Cryptocurrency Cybercrime Challenge: Curbing Illicit UseWhat's Ahead as Investigators Battle Criminal Usage - via Ari Redbord of TRM Labs Mathew J. Schwartz (euroinfosec) • December 31, 2021
The U.S. government and international partners are continuing to target the illicit use of cryptocurrency - aka crypto - by pursuing "cryptocurrency businesses that do not have the compliance controls in place necessary to mitigate the risks of illicit activity," says Ari Redbord, head of legal and government affairs at TRM Labs.
Recent examples include the Treasury Department targeting cryptocurrency exchanges Suex and Chatex, while law enforcement authorities continue to arrest individuals accused of providing bitcoin tumbling or mixing services for money laundering purposes.
"This is not a crypto problem," Redbord says. "Crypto is just a payment mechanism. But we have to stop bad actors from abusing this new financial system."
In a video interview with Information Security Media Group, Redbord also discusses:
- How cryptocurrency is being used as a criminal payment method - and what the government and law enforcement agencies are doing to mitigate the risk;
- The ability of investigators to "follow the money" when tracing criminal transactions;
- What the future holds for criminal usage, sanctions and investigations.
Redbord is the head of legal and government affairs at blockchain intelligence company TRM Labs. Prior to joining TRM, he was senior adviser to the deputy secretary and the undersecretary for terrorism and financial intelligence at the Department of the Treasury.
Mathew Schwartz: How do we mitigate the illicit use of cryptocurrency or crypto, not least when it comes to cybercrime? Hi, I'm Mathew Schwartz with Information Security Media Group. And to help me talk crypto, I am joined by Ari Redbord, the head of legal and government affairs at TRM Labs, and also a special contributor to Information Security Media Group. Ari, great to have you in our studio today.
Ari Redbord: Mathew, thank you so much for having me. I really appreciate it. It's great to be on.
Mathew Schwartz: So crypto or cryptocurrency, whatever your preference is, is being used as a payment method across the board for both a number of licit as well as illicit practices. Now, on the latter front, we've seen the U.S. Treasury recently use sanctions against cryptocurrency exchanges for facilitating ransomware and other types of cybercrime. What is going on?
Ari Redbord: It's a great question. And really, you know, it's part of a much broader effort by really the U.S. government, but also working with partners across the globe, to really mitigate the risk of ransomware and really other illicit activity and cryptocurrency and I think there's is acknowledgement that this is not a cryptocurrency problem, per se. It's a cyber problem. And I think really, the vast majority of the focus in the space has been on how do we work with the private sector to harden cyber defenses? How can we avoid this from happening in the first place, but I think sort of as a very proactive piece of this larger effort?
The U.S. Treasury, specifically the Office of Foreign Asset Control, which is OFAC, has been using sanctions, which for some time has really been sort of a major weapon that we have in our foreign policy or a national security toolbox to go after actors in the cryptocurrency space that that are facilitating ransomware payments. And two recent examples is one is called Suex. And the other is called Chatex. And they are both have presence in in Russia, and are both really, cryptocurrency exchanges are cryptocurrency businesses that do not have the compliance controls in place necessary to mitigate the risks of illicit activity. And what I thought was terrific about the both of these actions is it targeted, really in a scalpel-esque kind of way, right? A very specific actor, again, a non-compliant exchange, rather than going after the technology or the sort of broader overwhelmingly licit crypto ecosystem.
So, just sort of backing up for a minute to kind of give you a little bit of feel of what happened here. So Suex, for example, is what they call a nested exchange. And what a nested exchange is, is it is sits on the infrastructure of a larger compliant exchange, and basically uses that infrastructure for speed and liquidity and to move and to move funds. Huge. And when it is done without the knowledge or consent of the larger exchange, what we what we call that entity is a parasite VASP and a VASP is a virtual asset service provider, in FADIS-speak, which is the sort of global regulatory body.
