Kimberly Grauer  —Director of Research at Chainalysis

Kimberly Grauer —Director of Research at Chainalysis

Cybersecurity
Last updated:
October 27, 2022
Total length::
31 min
Share this:

Researching and discovering trends in Crypto-Economics and Crime with Kim Grauer

Every day people are using crypto at unprecedented rates around the world in Nigeria and Kenya, in the Philippines and Vietnam. Specialising in research and discovering trends in Crypto-Economics and Crime, Director of Research for Chainalysis, Kim Grauer is making Waves in the Finoverse.

Walter Jennings: Welcome to Waves in the Finoverse. I'm WalterJennings, the host of a podcast brought to you by Finoverse. We're talking with the wave makers creating ripples, waves, and tsunamis across finance, crypto,FinTech, Web3, and beyond. Listen weekly to the changemakers talk first hand about their experiences in this dynamic industry. If you're a crime junkie, you're going to love our next guest. She takes investigations into a crypto dimension. Our guest specializes in researching and discovering trends in crypto economics and crime as director of research for Chainalysis. She works with banks, governments, and businesses across the globe to solve some of the world's most high-profile cybercrime cases. So the Sherlock of the crypto world, Kim Grauer, welcome to the Finoverse. Kim, it's an unusual role being a specialist in crime. So what has been the biggest cybercrime in history so far?

Kim Grauer: Probably, I'd say one of the big scams met one of the big billion-dollar scams. I want to say PlusToken, which was a 2019 Ponzi scheme, mostly impacting people in China, although there have been a few other Ponzi schemes to give PlusToken or run for their money. I'm thinking ofOneCoin as another good example. But PlusToken took the industry by storm in2019. And it was so big that we even branded 2019 to be the year of the scam because one scam, at that point, it's unheard of, received billions and billions of dollars for millions of users. And the way that they structured this Ponzi scheme, the way that they staged photo ops with the royal family inLondon was all. So, you know, a combination of really devastating to see how many people were hurt, but also the type of like intrigue that you could only see in crypto crime.

Walter Jennings: Yeah, no, that's really fascinating. You are saying that you know, with the skit growth and scale of blockchain in the growth of the criminal element, we're now seeing larger and larger crimes occurring. Talk me through some of the illicit activities you're monitoring right now.

Kim Grauer: It's a really good question, if only because a lot of times people say crypto crime as though there's one type of crypto crime, but oh my gosh, is that all-encompassing? There is. Let's see if I can name them all. We've what we're tracking now. And what we focus on now is scamming darknet marketplace was fraud shops hacking, child abuse materials for terrorist financing shit sanctioned activities, ransomware malware attacks, and in addition to other more behavioral types of crimes, such as wash trading, market manipulation, and money laundering. We've got data to support every single one of those kinds of types of crime that I've just discussed.

Walter Jennings: The transparency and blockchain make it easier or harder to identify illicit activity?

Kim Grauer: I guess this is one of the things that are really poorly understood about the industry, although I think that we've come leaps and bounds in terms of our collective understanding of the transparency of blockchains. But this is a huge win for law enforcement and the ability to crack down on crime, that you have a permanent forever ledger of transactions associated with criminal activity, and that you can trace these transactions in real-time and build out these networks of investigations. I'll give you an example of why this is really important if a hack is happening. And we know hacking is one of the biggest problems. Right now, in the crypto space, there's a hack time of the essence because many times these bad actors are rogue nations, state actors from North Korea, for example, who steal your money. And second, they have it in their possession and some other fiat currency. It's gone. So if you can live trace these transactions in real-time using a blockchain ledger, you have a really good shot of getting freezing funds and getting them back. So overall, I would say that the transparency of blockchains really emphasizes and allows people to see the scale of criminal activity in away they were never able to see before. And I think one of the reasons why people are so focused on crime and crypto is a little bit of a double edged sword that comes with the transparency of crypto. We shine a magnifying glass on all the crimes happening. If there's a hack, you wake up on Twitter, and everyone's already investigating it. You can't do that in the Fiat world. We don't even know how much hacking how much money laundering is happening in theFiat world. There are so many layers of shell companies and so much siloed activity you have no idea what's happening unless you're really plugged into a specific investigation. And so we're able to shine a light on all the crime, but it kind of brings some of this attention. Cryptocurrencies are used only for crime, but we're shining the light on that. So it's a double-edged sword of the transparency of crime data?

