Investigations

How Crystal Investigations Truly Make a Difference

by the Crystal investigations team

August 4, 2021

                                                                 Recent cases that highlight the important role of crypto investigations services

Fraud, money laundering, and ransomware crimes using cryptocurrencies are on the rise. This development has made it imperative for businesses to seek help from investigative experts. Firms such as Crystal Blockchain provide specialized investigation services that cover all major aspects of crypto transactions.

In 2021, Crystal has already been instrumental in helping to solve several important cases including the JBS ransomware payment to REvil, the Pipeline payment to Darkside, and the analysis of the Hamas donations campaign.

1. Beefing Up the Investigation Against REvil

Image Source: Crystal Platform

Brazilian JBS S.A. is the largest meat company in the world by sales. A well-known brand in the meat industry caters to a wide range of geographies, including Latin America, Europe, North America, and Oceania, with hundreds of industrial plants in different parts of the world.

On May 30, 2021, the company suffered a major cyberattack. The ransomware attack was so severe that all of the company’s beef plants in the US came to a halt. Some of the firm’s plants in Canada and Australia were shut down temporarily.

It was later revealed that the Russian hacker group REvil was behind this attack. The group managed to break into JBS’ IT systems and demanded a ransom in return for preserving critical data. As a result, JBS had to pay $11 million in bitcoin to get back its data.

The Crystal team checked all blockchain transactions with the provided information on paid amounts, and we managed to find several addresses which fit the requirements.

After a small period of time, we could label a certain address as a REvil ransomware, as it had shown a pattern of laundering funds through mixers, dark entities and certain exchanges. We hope, that our mark will help to prevent future REvil funds laundering.

In the aftermath, JBS revealed that it had paid the money to ensure no further attacks take place. The firm is also working to make its security systems more robust to protect its business interests. REvil, which is also known as Sodinokibi, has been particularly active this year.

2. Uncovering the Darkside

Image Source: Crystal Platform

The Colonial Pipeline is an oil pipeline system based in Texas. It supplies jet fuel and gasoline to several parts of the South-Eastern United States. It is considered to be the largest pipeline system for refined oil in the entirety of the US. The pipeline has been active for more than 50 years. The Colonial Pipeline is also responsible for supplying fuel to several major airports.

In May 2021, the Colonial Pipeline suffered a major ransomware attack. This attack was carried out by DarkSide, a group known for deploying ransomware. It is worth noting that this group targets all parts of the world, except for post-Soviet states. As a result of the attack, Colonial shut down all operations and engaged a cybersecurity firm to investigate the incident. The US government also provided support to the company to ensure that its operations are restored.

Crystal’s analytics found the transactions on the blockchain by knowing the day of transactions and the amount that was sent. The team analyzed each potential cluster (of addresses) and found additional evidence in one of them: a transaction of $4.4 million, or 78 BTC sent by Brenntag, a chemical distribution company. We labeled the following cluster on the platform in order to prevent any further laundering of the extorted funds.

After the attack, Colonial Pipeline had to pay nearly $5 million in bitcoin to regain access to its resources. However, the US government stepped in and managed to seize as much as $2.3 million worth of ransom. Further, the CEO of Colonial also had to testify in front of the Senate and disclose plans related to the firm’s security arrangements. It was also revealed that DarkSide had partnered with other hackers to execute the attack.

3. Frozen Hamas Funds

Image Source: Crystal Platform

Hamas is a militant group based in Palestine. The group is engaged in several illegal activities, such as suicide bombings, money laundering, as well as terrorist financing. The group also sources funds via other illegal acts such as smuggling, copyright infringement, and credit card fraud. Over the years, Hamas has built a network of funding that comes from several sources around the world.

At the beginning of 2021, it was found that Hamas had received nearly $100,000 worth of bitcoin. These funds were then used to fund attacks on Israel. During the conflict, Hamas recorded a spike in crypto donations from different parts of the world. Some of these donations were then cashed out via Binance, which is a leading cryptocurrency exchange. These transactions sparked a deep investigation around the wallets owned and operated by Hamas.

Crystal constantly monitors official authorities’ reports in order to blocklist reported criminal addresses on time. Hamas wallets had been officially reported by the Department of Justice. Due to activity spikes in May 2021, the Crystal team looked at the Hamas donators in order to provide information about involved VASPs to legal.

In July 2021, Israel announced that it had begun seizing cryptocurrency accounts that were associated with Hamas. The country also reported that it had found a vast network of crypto wallets that were being used to fund activities against it. Additionally, the US Department of Justice has also managed to seize millions of dollars from such accounts since 2020. The department reported that these funds were being used to come up with violent plots.

Crystal’s New Investigations Services Unit

Fraud, money laundering, and ransomware crimes using crypto continue to rise, and Crystal is helping to combat this situation via our newly dedicated Investigations Service headed up by specialist Scott Pounder. Scott has over 16 years of experience in law enforcement and has successfully dealt with high-profile and sensitive investigations – specializing in Complex Fraud, AML, Cybercrime, and Financial Investigations. We’re delighted to have his expertise on board.

Looking for cryptocurrency crime investigation services? Contact Crystal Investigations Services to make an inquiry or to request assistance on your case: investigations@crystalblockchain.com.

Similar news...

Article

by the Crystal investigations team

May 17, 2022

The Conti Leaks Part Two: Insights into the targets of a highly organized ransomware group

Read through the avalanche of data leaks triggered by a post about Conti’s pro-Russian stance...

Read more

May 17, 2022

Investigations

By Nick Smart, Director of Blockchain Intelligence 

April 11, 2022

Crypto remittance on the front-line of the Ukraine vs. Russia conflict

Has the Ukraine-Russia situation had a major impact on crypto dynamics?  Following the very successful...

Read more

April 11, 2022

Investigations

By Nick Smart, Director of Blockchain Intelligence 

April 6, 2022

Tracking crypto transactions for real-world attribution

Extortion never pays off in crypto. Here are some of the ways that blockchain analytics...

Read more

April 6, 2022