It’s been more than a decade since 850,000 BTC went missing from Mt. Gox, yet the collapse of the former exchange remains one of the most infamous black swan events of the cryptocurrency ecosystem.

While creditors of the defunct exchange are edging closer to some form of restitution, Mt. Gox’s demise ended up playing an important role in the development of tools to identify, track and tackle the illicit movements of funds through the wider cryptocurrency industry.

The search for answers and funds played a key role in the birth of crypto’s best-known blockchain analytics and tracing firm, Chainalysis, explains co-founder Michael Gronager.

Close to a decade later, Chainalysis’ analytics tools are being used by myriad private and public enterprises and institutions. From data analytics to pure law enforcement use cases, the firm’s services continue to prove influential — and sometimes controversial — across the industry.

Kraken the Mt Gox case

Gronager is a crypto OG, having previously co-founded cryptocurrency exchange Kraken. He got involved in blockchain analysis after Kraken went looking for a steady banking partner and met a wall of wariness over the lack of visibility in the cryptocurrency ecosystem along with KYC and money laundering concerns.

“These conversations with the banks, they all end in the same way. How do you do transaction monitoring? How do you track the funds you receive from someone that you are onboarding online?” Gronager tells Magazine.

The collapse of Mt. Gox around the same time presented another unique challenge for Gronager, who was tasked with figuring out what happened to the funds that Kraken and some of its clients had in the defunct exchange.

As explored in the book Tracers in the Dark, Gronager developed the tools that would lay the foundation for Chainalysis, with the nascent firm eventually appointed as the investigative team by Mt. Gox’s bankruptcy trustee in 2014. From there, Gronager and his team wasted no time putting the proverbial bits together to trace the missing funds.

Jonathan Levin, the second of three Chainalysis co-founders, also spoke with Magazine at the company’s Links’ conference in the Netherlands earlier this year. The Oxford economics masters graduate highlights the investigation as the starting point of Chainalysis’ wider service.

“We were given the Mt. Gox investigation, which was the largest bankruptcy case in crypto history, and that really was about following the money. If it’s all on the blockchain, how is it that no one can find it? And so, you know, we worked it out and cracked that case.”

Two Russian nationals would eventually be indicted in June 2023 by the United States Justice Department for allegedly hacking and laundering some 647,000 BTC from Mt. Gox. The Internal Revenue Service Criminal Investigations unit, which makes use of Chainalysis’ tools, is assisting in ongoing investigations.

Helping trace the movements of Bitcoin held by Mt. Gox proved that Chainalyis had the tools to solve complex cryptocurrency movements. Gronager also realized this was a service the world’s top crime-fighting institutions were crying out for.

“I realized in conversation with other people from the industry that worked with law enforcement that they had no clue. They didn’t know how to solve these things.”

The customer base grew rapidly after onboarding both private and public sector users, including exchanges and law enforcement agencies. As of September 2023, Chainalysis has 1,200 customers from the private sector and over 250 from public sector institutions.

The go-to service for law enforcement 

Chainalysis has become the go-to tracing solution for some of the best-known law enforcement organizations worldwide and has helped the IRS seize an estimated $10 billion worth of cryptocurrency related to criminal investigations. IRS Criminal Investigations (IRS-CI) Chief Jim Lee says the tools it offers are invaluable to trace cryptocurrency and interrogate data in myriad settings, from blockchains to darknet marketplaces.

“Think about all the data that I have working for the IRS. It may not be the most, but it’s the richest. Now I can take all this other data we have and then match it up against the records that I have. I mean, it’s just incredibly powerful, but it takes time, energy and money.” 

Lee was also at the Links conference, participating in open and closed-door conversations with various governmental agencies and businesses in Amsterdam.

Gronager was reluctant to single out a stand-out investigation made possible with Chainalysis’ blockchain analytics, considering that its services have helped solve a litany of high-profile cases — from tracing cryptocurrencies that help bust child abuse material syndicates in South Korea to using its tools to help solve headline-grabbing Twitter hacks in 2020 that led to close to $1 million being stolen.

In that high-profile case, Chainalysis tools helped investigators link a Bitcoin scam being promulgated by various hacked Twitter accounts to three perpetrators accused of orchestrating the scheme. The mastermind of the scheme is a juvenile whose identity has not yet been revealed.

“12 days after, the case was solved, and that’s again showing that you can actually do things really, really fast by following the funds in crypto.”

