An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions

An Investigator’s Guide to
Blockchain, Bitcoin and Wallet
Transactions
Simon Padgett, Sheldon Bennett, Timothy Eller, DMG Blockchain

Sheldon Bennet, Chief Operating
Officer, Director, DMG Blockchain
Simon Padgett, Forensics,
DMG Blockchain
Timothy Eller, Data Science,
DMG Blockchain

Contents
• What is the blockchain?
• What is Bitcoin?
• How does Bitcoin work/move?
• New Tech / New Problems - a whole lot of criminal opportunity
• Forensics

What is the blockchain?
Some kind of database?

What is the Blockchain ?
“The blockchain is an incorruptible digital
ledger of economic transactions that can
be programmed to record not just
financial transactions but virtually
everything of value.”
Don & Alex Tapscott, authors Blockchain
Revolution (2016)

How Does Blockchain Work?
Picture a spreadsheet that is duplicated thousands of times across a network of
computers. Then imagine that this network is designed to regularly update this
spreadsheet and you have a basic understanding of the blockchain.
Information held on a blockchain exists as a shared — and continually
reconciled — database.
This is a way of using the network that has obvious benefits. The blockchain
database isn’t stored in any single location, meaning the records it keeps are
truly public and easily verifiable. No centralized version of this information
exists for a hacker to corrupt. Hosted by millions of computers simultaneously,
its data is accessible to anyone on the internet.
https://dmgblockchain.com/videos/

What is Bitcoin?
The first mass use of blockchain

Bitcoin is….
• Bitcoin is a worldwide cryptocurrency and digital payment system called the first
decentralized digital currency, as the system works without a central repository or single
administrator.
• It was invented by an unknown person or group of people under the name Satoshi
Nakamoto and released as open-source software in 2009.
• The system is peer-to-peer, and transactions take place between users directly, without
an intermediary.
• These transactions are verified by network nodes and recorded in a public distributed
ledger called a blockchain.
• Bitcoins are created as a reward for a process known as mining. They can be exchanged
for other currencies, products, and services.
• Newly minted Bitcoin go into a Wallet. From these wallets coins start to be distributed.

Now that we know what Bitcoin is
Let’s recap what it has done
since its beginning

Since Genesis
2017 CONFERENCE SLIDE

The Bitcoin Rollercoaster 2009
to 2018

An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions

Movement
How wallets and transactions work

Movement: How does this stuff
move from place to place?
Bob wants to pay Alice 4 Bitcoin so he creates a transaction and broadcasts it
on the network
Transaction
AfterBefore
From Amount To Amount
Bob 4.0 Alice 4.0
Value transfer
Bob Alice
5.0 2.0
Bob Alice
1.0 6.0

Movement: How does this stuff
move from place to place?
After
User Example of Sending /Receiving a Bitcoin

A whole lot of criminal opportunity
New Tech - New Problems

Investment continues – Blockchain Venture Cap.

Cryptocurrency scams to be aware of
But note:
•A blockchain in itself is secure.
•It is the external human influence that we have to watch.

1. Fraudulent ICOs
•Fabricate a fake ICO, create marketing hype and persuade people to
buy.
•Seen as a quick and innovative way to kickstart a company.
•Ethereum has become the breeding ground for these fraudulent ICOs.
•It is the ignorance of new investors who dream of huge gains in a matter
of days by holding worthless ICO tokens.

1. Fraudulent ICOs
Indicators of fraudulent ICOs or Token Sales:
•Copied whitepaper
•Anonymous team
•Unusual hurry in execution
•Mismatch of words
•Ignoring hard questions
•No strong reasons for the token issue
•No roadmap
•Unknown team (management, lawyers, bankers, etc.)
•Jurisdictions that have little to no investor protection rights

1. Fraudulent ICOs
Here are a few examples of fraudulent ICOs:
•Confido disappeared with investor’s $375,000.
•Benebit disappeared with investor’s $ 2.7 million.
•Centra Token scammed $32 million

2. Shady Exchanges
•The second most common form of scam that you will come across would
be a ‘shady exchange’, sprung up overnight. Once you trust them and
deposit your coins there, you have no way to get them back if the
intentions are fraudulent.
•Also, some exchanges that start well can also eventually run away with
your money any time because they fail to scale and innovate to stay
competitive in the market.
•As well shady exchanges are targets for hackers as they generally have
weak security due to little investment.

2. Shady Exchanges
Some of these platforms as reported by Bitcoin.com are:
01crypto, Btc-cap, Capital-coins, Coinquick, Cryptavenir, Crypto-banque,
Crypto-infos, Cryptos.solutions, Cryptos-currency, Ether-invest,
Eurocryptopro, Finance-mag, Gme-crypto, Gmtcrypto, Good-crypto,
Mycrypto24, Nettocrypto, Patrimoinecrypto, and Ydconsultant.

