As I write this, cryptocurrencies worldwide have a market cap of just over $320 billion. That’s a bigger market cap than JP Morgan Chase or Disney. It’s more than the GDP of Finland or Portugal. Bitcoin, the most popular cryptocurrency, has an investment flow of $727 billion yearly, accounting for 1% of the world’s GDP. Coinbase, one of the leading mainstream crypto platforms, now boasts 35 million registered users. Crypto is no longer a fringe idea catering to an insular group of enthusiasts.

Crypto is everywhere and only getting more ubiquitous. However, it has simultaneously become intertwined with the world of cybercrime. Businesses protect themselves against cybersecurity threats of all shapes and sizes, but they must realize that much of modern cybercrime utilizes cryptocurrency in one way or another: stolen or misappropriated funds can be laundered through cryptocurrencies; ransomware that holds IP hostage often demands payment in crypto; malicious actors can even use crypto to pay “hackers-for-hire” on the dark web.

I define Digital Intelligence (DI) in two parts — the data collected from digital sources and data types (smartphones, computers, and the Cloud) and the process by which agencies access, manage and obtain insights from this data to more efficiently run their investigations. It’s clear that true enterprise-class DI must include the right toolkit and expertise to investigate cryptocurrency-related security incidents, which are increasingly the status quo of cybercrime.

“Much of being crypto-ready comes down to: document, document, document.”

Why Crypto Is Involved In Almost Every Cybercrime

Cryptocurrencies have become the most popular medium of exchange for cybercrime because of their reputation of perceived anonymity and untraceability and, compared to traditional banking, it is relatively easy and fast to move funds internationally. Lots of crime has gone completely digital — drugs à la The Silk Road, the sale of hacker tool kits, online forums for criminals-for-hire — and criminals have taken to using cryptocurrencies that match the online “convenience” of modernized crime.

The basic advantage of using crypto is that holding and transferring funds does not require that an account or accounts be linked to a name or identity. Such transactions don’t require a “middleman” or bank and, in most cases, happen relatively quickly. As we’ll see soon, none of that necessarily means crypto activity is anonymous or untraceable, but it has attracted considerable attention from those looking to move money of questionable origin or for nefarious purposes.

Enterprises can learn from law enforcement

FBI Director Christopher Wray said just last year he believes cryptocurrency is a “significant issue” that will only get “bigger and bigger.” Based on the growing number of inquiries we’re receiving from Enterprise customers here at Cellebrite, I would agree, which is why we’re working with businesses to bolster their DI readiness where crypto is concerned.

Enterprise financial investigation units (FIU), fraud prevention, and threat intelligence teams can learn a lot from how law enforcement is responding to an increasing frequency of incidents involving crypto, from the strategic to the operational. Basic awareness of how crypto can be used in cybercrime is a good first step. Starting from the top, security executives can work to educate their fellow execs and employees on how crypto might be involved in an attack on their assets.

“When investigators and employees know what they’re looking for, and the enterprise has the right tools and expertise to analyze and follow those leads, crypto starts to look much less like a mysterious ‘invisible’ web and more like the DI operations security teams are used to.”

Operationally, much of being crypto-ready comes down to: “document, document, document.” At a certain point in the last few years, we’ve heard reports that raids on traditionally cash-intensive illicit businesses like narcotics or human trafficking are finding less and less physical money. And in most cases, it’s because that cash has already been turned into crypto (or never was physical, to begin with).

This doesn’t mean there’s no evidence: wallet and crypto addresses, scribbled-down passwords, or even physical hardware wallets can all be crucial in crypto investigations. Law enforcement has adapted to this reality and takes a comprehensive approach when “on the scene,” as any scrap left behind could become key evidence.

In enterprise environments, this means being fastidious about recordkeeping, especially in the wake of a security incident. When investigators and employees know what they’re looking for, and the enterprise has the right tools and expertise to analyze and follow those leads, crypto starts to look much less like a mysterious “invisible” web and more like the DI operations security teams are used to.

We Now Have The Tools And Expertise To Fight Back

Crypto-related crimes, it turns out, can often be unraveled using a tried-and-true approach: follow the money. Although the actual methods to move that money have changed, the general strategy still holds. Take the July 2020 Twitter hack, in which prominent Twitter accounts including those of Elon Musk and Bill Gates were hijacked to send messages that falsely promised a reward for depositing bitcoin into a prescribed Bitcoin address.

The culprits were tracked down in just over two weeks, in large part due to an investigation that centered around a breadcrumb trail left via crypto transfers and activity uncovered via a thorough DI process.

“Recruiting savvy crypto experts today means being ahead of the game tomorrow.”     

Before the more public hack, one of the culprits was involved in the illegal sale of highly coveted Twitter accounts (like @drug or @vampire). He received payment to a specific Bitcoin address, which he then forwarded to an account at Coinbase — his first mistake. Connections like these negate much of the supposed “anonymity” of crypto. Once a person has associated themselves with a wallet, they stay associated with it.

So, too, does any activity that can be connected to that wallet, and even more so for crypto, as transactions written into the blockchain records are considered immutable. By tracing subsequent activity, authorities were eventually able to follow the path back and have someone in custody in a surprisingly short period of time.

Enterprise DI Must Include Crypto Tools

Enterprises taking DI seriously have processes and expertise around a wide range of possible cyber incidents. But when it comes to today’s cybercrime, it increasingly seems like all roads lead to crypto. DI is still key in unraveling what went wrong and getting prepared for the next incident, and all enterprise DI strategies need to have crypto contingencies supported by world-class tools specifically designed for crypto.

Every enterprise should also be working to bring this expertise in-house, as cryptocurrencies continue to grow in usage and popularity both in above-board finance and in the digital criminal underworld. Recruiting savvy crypto experts today means being ahead of the game today and tomorrow.

“For your enterprise to be ‘DI Ready’ you need the expertise and tools to tackle a cryptocurrency investigation.”

Your enterprise needs the expertise and tools to respond to incidents involving cryptocurrency. Of course, everything needs to ladder up to a solid Digital Intelligence strategy, supported by the right tools and training — and now, crypto is a key cornerstone in that foundation.

Quick crypto stats:

  • $76 billion—worth of illegal activities involving Bitcoin every year
  • $320 billion—approximate market cap of cryptocurrencies as of September 2020
  • $4.4 billion—dollars lost from digital currency crimes in the first nine months of 2020, representing a 150% increase from the 2018 total (CipherTrace research)
  • 98—the percentage of funds stolen in 2020 through fraud and misappropriation (not hacks or direct thefts), including numerous COVID-19-related scams (CipherTrace research)


About the Author—With over 23 years of global business management, sales, business operation and leadership experience, Alon leads Cellebrite’s global business activity worldwide. He brings extensive expertise in Government (B2G), Telco, banking, security technology, information systems, and sales management, from various regions including the Americas, EMEA and Asia.