Bitcoin (BTC) is merely one of many thousands of cryptocurrencies in existence. We focus on Bitcoin (and Ethereum) because they are far and away the most prevalent cryptocurrencies in the world. Bitcoin currently represents more than half of the cryptocurrency value in the world (by dollar value) and has a market cap of over one (1) trillion dollars with a daily trading volume in the tens of billions. [For real-time statistics, visit: https://coinmarketcap.com/]
Bitcoin has no physical existence. It is quite literally, a number in a cell on a spreadsheet called the blockchain. The cell where it is located on the blockchain is called an ‘Address’ – which is analogous to an account number. The value of Bitcoin located at that Address can be transferred (spent) by anyone in possession of the correct ‘Private Key’ corresponding to that address on the Blockchain. It may sound like ‘make believe cyber money’ – but make no mistake – a single Bitcoin reached nearly $70,000 at one point. [For current value, visit: https://coinmarketcap.com/currencies/bitcoin/]
There is no bank, financial institution or regulatory body ‘in charge’ or ‘in control’ of Bitcoin. It operates as an organic system – maintained by ‘Miners’ running nodes (computers) all over the world. The Miners earn rewards in Bitcoin for verifying and maintaining the accuracy of the Blockchain in real time. There is no one to subpoena to inquire if a particular person ‘owns any Bitcoin’. While you can actually subpoena cryptocurrency brokerages – such as Coinbase (one of the largest cryptocurrency brokerages in the U.S. based in California) – this will only be helpful if the party in question is actually using a brokerage – which is common – but absolutely not necessary.
For every person engaging in Bitcoin transactions through a brokerage such as Coinbase, there are many more engaging in ‘peer to peer’ transactions – directly from one Bitcoin user to another – without any third-party involvement at all.
All of this lends itself to a seemingly perfect vehicle for hiding assets and engaging in anonymous, untraceable transactions – but this is something of an overstatement.
Bitcoin is ‘anonymous’ by design – but in practice it is only ‘quasi anonymous’ – and Bitcoin transactions are actually VERY EASILY traced – as long as you have a starting point for the tracing (i.e. a Bitcoin Address) associated with the subject.
This is where ‘investigation’ comes into play. Bitcoin may not have any physical form – but there are certainly physical manifestations of its use. Bitcoin addresses and private keys need to be stored somehow – they are nearly impossible to commit to human memory.
All Bitcoin Addresses start with the character 1 or 3, are 34 characters long, and are formatted as something known as Base58. This is an example of a Bitcoin Address:
1AMdziK76JwP6DzEGyB9ruddBxQhM1oeZE
Because we know this, we can search for them in any volume of ESI – and actually have specially programmed forensic tools that do just that – search through huge volumes of data and isolate Bitcoin Addresses.
In addition, if you are engaging in ‘Peer 2 Peer’ Bitcoin transactions (i.e. not using a brokerage) – you need to have some form of ‘Wallet’ software on at least one of your computing devices to send and receive Bitcoin. There are only so many different wallet software programs – and they are easy to search for. The wallet software may contain both the Bitcoin Addresses and Private Key(s) – but that is not always the case. If a person is careful, and security conscious, they will store their addresses and private keys in a ‘hardware wallet’ – a physical device no bigger than a USB thumb drive – which is plugged into the computer and accessed by the wallet software only when a transaction is about to be made. This is known as ‘cold’ storage – as it keeps the sensitive data (Addresses and Private Keys) ‘offline’ or ‘cold’ until needed – preventing this data from being stolen if the computer is hacked. Remember – Bitcoin is a ‘bearer instrument’ – if someone gets your Private Key – they can steal your Bitcoin immediately – there is no ‘security verification’ beyond having the correct Private Key – there is no ‘Two-Factor Authentication’ – no one is asking for a photo ID – and there is no one to complain to and request they reverse the transaction.
The Blockchain we keep referring to is publicly available. It is literally a nearly half terabyte [To see the current size, visit: here] (and constantly growing) distributed ledger (a fancy spreadsheet) – which anyone can download (or access through a ‘Blockchain Explorer’ on the internet). It contains a detailed, chronological record of EVERY Bitcoin TRANSACTION EVER CONDUCTED since Bitcoin was launched in 2009. Because of this – we can easily ‘trace funds’ backwards and forwards across the Blockchain with little difficultly – the problem is that as much information as the Blockchain contains, there are no names or other ‘personally identifiable information’ to associate the millions of Bitcoin Addresses with the individuals who control them.
There are, however, methods to try and ‘attribute’ Addresses to individuals, and to ‘cluster’ addresses on the Blockchain together based on criteria that indicate the addresses are controlled by the same individual or entity.
But all of this starts with having one or more Bitcoin Addresses to work with – and that begins with searching the subject’s computing devices and data for evidence of Bitcoin activity – specifically – Bitcoin Addresses and / or wallet software.
