Like many others before him, an Ontario man was left stunned after fraudsters stole Bitcoin worth tens of thousands of dollars from his cryptocurrency wallet.
Unlike many others, however, he got his money back after Durham Regional Police Service and RCMP tracked, seized and returned the funds.
This investigation demystified the fact that cryptocurrency transactions are completely anonymous and that there's no chance of recovery of the victim's funds," says Det.-Cst. Taryn Snow of the Durham Regional Police Service's Financial Crime Unit.
Gone in 60 seconds
In September 2021, the victim was researching how to invest in cryptocurrency. He purchased what he thought was helpful software online. In reality, he downloaded malware, giving the suspects remote access to his desktop computer.
The suspects then accessed the man's cryptocurrency wallet and took approximately $55,000 worth of Bitcoin. The victim watched the theft happen right before his eyes on his computer.
With the help of a neighbour, he quickly got in touch with RCMP Cpl. Ryan Berry, who was Ontario's Cryptocurrency Co-ordinator with the Transnational Serious and Organized Crimes Unit at the time.
I think he was a little shocked," says Berry. "
But, as a credit to him, he did have the clarity to act quickly."
Behold the blockchain
To track down the stolen funds, Berry followed the victim's Bitcoin by using the blockchain, a secure system that records transactions.
Every cryptocurrency transaction is logged on a publicly-accessible database," says Berry.
He used that information, along with software that helps law enforcement follow cryptocurrency as it moves from address to address, to trace the funds to a cryptocurrency exchange. Exchanges allow customers to trade cryptocurrencies or digital currencies for other assets."If you know the address, you can see where it went," says Berry.
Berry then contacted the Durham Regional Police Service, the police force of jurisdiction in the case, to alert them about the fraud and the exchange that held the stolen currency. Durham police seized the stolen funds with support from Crown prosecutors and returned them to the victim on Dec. 23, 2021.
Police acknowledge that the recovery of funds in this type of investigation is extremely rare. In fact, this case is believed to be only the second cryptocurrency investigation in Ontario that has resulted in the recovery of funds.
Most victims don't get their money back," says Berry, who currently works as a cryptocurrency investigator at the National Cybercrime Coordination Centre. "
But it can happen."
He says in many cases where cryptocurrency was stolen and not recovered, the funds were routed through unscrupulous or foreign exchanges, or were converted back into traditional currency to prevent the cryptocurrency exchange from accessing the funds.
More to learn
Berry says that police forces across Canada need to better train officers in how to trace cryptocurrency.
Many front-line officers still believe that cryptocurrency is fully anonymous and untraceable, which is often not the case," says Berry, who adds the RCMP is developing a week-long course to teach investigators how to understand and deal with cryptocurrency.
Snow says the investigation showcases how agencies can work together. "
Cryptocurrency is something that is very new to law enforcement. We're all still getting familiar with the concepts and the tools at our disposal," she says.
Fortunately, there are groups within the RCMP and the Crown Law Office that have specialized expertise in dealing with cybercrime and cryptocurrency, and we were able to work together to solve this case."
You might be interested in our Q&A with an RCMP cryptocurrency expert.