-
Increasing the Efficiency of Cryptoasset Investigations by Connecting the Cases
Authors:
Bernhard Haslhofer,
Christiane Hanslbauer,
Michael Fröwis,
Thomas Goger
Abstract:
Law enforcement agencies are confronted with a rapidly growing number of cryptoasset-related cases, often redundantly investigating the same cases without mutual knowledge or shared insights. In this paper, we explore the hypothesis that recognizing and acting upon connections between these cases can significantly streamline investigative processes. Through an analysis of a dataset comprising 34 c…
▽ More
Law enforcement agencies are confronted with a rapidly growing number of cryptoasset-related cases, often redundantly investigating the same cases without mutual knowledge or shared insights. In this paper, we explore the hypothesis that recognizing and acting upon connections between these cases can significantly streamline investigative processes. Through an analysis of a dataset comprising 34 cyberfraud and 1793 sextortion spam cases, we discovered that 41% of the cyberfraud and 96.9% of the sextortion spam incidents can be interconnected. We introduce a straightforward yet effective tool, which is integrated into a broader cryptoasset forensics workflow and allows investigators to highlight and share case connections. Our research unequivocally demonstrates that recognizing case connections can lead to remarkable efficiencies, especially when extended across crime areas, international borders, and jurisdictions.
△ Less
Submitted 14 November, 2023;
originally announced November 2023.
-
The Operational Cost of Ethereum Airdrops
Authors:
Michael Fröwis,
Rainer Böhme
Abstract:
Efficient transfers to many recipients present a host of issues on Ethereum. First, accounts are identified by long and incompressible constants. Second, these constants have to be stored and communicated for each payment. Third, the standard interface for token transfers does not support lists of recipients, adding repeated communication to the overhead. Since Ethereum charges resource usage, eve…
▽ More
Efficient transfers to many recipients present a host of issues on Ethereum. First, accounts are identified by long and incompressible constants. Second, these constants have to be stored and communicated for each payment. Third, the standard interface for token transfers does not support lists of recipients, adding repeated communication to the overhead. Since Ethereum charges resource usage, even small optimizations translate to cost savings. Airdrops, a popular marketing tool used to boost coin uptake, present a relevant example for the value of optimizing bulk transfers. Therefore, we review technical solutions for airdrops of Ethereum-based tokens, discuss features and prerequisites, and compare the operational costs by simulating 35 scenarios. We find that cost savings of factor two are possible, but require specific provisions in the smart contract implementing the token system. Pull-based approaches, which use on-chain interaction with the recipients, promise moderate savings for the distributor while imposing a disproportional cost on each recipient. Total costs are broadly linear in the number of recipients independent of the technical approach. We publish the code of the simulation framework for reproducibility, to support future airdrop decisions, and to benchmark innovative bulk payment solutions.
△ Less
Submitted 29 July, 2019;
originally announced July 2019.
-
Safeguarding the Evidential Value of Forensic Cryptocurrency Investigations
Authors:
Michael Fröwis,
Thilo Gottschalk,
Bernhard Haslhofer,
Christian Rückert,
Paulina Pesch
Abstract:
Analyzing cryptocurrency payment flows has become a key forensic method in law enforcement and is nowadays used to investigate a wide spectrum of criminal activities. However, despite its widespread adoption, the evidential value of obtained findings in court is still largely unclear. In this paper, we focus on the key ingredients of modern cryptocurrency analytics techniques, which are clustering…
▽ More
Analyzing cryptocurrency payment flows has become a key forensic method in law enforcement and is nowadays used to investigate a wide spectrum of criminal activities. However, despite its widespread adoption, the evidential value of obtained findings in court is still largely unclear. In this paper, we focus on the key ingredients of modern cryptocurrency analytics techniques, which are clustering heuristics and attribution tags. We identify internationally accepted standards and rules for substantiating suspicions and providing evidence in court and project them onto current cryptocurrency forensics practices. By providing an empirical analysis of CoinJoin transactions, we illustrate possible sources of misinterpretation in algorithmic clustering heuristics. Eventually, we derive a set of legal key requirements and translate them into a technical data sharing framework that fosters compliance with existing legal and technical standards in the realm of cryptocurrency forensics. Integrating the proposed framework in modern cryptocurrency analytics tools could allow more efficient and effective investigations, while safeguarding the evidential value of the analysis and the fundamental rights of affected persons.
△ Less
Submitted 2 August, 2021; v1 submitted 28 June, 2019;
originally announced June 2019.
-
Detecting Token Systems on Ethereum
Authors:
Michael Fröwis,
Andreas Fuchs,
Rainer Böhme
Abstract:
We propose and compare two approaches to identify smart contracts as token systems by analyzing their public bytecode. The first approach symbolically executes the code in order to detect token systems by their characteristic behavior of updating internal accounts. The second approach serves as a comparison base and exploits the common interface of ERC-20, the most popular token standard. We prese…
▽ More
We propose and compare two approaches to identify smart contracts as token systems by analyzing their public bytecode. The first approach symbolically executes the code in order to detect token systems by their characteristic behavior of updating internal accounts. The second approach serves as a comparison base and exploits the common interface of ERC-20, the most popular token standard. We present quantitative results for the Ethereum blockchain, and validate the effectiveness of both approaches using a set of curated token systems as ground truth. We observe 100% recall for the second approach. Recall rates of 89% (with well explainable missed detections) indicate that the first approach may also be able to identify "hidden" or undocumented token systems that intentionally do not implement the standard. One possible application of the proposed methods is to facilitate regulator' tasks of monitoring and policing the use of token systems and their underlying platforms.
△ Less
Submitted 28 November, 2018;
originally announced November 2018.