Offshore Alert Miami 2025 – An Update on Crypto Tracing and Recovery 

For the past 15 years or so I have attended various Offshore Alert conferences. I recommend them. Those who attend are fraud and asset recovery lawyers, forensic accountants, trustees, private sector investigators and investigative journalists. The conferences are very well orchestrated. It is unusual for law enforcement to attend given the price tag of these conferences, but speakers at various sessions are often comprised of law enforcement from various agencies. 

We are often asked whether tracing and recovery of assets converted to cryptocurrencies is possible or worth the effort. A few years ago our firm was receiving daily calls from victims who reported investing their life savings into what they believed to be legitimate crypto currency exchanges. People often borrowed all the equity in their home to be part of this ‘get rich quick’ scheme, only to find that when they went to withdraw their ‘profits’, the exchange vanished and no one would respond to them. The ezBtc scam is an example of one of many such complaints we received.¹ 

The fake exchange complaint has evolved to those who invest in crypto as an asset and those whose bank account become compromised through email hacks resulting in rogues directly transferring their funds to accounts they hold in fake names at other banks, and from there to crypto exchanges where they hold accounts in the same fake names. There is myriad of other schemes ongoing as well. The question to us from victims is always the same: am I throwing good money after bad to attempt to trace my funds after they have been converted to crypto? 

The Offshore Alert conference had at least four presenters on the crypto question. As the years have passed the ability of presenters to explain concepts related to the crypto industry has become better. When presentations on crypto first began, I recall walking away understanding just about nothing. As matters currently stand, at least I could follow what the presenters were discussing sufficient to take notes and prepare this summary. The big story this year was whether anything could be traced and recovered resulting from the Bybit hack. 

The ByBit Hack 

In February 2025 the largest theft the world has allegedly ever known took place. It is known as the Bybit hack. It was perpetrated by North Korea’s Lazarus Group. $1.5B of crypto was stolen from an exchange in Dubai. Crypto stolen by the Lazarus Group was tracked and mapped from macro movements to micro transfers using approximately 190,000 crypto addresses. Key to the laundering of the stolen crypto was the use of ‘mixers’, ‘bridges’ and ‘decentralized exchanges’.  

A synopsis of the Bybit hack is told quite well by the American think tank Centre for Strategic and International Studies (“CSIS”) – see The ByBit Heist and the Future of U.S. Crypto Regulation.²  

What CSIS reports is that this hack has rattled members of the crypto industry who have long-held beliefs that cold wallets and multisig are some of the most secure methods for protecting digital assets. While industry experts acknowledged that both hot and cold wallets had security risks, many believed that cold wallets were more secure from online attacks given that they are, by design, not connected to the internet.  

As told by CSIS, one of the most significant issues in combating crimes that use cryptocurrency is the volume and scale that overwhelms the resources of both domestic and international law enforcement agencies.  With the sheer volume of global cryptocurrency markets growing, the ability to track, catch, and convict criminal activity is becoming more difficult. 

As CSIS reports, the decentralized nature of cryptocurrencies makes them appealing for criminal activity. The absence of a coordinated, global regulatory framework overseeing crypto transactions makes it easier for criminals to evade law enforcement when moving large amounts of illicit transactions. To state otherwise, the crypto industry’s current structure also allows malicious actors to easily launder money.  

Key to all of this is that there are few current incentives in place to encourage crypto trading platforms to prevent swaps or exchanges of suspected laundered funds when the platform could benefit financially.  Whatever crypto proponents may say about the transparency of the blockchain, the use of fake identities and lack of know-your-client in the crypto space makes it the most efficient and effective way for sophisticated rogues to launder stolen or fraudulently obtained funds.  

According to CSIS, after successfully stealing the funds, Lazarus Group hackers laundered the money by exchanging the stolen tokens for Ether through a decentralized exchange, then sending the funds to over 50 different wallets to complicate the ability for investigators to use the transparent nature of blockchains to trace the money. They then used anonymous trading platforms, such as eXch and THORChain, to swap the funds. Despite ByBit’s requests to block the activity, eXch permitted the swaps, generating hundreds of thousands of dollars in revenue from the process. 

Offshore Alert’s Presentations 

A story told at an Offshore Alert presentation was that prior to the advent of crypto, the world’s largest thefts were thought to involve art, gold or other hard assets. We all can imagine the difficulty in laundering stolen art – it is bulky and must be transported in vehicles. Borders may result in vehicles being searched. Buyers either know the art was stolen, or the rogue must convince the buyer they can legitimately sell it. Either way the goal of the rogue is always the same – sell what is stolen and convert it to cash to purchase lifestyle. 