Another highlight was assisting in the recovery of $30 million of the $650-million Axie Infinity hack in 2022, which Gronager believes made a statement to North Korean-linked hackers that crypto-related thefts might not be the cash cow they once were.

Controversy over Bitcoin Fog case

The ability to tie cryptocurrency wallets or funds to a specific person is hugely valuable in criminal investigations.

But the firm is not without its detractors, with critics suggesting that reliance on heuristics or assumptions about unidentifiable wallets can lead to inaccurate tracing and unlawful arrests.

A sizable contingent of Bitcoiners online has argued that this is the case in a legal battle involving the U.S. government and Roman Sterlingov, 35, who stands accused of operating Bitcoin mixer Bitcoin Fog. 

Chainalysis’ tools were used to identify Sterlingov as the alleged orchestrator of the infamous and now defunct cryptocurrency mixer that the Justice Department claims moved over 1.2 million BTC worth $335 million over a decade.

Detractors argue that the DOJ’s case made certain assumptions about wallets and credentials allegedly linked to the early Bitcoin adopter and the eventual registration of the Bitcoin Fog domain that was tied to Sterlingov.

Sterlingov attorney Tor Ekeland claims the firm’s Reactor software is unscientific and unreliable, and flawed assumptions have falsely implicated Sterlingov. He argues that Chainalysis can’t identify its error rate. “This is junk science that doesn’t belong in a federal court,” Ekeland told a Sept. 7 court hearing.

Elizabeth Bisbee, head of investigations at Chainalysis Government Solutions, reportedly told the court she was unaware of any peer reviewed scientific papers attesting to the accuracy of Chainalysis Reactor.

The courts will ultimately decide whether there is enough reasonable doubt about Chainalysis’ methods in the case to convict. Chainalysis would not be drawn in our interviews to comment on any ongoing investigations or cases.

Investigations 90% focused on public blockchains

Despite the controversy, Chainalysis has a lot of happy customers and has played a big role in the recovery of hacked funds. Erin Plante, VP of investigations at Chainalysis, manages a growing team of more than 120 investigators across 11 countries.

Plante, who has a wealth of experience working in cybercrime and financial investigation as a U.S. government contractor, says that 90% of their investigators are tasked with probes into incidents involving public blockchains like Bitcoin and Ethereum. 

The Ronin Bridge investigation was a primary driver for the creation of her team, highlighting the importance of allocating human capital to trace funds in the immediate aftermath of a major hack.

“Getting in early and tracing funds early is so important and getting law enforcement involved early is how you’re most able to have successful recoveries.”

There has also been an evolution in the theme of investigations, with Plante recalling a plethora of darknet investigations around 2019 demanding a lot of their attention. Investigative efforts are now more focused on cybercrimes involving ransomware, national security threats from entities associated with North Korea and sanctions screening of entities involved in Russia’s invasion of Ukraine.

A key talking point in the conversations in Amsterdam was the inherent traceability of blockchain-based cryptocurrencies despite the advent of token mixing protocols, such as sanctioned Tornado Cash.

Plante notes that it is fairly straightforward to trace stolen funds through cross-chain bridges, with criminals typically converting tokens to ETH and then BTC, which is sent to mixers in an effort to obfuscate funds.

She says that mixers require significant amounts of liquidity to properly obfuscate funds, which has predominantly left Bitcoin mixers as the main option for criminals to launder money.

Chainalysis has a dedicated data intelligence team using specific tools to identify mixers using an algorithm that clusters wallets that are associated with the mixer service. An example of the algorithm at work was helping cluster some 50,000 addresses that were linked to the now sanctioned Sinbad mixer.

Between December 2022 and January 2023, North Korea-linked hackers sent 1,429 BTC worth $24.2 million to the mixer.

Plante reveals that Chainalysis had its clustering algorithm independently confirmed by a separate, covert FBI investigation that had been making use of dusting to trace how funds were being obfuscated by Chipmixer, another service that is widely believed to be the direct predecessor of Sinbad and its funds. Chipmixer was shut down in March 2023 over allegations that it had facilitated $3 billion in money laundering.

“We didn’t know the FBI was doing that, but it was picked up in our clustering, which verified the cluster. That verification, that’s very cool. That one will probably go to court, which is why we don’t talk about it.”

Subscribe

The most engaging reads in blockchain. Delivered once a
week.

Gareth Jenkinson

Gareth is a journalist and radio presenter based in Durban, South Africa. When he’s not talking about sport on the airwaves – he’s got his eye on the cryptocurrency market.