How to be a Digital Asset Detective
Methods for Investigating Digital Assets Businesses
📅 November 21, 2024
📅 November 21, 2024
While digital assets may seem opaque, they offer unique avenues for transparency that are typically obscured in traditional markets. Unlike many conventional financial activities, the accessibility of online information in digital asset businesses expands the range of investigative tools beyond traditional due diligence methods. By design, most blockchain networks, particularly public blockchains, are traceable, transparent, and open, allowing anyone to examine on-chain activity.
However, the nature of digital assets also comes with new vulnerabilities and less familiar indicators of illicit activity. These include challenges associated with transactions that are often large, instantaneous, and irreversible, which can be exploited to bypass the guardrails of financial systems, evade sanctions, commit fraud, and move illicitly gained funds. Adapting your due diligence methods to meet both the possibilities and pitfalls of the digital assets sector is crucial for an effective compliance framework. Many of the methods used when investigating traditional businesses for red flags can be mirrored during digital asset investigations, with a few additional key steps and tools to consider. But what should you be looking for? Where should you start?
For research purposes, we conducted an investigation into the status of SUEX OTC (SUEX), a digital asset exchange business sanctioned in 2021 for facilitating ransomware transactions. In this case, our goal was to identify the current operating status of the business and its associated network after a red flag was raised, including whether the key individuals had continued their operations under a new business. The analytical methodology we followed can guide financial institutions, charities, and other organizations aiming to evaluate clients or potential business partners in the digital asset industry.
Here is our step-by-step guide on how to conduct investigations on digital asset businesses:
Step 1: Identify the Entity
The first step is to conduct a business entity search to confirm registered legal status. Identify the legal entity name, the legal business type (e.g. LLC, corporation, etc), and in which countries or jurisdictions it’s registered. If registered in the United States, business registries for each state are often found on Secretary of State or Corporation Commission websites. Many international commercial registries can be located here or on each country’s Ministry of Justice webpage.
Use the registry to confirm if the entity is registered as “active,” and take note of the registration date, addresses, contact information, Tax ID numbers, and public filings, when available. If possible, use geospatial tools and other research methods to confirm that the listed address corresponds to a physical presence.
Despite being designated by OFAC for cybercrimes in 2021, we discovered that SUEX is still registered as an active business in the Czech Republic, according to the public commercial registry. However, the company had no known physical presence in the Czech Republic, and it’s been reported to have predominately operated out of Federation Tower in Moscow. Given these two facts, it’s reasonable to assess that SUEX’s legally registered address was a front to conceal operations out of its Moscow address.
SUEX’s registered Prague address
SUEX’s registered Prague address
Federation Tower in Moscow, assessed as SUEX’s true headquarters
Step 2: Ownership and Control
One of the most challenging but crucial steps is to identify the ownership control of a digital asset business. If the entity is registered in a jurisdiction with beneficial ownership disclosure requirements, note the names and personal information of those listed as the executives, directors, or partners. Who has majority ownership of this business? Take note of the dates this information was registered. Have there been any recent transfers of control? If so, consider what might have prompted such a change. Ownership transfers can indicate attempts to obscure beneficial ownership, which may be a red flag for illicit activity. You may need to research through several ownership layers to find the ultimate beneficial owner and should undertake assessment of each one.
Additionally, it’s also worth tracing subsidiaries and affiliates within the corporate group of the entity. For instance, the digital asset service provider license of your entity may be held by a parent company in one or more other countries. You can expose these relationships by cross-referencing open source data using tools like OpenCorporates or use proprietary datasets to identify ownership patterns.
According to SUEX’s commercial registry, 100% ownership of SUEX was transferred about one month after the entity was sanctioned. The founder and major owner, Egor Petukhovsky, along with its two executives, were removed and replaced on the registry at this time.
SUEX was part of a complex ownership structure that involved multiple other businesses within the digital asset sector. Egor Petukhovsky was also an executive of Chatex, a Telegram-based virtual currency exchange supporting SUEX that was sanctioned later in 2021. Moreover, a company registered in Estonia, Izibits OU, also held SUEX’s virtual asset service provider license until it was suddenly deleted on March 13 2024. Izibits OU was sanctioned along with two other entities providing support for Chatex on November 8, 2021.
