Illicit, sanctioned, or stolen cryptocurrency has been making headlines, with Bitfinex-related charges against Heather Morgan and her husband, Ilya Lichtenstein, and the anti-vaccine protests in Canada serving as two recent examples.
But with so many Bitcoin proponents describing the flagship cryptocurrency as “resistance money”—a form of currency that can't be censored by governments or law enforcement—it begs the question: How is ill-gotten Bitcoin actually recovered?
The short answer is, there really isn't a short answer. There's no simple strategy or process governments can use, and most evidence so far suggests that governments are reacting on a case-by-case basis.
“Because cryptocurrency has become such an integral component of cybercrime today, especially when it comes to ransomware, the U.S. government has recently focused on finding ways it can recover elicit funds in digital wallets. A great example of this is the FBI’s announcement of the launch of the Virtual Asset Exploration Unit last week,” former FBI analyst and current Director of Threat Intelligence at Abnormal Security, Crane Hassold, told Decrypt.
Crane added that the precise methods of how the U.S. government recovers such funds haven't been revealed, and that he “wouldn’t expect the U.S. government to make those tactics public.”
So what can we determine from recent examples in the public domain?
FBI Forms New Crypto Crimes Unit as DOJ Names Enforcement Team Director
The United States Federal Bureau of Investigation (FBI) has launched a Virtual Asset Exploitation Unit focused on cryptocurrency-related crimes, the Department of Justice announced today. The news was revealed as part of an announcement naming the first director for the Justice Department’s National Cryptocurrency Enforcement Team (NCET), which was established in October 2021. Eun Young Choi, previously Senior Counsel to the Deputy Attorney General, will serve as the NCET’s inaugural director. A...
Bitfinex and the DOJ
The most recent—and arguably most high-profile—example of a government seizing Bitcoin happened last month in the United States.
On February 8, Morgan and Lichtenstein were arrested and charged with conspiring to launder Bitcoin tied to the 2016 Bitfinex hack. The Department of Justice seized $3.6 billion worth of the flagship cryptocurrency.
The seizure, according to Deputy Attorney General Lisa O. Monaco, represented the DOJ’s "largest financial seizure ever," which showed that "cryptocurrency is not a safe haven for criminals."
According to the criminal complaint that accompanied both parties’ arrests, the funds seized by law enforcement remain “secured in the U.S. Government’s possession.”
So how did the DOJ do it?
In this instance, the seizure was relatively straightforward. Lichtenstein stored his crypto keys—essentially access codes to cryptocurrency wallets—on the cloud. Once search warrants were obtained, law enforcement officers were able to access a file that contained 2,000 virtual currency addresses and the corresponding private keys.
“I think the entire case was cracked primarily because of poor infosec on behalf of the alleged criminals,” computer programmer and crypto critic Stephen Diehl recently told Decrypt.
$435 million
U.K. police have seized millions in cryptocurrency—just last week the Greater Manchester Police returned over $5 million to victims of an international scam, after recovering a USB stick that contained almost $10 million in stolen Ethereum.
An additional $12.7 million was found in what was described as a “cryptograph safety deposit box.”
Per numerous freedom of information requests, British police have seized a total of $435 million in illicit Bitcoin as of January 2022.
While that may sound high, the U.K. and U.S. have different rules when it comes to such seizures. According to the U.K.'s Proceeds of Crime Act, cryptocurrency is classified as property, not cash, which means law enforcement must wait until a suspect is convicted before recovering crypto. If it were considered cash, it could be seized simply on suspicion of it being linked to criminal activity.
On other occasions, governments simply can't access cryptocurrency they're pursuing—for example, if those funds exist in non-custodial crypto wallets where no third party can be targeted—and in such cases simply freeze the funds instead.
Crypto-Related Crime Hit Record $14B in 2021—But Shrank by Volume: Chainalysis
Crime involving cryptocurrencies surged to a new high of $14 billion in 2021, according to blockchain analytics firm Chainalysis in its annual Crypto Crime report released on Thursday. This is an increase of 79% in value from the $7.8 billion figure from 2020, mostly thanks to the surge in crypto prices in 2021. But this activity represented just 0.15% of the total of $15.8 trillion in crypto transaction volumes recorded over the course of the year—the lowest percentage ever. For comparison, the...
Canada's convoy
On February 15, the Canadian government invoked the Emergencies Act with the intention of restricting the flow of funds to truck drivers—collectively dubbed the “Freedom Convoy”—from protesting the nation's COVID-19 policy.
This allowed the government to freeze bank accounts without a court order. The government also issued a Mareva injunction, which came on February 17 as part of a wider lawsuit against the protestors.
This, according to Paul Champ, a lawyer for the residents of Ottawa (the plaintiffs), is the “first successful Mareva order in Canada targeting Bitcoin and cryptocurrency exchanges.”
Cryptocurrency 'Not Inherently Criminal': U.S. Secret Service
The U.S. Secret Service has announced the launch of a cryptocurrency awareness hub, an online educational platform developed to aid the agency in its efforts to combat the illicit use of virtual assets. In an announcement released last Friday, the U.S. Secret Service said that the new initiative seeks “to provide public awareness information on digital asset security,” as the agency intends to “continue to expand its capabilities, collaboration, and effectiveness related to all financial crimes...
As part of the order, convoy protestors are restrained from selling, removing, dissipating, alienating, or transferring any assets, including crypto, that have been raised directly to support the protests. An additional 150 crypto wallets have been targeted by the injunction.
Those hit by the injunction now have to provide a “sworn statement” that describes the nature, location, and value of their holdings—or risk being found to be in contempt of court.
Of course, these developments should be seen in the broader context of hosted vs. unhosted wallets, or custodial vs. non-custodial wallets.
The CEOs of Coinbase and Kraken each have commented on the convoy protests, arguing for the importance of unhosted, or non-custodial, wallets.
Far-Right Activists Raise Millions in Bitcoin, Monero: AP
Far-right activists are raising millions of dollars worth of cryptocurrency, according to an Associated Press (AP) investigation. One of the chief beneficiaries of cryptocurrency donations is Andrew Anglin, founder of the neo-Nazi website The Daily Stormer. “The Daily Stormer website advocates for the purity of the white race, posts hate-filled, conspiratorial screeds against Blacks, Jews and women and has helped inspire at least three racially motivated murders. It has also made its founder,...
Not only has this raised the ire of Canadian regulators, it's highlighted an important nuance in any discussion about how governments can seize cryptocurrency.
"The problem with an unhosted wallet is, what is your pain point?" Amanda Wick, former chief of legal affairs at Chainalysis, told The Associated Press. “The only thing we have is civil contempt or criminal conviction. If someone is willing to sit in jail and the money is theirs on the other side because no one can access it, that’s a problem.”
