important to law enforcement?
The NWCCC highlights concern regarding the anonymity of bitcoin transactions because it provides individuals and criminal organisations the opportunity to conceal any illicit dealings such as drug supply and human trafficking. Since bitcoin remains unregulated, there is also no risk of a financial institution filing a suspicious activity report, further inhibiting law enforcement’s investigative capabilities.
A 4-step process to seizing a suspect’s Bitcoin
- Identification – Once it is discovered that criminal activity may involve bitcoin, there is often limited time to access the suspect’s wallet. At this step, law enforcement should determine if it is possible to access the wallet by obtaining necessary passcodes or keys. Access should be restricted to all devices that may contain bitcoin.
- Collection – Law enforcement must have its own bitcoin wallet to store seized bitcoins.
- If the bitcoin wallet is not encrypted, law enforcement has complete access (provided proper warrants have been obtained for the seizure of the device).
- If the bitcoin wallet is encrypted, getting the suspect to volunteer the encryption code is the easiest method of access. If the suspect does not offer the encryption code, an admission that the suspect knows the encryption code is helpful in obtaining an order compelling the suspect to unlock the wallet.
- If immediate access to the suspect’s wallet is not possible, the device should be switched to airplane mode or placed in a faraday bag to prevent tampering.
- Once decrypted, law enforcement can transfer the seized bitcoin to their wallet. Note there are different ways of transferring the bitcoin depending on how it was stored by the suspect.
- Preservation – Law enforcement must ensure that their bitcoin wallet is secure. For example, a web-based wallet should only operate on a secure server.
- Establishing a bitcoin vault (if possible) also provides additional security because transfers out of the wallet are subject to approval by multiple parties.
- Investigative Use – Bitcoin is often used on the dark web, which is a part of the Internet that requires special software access. The dark web provides a layer of anonymity for illicit transactions using bitcoin. However, it is still possible to trace seized bitcoins back to these dealings. This is done by accessing a ‘blockchain’ ledger that stores information which is similar to a full history of banking transactions.
The increasing use of cryptocurrencies like bitcoin has emphasised the need for law enforcement to improve the prevention, investigation and prosecution of economic and high-tech cybercrime.