Step 3: Scrutinize its Online Presence
Digital asset entities, by nature of their business, should maintain a strong online presence, which can be a valuable source of information on their activities and affiliations. Begin by checking the entity’s status and activity across public sources like websites, social media, and blogs. Check the recency and regularity of online activity. Consistent online activity is one indicator of authenticity, particularly in the digital asset sector, where an online presence is essential for operations. A lack of online presence or activity could indicate a front or shell company. Additionally, watch for red flags in promotional content which may hint at illicit activities, such as phrases like: “Need to get currency out of the country?”
Both SUEX and Chatex operated multiple websites before they were taken down in 2021. Using a free Internet Archive platform, we can see that Chatex’s website once featured terminology that would raise red flags, including “…the unimpeded movement of capital” and “Everyone will be able to transfer money anywhere in the world without any boundaries or obstacles.” Social media platforms for Chatex remain online but are not active. The most recent activity from Chatex was a blog post in November 2021, saying they cannot refund users’ coins until “after the sanctions are lifted.”
Step 4: Investigate the Blockchain Footprint
If digital wallet addresses are available, use blockchain analytical software to investigate on-chain activity. One tool is the publicly accessible platform blockchain.com , which can be used to check known address activity. For more sophisticated investigations, commercial blockchain analytical software can help trace activity and link wallet addresses to real-world entities. Look to see if the address has transacted with wallets with connections to financial fraud, ransomware schemes, terrorist financing, or other illicit activity.
By checking every known digital currency address of SUEX added to the OFAC SDN List, we discovered activity as recent as November 6, 2023, nearly two years after the virtual asset exchange was designated.
Image: Transaction history of one of SUEX’s known Ethereum addresses (0x2f389ce8bd8ff92de3402ffce4691d17fc4f6535)
By cross-referencing the addresses, we also noted a large concentration of “most recent transactions” occurring between January 9-10, 2023. According to a blockchain investigation in 2021, SUEX has received around $13 million in transfers from ransomware operators, $24 million from cryptocurrency scam operators, and over $20 million from darknet markets.
Step 5: Screen Against Sanctions Lists and Watchlists
Check to see if the entity, associated entities, controllers, or its beneficial owners have been designated on a global sanctions list or other watchlist. Given the cross-border nature of digital assets, entities can more easily engage in international transactions, heightening the need for comprehensive sanctions screening across jurisdictions. Businesses in the digital asset industry who are complicit in restricted activity are most likely to be sanctioned under specific cyber-related authorities. Relevant sanctions lists to screen against include:
In our investigation of SUEX, we already knew that it was sanctioned. The U.S. Treasury Department added SUEX to the Specially Designated Nationals list on September 21, 2021, under the Cyber-related Sanctions program. SUEX was the first virtual currency exchange designated by the United States and was designated for its part in facilitating financial transactions for ransomware actors.
Step 6: Check for New Ventures or “Phoenix Companies”
If investigating an entity with major red flags exposed in the past, you should consider investigating whether key individuals linked to the entity have continued operations under a different business name or structure. This involves checking for phoenix companies, or businesses where the same directors and shareholders start a new business after their first has ceased operations. If you detect red flags with one digital asset entity, ensure that the associated individuals are not engaging your institutions through different office locations or using alternative names to conceal their relationship.
Founder of SUEX, Egor Petukhovsky, has since created SiriusDAO, a Crypto hedge fund. While the entity of SUEX was sanctioned by OFAC in 2021, none of its founders, owners, or executives were designated alongside it.
Digital asset investigations are essential for managing the risks and regulatory demands of the rapidly expanding financial technology sector. By combining traditional due diligence practices with the information abundance of the digital asset transactions, organizations can uncover typically hard-to-find information about a digital asset business’ status, ownership, online presence, blockchain activity, and associations with sanctioned entities. As this sector grows, adaptive investigative frameworks will be key to ensuring innovation aligns with integrity across the industry.
Join the Institute for Financial Integrity for a comprehensive webinar that provides firms and financial institutions with knowledge and strategies they need to ensure they comply with new beneficial ownership rules and regulations.
Led by regulatory, anticorruption, and industry experts, this webinar will equip learners with insights into the nuances of the new beneficial ownership reporting requirements, address concerns about privacy, security, and access, and explore strategies to research beneficial ownership and reduce your exposure to financial crime risk.
This site uses cookies. By continuing to browse the site, you are agreeing to our use of cookies.
Accept settingsHide notification onlySettingsWe may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.
Privacy Policy