In January 2019, Hamas, a U.S.-blacklisted Palestinian organization, reportedly posted a request on an encrypted communications platform for overseas supporters to donate bitcoins to a single digital wallet that the group had opened with Coinbase.
More than a year later, federal prosecutors in Washington, D.C., announced that they had seized control of 150 digital wallet accounts tied to Hamas, a development that appeared to show that the group had adapted to less traceable methods of moving cryptocurrency.
Bill Capra, a special agent with Homeland Security Investigations who took part in the investigation, said during a Sep. 28 panel at the ACAMS AML & Financial Crime Conference in Las Vegas that terrorists and criminals have already found much more complex strategies to move money.
“The case is child’s play compared to where we’re going,” Capra, now a program manager with HSI’s cyber-financial unit in Washington, D.C., said during the panel.
In a follow-up conversation the following month, Capra discussed how terrorists and criminals have already found much more complex strategies for laundering their funds with ACAMS moneylaundering.com reporter Daniel Bethencourt. They were joined by Chris Hoffmeister, a criminal intelligence analyst with HSI’s Bulk Cash Smuggling Center in Vermont.
An edited transcript of their conversation follows.
Could you talk about the role of the CyberFinancial unit within HSI?
BC: A big responsibility of my unit is to provide training to state and local law enforcement. We do case coordination with agents in the field as well as with AUSAs [assistant U.S. attorneys]. Someone in the field will reach out to my unit and provide us with what they have, then we’ll brainstorm on how to get this case from the lead to the prosecution. Our goal is to promote investigating cryptocurrency, but you have to train people. It’s not something where you take a class for two weeks, it’s always evolving. You have to be comfortable with being uncomfortable, and you’re always teaching yourself.
What are some of the high-level trends you’re seeing in the last few years, especially with dark web markets?
BC: It’s fair to say that every market has additional layers of operational security, whether they silo administrators from each other or encrypt all communications … these forums have gotten better and better with their operational security. White House Market only accepted Monero, which is a privacy coin.
[Editor’s note: White House Market became one of the dark web’s most prominent platforms for selling drugs and stolen credit card data, but the site shut down abruptly on Oct. 1.]
People have figured out that yes, we can trace Bitcoin. Money laundering used to be very linear, with bitcoins sent to address A, then B, then C, then an exit point, and then you find a person. Now you see more chain hopping, where someone has Bitcoin and can transfer the equivalent into Monero. So it’s very hard to find records. If I met face to face and provided Monero for Bitcoin, it’s hard to trace that. I could do the same thing within an exchange. I could switch it out for a different coin within an exchange, or send it to a money mule within an exchange. If you take that chain-hopping concept, do it multiple times and take it to a place with no visibility, it’s a dead-end for investigators.
You also see decentralized finance. It can be extremely hard, if not impossible, for us to figure out where those coins went. There is some visibility, but not 100 percent.
With Bitcoin we see the linear relationship and we can trace it. But what happens when crypto is ubiquitous in the economy? Maybe it doesn’t go into an exchange until 20 hops. It will be harder to make an inference as to who initiated those transactions. We see the entry and exit points but … it would be the equivalent of tracing a $20 bill. We had that luxury in the Silk Road days because not that many people were using Bitcoin. But now you hop to an exchange that’s not compliant with U.S. law, and you can see how it’s very easy to mask this.
What Chris and I are seeing on the ground level right now shows that the game has changed. For investigators, it’s infinitely harder.
Chris, what crypto-related trends are you seeing?
CH: What we have seen in recent years is like the money laundering game in a traditional sense—40-50 years ago it was just bags of cash and then criminals started evolving. We see the same thing happening with crypto. Initially the only criminals using crypto were vendors on darknet markets. But we got pretty good at tracing Bitcoin, then criminals started experimenting with mixers and tumblers, then they started chain hopping.
Almost every case I’ve come across in the past two years has involved some mix of crypto assets. We started out talking about darknet markets, but the bigger trend is that traditional crimes involve cryptocurrency. I don’t know of a Nigerian fraud scheme that uses anything but crypto. I don’t know of many elder fraud or romance fraud schemes that use anything but cryptocurrency. We see traditional money laundering organizations transferring at least part of their organizations to the crypto space.
BC: I can tell you a lot of the exchanges we see overseas have a hawala component. Now they could balance the books through crypto. It’s chain hopping. It’s the combination of old school and new school. They can just send a stablecoin to whoever they need—it probably makes the hawala system a lot more efficient. This isn’t theoretical, they’re advertising it. The volatility of those cryptocurrencies has also gone down. Once they convert to a stablecoin like Tether or Dai, they’ve stabilized the transfer of the asset. That’s why they’re so dangerous.
Does the increasing adoption of cryptocurrencies, or the recent national adoption of Bitcoin in El Salvador, change the way that you look for typologies?
CH: I don’t want to speculate on El Salvador itself, but any instance of making crypto more available will open opportunities for criminal organizations to exploit. Latin America in general is very interested in implementing blockchain in trade finance because of cost savings they provide over traditional banking and the letter of credit process. As soon as you can take crypto and turn around and pay for a container of cell phones, it becomes a TBML [trade-based money laundering] issue.
How have you seen the cryptocurrency exchanges respond to all these trends?
CH: Certainly for U.S. and U.K. exchanges—by and large those have been quite compliant and they deal well with us. Others ignore us or push back. Most have gone out of their way to hire compliance professionals who know what to look for.
People employed in traditional institutions may not be aware of the extent to which their institution is exposed to crypto. It’s incumbent upon the banks to know the players in the crypto space, so they fully understand the amount of exposure they have.
BC: In some ways compliance officers have it easier than we do, where they can just close the account. For us to prosecute someone, we have to add context to those transactions. We will use our analytical tools, but no one is going to be convicted upon data. Finding the underlying crime is why it’s so difficult to trace this. So when banks can just file a SAR and shut it down, that helps us. It does disrupt the organization from what they’re trying to accomplish. It does have an effect. But if you don’t do those extra steps, you really don’t have a case.
Contact Daniel Bethencourt at firstname.lastname@example.org
|Topics :||Anti-money laundering , Cryptocurrencies , Info. Security/Cybercrime|
|Source:||U.S.: Law Enforcement , U.S.: Department of Homeland Security|
|Document Date:||November 23, 2021|