Walter Jennings: Well, you come out with reports, including the mid-year crypto crime update. At the time of that juicy field, so is the top scam of 2022. So far, what is it, and how does it work?

Kim Grauer: Most scams are just your run-of-the-mill crypto investment scams, most scams that we trace and identify. Chances are investment scams or Ponzi schemes, which claim to give you 5% returns for life or give you some sort of a benefit if you invest your money in them. And so of the 1000s and 1000s of scams that we have identified by far, the most value is going to these kinds of investment scams, and juicy fields would be one of these kinds of investment scams, Ponzi schemes. Now the reason why that is happening is for a few reasons, but one is that there are a lot of these scams that operate and that operate as a service almost so people sending these funds to these services, they don't think, hey, I'm sending to a scam today. They think, Hey,I'm sending to a legitimate business I believe in. So because of that perceived legitimacy, they're able to grow at a rate that is far faster and more scalable than your phishing scam that hopes that maybe one in every a million people that you email will send money to them. That's not something that's going to scale, right, but these investment scams can scale, and they're also particularly popular in crypto because they are taking advantage of a lot of the hype andFOMO that just comes with crypto the crypto space more broadly. And there it sits in this place is that that is really a lot that scams have been able to take off over the past few years and have consistently been the biggest source of illicit activity revenue every single year by a lot.

Walter Jennings: Okay, and juicy fields, according to the report, was nothing compared to Finico, which has stolen over 1 billion US dollars. Can you explain how that occurred?

Kim Grauer: It's hard to become a Ponzi scheme that rakes billions of dollars. So it is kind of a rarity. And oftentimes, we do see a Ponzi scheme having a strong regional footprint. So PlusToken, which we talked about earlier, was mostly impacting people in China. They had a huge marketing scheme under this. There were a lot of celebrities that were involved in promoting this; there was an effort that was put in to make people in your local community aware of PlusToken. The Finico had a similar story, except it was really popular in Russia. And there was a lot of marketing, propping it up.A lot of people were talking about the Finico; there was just this kind of network effect that allowed for it to scale. I'm sure every small Ponzi scheme wants to come to the level of some of these bigger ones. But the problem is that they tap into something that is really attractive to a specific group of people. And that is why many scams often start in one region.And then they kind of organically grow over time. And through word of mouth, through friends, through family, and then kind of spread to the rest of the world if they're particularly successful. But there's not a single formula, or else everyone would do it. It's just got that element of having the right founders, the right marketing, the right payout structure, and the right little bit of everything to allow it to grow to that level.

Walter Jennings: Now, it's fascinating because just as theBonafide deals have generated a sense of FOMO, or fear of missing out, it appears the scams can also just cover one of the basics. Let's talk about a mixer for a second in the crypto world. This isn't a rum and coke. How does this work? How does the mixer work?

Kim Grauer: The mixer is a more advanced technology solution to the problem of, I guess, tracing companies such as Chainalysis. What you can do is a problem that people have is you can use mixers for legitimate reasons. Sometimes you might not want someone to know where your funds came from. And a mixer purposefully breaks the connection between the source of funds and the destination of funds. So they use complex algorithms to sometimes algorithmically sort funds, sometimes, you know, we've got smart contract-based mixers. We've got centralized mixers; we've got many different types of mixers. But the concept remains the same: you send money to a mixer from, let's say, a darknet marketplace. Using Chainalysis software, we can seeHey, you, guy, you got those funds from a darknet marketplace. So we're not going to convert it to fiat if you're an exchange. But if you pass it through a mixer, you send darknet market funds to a mixer, and you receive clean funds from the mixer, and then you can send that, take them to the exchange and get them converted to fiat.

Walter Jennings: Very interesting to see the ways of cleaning the cash. Now for those who were on vacation in August when the Tornado Cashstory blew up, what happened and what does it mean for online anonymity?

