Blockchain Analysis for National Security and Law Enforcement Agencies: A Primer

Blockchains are changing finance and crime along with it. Cryptocurrency addresses received $14 billion worth of illicit funds in 2021, and the threat actors behind those addresses were more varied than ever. Among them were ransomware groups in Russia, state-supported hackers in North Korea, drug cartels in Latin America, and thousands of scammers, hackers, and fraudsters worldwide. 

That’s why law enforcement and national security agencies need effective crypto investigation tools: to protect consumers, prevent crime, and defend against cyberthreats of every kind. 

In this article, I explain how agencies incorporating blockchain analytics into their operations can: 

Improve domain awareness

The governments and citizenry of almost every country now interact with cryptocurrencies in some capacity, from mainstays like Bitcoin and Ethereum to stablecoins like Tether. Citizens of more economically unstable countries are buying stablecoins in hopes to hedge against inflation and some central banks are experimenting with blockchains to modernize their financial systems. But concerning threats also exist, and it is critical agencies stay ahead of them.

For example, several cryptocurrency-related threats have serious national security implications:

Law enforcement and regulatory agencies have other crypto-related threats as well, like darknet drug markets, money laundering, child exploitation, narcotics, smuggling, cryptocurrency scams, and thefts. These illicit activities harm individuals, divide communities, and erode trust over time. 

Criminals and nation state actors are turning to digital assets for many of the same reasons so many legitimate consumers are adopting crypto: it’s a low cost, high speed, and trans-border way to securely transfer value. Those who don’t become cryptocurrency savvy may find themselves out of date and losing the upper hand to criminals and threat actors who do understand and effectively use the technology.

To grow the level of crypto literacy among staff, it may be worth enrolling in free training programs and paid certification courses that teach advanced forensic techniques related to cryptocurrencies and blockchains. 

A second approach could be to identify those with crypto expertise and create a “Center of Excellence,” or a working group of crypto-related subject matter experts (SMEs). This could be a formal unit or informal group to provide advice on formulating your agency’s digital assets policies and assist with internal and external operational collaboration. This group could also be used to offer training in-house, develop agency-wide best practices, or enhance your organization’s crypto capabilities.

So – what are these capabilities?

Enhance investigations

Agencies seeking to identify and stop threat actors on blockchains need accurate data and visualizations at the right time – while prevention is still possible. This is where blockchain analytics tools become key.

The most important of these data are attributions. Attribution is key to knowing who is involved and responsible. Chainalysis has linked $14 trillion worth of cryptocurrency transactions to real-world entities since 2014, and we rely on ground-truth evidence that can stand up in a court of law. This means that while threat actors may try to hide behind pseudonymous addresses, they may nonetheless be identifiable in Chainalysis Reactor and Storyline. And even if not, investigators can follow the pseudonymous actors as they move illicit funds to cash-out points – which in many cases are subpoenable crypto exchanges where attribution may be possible. Tracing illicit funds, agencies around the world have seized almost $10 billion worth of cryptocurrency using investigative methods like these.

As the old saying goes, “seeing is believing” and with blockchain analysis and intuitive visualization, seeing can also be understanding. With nothing more than a transaction hash, a crypto address, or even just a string of text, investigators can begin to “graph” their investigations and gain new insights that otherwise would be difficult to see.

These graphs make transaction activities substantially easier to understand than traditional public block explorers. And combined with our extensive attributions, they also make it possible to answer questions like how, what, when, why and who.

what you see on the blockchain vs. on chainalysis

Our blockchain analysis tools also help investigators trace funds through cross-chain bridges, smart contracts, and some mixers – forensic techniques that are critical to many crypto investigations.

Strengthen response capabilities

With the right training and tools, agencies can even begin to spot and solve blockchain-based crimes proactively, not just reactively. This includes identifying previously unnoticed opportunities, like the when IRS-CI located and seized $1 billion in cryptocurrency that was stolen from the Silk Road seven years prior, in 2013. 

While it may sound like an anomaly, the total value of illicit cryptocurrencies that have yet to reach a cash-out point suggests otherwise: in January 2022, we found criminal “whales” [private wallets holding over $1 million worth of ill-gotten cryptocurrency] collectively held over $25 billion worth of cryptocurrency. Agencies monitoring these illicit whales’ funds using tools like Reactor’s exposure wheels and transfer alerts may be able to seize the funds as soon as new transfers or past-but-still-actionable leads are identified.

reactor exposure infopanel

Agencies can also proactively monitor national security threats like North Korea’s Lazarus Group, which currently holds hundreds of millions worth of unlaundered cryptocurrency.

With a deep understanding of the ways threat actors transact on blockchains, agencies can effectively respond using analytics tools that counter their obfuscation techniques. This goes a long way toward protecting citizens, essential services, and national security.

Making the mission manageable

Cryptocurrencies aren’t just a cybercrime issue, nor are they something to be understood by only a few highly-trained analysts and investigators. They are now mainstream payment networks, and will become an increasingly important part of future investigations. But regulatory, law enforcement, and national security agencies have a key advantage: the blockchain’s permanence and transparency.

With a block explorer, an investigator can examine any transaction from any point in time in the blockchain’s history. With an advanced analytics tool like Chainalysis Reactor and Storyline, that same investigator can do much more – follow illicit funds across blockchains, navigate smart contracts and NFTs, and thwart complex obfuscation techniques.

These tools, used right, can make government agencies effective operators in the twenty-first century of finance and crime.

About the author: Gurvais C. Grigg is a bilingual technology executive and recognized thought leader with over 28 years of public and private sector experience leading complex organizations, investigations, and technical programs. Gurvais retired from the FBI after 23 years and joined Chainalysis as the Global Public Sector Chief Technology Officer (CTO). He is responsible for connecting global governments with the cryptocurrency industry and providing them with the best data and tools to manage risk, address threats, and conduct effective investigations.

This website contains links to third-party sites that are not under the control of Chainalysis, Inc. or its affiliates (collectively “Chainalysis”). Access to such information does not imply association with, endorsement of, approval of, or recommendation by Chainalysis of the site or its operators, and Chainalysis is not responsible for the products, services, or other content hosted therein.