Bitcoin was first introduced to the world in 2009 after the global economic crisis. Bitcoin developers wanted to empower individuals to initiate online transactions that are anonymous, fast, irreversible, secure, and without the involvement of a third party. Although Bitcoin was not created to condone malicious conduct, fraudsters often use cryptocurrency because of its semi-anonymous nature.

Any type of fraud that can be perpetrated with fiat currency can be done with cryptocurrency; therefore, the types of frauds are endless. This article focuses on some of the more common types of frauds that exist in the cryptocurrency world.

BACKGROUND

In order to investigate cryptocurrency frauds, one must have a basic understanding of them. The following terms are keywords that are important to understand cryptocurrency.

• Blockchain
The blockchain is a historical record of every transaction that has occurred since the inception of that cryptocurrency. Each cryptocurrency has its own blockchain. Every transaction is published publicly online in real time, so anyone can see it. In addition, the blockchain is maintained in a “decentralized” manner, meaning no central authority, such as a bank, reviews the transactions. Instead, the transactions are verified by independent parties called “miners” all over the world.

• Public Address
A public address is a string of between 26 and 90 alphanumeric characters that acts as an account number for storing cryptocurrency. The blockchain shows addresses instead of an individual’s name, allowing participants to remain semi-anonymous. An individual can have as many addresses as he wants or needs.

• Private Key
A private key is another string of alphanumeric characters that acts as the password for spending cryptocurrency. In order to spend the cryptocurrency in an address, an individual needs to use the correct private key to initiate the transaction. Many individuals have lost their private keys due to hacking or carelessness; as a result, they have permanently lost access to their cryptocurrency.

STORAGE

There are multiple options for storing private keys and public addresses. An individual can store them in a “wallet” or on an exchange.

• Paper Wallet
Private keys and public addresses can be handwritten or printed on a piece of physical paper; this is called a “paper wallet.”

• Software Wallet
A “software wallet” is a phone/computer app that generates private keys and public addresses for you.

• Hardware Wallet
A “hardware wallet” is a password-protected electronic device specifically designed to generate and store private keys.

• Exchange
“Exchanges” are third-party websites that facilitate the buying and selling of cryptocurrency. Exchanges generally control the private keys and users do not have access to them. Instead, the exchanges initiate all transactions based on user instructions, and users simply hold an account with the exchange.

COMMON TYPES OF FRAUDS INVOLVING CRYPTOCURRENCY

Tax Fraud

Tax fraud involving cryptocurrency is believed to be extremely common. Under U.S. Federal tax laws, every cryptocurrency transaction, except for the initial purchase, is taxable. The IRS has shown a lot of interest in this area and is increasing enforcement.

In 2016, the IRS subpoenaed Coinbase, the largest cryptocurrency exchange in the United States, based on a suspicion that its customers were not reporting their gains on cryptocurrency. Coinbase attempted to fight the summons, but lost; the exchange was required to hand over approximately 14,000 customer records for customers that traded over $20,000 worth of cryptocurrency between 2013 and 2015.

The IRS has also been using a program called Reactor by Chainalysis. Reactor is an investigative software for tracing the flow of funds across the blockchain.

In addition, in 2019 the IRS sent out 10,000 “educational letters” to taxpayers the IRS suspected had unreported cryptocurrency transactions. The letters urged the taxpayers to familiarize themselves with the IRS statements regarding virtual currency and consider amending their returns.

In 2019, the IRS updated Schedule 1 of Federal Form 1040 to include the question, “At any time during 2019, did you receive, sell, send, exchange, or otherwise acquire any financial interest in any virtual currency?” The draft 2020 Federal Form 1040 displays this question on the front page, subsequent to the individual’s name and preceding the list of dependents. This puts taxpayers in a position of potentially breaking the law by answering dishonestly.

If a taxpayer is selling, spending, or trading cryptocurrency, then the transaction must be reported as a capital gain or loss on Schedule D. If a taxpayer is paid in cryptocurrency (e.g., a miner), she must report the cryptocurrency receipt as ordinary income on her tax return.

Undisclosed Cryptocurrency

There are many instances where an individual may hide cryptocurrency, such as matrimonial disputes, bankruptcy disputes, and proceeds from criminal activities. If someone is hiding cryptocurrency from another, how can an investigator attempt to locate that cryptocurrency?

• Tax Returns
As stated in the previous section, an individual is required to report cryptocurrency transactions on a tax return. An investigator can review the tax return to confirm if 1) the taxpayer answered “yes” to owning cryptocurrency on Schedule 1; 2) there are any capital gains/losses from cryptocurrency on their Schedule D; and 3) any ordinary income related to receiving cryptocurrency was reported.

• Bank / Credit Card Statements
The majority of individuals who transact with cryptocurrency typically purchase it on an exchange. To buy cryptocurrency on an exchange, individuals must transfer cash from their bank accounts to the exchange before purchasing cryptocurrency. An investigator can search the bank or credit card statements for cryptocurrency-related transactions such as disbursements to exchanges or other cryptocurrency-related entities.

