文章深入分析了加密货币行业中的违法活动及其解决方案,揭示了区块链去中心化特性带来的安全风险。


  由于加密货币交易缺乏传统金融机构的监管,犯罪分子利用这一点进行洗钱、盗窃和诈骗,尤其是通过“杀猪盘”骗局以及勒索软件等手段,造成了巨大的经济损失。专家和调查公司已开发出先进的取证和分析工具,能够通过交易模式分析揭示可疑活动,这些技术在应对犯罪方面逐渐展现出强大潜力。


  与此同时,随着市场监管的加强,加密货币交易所面临越来越严格的合规要求,需要通过技术手段确保交易透明并减少非法活动。尽管面临诸多挑战,随着技术的发展和行业监管的逐步完善,数字资产的合法使用和管理有望得到有效改善。


  Science & technology | Crypto crime-hunters


  Extensive Reading


  Feb 5th 2025_★★★★★_1065words


  Cryptocurrencies are spawning a new generation of private eyes


  加密货币正在催生新一代私家侦探


  Their tools are software, and a nose for trouble


  他们的工具是软件和对麻烦的敏锐嗅觉


  FOR THE criminally minded, the allure of cryptocurrencies is easy to grasp. Decentralised online ledgers called blockchains allow digital assets, in the form of “tokens”, to be moved without financial institutions monitoring what is happening for signs of money-laundering or other wrongdoing. Chainalysis, a crypto-investigations firm in New York, tallied more than $53bn in suspected crypto-laundering in 2022-23, nearly double its estimate for the previous two years. Nicholas Smart of the Dubai office of Amsterdam-based Crystal Intelligence, another investigator, quips that with blockchains, “Anyone can become a bank.”


  对于有犯罪意图的人来说,加密货币的吸引力不言而喻。去中心化的在线账本——区块链,允许数字资产(以“代币”形式存在)在没有金融机构监控是否存在洗钱或其他不当行为的情况下流转。纽约加密货币调查公司Chainalysis统计数据显示,2022至2023年间,涉嫌加密货币洗钱的金额超过530亿美元,几乎是前两年估算的两倍。总部位于阿姆斯特丹的Crystal Intelligence公司迪拜分部的尼古拉斯·斯马特(Nicholas Smart)戏谑道,区块链让“任何人都能成为银行”。


  Then there is the theft of cryptocurrency. As we report in our new podcast series “Scam Inc”, so-called pig-butchering cons play on legitimate crypto owners’ naivety and emotional vulnerabilities. John Powers, boss of Hudson Intelligence, in New Paltz, New York, says many of his clients have lost tokens worth north of $100,000—and in some cases $1m. They are not alone. This global industry is now worth over $500bn a year worldwide. Crooks, moreover, have surely noted that the potential pool is growing. Token values have soared following America’s election of crypto-friendly Donald Trump.


  然后是加密货币的盗窃。正如《经济学人》在新播客系列“Scam Inc”中所道的那样,所谓的“杀猪盘”骗局就是通过利用合法加密货币持有者的天真和情感弱点进行欺诈。纽约新帕尔茨的Hudson Intelligence公司负责人约翰·鲍尔斯(John Powers)表示,他的许多客户已经损失了超10万美元的代币——有些甚至损失了超100万美元。他们并非个案。这一全球性产业如今每年价值超过5000亿美元。此外,骗子显然也注意到,潜在受害者池子在不断扩大。随着美国选举产生了支持加密货币的总统唐纳德·特朗普,代币的价值飙升。


  Against this backdrop, specialist firms are developing new forensic software to comb blockchain ledgers in search of stolen digital assets, and to flag possible money-laundering, terrorist financing, and other crimes. The market for such programs is booming. Kroll, an American financial risk and advisory firm, expects revenues from its crypto-sleuthing practice to have exceeded $10m in 2024, roughly double the figure for the previous year.


  在这种背景下,专门的公司正在开发新的取证软件,用于梳理区块链账本,寻找被盗的数字资产,并识别可能的洗钱、恐怖主义融资和其他犯罪行为。这类程序的市场正在蓬勃发展。美国金融风险和咨询公司Kroll预计,其加密货币侦查业务的收入将在2024年超过1000万美元,几乎是上一年收入的两倍。


  Making sense of the “data lake”1 of blockchain ledgers is challenging. Banks, even those in Switzerland, where numbered accounts2 were invented, are expected to know their account-holders’ identities. But blockchains move tokens instantaneously between unique alphanumeric addresses held in digital wallets that can be opened only by private software keys. Though records of the transactions themselves are public, the identities of those behind them are not. Nor is it even clear which addresses are controlled by a given wallet. That opens all sorts of possibilities for money-laundering and illicit payments.