Kim Grauer: What happened with Tornado Cash was that it was sanctioned. And this is a part of a height of a growing trend coming from OFAC in the United States, where they are sanctioning crypto addresses. And this was different because rather than sanctioning an address for an individual they sanctioned a protocol that was a little bit controversial and caused a lot of questions but ultimately was a reflection of the fact that OFAC is signaling that they are leaning into this new technology in this case, Tornado Cash was sanctioned because it was basically the number one destination for hacked funds that had been hacked by North Korea. Something like 60% of all funds in 2022, so far, have been hacked by North Korea. That's billions of dollars going to a country that received billions of dollars received in 2022 alone by North Korea, when I think something like the trade imports from other countries amounted to $80million, according to some other reporting. So that's a huge amount of money going into North Korea. And so the sanctioning was a response to that, but certainly, no one would dispute that something needs to happen needed to happen because a hack would happen, and within hours, funds would start coming intoTornado Cash, and then leaving and leaving and then getting into the hands of these North Korean hackers who then further fund more attacks. And then, you know, there's speculation that those funds are also used for the nuclear programs and whatnot.

Walter Jennings: You put together a great chart that showed where Tornado Cash crypto came from, and over 50% was from DeFi.  And yes, so far in 2022, you've noted NorthKorea. Even affiliated groups have stolen approximately 1 billion of cryptocurrency from DeFi protocols. Explain to me how criminal groups are usingDeFi protocols so effectively.

Kim Grauer: So there's some legitimate usage for TornadoCash. So sending from DeFi to Tornado Cash is not, by definition, a signal that there's a crime happening. In some instances, we see that DeFi is an intermediary stopping point for a crime. There won't necessarily be just one level of a laundering strategy. But as groups get more complex, there might be a crime, send to DeFi send to exchange center mixers, and, you know, there's going to be a lot of hops in there to, to throw law enforcement off the scent.But DeFi is a really interesting example of a question, it's interesting to think about DeFi in the context of crime because, on the one hand, you want to think about: are criminals using mixers to launder money? But by far, the more important question right now, and the most impactful industry question, isn't those criminals using DeFi to launder money. Why are there so many DeFi protocols getting hacked? How are we letting this happen? This is a huge vulnerability in the industry. And so it's not really a problem with DeFi as a money laundering strategy. But there are clearly vulnerabilities in the industry that we need to sort out.

Walter Jennings: Okay, well, we're experiencing a downturn, some are calling it crypto winter, how are they affecting the criminals that are targeting the crypto industry,

Kim Grauer: The only major type of crime that is really affected by price and price action is scamming things like ransomware. Ransomware criminal isn't going to wake up one morning and not carry out ransomware attack because the price is down 20%. And the same goes for darknet markets to be darknet markets; people are using darknet marketplaces for a specific reason, often to purchase drugs or credit cards, or stolen items. And that isn't really something that involves the price at all. And so, but with scamming, as we said at the top of the call. No one wakes up and says I'm going to send a scam. Rather, they're like, I'm going to send to; I'm going to invest my money in a way that I feel fit. So if there's a general market turned down, and people are saying, Hey, I'm not sure I'm going to invest anymore, then they're going to be investing in lesson scams as well. And so what we saw wasthat scamming is down from what we would have probably expected even just a few months ago, but also other types of crime are down too, although not for pricereasons. For other reasons, I would say, due to law enforcement winds have been a major deterrent to criminal activity if we take darknet marketplaces. There have been major darknet market closures all around the world. So much so that darknet market administrators are open for a few months and self-closed because they're afraid that if they get too big, they're definitely going to be investigated by law enforcement. So we're seeing some types of criminals kind of adapt and change, and law enforcement winds have acted as kind of a supplyside deterrent, whereas the price on scan has been a demand side deterrent.

Walter Jennings: Chainalysis recently launched a community of investigations. So I guess that's essentially a community of online detectives.How does it work? And how do I become a part of it?