BREAKING NEWS
MapleChange Loses 913 Bitcoin ($6M) In “Hack,”
Deletes Twitter Page And Shutters Website
On Sunday morning, a lesser-known crypto exchange,
revealed that it had apparently fallen victim to a hack,
resulting in a loss of consumer-owned funds. The platform
in question, MapleChange, which is reportedly Canadian
(as its name implies), took to Twitter to explain that “due
to a bug,” an unnamed group of individuals managed to
withdraw funds, adding that it is conducting a “thorough
investigation” and will be unable to make refunds.”

3. Fake Wallets
•With the launch of Bitcoin, many fake crypto wallet programs have also
been launched.
•That’s why it is a big NO-NO to pick any wallet randomly because there
are chances that it will be fraudulent and you may end up losing your
money.
•Though these wallets may promise you control of your funds, never trust
them without proper due-diligence.

4. Pyramid or Ponzi
Schemes

4. Pyramid or Ponzi Schemes
•This form of scam is easiest to spot but people still fall for it.
•If you find a crypto project that actively encourages the recruitment
of new investors to maximize your profits, it is probably a Ponzi
scheme. This system works on the model of scamming the one who
enters the system later.
•Also, schemes that promise absurd returns are likely to be Ponzi
schemes

4. Pyramid or Ponzi Schemes
Does it promise regular returns that exceed average market
returns?
Chances are, it's a Ponzi
Does it focus more on recruiting new people than any product?
Chances are, it's a pyramid scheme

MYBTGWALLET
Nov 16, 2017, 10:37 AM
to me
Hi Sheldon,
The website is called mybtgwallet and was officially endorsed by BTG team both on their website and via
twitter.
They took my BTC and ETH in the following fraudulent transactions, but seemed to have left LTC [which I
promptly removed from my wallet]:
-0.22545683 Bitcoin
https://live.blockcypher.com/btc/tx/0cf2fc7495b437e225d612076628a0c4778e693428f1618e775e98e9349
2b1a5/
-0.23755015 Bitcoin
https://live.blockcypher.com/btc/tx/9c2f96a9ba55d534999df089ef1c8317f284584594a37e2effe06d7e2893
2501/
-12.30182882 Ethereum
https://etherscan.io/tx/0xf98d4a048c0e5833b548ec44753622963d903f155b74b4943fd9c64afb95c3a3
It's affected over 100 people. Hopefully your guy can catch these bastards.

6. Pump & Dump Schemes and Groups
•Pump & Dump groups are not something new in
the traditional market and are also common in the crypto market.
•You will find many crypto groups with thousands of members. These groups
are the tools to manipulate the prices of coins that have low market caps.
•In this way, people who act fast or first get the advantage and the people
who are a bit late suffer from the plummeting prices in just a matter of
minutes.
•There are several tools available in the market to monitor the volume
increase in a particular crypto which helps in identifying such schemes.

7. Impersonators
•The most sophisticated form of scam.
•In this type of crypto scam, scammers make fake Twitter and Facebook
account to impersonate the actual legit project or the person behind it.
•You will find many impersonators on Twitter acting like Vatalik Buterin or
major coin CEO’s who make announcements which are never true.
•Also, scammers have started acting as crypto exchange support staff to
scam people of their crypto funds.

BITMAIN SCAM
Dear
Limited time offer for registered users!
We are proud and happy to announce Antminer S11-1 Presale!
Also, as we promised, coupon will be activated for each Antminer S11-1 purchased.
Shipping date estimated:
First 1000 Antminers S11-1 purchased will be shipped on June 20-28.
Second 10000 Antminers S11-1 purchased will be shipped on July 18-26.
Public sale of Antminer S11- starts on 31 August with 2600$ price, while we offer you to reserve
your Antminer S11-1 for best price now.
Don’t miss opportunity to get your Antminer S11-1 first!
Presale expiry date is 06:59:59, 12th, June, 2018 (Beijing time, GMT+8).
Please find additional information about our offer in PDF file attached.
Customer details
Thank you for choosing Bitmain.
Best Regards,
The Bitmain team

BITMAIN SCAM
just got another email right now i just removed my data but its 100% correct phone address everything
Second Round! Limited Time Offer – Antminer S11-1
Dear XXX
Limited time offer for registered users!
We are proud and happy to announce Antminer S11-1 Presale!
Also, as we promised, coupon will be activated for each Antminer S11-1 purchased.
Shipping date estimated:
First 1000 Antminers S11-1 purchased will be shipped on June 20-28.
Second 10000 Antminers S11-1 purchased will be shipped on July 18-26.
Public sale of Antminer S11- starts on 31 August with 2600$ price, while we offer you to reserve your Antminer
S11-1 for best price now.
Don’t miss opportunity to get your Antminer S11-1 first!
Presale expiry date is 06:59:59, 12th, June, 2018 (Beijing time, GMT+8).
Please find additional information about our offer in PDF file attached.
Customer details
Thank you for choosing Bitmain.