Crypto has resulted in vast sums being laundered with high efficiency and no concern for borders or legal jurisdictions. While some public law enforcement agencies will report successful tracing and seizing of crypto, and occasionally the linking of laundered crypto to rogue actors, law enforcement ‘success’ reporting more often results in a false hope to victims that their wealth laundered through crypto can ever be recovered.  

To be responsible, public authorities need to publicly acknowledge to victims how unlikely a recovery effort will even be attempted, let alone be successful. Public authorities are more often than not ‘disrupters’ of economic crime, not recovery experts. The same concern should be promoted with respect to private crypto recovery firms – there is simply too much risk of victims falling into a second trap by believing that their losses can be recovered by some on-line crypto recovery promoters.  

This is not a criticism of public authority crypto tracing and recovery efforts. Public authorities have limited resources and some rogues are too sophisticated for law enforcement to catch up. Scarce public resources cannot be spent on every victim’s ill-considered decision. Moreover, when the public interest in prosecution threshold is met, public justice seeks to deter “the many” through the prosecution of “the few”. A victim’s recovery through law enforcement is a matter of ‘chance’. 

The reality for victims seeking to recover through private crypto tracing companies is that the cost of recovery is often prohibitively high and the probability of recovery prohibitively low. One private company advised our firm “give us $25,000 and we will see how far we get”. What it will get, more often than not, is a fancy graph of crypto moving around only to be told “we need more funds to keep going.”  It is unusual to find a crypto recovery expert who will take a recovery project on contingency. 

Why is Crypto so Effective for Money Laundering? 

The Offshore Alert presentations are useful for breaking down complicated subject matters to something that mere lawyers can understand. What this blog attempts to explain is why recovery of funds laundered through crypto is so infrequent through the words of Offshore presenters. 

Understanding crypto tracing requires understanding terms such as ‘Centralized Exchanges’ versus ‘Decentralized Exchanges’.  Centralized exchanges are used for converting fiat currency to crypto, and from converting crypto back into fiat currency. They are referred to as the ‘on-ramps’ and the ‘off-ramps’ to the blockchain ‘crypto highway’). Rogues steal fiat and launder it through centralized crypto exchanges so that it ultimately ends up in a decentralized exchange at which time most tracing technology loses the trail.  

Decentralized exchanges do not transact in fiat currencies. Decentralized exchanges convert crypto from one form to another. Once through a decentralized exchange, the stolen funds now converted to crypto are ‘cleansed’ such that rogues have no fear on converting the crypto back into fiat through a centralized exchange.  

A story was told that the North Korean rogues in the Bybit scheme are so bold in their belief the stolen crypto is ‘cleansed’ that the transactions take place between 9am to 5pm – working hours. They simply do not care who is attempting to trace the movements of the stolen crypto – they are confident that once it hits some decentralized exchange all is lost for those in pursuit.  

Once the stolen crypto is ‘cleansed’, the proceeds then make its way through various transactions back to a centralized exchange. It is through fiat obtained through laundering via a centralized exchange that rogues obtain the fiat to buy what they want with the proceeds of their crime.  

Remaining anonymous is key to laundering generally and is easily done through some crypto exchanges by sophisticated rogues. While some centralized exchanges pursue a goal of fully legitimate transactions, we know from experience that even the most regulation adherent centralized exchanges are often subject to accounts in false names.  

The use of false identities on crypto exchanges is relatively easy for the sophisticated rogue given that face-to-face know your client is non-existent – and other factors. The use of false identities to open accounts at main line banks for fiat transactions to crypto exchanges is also rampant given the lack of sophistication of front-line bank employees opening accounts. 

The use of fraudulent identities and the ability to move vast sums quicky through crypto exchanges has increased the volume and quantum of thefts exponentially. There is little incentive on main-line banks and on crypto exchanges to reduce the use of fake identities of account holders as our courts most often will not hold them liable for opening accounts in false names. If main-line fiat dealing banks and crypto exchanges were even held 50% responsible by our courts for a victim’s loss, it is foreseeable that the number of accounts in false names would reduce greatly. 

