Government has never felt closer: the U.S. Secret Service and the Bay Area Regional Enforcement Allied Computer Team (REACT) held a Reddit Ask Me Anything session, answering questions on everything from the identity of Satoshi Nakamoto to the best coin to use to remain untraceable.
These two aren’t the first government instruments you’d think of to show up for a ‘crypto’ AMA. But, as a primer to the thread points out, the Secret Service is responsible for safeguarding national infrastructure in the U.S.—in today’s world, that often involves the world of cryptocurrency. For this AMA, members of the Secret Service’s dedicated digital asset squad—based in San Francisco—answered questions.
REACT is a multi-jurisdictional task force between local, state, and federal agencies in cooperation with the private sector. REACT focuses on high-tech crimes and works to ‘disrupt criminal networks, identify emerging threats and assist in cases requiring specialized expertise.
As a window into current law enforcement efforts to aid victims of digital asset scams, the AMA was simultaneously encouraging and worrying.
The good and bad of law enforcement
One user wanted to know about law enforcement’s abilities to secure positive results when scammers are located overseas.
“Frequently out investigations result in overseas suspects,” REACT replied. “Here’s the upside: we can still recover cryptocurrency, even if it is ‘overseas. That’s the beauty of working with international crypto exchanges who will accept search warrants and turn over stolen assets.”
But the AMA also shined a light on the limitations faced even by task forces dedicated to the issue of digital asset crime. Implicit in REACT’s response to the international enforcement question is that they are still reliant on the cooperation of compliant and accessible exchanges to be effective, and such exchanges aren’t as easy to come by as they should be.
“There are several ways we can seize, or confiscate, crypto. In every instance it’s done pursuant to a court order or voluntary surrender,” the Secret Service said.
Court orders are increasingly being seen as an indispensable tool for recovering access to lost or stolen digital assets, but a search warrant against an exchange will be entirely dependent on them existing in a jurisdiction that will respond to U.S. court orders. The agencies’ comments highlight the value of private court orders enforceable at the protocol level itself, recently highlighted by the case of Tulip Trading Limited v Bitcoin Association and ors and the subsequent release of the Digital Asset Recovery tool.
Reading between the lines of the interview, it is also apparent that while large-scale digital asset theft soaks up a lot of attention from law enforcement, many smaller thefts are falling through the cracks. The Secret Service account said that they are a smaller federal agency with limited ability to explore digital asset losses on the smaller side and that the bulk of their cases concern losses of over $500,000. Given that the Secret Service said elsewhere in the thread that their most difficult cases are those where the elderly have been convinced to use their life savings to pump one digital asset or another, this paints a dark picture.
Practical advice from the U.S. government
Beyond that, the agencies offered plenty of advice on keeping yourself safe from digital asset scams, ranging from general to specific.
“The best practice we recommend for holding cryptocurrency is to use a hardware wallet bought directly from the manufacturer and never from a third-party website,” REACT told one user.
“Back up these wallets by writing down the seed phrase and keeping it in a secure place. Never take screenshots or photos of these backup phrases. There have been many cases where victims’ cryptocurrency funds were stolen from them because they had their backup seed phrase stored in their email or online storage accounts.”
The Secret Service chimed in:
“Also, if using an exchange, be careful who you provide access via API. We’ve seen cases with airtight multi-factor authentication where the API keys are compromised and can lead to loss of funds.”
REACT also gave its thoughts on how cell carriers should respond to the prevalence of SIM swap attacks, where are fraudster takes control of a phone number by porting it from its legitimate phone to one owned by the fraudster.
“If the suspects gain access to the carrier’s internal tools, few protections can be placed on your account that will prevent this,” warned REACT.
“The protection has to come from securing your accounts to minimize the damage that could occur if this were to happen to you. This includes never using your cell phone number as a two-factor authentication method and instead utilizing multifactor authentication apps or two-factor hardware security keys.”
REACT also gave a mixed view on so-called digital asset bounty hunters, who offer to trace and recover stolen digital assets for a fee:
“Third party tracers are a mixed bag. There are certainly some very professional tracers who have the victims’ best interests in mind. Unfortunately, there are a number of extremely predatory operators who are charging victims for tracing that is unusable to law enforcement, demanding a percentage of recovery and asking victims to sign over powers of attorney. Important to know—third party tracers do not have authority to make seizures. Consumers should evaluate claims carefully.”
There were also highly upvoted questions that didn’t receive an answer; whether or not there’s anything to be inferred from this is anyone’s guess. Many questions about privacy coin Monero went unanswered, for instance.
The thread also contained a deluge of unanswered tips from Redditors.
“Please look into safemoon and the fraud John Karony,” wrote user CryptoRevolutionGuy. “Millions in USD stolen.”
Want to stay anonymous? ‘Use cash,’ says the SS
The AMA was most interesting for its impression of how law enforcement generally thinks about digital assets.
One user asked what the general agency view on digital assets is and whether it’s seen as ‘the next big thing’ or a ‘nuisance’ to be eliminated. The Secret Service said:
“We don’t really take a position one way or the other, we are a law enforcement agency so we go where the crime takes us and focus on criminal activity.”
When asked about their thoughts on blockchain pseudonymity, REACT said that “the blockchain provides us with an amazing opportunity to track the flow of money. It’s a continuous ledger that is unchangeable and transparent.”
In a similar vein, the Secret Service told one user asking for the best way to avoid them knowing about their transactions: “Use cash.”
Watch: Cybersecurity and Blockchain at CoinGeek Zurich
New to blockchain? Check out CoinGeek’s Blockchain for Beginners section, the ultimate resource guide to learn more about blockchain technology.
