Blockchain detectives: Mt. Gox collapse saw birth of Chainalysis

From solving Mt. Gox to tracing crypto used by child abuse syndicates in Korea, Chainalysis has a long but sometimes controversial history.

Its been more than a decade since 850,000 BTC went missing from Mt. Gox, yet the collapse of the former exchange remains one of the most infamous black swan events of the cryptocurrency ecosystem.

While creditors of the defunct exchange are edging closer to some form of restitution, Mt. Goxs demise ended up playing an important role in the development of tools to identify, track and tackle the illicit movements of funds through the wider cryptocurrency industry.

The search for answers and funds played a key role in the birth of cryptos best-known blockchain analytics and tracing firm, Chainalysis, explains co-founder Michael Gronager.

Close to a decade later, Chainalysis analytics tools are being used by myriad private and public enterprises and institutions. From data analytics to pure law enforcement use cases, the firms services continue to prove influential and sometimes controversial across the industry.

Kraken the Mt Gox case

Gronager is a crypto OG, having previously co-founded cryptocurrency exchange Kraken. He got involved in blockchain analysis after Kraken went looking for a steady banking partner and met a wall of wariness over the lack of visibility in the cryptocurrency ecosystem along with KYC and money laundering concerns.

These conversations with the banks, they all end in the same way. How do you do transaction monitoring? How do you track the funds you receive from someone that you are onboarding online? Gronager tells Magazine.

The collapse of Mt. Gox around the same time presented another unique challenge for Gronager, who was tasked with figuring out what happened to the funds that Kraken and some of its clients had in the defunct exchange.

As explored in the book Tracers in the Dark, Gronager developed the tools that would lay the foundation for Chainalysis, with the nascent firm eventually appointed as the investigative team by Mt. Goxs bankruptcy trustee in 2014. From there, Gronager and his team wasted no time putting the proverbial bits together to trace the missing funds.

Jonathan Levin, the second of three Chainalysis co-founders, also spoke with Magazine at the companys Links conference in the Netherlands earlier this year. The Oxford economics masters graduate highlights the investigation as the starting point of Chainalysis wider service.

We were given the Mt. Gox investigation, which was the largest bankruptcy case in crypto history, and that really was about following the money. If its all on the blockchain, how is it that no one can find it? And so, you know, we worked it out and cracked that case.

Two Russian nationals would eventually be indicted in June 2023 by the United States Justice Department for allegedly hacking and laundering some 647,000 BTC from Mt. Gox. The Internal Revenue Service Criminal Investigations unit, which makes use of Chainalysis tools, is assisting in ongoing investigations.

Helping trace the movements of Bitcoin held by Mt. Gox proved that Chainalyis had the tools to solve complex cryptocurrency movements. Gronager also realized this was a service the worlds top crime-fighting institutions were crying out for.

I realized in conversation with other people from the industry that worked with law enforcement that they had no clue. They didnt know how to solve these things.

The customer base grew rapidly after onboarding both private and public sector users, including exchanges and law enforcement agencies. As of September 2023, Chainalysis has 1,200 customers from the private sector and over 250 from public sector institutions.

Read also
Features

Here’s how Ethereums ZK-rollups can become interoperable

Features

Bitcoin in Senegal: Why is this African country using BTC?

The go-to service for law enforcement 

Chainalysis has become the go-to tracing solution for some of the best-known law enforcement organizations worldwide and has helped the IRS seize an estimated $10 billion worth of cryptocurrency related to criminal investigations. IRS Criminal Investigations (IRS-CI) Chief Jim Lee says the tools it offers are invaluable to trace cryptocurrency and interrogate data in myriad settings, from blockchains to darknet marketplaces.

Think about all the data that I have working for the IRS. It may not be the most, but its the richest. Now I can take all this other data we have and then match it up against the records that I have. I mean, its just incredibly powerful, but it takes time, energy and money. 

Lee was also at the Links conference, participating in open and closed-door conversations with various governmental agencies and businesses in Amsterdam.

Gronager was reluctant to single out a stand-out investigation made possible with Chainalysis blockchain analytics, considering that its services have helped solve a litany of high-profile cases from tracing cryptocurrencies that help bust child abuse material syndicates in South Korea to using its tools to help solve headline-grabbing Twitter hacks in 2020 that led to close to $1 million being stolen.

The story of Chainalysis

In that high-profile case, Chainalysis tools helped investigators link a Bitcoin scam being promulgated by various hacked Twitter accounts to three perpetrators accused of orchestrating the scheme. The mastermind of the scheme is a juvenile whose identity has not yet been revealed.

12 days after, the case was solved, and thats again showing that you can actually do things really, really fast by following the funds in crypto.

Another highlight was assisting in the recovery of $30 million of the $650-million Axie Infinity hack in 2022, which Gronager believes made a statement to North Korean-linked hackers that crypto-related thefts might not be the cash cow they once were.