But given the easy at which false identities are used in the crypto world, we are left with trying to understand why recoveries where crypto is used is so high risk. Some reasons are that many centralized exchanges are not regulated in various places throughout the world. And crypto does not recognize national borders. Crypto is stolen from countries where its citizens hold wealth and often laundered through centralized exchanges where regulation either does not exist or is not respected.  

Another theme of presenters was that decentralized exchanges are far less regulated than centralized exchanges – the choice of the appropriate decentralized exchanges virtually guarantees successful laundering of stolen funds. One of the reasons why decentralized exchanges are far less regulated is because they do not deal with fiat – their interest is in serving those who seek to move funds quicky across border from one form of crypto currency to another.  

Pig Butchering 

‘Pig butchering’ is a term given different meanings depending on who is using it. For some it is used to describe long term criminal projects to obtain funds from unsuspecting victims such that they are left with nothing to finance a recovery. ‘Pig butchering’ is most commonly associated with on-line romance scams where the lonely victim is groomed for months and discloses so much of their net worth information that the thieves know how long to continue their efforts before the fattened pig (victim) is fully butchered (broke).  

Pig butchering most often starts with the victims transferring their fiat to a centralized exchange. Some victims believe that they are in love with someone they met on-line and never met in person or even spoke with on the phone. The emotional on-line connection results in irrational judgments of transferring funds to their ‘lover’. Often, even if a victim (butchered pig) has anything left when the on-line thieves are done with them, their trail of the crypto is lost when it hits the decentralized exchanges after being subjected to ‘mixers’, ‘bridges’ and other laundering techniques.  

Cleansing Crypto 

One of the many methods to obfuscate the source of funds is by exchanging one version of crypto for another. Ultimately most rogues want the washed crypto brought back to Bitcoin – the most well accepted of cryptocurrencies for transfer back to fiat. Before this happens crypto that may have been moved with ‘safe’ forms of crypto such as Bitcoin or Ethereum is exchanged into virtually untraceable forms of crypto such as Monero, and then back into Bitcoin or Ethereum before its converted to fiat.  

Movements of funds being laundered through crypto is often traced through ‘clusters’ – or large movements of crypto. When this crypto moves through the blockchain smaller transaction are often observed heading back to a centralized exchange. This is often the Ponzi scheme process of repaying the victim with their own funds so that it appears to the victim their ‘investment’ is paying off. Some who are involved in crypto tracing and investigations refer to this as ‘inducement’ transactions.  

The terminology associated with laundering through the use of crypto sometimes refers to the use of ‘Bridges’³ utilizing ‘Tornado Cash’⁴. This is used to move crypto to and then from the decentralized exchanges – a term often used with the concept of ‘de-fi’.⁵ The use of ‘hops’ are transfers used to mask the source of funds.⁶ 

To give victims a better idea of how laundering through decentralized exchanges takes place, approximately 20% of crypto transactions take place through centralized exchanges – the inference being decentralized exchange transactions further obfuscate the trail of tracing funds laundered through crypto. 

Other terms used by those in the crypto tracing industry are ‘swaps’ sometimes involving a company operating under the name ‘Uniswap’,⁷ transactions utilizing ‘smart contracts’,⁸ and the use of ‘Shadow Exchanges’.⁹ The terms ‘decentralized finance’ is used interchangeably with decentralized exchanges. 

How Rampant is Laundering through Cypto? 

There are no commonly accepted statistics on the percentage of crypto transactions generated for laundering purposes. Some estimate 5% of crypto transactions are for laundering, 90% for speculative purposes, and 5% for actual commodity commercial transactions. Some with an interest is advocating that crypto is legitimate and here to stay estimate the volume and quantum of illicit crypto transactions for laundering purposes much lower.  

Rule of Law 

Whatever the case, crypto as a means of exchange will be around for the foreseeable future. For those of us in the recovery industry, who must explain options to victims, the question is whether tracing stolen funds through the crypto highways is “throwing good money after bad”. What we hear most crypto experts say is that the longer the gap in time from the initial illicit transaction to the time it is acted upon, the less likely anything can be successfully traced or recovered.  

Another common theme at the Offshore conferences is the “Rule of Law” application to crypto finance. Until there is a comfort level that crypto transactions can be litigated with certainty, there is uncertainty as to whether there will be mass acceptance.  

Trump and the Crypto Presidency 

It was mentioned that Trump campaigned on winding down Department of Justice crypto exchange investigations and that this may have been one of the reasons why he won the presidency and the Republicans won the House.  The citizenry using crypto wish to maintain their privacy in this form of transaction – sufficient to have them support Trump rather than the regulating Democrats. 

