The complex art of digital asset tracing

In the recent judgment in D’Aloia v. Persons Unknown & Others, the English High Court rejected a claim filed by a victim of a crypto scam against Bitkub, the exchange in which the alleged fraudsters were said to have held their accounts. The claimant failed to sufficiently prove that the USDT tokens (a USD-pegged stablecoin), that ended up at Bitkub, originated from the fraud perpetrated against him. This decision is particularly noteworthy as the court made extensive reference to the methodology for tracing crypto assets and blockchain analysis.

There are five key insights and best practices to learn from that case when seeking to prepare forensic and tracing reports on crypto-assets for law enforcement and court proceedings.

Ensuring expert clarity

The quality of the expert report will impact the judicial outcome.The Court in this case was critical of the expert evidence from both parties, calling it "not especially helpful" (legal speak for poor!), but was particularly disproving of the claimant, D’Aloia’s expert, labeling his evidence as “chaotic and, ultimately, contradictory.” Investigative reports must be clear and linguistically accessible, particularly for circumstances in which the judge, not unreasonably, may have insufficiently detailed expertise in cryptography. An overly complex or technical report can weaken a case even if the facts are sound.

Defining key terms and concepts should be upfront at the start, in order to provide a high-level overview of the analysis in issue. Blockchain technology and crypto-assets are still relatively new, with specialized terminology and mechanisms that can often be unintuitive. Furthermore, there are significant differences among various crypto-assets and their supporting blockchains, with thousands of distinct types in existence.

After establishing this foundation, the report should present aggregated evidence, such as a graph showing clusters of addresses and aggregated transactions. Once this broad picture is clear, the report can then focus on more specific details, zooming in on particular transactions and providing deeper explanations of individual asset flows.

Outline tracing methods

When addressing the complexities of tracing cryptocurrency, two key considerations arise:

• Whether the focus is on tracing the perpetrator or the specific coins.
• Which tracing method is most appropriate for the situation.

Most blockchains serve as public, immutable ledgers, making the movement of crypto-assets directly visible (data is on-chain). To avoid detection, criminals use techniques to obfuscate transactions and asset flows. However, methods like clustering, tracing gas fees, and analyzing transactions timings can significantly increase the likelihood of identifying the same individual, or group, orchestrating these transfers.

Despite blockchain transparency, ownership of assets may change “off-chain”, such as when sold for cash or deposited with a money mule. For example, funds deposited into a mixer typically change ownership, and further tracing of specific coins/tokens without advanced de-mixing techniques will likely point to a third party, not the original perpetrator.

Tracing methods vary based on the investigation’s goal. A skilled investigator begins by defining the target. For law enforcement seeking to catch criminals, the focus is on identifying the perpetrator. By analyzing transaction patterns, like repeated transfers between addresses, investigators may uncover key links using the “poison method,” where funds interacting with tainted assets are treated as contaminated.

Conversely, private investigators hired to trace stolen funds prioritize following the asset flow on a transaction-by-transaction basis. Even if funds eventually pass to a money mule, exchanging them into other type of assets at a centralized service like a crypto-exchange, the goal still remains to trace and freeze the stolen assets. For example, if Address A transacts US$1 million with Address B in many transactions over three months, the investigator will focus on the specific transfer from the victim’s wallet to Address A, aiming to track the victim’s funds to Address B (thus focusing only on the specific transfer of victim’s funds to B and not all transactions between A and B).

The issue with that approach is this: suppose that $50,000 USDT from a specific victim was sent to Address A, where it was mixed with $500,000 USDT coming from ten other victims. Address A subsequently transfers $65,000 USDT to Address B. Whose funds are these? It is not immediately clear. This is why all transactions in the round need assessing.

Determining the digital asset

The type of digital asset to be traced needs setting out. In principle blockchains can be divided into two groups: those based on the UTXO model and those that are ‘account’ based.

