Despite a persistent crypto winter and widespread misconceptions about the crypto industry, digital assets have the potential to drive positive economic impact.
At the same time, they will continue to face unique risks and threats that require direct attention from any organization engaging in the industry.
A 2022 FTI Technology study surveyed global leaders, including chief legal officers, chief technology officers and chief financial officers.[1] Of the 150 respondents, 44% said they believe blockchain technologies, cryptocurrency and digital assets are used regularly as platforms for illicit activity, and 41% of respondents said occasionally.
In parallel, 94% of those surveyed said their organization is considering blockchain and digital-asset solutions, and 78% of respondents expressed concern over various risks related to the space.
Given these perspectives, it would seem as though organizations are prepared to take dedicated action both to tap into opportunities in the blockchain ecosystem and to govern its use.
However, risk awareness does not necessarily mean risk readiness, as only 20% of respondents said they are improving security measures relating to blockchain and digital assets risks and a mere 13% of those surveyed are actively monitoring them.
In the context of security vulnerabilities, blockchain technology is susceptible. In the first quarter of 2023, there were a reported 200 incidents of stolen digital assets, leading to the loss of more than $320 million.[2] During the first half of last year, nearly $2 billion in digital assets were stolen.
The FBI's Internet Crime Complaint Center, which is the central hub for reporting cybercrime in the U.S., reported "unprecedented increases" in the number of victims and losses for crypto investment scams in 2022.[3]
Indeed, the industry is uniquely targeted, partly due to factors such as its public openness, consensus protocol vulnerabilities, high value and attractiveness to malicious actors who mistakenly believe their actions are wholly anonymous and untraceable.
There is significant foundational work that organizations in the industry can do to improve risk management, strengthen compliance controls and follow security best practices.
Taking such steps will help prevent incidents from happening in the first place, or if they do, will reduce the impact.
Yet, prevention is only part of the equation. Readiness also means knowing how to respond in the wake of a cybersecurity attack, breach or theft of digital assets, so that intrusions can be contained and losses can be minimized and later recovered.
Investigation Fundamentals
There's a persistent misunderstanding that because transactions on the blockchain are pseudo-anonymous, digital assets can vanish without a trace.
The reality, however, is that cryptocurrency and other forms of digital assets can be easier to track than traditional currencies.
In the wake of theft, digital evidence can be collected from the blockchain and affected accounts to quickly piece together key details that will help contain active attacks and recover stolen funds.
Conducting a forensic analysis of affected wallets will enable search and review of origination, destination, volume, pattern and behavior. This information helps identify assets, document their flow between accounts and trace location following an attack.
Moreover, when attribution can be assigned to various parties who interacted with the assets or the affected accounts, it helps provide an additional trail of facts to help resolve the matter.
In addition to tracking accounts, a forensic investigation of a user's device(s), such as their laptop, desktop or mobile phone, can provide critical information to support attribution and to identify advanced tactics, techniques and protocols used to steal the assets.
A forensic review can provide insight for mitigating cybersecurity risks and vulnerabilities utilized during the attack.
Organizations may also conduct internal investigations into the theft and the reasons why the thief succeeded, details that will help inform the adequacy of security measures that were in place, help assess benefits and risks of reporting the theft to law enforcement and engagement with the appropriate law enforcement agencies in the U.S. and abroad.
It's often critical for multiple resources, in addition to only law enforcement in a specific location, to be deployed across jurisdictions quickly.
Asset Recovery
Investigations serve multiple purposes: to identify and apprehend the criminal, to identify and mitigate security vulnerabilities to protect against future attacks, and to recover stolen digital assets.
On that last point, the investigation into the characteristics of transactions can pinpoint the flow of funds and reveal patterns in activity that may provide further insight as to the culprits' identities and what they did with the stolen assets.
In many cases, especially when funds have been traced to accounts in U.S.-based exchanges, the resulting evidence can support identification of specific digital wallets or accounts, and provide counsel with the necessary documentation to take further action.
In addition to pursuing recourse and recovery through the civil legal process, engaging law enforcement may be valuable.
Once the location of funds has been identified, government task forces focused on the digital assets space may be able to supplement key facts from existing intelligence and implement legal actions such as kill chain, hold harmless or other financial stoppage activities in very short order.
In scenarios where funds have been transferred out of the U.S., law enforcement can partner with global agencies to flag and place holds on accounts and transactions that have been identified as suspect.
Meanwhile, outside counsel and partner investigators can coordinate with legal counsel in foreign jurisdictions to initiate injunction and asset forfeiture proceedings to stop further movement and dissipation of the assets or funds derived from them.
Notifications
Cybersecurity incidents and breaches require swift response in working with regulators and in issuing notifications to impacted customers and/or partners.
Often, these incidents leave companies scrambling to respond to regulators looking for immediate answers, all while conducting an investigation and working to recover stolen funds.
Thus, organizations must ensure a sufficient notification plan is in place. A company's legal team can advise on customer notification requirements according to relevant regulations (industry, regional, etc.) and legal risk, as well as the correct approach to working with regulatory authorities.
Conclusion
Like any form of currency or valuable asset, digital assets continue to be an attractive target for cyberattack, fraud and other forms of sophisticated financial crime.
Organizations transacting with digital assets or holding them on behalf of customers must be prepared for the eventuality of facing such matters.
Governance and security best practices are essential first steps to support prevention and narrow the scope of potential exposures.
With prevention methods in place, a practiced incident response process will further reduce risk by establishing a strategy for if and when crisis hits.
"Risk Readiness Steps Can Help Protect, Track Digital Assets," by Jennifer L. Achilles, Paul H.Tzur, and Jeremy Sheridan* was published in Law360 on June 29, 2023.
*Jeremy Sheridan is managing director at FTI Consulting. FTI senior managing directors Todd Renner and Steve McNew contributed to this article.