Meikai: Forensics Tool Suite (Illicit Activity Detection)

It is estimated that nearly 50% of illicit crypto activity is conducted on TRON as Tether transactions. The community has a moral obligation to facilitate investigators as they fight crime on-chain.

Comment

MeiKai - Blockchain Forensics Platform

Sheldon Kreger

Problem Area and Application Use Cases

  • Regardless of market conditions, criminals use crypto to execute payments, launder money, and obfuscate their identity.
  • Criminals also steal crypto through various schemes such as wallet exploits, phishing, and pig butchering.
  • Crimes include tax evasion, weapons proliferation, drug trafficking, human smuggling, human trafficking, and funding of terrorist organizations.
  • The USA and its allies cannot effectively enforce sanctions if adversaries can transfer money via crypto.

Investigators Need Help

  • A handful of companies offer data services and training to investigative agencies.
  • May 2022, Chainanalysis valuted at 8.6 billion USD.
  • Since launching in 2018, TRM has grown revenue 490% year-over-year and expanded its team from four people to more than 150. (Nov 2022)

But Wait, There's More

Federal investigators are not the only people who rely on blockchain forensics tooling.

  • Exchanges like Binance and Coinbase are required to comply with subpoenas.
  • Wallets and crypto ATM services can proactively prevent fraudulent or criminal transactions.
  • Companies operating the actual blockchains must also comply with regulations, such as freezing wallets.

Why TRON?

TRM's 2023 "Illicit Crypto Ecosystem Report" declares:

  • "While Bitcoin was the exclusive currency for terrorist financing in 2016, by 2022 it was all but replaced by assets on the TRON blockchain, with 92%."
  • "TRON (TRX) hosted 45% of all illicit volume, up from 41% in 2022, followed by Ethereum at 24% and Bitcoin with 18%."
  • "Tether (USDT) was the stablecoin with the largest amount of illicit volume, at USD 19.3 billion. Approximately 1.63% of Tether (USDT) volume was linked by TRM to illicit activity, compared to 0.05% of USDC."

Visualizations and Queries - Discovery of Suspicious Activity (Generate Suspicious Activity Report SAR)

Leverage transaction patterns to reveal previously unknown criminal activity.

Pig Butchering

  • Several accounts send various amounts to a single address within a short time range.
  • Recipient address sends to blender, exchange, several new wallets, or other smart contract.

Wallet Exploit

  • Many wallets send all assets to a single recipient within a short period of time.
  • Recipient address sends to blender, exchange, several new wallets, or other smart contract. ## Sale of Illicit Materials
  • Many wallets send identical amounts to a single wallet address over a period of time.
  • Recipient address sends to blender, exchange, several new wallets, or other smart contract.

Visualizations and Queries - Known Malicious Actor

Darknet Wallet Address / Exchange KYC Blacklist Address

  • List wallets that have sent to or received from malicious address.
  • Traverse by depth on graph.
  • Track balance of malicious wallets, including historical balances. ## Sanctions Enforcement
  • Gather wallet login activity by geolocation (ip address). ## Inspiration

What it does

How we built it

Challenges we ran into

Accomplishments that we're proud of

What we learned

What's next for Meikai: Forensics Tool Suite (Illicit Activity Detection)

Built With

Share this project:

Updates