And so really, what Treasury was doing here was going after these very specific illicit actors, these parasite VASPs that are feeding off of compliant exchanges, to facilitate, you know, illicit activity. And, yeah, I think what we're going to see is we're gonna see a lot more of these types of actions, very, very targeted, going after these types of parasite VASPs going after other sort of parts of the illicit crypto economy, such as darknet mixing services, you know, there are these mixers that essentially live on the on the dark web. For example, DOJ recently indicted entities and individuals in two cases, one called Helix, which involved a darknet mixer, where the administrator of Helix recently pled guilty to money laundering, conspiracy, and another called Bitcoin Fog, very, very similar charges. But again, very targeted, going after very specific illicit activity within the broader crypto ecosystem.
So I think we're gonna see a lot more of that out of Treasury. And the deputy secretary has been speaking a lot on this issue. And I think he's made it very clear that there are specific areas we're going after, but again, also made very clear, this is not a crypto problem. Crypto is just a payment mechanism. But we have to stop bad actors from abusing this new financial system.
Mathew Schwartz: Ari, talk to me a little bit about your role at TRM and what has also shaped your view of the crypto landscape and also regulatory efforts to shape how it's being - not used, but how to help avoid this type of abuse that we've been talking about.
Ari Redbord: I really appreciate it. Just briefly, TRM is a blockchain intelligence company. We work with law enforcement, we work with regulators, we work with financial institutions, and cryptocurrency businesses to mitigate risk of illicit activity fraud and financial crime in crypto. So you can use TRM as a tracing tool as a forensics tool to trace the flow of funds. For example, if there is a ransomware payment made, we're able to trace, in most instances, the flow of those funds, ultimately to an exchange where the bad actor will be trying to off ramp those funds into fiat currency. And then we work with a large financial institutions, banks and cryptocurrency exchanges, to make sure they're monitoring their transactions. They're screening wallets that touch their ecosystems in order to make sure that those wallets those entity are not touching entities or activity involving fraud or financial crime.
So we're keeping crypto safe, we're really building that trust layer for this new for this new economy. And yes, prior to joining TRM, and maybe part of why I'm so passionate about sort of what Treasury's doing is I spent about two years at the Treasury Department as a senior adviser to the undersecretary for terrorism and financial intelligence, which is a mouthful and only a title you could have in the government. But essentially, the role was sort of working to oversee OFAC and FinCEN and really the national security apparatus within the U.S. Treasury Department. And prior to that I was a federal prosecutor for about 11 years, again, still focused in this world of illicit finance, stopping bad guys from money laundering, terrorist financing, sanctions, working on sanctions, criminal prosecutions. So obviously, these areas are have always been a passion for me has really always been my mission. And the great thing about TRM is, I still get to be on a mission to build a safer financial system, but in the private sector at a at a really cool startup. It's been it's been a huge adventure.
Mathew Schwartz: Excellent. So when we're talking in cryptocurrency, and I mean, you mentioned terrorism, anti-money laundering, financial intelligence. Often with these kinds of cases we hear "follow the money." And with Bitcoin there is this specter that it might be difficult, really difficult to follow the money and then Monero - privacy-preserving cryptocurrency - might be even more difficult to follow the money. Talk me through a little bit about how you can trace these sorts of cryptocurrency flows. Presumably, this is what's being done in numerous investigations. And also, what are some of the limits right now that we're seeing? And is there any way around them, do you think, in the near term?
Ari Redbord: Great questions. And really, you know, look, to some extent, it comes down to sort of what we used to call whack-a-mole at the U.S. Attorney's Office, right. As our technology becomes more and more sophisticated, we have tools like TRM, that that are really next generation. Bad actors develop other techniques. You mentioned privacy coins, like Monero. I talked about mixers a moment ago. It is this sort of cat and mouse game where they develop obfuscation techniques. And our technology needs to meet that moment. So it's interesting.
In terms of how, and the sort of limitations? What we do at TRM is, the extraordinary thing about crypto is that it's an open ledger. So you are able to see transactions take place in real time. There are very sort of simple block explorers that you can download and use on online. But what we do at TRM is we use sophisticated analytics to pair threat intelligence with those alphanumeric cryptocurrency addresses to understand sort of the risk of fraud and financial crime. And we are able to use our tool to trace and track the flow of funds and associate those wallet addresses or entities with fraud and financial crime. Again, sort of a tracing tool for government and a transaction monitoring tool in many respects for financial institutions.