Conclusion
•Scams in any industry are not a new thing and crypto being a decentralized
and open source concept can be one of the easiest to manipulate.
•The only way to not get scammed is to trust legit sources of information, as
well as self-education of investors through trusted sources.
DMG Forensic Services can reduce the risk for you or can assist
with recovery by using its Blockseer and WalletScore software to
provide assurance and information surrounding wallet and crypto
movements.

Heists, Thefts, Hacks………….
Let’s look at some:

Coincheck exchange hacked -
$534 Million stolen
The
Biggest
Hack in the
History of
Cryptocurrency

A short history of cryptocurrency theft
• 1: July 4th, 2017: Bithumb hacked and 1.2 billion South Korean Won stolen.
• 2: July 17th, 2017: CoinDash hacked and $7 million in Ethereum stolen.
• 3: July 24th, 2017: Veritaseum hacked and $8.4 million in Ethereum stolen.
• 4: July 20, 2017: Parity Technologies hacked and $32 Million in Ethereum
stolen.
• 5: August 22nd, 2017, Enigma marketplace hacked and $500,000 in Ethereum
stolen.
• 6: November 19th, Tether hacked and $30 million worth of tokens stolen.
• 7: December 7, 2017: NiceHash hacked and $70 million stolen.
• 8: December 21, 2017: EtherDelta hacked and $266,789 in Ethereum stolen.

Blockseer Product Suite in action:
●Coincheck NEM Theft
●MyBTGWallet Scam
Forensics

Blockseer Product Suite -Blockseer
Blockseer
Walletscore

Recent Blockseer Investigations
2018-01-26
2018-09-14

NHK featured Blockseer in NEM
investigation
https://www.dailymotion.com/video/x6jei5n

Let's retrace the NEM investigation,
starting with this address…

Enter 12dn… at blockseer.com

Let's see where this address sends money

12dn… holds only a
small value, but it
leads to a jackpot!
12dn....
15,000 BTC

If we did not have Blockseer's "clustering"
feature…

Where did all that money come from?
Tried to hide tracks
追跡から逃れるための取引き
15,000 BTC still here 　 15,000 BTC は、いまだこれらのウォレットに滞留

Let's investigate this transaction
on Blockseer...
Nov 16, 2017, 10:37 AM
to me
Hi Sheldon,
The website is called mybtgwallet and was officially endorsed by BTG team both on their website and via
twitter.
They took my BTC and ETH in the following fraudulent transactions, but seemed to have left LTC [which I
promptly removed from my wallet]:
-0.22545683 Bitcoin
https://live.blockcypher.com/btc/tx/0cf2fc7495b437e225d612076628a0c4778e693428f1618e775e98e9349
2b1a5/
-0.23755015 Bitcoin
https://live.blockcypher.com/btc/tx/9c2f96a9ba55d534999df089ef1c8317f284584594a37e2effe06d7e2893
2501/
-12.30182882 Ethereum
https://etherscan.io/tx/0xf98d4a048c0e5833b548ec44753622963d903f155b74b4943fd9c64afb95c3a3
It's affected over 100 people. Hopefully your guy can catch these bastards.

$$$$$$
Kraken exchange!
Thief's address

Let's check out the thief's address at
Walletscore...
Walletscore gauges a wallet's history of enabling criminal activity.
The goal:
•Create a mapping from all wallets to some measure of risk.
Three steps:
1.Labeling
2.Clustering
3.Scoring

●MyBTGWallet Scam
Forensics
Labeling

●MyBTGWallet Scam
Forensics
Clustering
•Common inputs
•Coinjoin heuristics
•Change address heuristics
•Manually determined
•Wallet topologies
•Transaction patterns

Thank-you for participating
Sheldon Bennett
sheldon@dmgblockchain.com
Simon Padgett
simon@dmgblockchain.com
Timothy Eller
time@dmgblockchain.com
DMG Blockchain Solutions Inc.
Suite 490 – 1090 Homer Street
Vancouver B.C. V6B 2W9 info
@dmgblockchain.com
Direct: 778-868-6470
Toll Free: 1-888-702-0258
TSX.V:DMGI
DMGBlockchain.com
j.gerard@i-sight.com
Find more free webinars:
http://www.i-sight.com/resources/webinars
@isightsoftware

An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions

More Related Content

What's hot (20)

Similar to An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions (20)

More from Case IQ (20)

Recently uploaded (20)

An Investigator’s Guide to Blockchain, Bitcoin and Wallet Transactions