A visual representation of Chainalysis Reactor being used to help trace funds following the $650 million Axie Infinity Ronin bridge hack
A visual representation of the Chainalysis Reactor being used to help trace funds following the $650-million Axie Infinity Ronin Bridge hack. (Chainalysis)

Controversy over Bitcoin Fog case

The ability to tie cryptocurrency wallets or funds to a specific person is hugely valuable in criminal investigations.

But the firm is not without its detractors, with critics suggesting that reliance on heuristics or assumptions about unidentifiable wallets can lead to inaccurate tracing and unlawful arrests.

Could a man like Sterlingov who loves his cat be a Bitcoin Mixer? Well find out in court
Could a man like Sterlingov, who loves his cat, be a Bitcoin mixer? Well find out in court. (torekeland.com)

A sizable contingent of Bitcoiners online has argued that this is the case in a legal battle involving the U.S. government and Roman Sterlingov, 35, who stands accused of operating Bitcoin mixer Bitcoin Fog. 

Chainalysis tools were used to identify Sterlingov as the alleged orchestrator of the infamous and now defunct cryptocurrency mixer that the Justice Department claims moved over 1.2 million BTC worth $335 million over a decade.

Detractors argue that the DOJs case made certain assumptions about wallets and credentials allegedly linked to the early Bitcoin adopter and the eventual registration of the Bitcoin Fog domain that was tied to Sterlingov.

Sterlingov attorney Tor Ekeland claims the firms Reactor software is unscientific and unreliable, and flawed assumptions have falsely implicated Sterlingov. He argues that Chainalysis cant identify its error rate. This is junk science that doesnt belong in a federal court, Ekeland told a Sept. 7 court hearing.

Elizabeth Bisbee, head of investigations at Chainalysis Government Solutions, reportedly told the court she was unaware of any peer reviewed scientific papers attesting to the accuracy of Chainalysis Reactor.

The courts will ultimately decide whether there is enough reasonable doubt about Chainalysis methods in the case to convict. Chainalysis would not be drawn in our interviews to comment on any ongoing investigations or cases.

Read also
Features

Experts want to give AI human souls so they dont kill us all

Features

Saving the planet could be blockchains killer app

Investigations 90% focused on public blockchains

Despite the controversy, Chainalysis has a lot of happy customers and has played a big role in the recovery of hacked funds. Erin Plante, VP of investigations at Chainalysis, manages a growing team of more than 120 investigators across 11 countries.

Plante, who has a wealth of experience working in cybercrime and financial investigation as a U.S. government contractor, says that 90% of their investigators are tasked with probes into incidents involving public blockchains like Bitcoin and Ethereum. 

The Ronin Bridge investigation was a primary driver for the creation of her team, highlighting the importance of allocating human capital to trace funds in the immediate aftermath of a major hack.

Getting in early and tracing funds early is so important and getting law enforcement involved early is how youre most able to have successful recoveries.

There has also been an evolution in the theme of investigations, with Plante recalling a plethora of darknet investigations around 2019 demanding a lot of their attention. Investigative efforts are now more focused on cybercrimes involving ransomware, national security threats from entities associated with North Korea and sanctions screening of entities involved in Russias invasion of Ukraine.

A key talking point in the conversations in Amsterdam was the inherent traceability of blockchain-based cryptocurrencies despite the advent of token mixing protocols, such as sanctioned Tornado Cash.

Plante notes that it is fairly straightforward to trace stolen funds through cross-chain bridges, with criminals typically converting tokens to ETH and then BTC, which is sent to mixers in an effort to obfuscate funds.

She says that mixers require significant amounts of liquidity to properly obfuscate funds, which has predominantly left Bitcoin mixers as the main option for criminals to launder money.

Chainalysis has a dedicated data intelligence team using specific tools to identify mixers using an algorithm that clusters wallets that are associated with the mixer service. An example of the algorithm at work was helping cluster some 50,000 addresses that were linked to the now sanctioned Sinbad mixer.

An excerpt from a Chainalyis report highlighting the emergence of Sinbad and its use by North Korean hackers
An excerpt from a Chainalyis report highlighting the emergence of Sinbad and its use by North Korean hackers. (Chainalysis)

Between December 2022 and January 2023, North Korea-linked hackers sent 1,429 BTC worth $24.2 million to the mixer.

Plante reveals that Chainalysis had its clustering algorithm independently confirmed by a separate, covert FBI investigation that had been making use of dusting to trace how funds were being obfuscated by Chipmixer, another service that is widely believed to be the direct predecessor of Sinbad and its funds. Chipmixer was shut down in March 2023 over allegations that it had facilitated $3 billion in money laundering.

We didnt know the FBI was doing that, but it was picked up in our clustering, which verified the cluster. That verification, thats very cool. That one will probably go to court, which is why we dont talk about it.

Leave a Reply

Your email address will not be published. Required fields are marked *

Please enter CoinGecko Free Api Key to get this plugin works.