It's interesting - like you mentioned, terrorist financing, and we talked about a little bit about ransomware. I mean, we really have moved to a digital battlefield. You know, I was a prosecutor for many years, and it was always in that kind of post-9/11 moment, we were laser focused on international terrorism and acts of terrorism on U.S. soil potentially being carried out. And I think sort of Colonial Pipeline, which was the ransomware attack, that really that that shutdown critical infrastructure up and down the East Coast of the United States in May of this year was really the kind of watershed of alright, things are shifting.
And even before Colonial Pipeline, we saw terrorist financing and Bitcoin, we saw cyberattacks from North Korea against cryptocurrency exchanges. So I think what we're seeing more and more is the use of blockchain analytics and these types of tools in order to thwart sort of attacks, or at least trace and track and understand these attacks in this new national security moment that we have found ourselves in. And, and I think the tools will continue to get better, and so will the obfuscation techniques, and will and will sort of go from there in terms of the limitations, the limitations of blockchain analytics, like TRM, is the fact that we live and move on the blockchain.
We lose visibility at the on ramps and off ramps into fiat. And that's essentially when great investigators need to sort of, you know, maybe put that tool away. Blockchain analytics - like TRM - is really one tool of a larger toolbox that great investigators have and then go ahead and do the off chain investigations that you know, places like the FBI and HSI and IRS-CI and Europol and you know, FCA have done for years all over the world.
But in terms of a limitation, yeah, it's the fact that we are a blockchain analytics tool, we follow the flow of funds on the blockchain, but when they leave the blockchain, we lose visibility. Then that's really sort of when great investigators do their thing. But I will say that really, the extraordinary thing about crypto … is we have never had more visibility than we have at this moment on financial flows, because of the nature of this open ledger. And because of tools like TRM. And I'm not entirely sure that will always be the case. You mentioned things like Monero, .and they're talking about sort of all kinds of other privacy-enhancing capabilities on other chains or on other assets. And we'll see. But I will say that I think it's wrong in this moment to talk about crypto as being anonymous, untraceable, un-trackable; it's really quite the opposite. And I think that's something we all need to sort of do better in terms of educating regulators, policymakers in the space.
Mathew Schwartz: I love it when someone gets arrested and investigators get their hands on a whole bunch of new wallet addresses they didn't have and it feeds the intelligence machine. And you hear about cases that might be a couple years old suddenly getting reawakened with this new information because new connections have come out.
Ari Redbord: You're absolutely right. I love it when that happens. Israeli authorities this summer listed a myriad addresses associated with Hamas. You see OFAC add crypto addresses to the sanctions list all the time. And, yeah, it's really helpful. I mean, we obviously take those addresses right into our tool, make sure our clients and customers have access to that information. And it's really extraordinary.
I think what we're going to start to see is that like people talk about cryptocurrency crime, there's no cryptocurrency crime. Cryptocurrency is a form of payment that is used in the commission of many crimes. I think that really the key is so you know, when you talk about the crimes that are committed using cryptocurrency, you could be talking about human trafficking or child exploitation, you could be talking about terrorist financing, or ransomware. And I think it's just so important that any agent or investigator who's on one of these squads, attending any of these cases, narcotics, knows how to use these tools and has the training to do these types of investigations. Because we're at the very early stages. I say pre-first inning in terms of where we are in terms of the crypto space, how bad actors are going to use it, how the illicit, big crypto economy is ultimately going to look.
You and I were talking earlier, you were talking about things changing every day. And they really are and it's an extraordinary moment. And we believe at TRM that anti-money laundering is going to be foundational infrastructure to really help this whole thing work because regulators and policymakers need to trust the system. And we're trying to build that trust layer.
