Governments seized stolen Bitcoin and Ethereum. How? ‘Or’ What?

Governments seized stolen Bitcoin and Ethereum.  How? 'Or' What?

Illicit, sanctioned or stolen cryptocurrency is making headlines, with The Bitfinex-related charges against Heather Morgan and her husband, Ilya Lichtenstein, and the anti-vaccine protests in Canada are two recent examples.

But with so many Bitcoin proponents describing the flagship cryptocurrency as a “resistance currency” – a form of currency that cannot be censored by governments or law enforcement – ​​it asks the question: how is ill-gotten bitcoin actually recovered?

The short answer is that there really isn’t a short answer. There is no simple strategy or process that governments can use, and most evidence so far suggests that governments respond on a case-by-case basis.

“Because cryptocurrency has become a critical component of cybercrime today, particularly when it comes to ransomware, the US government has recently focused on finding ways to recover illicit funds from digital wallets. . A good example of this is the FBI’s announcement of the launch of the Virtual Assets Exploration Unit last week,” said Crane Hassold, former FBI analyst and current director of threat intelligence at Abnormal Security. Decrypt.

Crane added that the precise methods of the U.S. government’s recovery of those funds have not been disclosed and that he “would not expect the U.S. government to make these tactics public.”

So what can we determine from recent examples in the public domain?

Bitfinex and the DOJ

The most recent – ​​and arguably the most high-profile – example of a government grabbing Bitcoin occurred last month in the United States.

On February 8, Morgan and Lichtenstein have been arrested and charged with conspiracy to launder Bitcoin linked to the 2016 Bitfinex hack. The Department of Justice has seized $3.6 billion worth of the flagship cryptocurrency.

The seizure, according to Deputy Attorney General Lisa O. Monaco, represented the “largest financial seizure ever by the DOJ,” which showed that “cryptocurrency is not a safe haven for criminals.”

According to the criminal complaint that accompanied both parties’ arrests, the funds seized by law enforcement remain “in the possession of the US government.”

So how did the DOJ do it?

In this case, the entry was relatively simple. Lichtenstein stored its cryptographic keys – basically access codes to cryptocurrency wallets – on the cloud. Once search warrants have been obtained, law enforcement officers Could access a folder which contained 2,000 virtual currency addresses and the corresponding private keys.

“I think the whole thing was hacked primarily because of poor computer security on behalf of the suspected criminals,” computer programmer and cryptography critic Stephen Diehl recently said. Decrypt.

$435 million

British police seized millions of cryptocurrencies last week Greater Manchester Police returned over $5 million to the victims of an international scam, after recovering a USB key containing nearly $10 million in stolen Ethereum.

An additional $12.7 million was found in what was described as a “crypto vault”.

By numerous access to information requestsBritish police seized a total of $435 million in illicit Bitcoin in January 2022.

Although this may seem high, the UK and the US have different rules when it comes to such seizures. Under the UK Proceeds of Crime Act, cryptocurrency is classified as property, not money, which means law enforcement must wait until a suspect is found guilty before recovering the crypto. If it were considered cash, it could be seized simply because it is suspected of being linked to criminal activity.

On other occasions, governments simply cannot access the cryptocurrency they seek – for example, if those funds exist in non-custodial crypto wallets where no third party can be targeted – and in such cases simply freeze the funds instead.

Canada’s convoy

On February 15, the Canadian government invoked the Emergencies Act with the intention of restricting the flow of funds to truckers – collectively dubbed the “freedom convoy” – protesting the country’s COVID-19 policy.

This allowed the government to freeze bank accounts without a court order. The government has also issued a Mareva injunctionwhich came on February 17 as part of a larger lawsuit against the protesters.

This is, according to Paul Champ, an attorney for Ottawa residents (the plaintiffs), the “first successful Mareva order in Canada targeting Bitcoin and cryptocurrency exchanges.”

As part of the order, convoy protesters are barred from selling, withdrawing, dissipating, disposing of, or transferring any assets, including crypto, that have been collected directly to support the protests. An additional 150 crypto wallets were targeted by the injunction.

Those subject to the injunction must now provide an “affidavit” outlining the nature, location and value of their assets or risk being found in contempt of court.

Of course, these developments must be seen in the broader context hosted vs non-hosted wallets, or custodial vs non-custodial wallets.

The CEOs of Coinbase and Kraken each commented on the convoy protests, arguing the importance of non-hosted or non-custodial wallets.

Not only has this raised the ire of Canadian regulators, but it has highlighted an important nuance in any discussion of how governments can seize cryptocurrency.

“The problem with an unhosted wallet is, what’s your problem?” Amanda Wick, former chief legal officer at Chainalysis, told the Associated Press. “The only thing we have is civil contempt or a criminal conviction. If someone is willing to stay in jail and the money belongs to them on the other side because no one has access to it, that’s a problem.

The best of Decrypt straight to your inbox.

Get the best stories curated daily, weekly roundups and deep dives straight to your inbox.