The Blockchain Detective - Taking on elite cybercriminals & owning them
Richard Sanders is a co-founder and lead investigator at CipherBlade, an elite blockchain investigation agency that works closely with top crypto exchanges, blockchain protocols, and the FBI. The agency uses a potent mix of on-chain and off-chain analytics and investigative techniques to track the most sophisticated cybercriminals on the planet. Guest:
Richard Sanders Why you should listen:
Richard Sanders and his team at CipherBlade are the 911 that the blockchain industry calls for cryptocurrency scam and hack investigations. Richard says “We'd prefer it if people came to us before they get hacked, rather than after they get hacked. We provide security audits for exchanges and high net worth individuals and can provide extensive training for companies and individuals.”
Blockchain investigators use a variety of tools that allow them to visualize the blockchain. A block explorer does something similar, the difference with professional tools is they take those visualizations to the next level and significantly increases the information and attribution that can be analyzed.
Richard says he is also adept at off-chain investigative skills. “Social engineering is a good example of this. I pretended to be a female gamer on Discord and that helped me identify one of the Ian Balina scammers. At the end of the day, the blockchain is the best source of data, if you can follow a set of transactions to a KYCed account on an exchange, that is the best place to start. There are some elements on the psyops side that can come into play. For example, you might look at indicators of behavior. If a person of interest has a history of speeding tickets and gambling, then those would be red flags, just as an example.” Key takeaway:
Richard describes himself as a Realistic-Libertarian-Contrarian-Cyborg. Despite his intensive military background and strong working relationship with the FBI, Rich is also a cryptocurrency advocate, a staunch supporter of Monero, and a passionate believer in privacy.
Richard says “I love the idea of privacy by default. As a realist, I understand that there will be an increase in diligence on people using crypto platforms and if you're making deposits you'll need to explain your source of funds. Monero has never tried to advertise using Monero for nefarious purposes. They don't need to. Privacy is a strong enough use case for adoption in and of itself. The question is, how do we have privacy by default but in the interests of public safety? We need to have this conversation as an industry so we can figure this out before governments are forced to do it for us.”
The range of scammers and bad actors in the blockchain ecosystem runs the full gamut from the lowest to the highest basket of sophistication. The least sophisticated is Twitter and Telegram impersonation scammers, often based out of Nigeria. Many of these scammers don’t use VPNs, they don't always use mixers and sometimes they use direct deposit addresses for exchanges. At the other end of the scale, you have Lazarus, a very sophisticated hacking group out of North Korea that uses sophisticated mixing and crypto hopping techniques.
What scammers have in common is they play on human greed, stupidity, and laziness.
Richard says a significant portion of the industry is in it for the money. “There's a meme that says I'm in it for the technology but come on. It's fine to want to make money, but it gives people an unrealistic impression that crypto is a way to get rich quick and this makes them more vulnerable to these scams where people promise high returns.”
It’s not just scammers that are having a negative effect on the industry. When considering the broader topic of crypto exchanges - think about what the perception is of our industry is from the outside. Exchanges get hacked left and right, scams abound, and there is a lax level of KYC and AML. Critics of crypto like to say that Bitcoin is only used for illegal activity, and while in the industry we know that is not true, it doesn't help to combat that narrative when exchanges get hacked and don't do enough to stop engaging with transactions from bad actors. In less than half an hour, Richard was able to identify several OKEx deposit addresses that received deposits from addresses associated with darknet markets. Any exchange with a simple compliance tool would pick these transactions up.
Compliance professionals at compliant exchanges have access to know your transaction (KYT) tools. These tools show sending and receiving exposures, and break these down by category. If a transaction comes from a darknet market, the tool will identify this. These tools are not expensive for an exchange, they are usually charged by volume, so they are affordable for exchanges but out of the reach of individuals. Supporting links:
Richard on Twitter
Andy on Twitter
Brave New Coin on Twitter
Brave New Coin
If you enjoyed the show please subscribe to the Crypto Conversation and give us a 5-star rating and a positive review in whatever podcast app you are using.