In the UTXO (Unspent Transaction Output) model, each transaction is analogous to cash transactions, where unspent transaction outputs represent individual coins that can be spent separately. When a user initiates a transaction, they select specific UTXOs from their wallet, akin to choosing individual notes from a stash of cash. Each UTXO has a defined value and can only be spent in its entirety; if a user wants to send a portion of it, they must create a new UTXO for the change, much like receiving change from a cash transaction. All UTXO transactions are publicly visible on the blockchain (on-chain) and allow for analysis. Bitcoin (BTC) is the most popular blockchain using the UTXO model.

In contrast, the account-based model functions similarly to a bank account, where balances are tracked and updated in real-time as transactions occur, enabling users to view their available wallet balance and perform transfers seamlessly. Ethereum (ETH) and crypto-assets issued on it (like the USDT) employ the account-based model.

Choosing the right tracing method

The chosen method used to trace assets requires critical thinking and explanation.

As the D’Aloia v. Persons Unknown & Others judgment put it:“Are the first in first out (FIFO), pari passu distribution and rolling charge methods (...) the only approaches open to a party as a matter of law? In my view (...) other methods (...) are available to a party seeking to trace assets, at least in the context of claims arising out of fraud.”

Given the similarities to traditional financial accounts, the following established methods (among others) can be employed to trace assets on account-based blockchains:

• First In First Out (FIFO): Assets are sent out in the order they were received, with both tainted and untainted funds exiting in sequence.
• Last In First Out (LIFO): The most recently received assets are the first to be sent, regardless of their taint status.
• Pro Rata Distribution: Also called the "Haircut" method, assets are distributed based on their tainted/untainted ratio, with proportions applied to all transactions.
• Pro Rata by Blocks: Similar to the "Haircut" method but applied within specific blockchain blocks, maintaining proportional taint distribution.
• Taint Last: Untainted assets are used first in transactions before tainted ones.

As the judge said of the defendant’s expert evidence: “Mr Moore’s report purported to rely on, and only on, FIFO. There was some argument by the Claimant that Mr Moore had not used ‘strict FIFO’ but had instead used ‘customer FIFO’. That simply added to the confusion. (...) In fact, it was apparent that Mr Moore was not using FIFO from a relatively early stage (...)”

Switching tracing methods can be appropriate in certain cases. For example, if funds are traced through five hops using FIFO but at hop six are moved via a bridge service from Ethereum blockchain to Tron blockchain, continuing with FIFO would be illogical. Instead, identifying the corresponding withdrawal on Tron makes sense. However, any method change must be clearly explained and justified in the report.

As the D’Aloia judgment noted: “That suggests that Mr Moore has other methodologies; nothing is said about how he selects between them, yet (...) expert (is required) to say what they are and to give reasons for his opinion.”

When an expert claims to use a specific method, they must either adhere to it or explain any deviations. In D'Aloia, the expert made arbitrary adjustments to FIFO, such as ignoring transactions under $1,000 and prioritizing larger transactions over those next in time. These deviations caused the judge to question the expert’s impartiality, raising concerns that the tracing favored the client’s assets over those of other victims.

Choosing the right analytical tools

There are many blockchain analysis tools available on the market, which typically visualize transaction data and enhance it with off-chain data, like attributing a given address to a specific cryptocurrency exchange. However, different tools may use varying visualization methods, leading to different results when tracing crypto-assets through complex laundering schemes.

The judgment said: “As I have noted, TRM Labs' approach produces a significantly different figure to that produced using Crystal Blockchain, so it is not clear how two different approaches are both likely to reflect the approach of those behind td-finan.”

Ownership attribution can also vary - one tool might link an address to one crypto exchange, while another attributes it to another. Therefore, an expert must critically assess these differences, which often requires manual investigation and operating on raw blockchain data.

It went on to say: “Mr Moore's stated position was that FIFO was not workable, or at least would be "incredibly time-consuming and difficult to complete accurately (…) There is, we understand, no commercial tracing software that applies a strict FIFO approach.“

The reality is that no single tool is perfect, nor can it miraculously solve every case; the choice depends on the investigation's goals. Importantly, tool limitations cannot excuse improper method use, as seen in D’Aloia.

The overall lesson for anyone litigatingto assist a victim of digital theft, or simply to demonstrate purposeful dissemination of digital assets, is not to come unstuck through want of effective and robust tracing analysis.