How can you track a fraudster or blackmailer when you don’t know who they are?
This is a potentially vast and knotty problem for victims of cryptocurrency fraud and ransom attacks.
For fraud lawyers and specialists in asset tracing, the starting landscape is the inverse of what we are used to. In fraud cases involving unauthorised bank payments, like CYK’s landmark CMOC v Persons Unknown case, victims won’t have a picture at the outset of where their stolen funds have gone, but the courts can give them the tools they need to obtain chapter and verse on the identities of the wrongdoers – names, addresses, photos and even copies of passports.
With payments on a public blockchain, however, transactions and onward transactions are visible by everyone. A victim might know exactly where his stolen cryptocurrencies have gone. But the anonymity, or pseudonymity, of the blockchain, can mean that it is anywhere from very difficult to impossible to identify the fraudster. Anyone in the world can generate a practically infinite number of public addresses capable of receiving cryptotokens without ever telling anyone who they are.
Unlike with tracing stolen funds into a bank account, there is no guarantee that victims will be able to find the equivalent of a bank who can unmask the fraudster.
Victims might, however, get lucky – if they know where to look.
- In courting legitimacy, cryptocurrencies do sometimes step into the regulated sphere. Businesses such as exchanges that handle ‘IRL’ currencies for clients are likely to be required to obtain KYC information on those clients – exactly the type of asset-tracing grist that seasoned fraud lawyers know to look for.
- The ability to trace cryptocurrencies through the blockchain means that if only a small proportion of the stolen tokens end up at a wallet held with such a business, then it might be possible to obtain court orders for disclosure of this information (which claimants have been able to do in cases such as Robertson v Persons Unknown). Crucially, wallets can also be frozen by the courts.
- Fraudsters can try to frustrate claimants’ attempts to follow them by using ‘tumbling’ or ‘mixing’ services, which mix payments to them with those of their other customers and spin tokens off into smaller chunks which are then sent to potentially vast numbers of new addresses. However, if mixers are located in jurisdictions amenable to court enforcement, then this is all information that can be targeted by a court order to allow a claimant to carry on the chase. The tumbling service Bestmixer.io was shut down by the Dutch authorities in May 2019 – possibly a sign of the attitude courts will adopt towards businesses if they are little more than services that help to launder assets.
- Despite the practically limitless number of public addresses available, fraudsters do sometimes get careless. With increasing numbers of legitimate businesses accepting payment in cryptocurrency, it may not be long before a claimant finds obtains the disclosure it needs from Starbucks or KFC.
- In all the excitement over the novelty of cryptocurrencies, claimants shouldn’t forget about the possibility of identifying a fraudster from their point of entry into the claimant’s systems. Each case is different and fraudsters can be good at covering their tracks – but with the novel difficulties presented by blockchain technology, it’s worth claimants casting their nets wide.
If you have been defrauded or blackmailed and lost cryptocurrency as a result, get in touch.