  了解区块链账本的“数据湖”具有挑战性。银行,甚至是瑞士那些发明了编号账户的银行,都需要了解账户持有人的身份。然而,区块链允许代币在独特的字母数字地址之间即时转移,这些地址只能通过私有软件密钥打开。虽然交易记录本身是公开的,但背后的交易人身份并不透明。甚至不清楚哪些地址是由特定的钱包控制。这就为洗钱和非法支付提供了各种可能性。


  [1] “data lake”(数据湖),通常用于描述一个集中存储大量结构化和非结构化数据的地方。允许不同类型的数据(如文本、图像、视频等)被存储并且可以被以后分析或处理。


  [2] “numbered account”(编号账户),指客户的身份通过一个数字而非名字来识别的账户。即用数字编号来标识账户,这提供了更高的隐私保护。


  The puzzle of crypto transfers can sometimes, however, be solved by appropriate analytic software. Creators of this are cagey about their tricks, but the frequency and timing of transactions provide clues. An especially fruitful approach is to identify multiple addresses that contribute to a single payment. The private keys to those addresses must be held, or at least controlled, by a single entity. Importantly, as Tom Robinson, chief scientist at Elliptic, a firm in London that develops such software, observes, these “co-spend heuristics” will stand up as evidence in court.


  不过,通过适当的分析软件,有时也能解开加密货币流转之谜。这些软件的开发者对其技术守口如瓶,但交易的频率和时机提供了线索。一种特别有效的方法是识别多个地址共同参与一笔交易的情况。因为持有或控制这些地址私钥的,必定是同一个实体。重要的是,正如伦敦区块链分析公司Elliptic的首席科学家汤姆·罗宾逊(Tom Robinson)所指出的,这种“共同支出启发式”方法可以作为呈堂证供。


  Money laundering and illicit payments are not the only shady activities which transaction patterns can illuminate. The use of “ransomware” is another. Ransomware is software installed illicitly on a computer that then locks valuable data held on it until a crypto payment is made. The proceeds, says Phil Larratt, who was once a financial investigator with Britain’s National Crime Agency and now works for Chainalysis, are then typically split about 70-30 between the gang’s negotiators and the ransomware’s developers.


  交易模式的分析不仅能揭示洗钱和非法支付等不法活动,还能揭示其他阴暗行为,比如“勒索软件”的使用。勒索软件是一种非法安装在计算机上的软件,能够加密计算机上存储的重要数据,直到支付加密货币赎金为止。曾任英国国家犯罪局金融调查员、现为Chainalysis工作的菲尔·拉拉特(Phil Larratt)说,赎金收入通常按照7:3分配,70%归勒索团伙的谈判人员,30%归该软件开发者。


  Mr Larratt says pig-butchering scams involving romance also generate fingerprints. They involve “approval phishing”—fooling lonely hearts into authorising malicious transactions, often with help from a bogus crypto app. This lets a scammer withdraw the victim’s funds. Chainalysis has identified $2.7bn in such fraud since May 2021, passing relevant data to the police. In one case, this allowed the notification of a soon-to-be victim just in time.


  拉拉特指出,“恋爱杀猪盘”同样会留下可追溯的数字痕迹。这些诈骗涉及“批准钓鱼”——诱使孤单的受害者授权恶意交易,通常通过伪造的加密货币应用程序来实现。骗子借此手段提取受害人的资金。自2021年5月以来,Chainalysis公司已识别出价值27亿美元的此类诈骗,并将相关数据提供给警方。在某个案件中,这一举措帮助警方及时通知了即将成为受害者的人。


  Many of Chainalysis’s customers are crypto exchanges (places that convert digital assets into conventional currency, and vice versa) seeking to comply with the requirements of the Financial Action Task Force, an intergovernmental body based in Paris. In 2019 this outfit issued rules requiring exchanges in member countries, now numbering 36, to spot and report “sketchy crypto transactions”. Similar rules have been put in place elsewhere, too. Red flags include large conversions of digital assets into normal currency despite a high commission, and also the transfer of tokens purchased in cash to multiple exchanges in foreign jurisdictions, especially dodgy ones, like Russia.