Mathew Schwartz: Like you said, we don't know exactly what the landscape is gonna look like. I know with cybercrime, we keep seeing new players, presumably the younger generation coming in. I mean, you mentioned the Helix bitcoin mixer. That person who pleaded guilty had the unfortunate circumstance of living in Ohio where probably wasn't too difficult for prosecutors to get to, once they identified him. But as we look forward, the constant reappearance of new kinds of players in the cybercrime space is probably a given. But so too is U.S. Treasury, for example, moving to try to force all exchanges to practice know your customer, anti-money laundering regulations. What does the landscape start to look like as this pressure gets brought to bear in terms of criminal usage and further sanctions, further investigations and that sort of thing?
Ari Redbord: Great question. You know, it's interesting I, I made this huge mistake, I have a friend who's at FinCEN, which is the Financial Crimes Enforcement Network. It's really sort of the financial intelligence unit within the U.S. government. And I think I was on a panel recently, and he was in the audience. And I talked about unregulated exchanges. And I got a series of text messages saying that there's no such thing as an unregulated exchange. Okay, they might be non-compliant with regulations, but we regulate all of them: anyone that touches the U.S. system. And I think that's right.
So to your question, all exchanges right now, most exchanges right now, are regulated in one way or another sort. What FADIS calls a vast or a virtual asset service provider, or what FinCEN calls a money service business, are required to have robust compliance controls in place, they sort of in a risk-based compliance program. So they should have policies and procedures, leadership training, they should have blockchain analytics tools like TRM, in order to monitor transactions. And I would say that sort of the overwhelming majority of large exchanges, the ones that we sort of know about have compliance teams sourced from private sector, from public sector, from law enforcement, from regulators, those are the Coinbases, the FINEXes, the FTXes of the world.
Where things break down is are these sort of Suexes of the world, the Chatexes, these sort of non-compliant exchanges, all over the world that maybe don't have those compliance controls in place. I think one thing that's really always concerned FADIS, in particular, is the sort of jurisdictional arbitrage that can occur when you have sort of different jurisdictions that have different rules, regulations and legal frameworks for crypto. So I did a "TRM Talks" recently, where I sat down with the chairs of the Virtual Assets Contact Group for FATF, who wrote this very recent guidance, talking about a lot of the issues we're talking about today. And what they said is, look, our work is only beginning now. Because now what we're going to do is we're going to go around the world with this guidance, and we're going to ensure that global regulators are applying this guidance to the VASPs, to the money service businesses that they regulate. I think we're gonna see that process sort of play out over time, you already see sort of travel rule implementation and, you know, talking about new technology, like DeFi and NFTs, so it's all coming.
But look, I mean, I think in any economic system, you're always going to have vulnerabilities. And this is not new to crypto, right? Really, these sort of these nested exchanges, these parasite vast these non-compliant crypto exchanges are sort of their crypto walls, right? They're these sort of money service businesses that live in the shadows of a larger financial, regulated compliant financial system. And I think that's going to be a real challenge. But it's really no different than the challenge that we've always had in fiat.
And just to sort of close the loop on something you said, which I think is right, and that is, look, the U.S. is going to continue to use like all the tools that is always used and including extraterritorial jurisdiction. So if you're not Larry Harmon from Helix and you don't live in Ohio, but you're the administrator of Bitcoin Fog, and you happen to and you live in Eastern Europe, but you happen to transit through LAX. They're going to grab you should you have transit through LAX? Probably not. But I think that will, we'll continue to use a lot of those sort of law enforcement tools that we that we've used for a long time, but I think it's also the hope with really working very closely with foreign partners to ensure that there isn't jurisdictional arbitrage and everyone has a lot of these compliance controls in place.
Mathew Schwartz: It's fascinating stuff. Everything continues to change so quickly. So thank you very much for giving us an update as of right now on the state of crypto.
Ari Redbord: Let's talk about everything. Yeah. Awesome. Thanks so much for having me.
Mathew Schwartz: Thank you so much, Arie, I've been speaking with Ari Redbord, head of legal and government affairs at TRM labs. I'm Mathew Schwartz with Information Security Media Group. Thanks for joining us.