Adapting Digital Forensics to the Rapidly Growing Blockchain Technology

On a global scale, crime involving funds exchanged via cryptocurrency is constantly growing. Estimates indicate that since 2017, $33 billion in gray-market funds has been exchanged through blockchain.

Stanoje Rnić, founder of the Digital Forensics Initiative at Archibald, spoke to Bloomberg Adria on this topic, emphasizing the need for strategic solutions capable of keeping up with the rapid development of blockchain technology. “To start, I would highlight the FBI’s report, which I consider the most relevant in this context—the Internet Crime Report, their report on internet crime, which states that from 2021 to 2022, crime involving cryptocurrencies increased by 200 percent in just one year. These are substantial numbers, underscoring that this form of crime is in its early stages and that strategic solutions need to address such an emerging trend,” said Rnić.

Regarding blockchain forensics itself, Rnić explained that it is a specialized branch of digital forensics focused on transactions within the blockchain. “We have tracking and data collection. We identify participants, or public addresses, which are the only identifiers on the blockchain, given its semi-anonymous nature. We also connect these public addresses with other public addresses to trace where the money entered and exited… And, of course, analysis, which is essentially key to forensics itself.”

There are already software solutions worldwide that successfully conduct monitoring, with companies like Chainalysis and its Reactor software and CipherTrace. “They do their job very well. Digital forensics experts are pleased with these solutions, which are complex and involve sophisticated algorithms for automatic data collection, analysis, and structuring, which experts then use in their further work. For example, on the blockchain, or Bitcoin specifically, we have up to 500,000 transactions daily. For Ethereum, there are 1.5 million daily transactions. If we were to collect and analyze this data manually, it would likely take much more time. These tools perform this automatically, and very well,” he added.

For digital forensics, one of the key elements is scientific grounding. Rnić explains, “This means we must use a scientific methodology. If we repeat the same evidence, we must arrive at the same result. Human lives depend on this, as do court decisions. There’s also the ‘chain of custody,’ or who can access the evidence, ensuring there’s no possibility of evidence manipulation, etc. And we have digital evidence, which is a collection of information and data that can be transmitted and stored on electronic devices. This includes all possible devices,” he says, adding that the “Internet of Things” also falls under this, encompassing devices in our homes that may be connected either to each other or to the internet, making them subjects of digital forensics.

Phishing scams remain the most prevalent form of fraud, where credentials are stolen from websites that users believe are legitimate. “These credentials are often later misused, likely ending up on the darknet, where fraudsters profit. There’s also ransomware, which is essentially digital extortion—blocking access to important data in exchange for money.”

Asked about progress in preventing these scams, the answer is—very little. “In our region, the top experts work in the public sector. The private sector is underdeveloped. There are a few isolated cases, but none of the analytical companies we’ve mentioned operate here; I’m speaking about the entire region. So, private sector development is lacking,” adds Rnić.

Unfortunately, criminal activities involving cryptocurrencies also include terrorism, such as its financing through crypto. Given the current situation in the Middle East, what threat does this pose?

“The situation in the Middle East hasn’t yet been objectively assessed regarding terrorism financing with crypto. The shortest answer to whether terrorism is financed through crypto is ‘yes.’ However, it’s not financed solely with crypto; traditional methods are still in use. Elliptic—a London-based blockchain analytics company—issued a report, cited by the Wall Street Journal about a month ago, stating that Hamas received $134 million for terrorist activities, which Chainalysis quickly disputed. Chainalysis didn’t entirely deny that funds were transferred via crypto but stated that it’s not yet proven that they were used for terrorist purposes, so there’s no objective conclusion on this yet,” he concluded.