Vector (21)


Investigations case scenarios when analyzing crypto

by the Crystal Investigations team

November 29, 2021

 The different investigations cases we deal with when analyzing crypto

According to UK Action Fraud, millions of UK pounds have been lost to fraud utilizing cryptocurrencies so far this year. Since the start of this year, Action Fraud has received 7,118 reports of cryptocurrency fraud, with an average loss per victim of just over £20,500.

“Reports of cryptocurrency fraud have increased significantly over the past few years, which is unsurprising given everyone is spending more time online. Being online more means criminals have a greater opportunity to approach unsuspecting victims with fraudulent investment opportunities.”

Craig Mullish. Temporary Detective Chief Inspector (City of London Police)

So what types of investigation case scenarios has Crystal been handling over the last year? 

#1 Creamfinance Protocol Breach (DeFi)

Decentralized protocol hacks are on the increase, and breaches are happening just as fast. Why? Security isn’t yet up to pace with the DeFi protocols that are being developed.

On October 27, 2021, DeFi protocol Creamfinance was hacked and lost over $130m in ETH (ERC20). The Crystal analytics team was able to follow the thief as they partially swapped funds into BTC. There are now over 102 BTC in the wallets. 

Crystal is continuing to monitor the situation.

Stolen Creamfinance Fund Flows

#2 Ryuk & Conti Address Id (Ransomware)

Ransomware hasn’t gone out of fashion and there are new groups, new targets, and new methods unveiled all the time. Ransomware crimes – particularly Ransomware-as-a-Service – have been predicted to be the most prevalent type of crime in 2021.

Ransomware operators Ryuk & Conti have been very aggressive in 2021, with at least 279 victims this year. In October 2021, the free Crystal Block Explorer allowed for the identification of a likely Conti-related bitcoin address. 

Bitcoin Address Likely Associated with Conti

#3 Finiko (Ponzi Scheme)

Ponzi schemes are as old as money itself and are always interesting cases to look at. We can often spot similar patterns in Ponzi schemes that utilize crypto, which allow us to follow the (digital) assets straight to the top of the pyramid.

The Crystal Investigations team recently assisted in identifying fund flows related to the Finiko Ponzi scheme where the founder has been arrested for allegedly siphoning $95 million worth of crypto from his victims. 

Finiko operated between 2019 and 2021, but in July 2021 it halted all withdrawals. Many were duped by the scam, despite the Bank of Russia signaling the scheme.

Finiko Pyramid Fund Flows

#4 Suex OTC Scandal (Nested Exchanges) 

Nested relationships between VASPs, and indeed VASPs with other mainstream businesses, have been highlighted by the FATF in their latest guidance as worth monitoring, in particular where high-risk connections may ensue as a result.

Following the US Treasury sanction of Suex OTC, Binance quickly “de-platformed” any accounts associated with Suex. Legal entities, such as big platforms like Binance, are being obliged to practice due diligence, and they must put in place practices to monitor potentially high-risk connections or potential crime pathways.

Following this news, the Crystal analytics team subsequently highlighted high-risk funds flowing through Suex, as well as funds related to the Finiko Ponzi Scheme.

Suex OTC Scandal (Fund Flows) 

Crime continues, but so does our investigation work

Cybercriminals continue in their efforts to disrupt and to make gains and do not show signs of slowing down anytime soon. Bad actors are persistently innovating new ways to conduct themselves – with ransomware predicted to be the biggest threat to the landscape going into 2022. 

The Ryuk & Conti scam, the Cream Finance hack, the Finiko Ponzi scheme, and the Suex OTC scandal are just some examples of the cases we’ve been dealing with over the last year. The Crystal Investigations team is constantly monitoring new trends and new threats in the crypto crime space so that we can evolve our investigative methods and successfully manage these ever-growing threats. We want to keep this industry secure.

To learn more about our investigations services please contact our expert team at [email protected] 

Similar news...


by Rich Litman, Crystal Marketing Team

December 7, 2023

Crypto Investigations and New Technologies

At a recent workshop on countering the financing of terrorism “Investigations and New Technologies” hosted...

Read more

December 7, 2023


By Nick Smart, Director of Blockchain Intelligence

November 2, 2023

Why is terrorism finance tricky?

‘One’s state’s terrorist is another’s freedom fighter’, goes the adage we have all surely heard...

Read more

November 2, 2023


By Nick Smart, Director of Blockchain Intelligence

November 1, 2023

Terrorism funding: why integrity in blockchain intelligence matters

It has been more than three weeks since Hamas, a terrorist organization, launched a bloody...

Read more

November 1, 2023