Cases involving the misappropriation or use of digital assets in connection with wrongdoing continue to rise.

Pease_Christopher_Bio

Christopher Pease

Elms_Megan_Bio

Megan Elms

The majority of blockchains publicly broadcast a comprehensive ledger of all transactions, which is updated in real time as transactions complete. Transactions can be reviewed using block explorers – online tools that allow individuals to search for information on a specific blockchain.

The transparent nature of most blockchains means that once a specific transaction or wallet has been identified in connection with wrongdoing, it is possible to identify what further transactions the receiving wallet has entered into and the proceeds of wrongdoing can be traced accordingly.

Wallet addresses alone will not confirm who owns the assets stored within them. However, digital assets constituting the proceeds of wrongdoing will often ultimately be ‘off-ramped’ (converted into traditional currency) using a centralised exchange. Identifying a transaction with a centralised exchange therefore provides a route to seek information that the exchange holds on the account holder, which may uncover the identity of the wrongdoer.

Obstacles to tracing

While block explorers make it possible to view all transactions recorded on certain blockchains, it can be much more difficult to trace fungible assets (that is, most cryptocurrencies) where they are mixed with other digital assets of the same type. This may happen where assets are transferred to a custodian wallet (a wallet used by a centralised exchange to hold the assets of its account holders) or are passed through a mixer.

Custodian wallets pool assets on behalf of numerous users. Account holders can instruct the custodian how to deal with such assets, but they are owned and controlled by the custodian. When misappropriated assets are transferred to a custodian wallet, it will therefore be difficult to identify whether payments out of that wallet are associated with a particular deposit into the wallet.

There are various types of mixers but they tend to share the common feature of pooling fungible assets of the same type. Again, this makes it very difficult to associate payments into a particular wallet or smart contract with those coming out. Mixers can operate ‘manually’: tokens received from one user are paid out to other users that had deposited an equivalent amount. Others are fully decentralised: they use smart contracts to determine which assets fulfil a withdrawal request. This has a black box effect, making it very difficult (if not impossible) to definitively identify which deposits are used to fund specific withdrawals.

Overcoming the obstacles

Custodian wallets are, by definition, owned and controlled by a third party. That third party is likely to hold information relating to their user base, which can vary from email addresses to proof of identity. They will also be able to identify other transactions executed on behalf of the same user on its platform. That information can be sought from the exchange consensually. If not provided (for example, as a result of data protection obligations), it may be possible to obtain disclosure orders against the exchange on the grounds it is innocently mixed up in wrongdoing.

Despite adding a hurdle to blockchain tracing, the information held by custodians should permit further tracing provided that information can be obtained.

Wrongdoers therefore more commonly use mixers because their entire purpose is to add privacy to blockchain transactions.

Their prevalence has resulted in providers developing bespoke software that can be invaluable. Such software is tailored to the various types of mixer that exist. It can include functionality that: identifies patterns in payments into and out of a mixer; analyses onward transaction data; connects wallet addresses based on historic activity (clustering); and, for some mixers, reverse engineers the mixing process and connects the payment in and out with a very high degree of confidence.

In many cases, engaging experts in forensic digital asset tracing (who can use such software) provides new hope, as demonstrated in the Chainswap (BVIHC (COM) 2022/0031) case in the British Virgin Islands. On discovering that proceeds of two hacking attacks had been laundered through a mixer, the victim engaged a specialist advisory firm to assist. The expert analysis provided identified transactions into and out of Tornado Cash – a fully decentralised protocol to add privacy to transactions – that appeared to correlate. Having regard to the number and size of payments in and out of Tornado Cash and the time between them, the analysis concluded that it was more likely than not that a specific wallet had received the proceeds of tokens paid into Tornado Cash by the hacker. Having identified the wallet that likely received the proceeds of wrongdoing, the tracing exercise could continue on the other side of the mixer, thus allowing the victim to seek information from a centralised exchange that the wrongdoers subsequently sought to use to off-ramp the proceeds.

Standard of proof

The standard of proof in civil recovery actions requires the claimant to prove their case on the balance of probabilities. Variables and unknowns presented by the use of mixers may therefore not be fatal to a victim’s substantive claim against wrongdoers if they can demonstrate, with specialist software and/or forensic analysis, that a wallet has likely received proceeds of wrongdoing out of a mixer, even if it cannot be proved beyond doubt.

For seeking interim relief, such as freezing injunctions and disclosure orders, the claimant will face a lower hurdle (for example, it may only be necessary to show that their case is arguable, rather than having to show it will succeed on the balance of probabilities). This is critical given the impact of uncovering the identity of the wrongdoer in such cases.

 

Christopher Pease is a partner and Megan Elms an associate at Harneys, British Virgin Islands

Topics