• Subpoenas to Exchanges
U.S.-based exchanges can often be subpoenaed for customer transactions. The most popular U.S.-based exchanges are Coinbase, GDAX, Gemini, Poloniex, Bittrex, and Kraken. Foreign exchanges can be difficult, or impossible, to subpoena, depending on the jurisdiction. As an investigator, it is best to discuss subpoenaing foreign-based exchanges with an attorney.

• Interviews, Depositions, and Discovery
Additional methods of obtaining information are interviewing individuals, deposing individuals, and requesting information through the legal discovery process. An investigator may interview or depose 1) the target of the investigation, 2) confidential informants, 3) cooperating witnesses, and 4) the business partners, associates, or spouse of the target. Although interviews gather a lot of information, depositions may be a better avenue for an investigator. Depositions are effectively an interview; however, they are taken with the deponent under oath, in the presence of a court reporter. In addition to interviews and depositions, an investigator may be able to request documents through the discovery process or gain access to the target’s premises through a search warrant.

• Forensic Expert Analysis of Electronic Devices
If and when the investigator obtains physical and legal access to the target’s electronic devices, he or she should work with a computer forensic expert to analyze the devices. The computer forensic expert can search for wallet.dat files, evidence of deleted files, web browser histories, emails, evidence of wallet software, evidence of addresses, evidence of private keys, etc.

Money Laundering

The purpose of money laundering is to take illicit gains and present them as if they were earned as a result of a profitable venture. There are many different methods an individual can use to launder money using cryptocurrency.

• Tumblers
Tumblers are fee-based services designed to disguise the origin of cryptocurrency. They are websites that the target has access to through the dark web. An individual can send them cryptocurrency; in return, the tumbler service will send back new cryptocurrency. Therefore, if an individual received “dirty” cryptocurrency from a fraudulent activity, the tumbler will send back “clean” cryptocurrency to break the link between the cryptocurrency and the criminal activity.

• Privacy coins
Privacy coins have additional built in security features that obscure the transaction history on the blockchain, creating a major obstacle for investigators.
• Prepaid debit cards and gift cards
• Cryptocurrency ATMs
• Purchase of gift cards with cryptocurrency
• Gambling websites
• Unregulated exchanges or peer-to-peer exchanges.

Phishing Scheme

A “phishing scheme” occurs when an individual sends an email containing a link that, when clicked on, downloads a virus onto the intended target computer. This virus can be a traditional computer virus that attempts to find private keys or ransomware. If an individual’s computer is infected with ransomware, the computer will be locked and encrypted, preventing the victim from using their computer or accessing her hard drive. Before cryptocurrency existed, hackers would ask the victim to send a specific amount of cash to a bank account in a country out of the reach of the U.S. government. Today, approximately 98% of ransomware attacks involve hackers who ask for cryptocurrency instead of cash.

An individual has been victimized by ransomware should:

• Contact law enforcement.
• If possible, do not pay the hackers. Try to restore the most recent backups and proceed from there.
• If a backup does not exist, consider working with consultants who have experience with ransomware. Try to correspond with the hackers with a newly created, anonymous email address. If the victim contacts the hackers using an existing email address, the hackers may obtain additional information that could be used to further extort the victim.

ICO Fraud

An Initial Coin Offering (“ICO”) is similar to an Initial Public Offering (“IPO”). It is a way of raising capital for the development of new software through crowdfunding. To attract investors, the developers create a white paper that provides detail on the project, the team involved, the goals, etc. The developers then create a cryptocurrency, called a “token” that they sell to investors for cash. The token generally provides users with the right to use that new software. Although most of these white papers are legitimate, many of them are fraudulent.

Below is a list of red flags of ICO fraud:

• Forecasts of unreasonable returns on investment
• Quickly thrown together white papers and promotional materials
• Ability to purchase coins with a credit card
• Fake or nonexistent project team members
• Celebrity endorsements
• Claims of an SEC-compliant coin
• One-time-only deals or discounts for purchases by a certain date
• Plagiarized text from other white papers.

Investors should exercise caution and be sure to thoroughly research the ICO before investing in it.

CONCLUSION

Cryptocurrency provides additional tools for fraudsters to hide assets. This makes investigating cryptocurrency difficult, posing new, unique challenges for investigators. As cryptocurrency becomes more mainstream, accountants and attorneys should be aware of the types of cryptocurrency frauds and the related red flags to better assist their clients.

Katerina Gaebel, CPA, CFE is a senior in the forensics, litigation, and valuation services department at Citrin Cooperman. She specializes in forensic investigations, cryptocurrency tracing, matrimonial disputes, shareholder disputes, economic damages and employee embezzlement cases. Ms. Gaebel obtained her Masters in Forensic Accounting from the University at Albany. She is a CPA, licensed in the state of New York, and a Certified Fraud Examiner.