Kim Grauer: It's cool; we have this data set. There are many different types of crime that have an entire supply chain of criminal actors. If we take ransomware, there's the ransomware developer, there's theadmin, there's the pen tester, there's the person who launders the money, and oftentimes those individuals are located all around the world, in many different jurisdictions, but they're all using a connected by the same financial networks in terms of crypto payments. So how do we get people involved and share their insights around the world? And so we've created this kind of community, and we aim to foster a community of participants that are focused, not necessarily on case investigations, but on risk management across the cryptocurrency industry by encouraging our users to share intelligence and to collaborate with other expert users using our software product reactor. Andthe hope is just to continue to build more trust and transparency and block in blockchain community, using these communities.

Walter Jennings: And how will this community intelligence and collaboration impact investigations?

Kim Grauer: First of all, it will prevent them from beingwell; it will be an avenue to restricting silos if you had been investigating a wallet and didn't quite know what you saw. Still, you knew it was connected to some other suspicious activity or came up in a scam. And you know, that could just wither away and not be useful for you because maybe your investigation got closed, but it could be, or maybe you're investigating a customer, or you're incompliance, and that piece of intelligence just doesn't go anywhere. But it might be a crucial piece of information for someone trying to manage risk on another exchange or in another situation to have access to that information.Think about how much information is lost by a lack of information sharing. This Is definitely an attempt to fix that. But do it in a responsible way, given that a lot of information can be very sensitive.

Walter Jennings: Kim, when we first met, you mentioned you're not from a crime agency or a police background. Tell me, how does crime fit into your overall portfolio? And how much of this is your typical day?

Kim Grauer: I'm definitely not, by background, a crime person. I'm more of a data economy person, and we focus a lot on crime because it's an extremely important industry question right now. How much of the blockchain is associated with criminal activity? And just getting those numbers up? What I do day to day is extremely data-intensive, you know, and then what an investigator would do up would show up and do in terms of an investigation.And definitely, we focus on so many more issues than then crime, although crime is definitely, I think, the domain where we seem to have the most impact. We look at geographic trends. And NFT trends, estimating, we sometimes get into the predictions world, although I know you never make a prediction, and with crypto, never make a prediction. Let me tell you. So I had my day really hoping to spend as much time doing original research as possible, but also answering data questions that people might have, and just really trying to get our data into the right people's hands and a variety of different topics.

Walter Jennings: And what are some of the reports that we can look forward to in the coming months?

Kim Grauer: So soon, we're going to be putting out our geographic report, which I was talking about how our crime report is the most impactful report, but this could just be because I'm kind of deep in the geographic research right now. But I actually think the most important and underreported story comes from our geographic report, which attempts to quantify the amount of crypto activity happening in every country around the world. We spend so much time thinking about North Korean hacks and Elon Musk's Tweets and Twitter and Dogecoin that we're missing a really important story, which peeps every day. People are using crypto at unprecedented rates around the world in Nigeria and Kenya, Vietnam, and the Philippines. Did you know that there's an incredibly large NFT hub in India and an even larger Gaming Hub in the Philippines? And so we're missing the story as it's unfolding right now this we're kind of fixating on these certain big headline grabbing stories. We will be ranking countries' adoption by population and purchasing power weighted variables to see who to estimate who has the most grassroots adoption, so not who is doing the $30 million transfers but which countries have people actually doing commerce with cryptocurrency or carrying out remittances using cryptocurrency, so we've got that coming up. We're also looking at the impact of sanctions on cryptocurrency activity. We've got some really interesting stuff on stable coins and the bear market, as well as an analysis of NFT collections by risk profile. So there's a lot of good stuff on the horizon.

Walter Jennings: But it really sounds like your purpose at Chainalysis is to provide wide-ranging research that helps people better understand usage and challenges. Tell me a bit about Chainalysis. 

Kim Grauer: Chainalysis is the blockchain data provider platform. What we've done since 2013-2014 has been identifying the wallets of services. And what that allows us to see how much money is received by darknet marketplaces and how much money of those how much of that darknet marketplace money went to, you know, Coinbase or something like that. And so we can identify services and the wallets that they control. And we've done that. We've got 10s of 1000s of services. So we can see the total crypto activity of all these different services. From there, we repackage that data and sell it to different customers based on their exact needs. If you're in law enforcement, you probably want to use our data to invest in an investigation that you're running. How do you follow the money, a cryptocurrency address that you have to a service that you can then subpoena and get the personally identifiable information of that individual? And then we'll also do other things like high-level metrics and some of our other products, and then I sit on top of all of those use cases and try to just do research.

