Cellebrite is providing investigators with new tools to access the cryptocurrency app Coinbase to reduce the anonymity of Bitcoin users and their transactions.

As part of one of the largest unregulated markets in the world, the cryptocurrency Bitcoin has been found to have 25% of its users and 50% of its transactions involved in illegal activity. This is no surprise as cryptocurrencies, like Bitcoin, are attractive to criminals because they offer a method of payment that is completely anonymous.

Each Bitcoin user has a unique alphanumeric address, so it is challenging to know who is behind which transaction. One of the leading digital money e-wallets that allow for the buying and selling of cryptocurrencies, such as Bitcoin, is Coinbase.

The Coinbase digital wallet app has seen rapid adoption, boasting over 20-million customers. To date, this app has been used to trade $150 billion in digital assets on its exchange platform. In 2017, Coinbase reported $1 billion in revenue, according to figures from Recode, and reportedly valued itself at around $8 billion in an acquisition deal this spring.

Cryptocurrencies by Market Cap and % Share (Source: Coinmarketcap)

It’s an understatement to say that having the ability to see when transactions were made, to which address, and how much digital money was transferred would be invaluable to digital investigators solving a crime.

Enter The Cellebrite UFED Cloud Solution

Up to this point, digital forensic solutions have only been able to pull partial data from Coinbase on the balance of Bitcoin accounts and only for certain devices. This falls short of getting the actual account addresses or other details needed to attribute the account to a suspect, lead or victim.

That’s why Cellebrite updated its newest Cellebrite UFED Cloud release to empower digital investigators and examiners to extract Bitcoin addresses, as well as, identify transaction histories from the Coinbase app.

Digital investigators needing to “follow the money” can now see in a convenient timeline that reveals how much and when digital funds were transferred in relation to a crime. By adding this important digital component to investigations, key pieces of evidence can be leveraged to solve a crime.

For examiners assisting digital investigators, digital money transaction histories can easily be presented to colleagues and later used as solid evidence by prosecutors in court. Here’s a fictional example of how it works.

Bitcoin Transaction History Retrieval in Action

Ted, a digital investigator, knows that Jimmy is selling drugs to high school kids. Yet despite searches during multiple arrests, Ted is never able to find any money in Jimmy’s possession nor any evidence of his illegal market activity.

John, an examiner with a warrant, has extracted data from Jimmy’s phone during the last arrest. While John discovered that Jimmy had a digital wallet, he was never able to find any relevant data, so he downloaded the latest version of Cellebrite UFED Cloud.

After receiving a warrant to view Jimmy’s bitcoin cloud application, John was able to extract the data, identify Jimmy’s unique identifier and retrieve all of his digital money transactions along with their unique timestamps.

When this data was added to the timeline in Cellebrite UFED Cloud, along with the phone data and the Call Detail Records, Ted was able to make the case and validate the payment for drug transactions. Moreover, this digital evidence also confirmed that Jimmy was transacting illegal activity within a school zone, which in turn increased his penalty.

For the digital investigator and examiner searching for money transactions, Cellebrite UFED Cloud is the only solution that can show Bitcoin transaction history from Coinbase.

Access the Cellebrite UFED Cloud Release 7.4 here.

Share this post