The Rule of Law and mass acceptance concepts are tied to respected regulation. While certainly not wishing to support a democrat, it is obvious that the deregulation of crypto transactions will increase the boldness of illicit actors to continue to use crypto as a preferred method of laundering. 

AI is Changing Everything 

The Offshore Conference also had presentations on AI. In an age of mass data, the use of AI is necessary to search for terms and issues, and to create reports on evidence that is retrieved. But while AI can make searches for evidence in mass data manageable, it does not replace human intuition and judgment necessary for conducting examinations. Rather, the better way to view AI is as augmenting human intelligence so that mass data can be processed.  

AI vastly reduces the cost of reviewing mass data. One of the tools AI can provide us is creating network graphs as a means of strategic intelligence to process mass data. Another tool of AI is creating chronology reports to understand evidence. AI can review source documents (communication data, etc., agreements, etc.) affidavits and transcripts for terms in minutes that formerly took days by way of manual review.  

AI can also conduct legal research much more efficiently than human lawyers. The risk of using AI for research or anything else is that it provides inaccurate information. To remove that risk any document that AI produces must be verified by human review (review the cases that are actually being put before a court in a legal argument). The use of AI reduces the need for associate lawyers undertaking such tasks, and frees young lawyers up for other tasks.  

The issue of privacy and AI is a live concern. Information to which privilege pertains should not be processed through public AI. ‘Closed’ AI systems are available to law firms for processing privileged information. As an adjunct issue, clients should be informed if AI is being used to process their information or their cases. Most clients will consent if they believe it will save them vast amounts of legal fees.  

The bottom line is that with AI productivity of legal and investigative work is increased and costs are decreased. AI may be an important tool in crypto tracing at some point in the future.  

BVI Intelligence Briefing 

The BVI is home to the second largest volume of crypto currency transactions on the planet – second only to China, and greater than Dubai. This was a surprising statistic.  

The BVI is home to approximately 25% of the world’s International Business Corporations (“IBCs”) that controls approximately 50% of the value of transactions conducted through IBCs. The BVI is sought after for IBCs due to is low comparable risk of corruption and its reliable justice systems. Whether legitimate or criminal, those using IBCs are seeking security and safety in their transactions.  

The vast majority of IBCs are used for lawful purposes. Many corporations in jurisdictions where the risk of corruption and theft is high use IBCs registered in the BVI so that they may have access to the UK’s comparatively reliable justice system. Most IBCs registered in the BVI ownership is based in Latin America and Asia with relatively few having UK or European ownership. 

IBCs issued in the BVI permit the use of beneficial ownership of shares providing confidentiality as well. While beneficial ownership is permitted, the BVI cooperates with foreign tax authorities to reduce the propensity of tax evasion that beneficial ownership could result in.  

To register an IBC in the BVI, the KYC process is adhered to. Not only does this assist the enforcement of fair taxation, it also assists with Norwich tracing applications when IBCs are used for moving stolen funds. Privacy is also why the BVI has a thriving arbitration system to deal with disputes. 

Bottom Line:

the use of crypto to launder proceeds of fraud and other crime is simply an extension and sophistication of historical methods of laundering. There will always be those involved who launder using crypto who are not so sophisticated – or for various other reasons leave a trail resulting in a recovery the discovery of their identity.  

However, for the common victim, whose losses does not attract a law enforcement project, the chances of recovery once funds are laundered through crypto is low. The chances of recovery are typically not better through private sector crypto tracing entities. Generally, we do not encourage victims to invest in crypto tracing projects – if they do so, they do so at their own risk.  

Inquiries:

At Investigation Counsel, we only act for victims. We are Canada’s only boutique victim focused fraud recovery firm. We investigate and litigate fraud recovery cases each and every day.  

If you discover you are a victim of fraud, contact us to have your case assessed and a strategy for recovery mapped out before contacting police or alerting the fraudster. The Courts grant tracing and freezing orders much quicker through the civil process than the criminal process, and even if a criminal complaint is made, the police most often do not disclose their findings with victims, and if they do, it is after the criminal prosecution when any hope of tracing and recovery is long over. 

We also promote victim advocacy and academic discussion through various private and public professional associations and organizations. If you have an interest in the topics discussed herein, we welcome your inquiries.