Walter Jennings: Have you listened to the crypto Queen podcast? And were you following that crime in real-time?

Kim Grauer: I have listened, and I was not following it in real-time. But I brushed up on it for a part of a crypto crime report I did at some point.

Walter Jennings: In your years of looking at crime. So are there any memorable ones that stand out for any reason?

Kim Grauer: Oh, my gosh, there's so many, it's.. 

Walter Jennings: Come on; you have to have a favorite. Everyone's got a favorite.

Kim Grauer: Um, I think that Quadriga, someone who may have faked their death quandary, was a really interesting thing to learn about. Oh,there was another one. I probably shouldn't say that name. But they were very blatantly a scam. And we put it in our report. And then they kind of reacted negatively that hey, that we're not a scam. But then we kind of said that made us go down the rabbit hole deeper. And then we realized that they were connected to like 10 Other scams. And then these people, and then I learned about these careers, where people are marketing managers specifically for scams.

Walter Jennings: Well, you mentioned Quadriga. So help us understand that crime.

Kim Grauer: So Quadriga was a hack. What happened was there was a hack, and then the CEO wound up dead. But there was speculation that he had faked his death to get away with the hacked funds. It's still open, you know; no one has. I bet some people do have clear answers to this. But I think it's like the court of public opinion; it's still like a matter to be.That's we're still kind of figuring out what happened. But that was certainly an exciting thing to learn about. And then I was on a podcast about it once they started educating me about faking your death industry. Apparently, there's a whole industry there. So.

Walter Jennings: Well, Kim, if the founder of Quadriga comes back from the dead, we'll definitely get you on for an update. IP crime was kind of the major issue over the last decades when we think about torrent sharing and downloading movies and music, Netflix, Spotify, there's been great change, how will blockchain offer the next iteration of protection for intellectual property?

Kim Grauer: I think overall, the blockchain is good at establishing what I would call Providence over something. So what if you have an NFT, you own it, and you transfer it a million times? It's very easy to see the lifespan of that piece of that NFT because every transaction is registered through the blockchain. You can see the origin of everything that's happening. There are really interesting movements in the music space, where if you sell a piece of music, that it automatically bakes into it a way to, you know, get the artist a royalty or something like that. I think there are a lot of issues that we still need to overcome with that, you know, for example, we see fraud happening with NFT. So someone takes a picture of a crypto kitty and uploads it on a different platform. And if you don't quite understand the kind of the domain of how crypto kitties, specifically our work, maybe you think you have a crypto kitty. So there are still plenty of opportunities for fraud and IP to get misused and misappropriated. But in theory, this technology should be able to effectively establish ownership claims and connect transactions from the first transaction all the way to the last transaction.

Walter Jennings: Okay, Kim, if you could take one song with you into the universe, what would it be and why?

Kim Grauer: Okay, I think that I would take this as just the answer. My favorite band of all time is this band called Belle and Sebastian. There's this one song, if she wants me, that I think I've listened to like a million, millions of times in my life and from when I was young up until this morning, and so it's definitely kind of the anthem of my life, I would say.

Walter Jennings: Fantastic. Well, thank you so much. Joining usKim Grauer with Chainalysis, Director of Research and hot on the tail of the latest cyber crimes, and thank you so much for your time today.

Recomended Podcasts

Gary Liu — Founder & CEO at Artifact Labs
December 2, 2022
Metaverse
NFT
+1
Gary Liu — Founder & CEO at Artifact Labs
Clara Chui — Chief Executive Officer at QReg Advisory
November 29, 2022
RegTech
DigitalAssets
DeFi, CeFi, TradFi
+1
Clara Chui — Chief Executive Officer at QReg Advisory
David Buckthought — Head of Technology of ANZ Bank
November 22, 2022
FinTech
Banking
Cryptocurrency, Crypto
Payments
+1
David Buckthought — Head of Technology of ANZ Bank