  Chainalysis公司的许多客户都是加密货币交易所(将数字资产与传统货币相互兑换),它们希望遵守金融行动特别工作组(FATF)的要求,这是一个总部设在巴黎的政府间机构。2019年,FATF发布了多项规定,要求成员国(目前有36个)的交易所识别并告“可疑的加密货币交易”。其他地方也实施了类似的规定。警示信号包括:尽管手续费高昂,但大量的数字资产被转换为传统货币;以及通过现金购买的代币被转移到多个境外交易所,特别是那些可疑的交易所,比如俄罗斯的。


  “Obfuscation manoeuvres”, such as scattering funds into multiple wallets only to reconsolidate them elsewhere, or transfers through several cryptocurrencies, are another tip-off. The best software can now trace assets that have passed through hundreds of wallets. The objective is to identify the funds’ arrival in an exchange where they can be seized by a court. Some crypto exchanges even design trading apps to scan users’ devices remotely. One warning sign is when multiple accounts are controlled from a single mobile phone, says Azariah Nukajam, compliance boss in Britain for Gemini, an exchange in New York.


  另一个线索是“混淆手法”,比如将资金分散到多个钱包后再在其他地方重新整合,或者通过多种加密货币进行转账。最好的软件现在能够追踪经过数百个钱包的资金流动。其目的是确定资金是否已到达法院可以扣押这些资产的交易所。一些加密货币交易所甚至设计了能够远程扫描用户设备的交易应用程序。纽约的加密货币交易所Gemini英国合规负责人Azariah Nukajam表示:“当多个账户由同一部手机控制时,这就是一个警示信号。


  Developers of device-scanning software are understandably tight-lipped. But Jeremy Doyle, head of growth for anti-money-laundering analytics at SEON, based in Austin, Texas, and Budapest, says its software assesses things like a phone’s number, location, model, storage capacity and how data are entered. Human beings enter data slightly irregularly. Bots tend to be inhumanly precise in such matters.


  设备扫描软件的开发者通常保持缄默,这是可以理解的。不过,位于奥斯汀[美国德克萨斯州]和布达佩斯[匈牙利]的SEON公司反洗钱分析业务增长负责人Jeremy Doyle表示,公司软件会评估手机的号码、位置、型号、存储容量以及数据输入方式等因素。人类输入数据的方式略显不规则,而机器人则在这些细节上表现得异常精准。


  “Off-chain” work enriches the picture. Many analytics firms send messages feigning interest to fishy exchanges and investment schemes, in order to obtain scammers’ crypto addresses. They also monitor online forums where scammers share tips and malicious code. Jeremy Sheridan of FTI Consulting in Washington, DC, says his firm has cracked blockchain investigations with titbits gathered this way. Following social media helps, as well. Mr Smart says he and his colleagues at Crystal Intelligence found a picture of “a box room in a suburb of Beirut” that revealed the QR code of a shady crypto outfit run from the place. Information from an Israeli intelligence service helped his team conclude that the operation had received more than $7m in cash from Hizbullah, a Lebanese terrorist militia.


  “区块链之外”的工作进一步丰富了调查的全貌。许多分析公司通过假装对可疑交易所和投资计划感兴趣,向其发送信息,以获取骗子的加密货币地址。他们还监控骗子们分享技巧和恶意代码的在线论坛。华盛顿特区FTI 咨询公司的Jeremy Sheridan表示,他的公司通过这种方式收集到的小道消息,已破解了区块链调查。此外,追踪社交媒体同样有效。Crystal Intelligence公司的斯马特表示,他和同事们发现了一张“贝鲁特郊区一个小房间”的照片,照片中展示了一个可疑加密货币机构的二维码。通过以色列情部门提供的情,他们得出结论,称该机构已经从黎巴嫩恐怖组织“真主党”收到了超过700万美元的现金。


  For all this, the sleuths remain the underdogs. Ironically, the sort of artificial intelligence which might really help cannot be fully applied to crypto investigations. Its complexity means even its programmers and operators cannot know exactly how it arrives at its conclusions. Those conclusions thus do not stand up as evidence in court. Instead, the software used is “rules-based”, so authorities can see how its conclusions have been drawn. With that unlikely to change, Mr Powers of Hudson Intelligence reckons crypto’s cat-and-mouse game is just getting going. ■


  尽管如此,侦探们仍处于劣势。讽刺的是,那种可能真正提供帮助的人工智能,实际上无法完全应用于加密货币调查。它的复杂性意味着,甚至其程序员和操也无法确切知道它是如何得出结论的。因此,那些结论并不能作为呈堂证供。相反,所使用的软件是“基于规则”的,因此执法部门可以看到这些结论是如何得出的。由于这种局面不太可能改变,Hudson Intelligence公司的鲍尔斯认为,加密货币领域的“猫鼠游戏”才刚刚开始。


  原文取自《经济学人》,翻译&精读版权归本号所有。


  转载请注明出处,感谢推广


  总有人会因为你的 分享 收获良多



本文标题:【新一代私家侦探:加密货币的‘猫鼠游戏’才刚刚开始!】