Cryptocurrency Fraud: How to Investigate and Trace It Across Sectors
Cryptocurrency has fundamentally changed the financial crime landscape across regulated and corporate environments. Not because crypto is inherently criminal — it isn't — but because it introduces a set of investigative challenges that traditional compliance functions were not designed to handle. On-chain complexity, pseudonymity, cross-border flows, and the speed of settlement all create friction for investigators trained in conventional financial crime methods.
The good news is that blockchain is also one of the most transparent financial systems ever created. Every transaction is public, permanent, and traceable. The question is whether your organisation has the capability to use that transparency.
The Fraud Typologies
Crypto-enabled fraud affects a wide range of regulated and corporate environments. The typologies differ by sector, but the underlying mechanics share common features.
Corporate treasury and vendor payment fraud. Businesses receiving or making crypto payments as part of their treasury operations are increasingly targeted. Invoice fraud schemes divert legitimate vendor payments to attacker-controlled wallets by substituting addresses at the point of payment. Corporate treasury crypto holdings are targeted through internal fraud and credential compromise. These are not gaming-specific risks — they are risks for any organisation transacting in crypto.
Layering through gambling or exchange activity. Proceeds of crime are moved through gambling platforms or crypto exchanges, with resulting funds withdrawn through apparently legitimate channels. The activity creates a veneer of legitimate source. In gaming specifically, this takes the form of minimal play funded by criminally-derived crypto, with fiat withdrawal creating an apparent clean trail. Gaming operators must treat this typology as a live AML risk; but the same layering dynamic occurs through unregulated exchanges and DeFi protocols more broadly.
Third-party payment exploitation. Across sectors — gaming, financial services, e-commerce — crypto payments originating from wallets with no established connection to the account holder are used to exploit the pseudonymity of the medium. This obscures the third-party nature of the funding and circumvents standard CDD processes.
Synthetic identity and account fraud at scale. Crypto payments enable the funding of multiple accounts linked to fabricated identities with a speed and scale that fiat methods make harder. In iGaming this targets promotional abuse; in financial services it targets credit products and investment accounts. The crypto payment layer complicates the account linkage analysis that would normally surface the activity.
Why Traditional Investigation Methods Fall Short
The core problem is that traditional financial crime investigation assumes a fiat payment environment: bank accounts that can be searched, card transactions with clear merchant records, cash with source-of-funds declarations. None of these apply cleanly to cryptocurrency.
A compliance team that sees a crypto deposit or payment and treats it the same as a bank transfer is missing the investigative dimension that matters most: where did that crypto come from? A blockchain address has a transaction history stretching back to its funding source. That history can reveal connections to mixers, darknet markets, high-risk exchanges, sanctioned entities, or other addresses associated with financial crime.
Without the ability to read that history — or the tools to do so — you are conducting AML reviews on incomplete information. This applies equally to a gaming operator accepting crypto deposits, a law firm receiving crypto retainer payments, or a corporate treasury holding digital assets.
How On-Chain Tracing Works
Blockchain analytics is the discipline of analysing transaction data on public ledgers to understand the source, destination, and flow of cryptocurrency. For most compliance functions, this means using a third-party tool — the industry standard is Chainalysis KYT (Know Your Transaction), which I am certified in, alongside alternatives including Elliptic and TRM Labs.
These tools assign risk scores to cryptocurrency addresses based on their transaction history and known associations. A wallet that has received funds from a sanctioned exchange, a mixer, or an address linked to ransomware proceeds will carry a high-risk score. A wallet with a clean transaction history connected to regulated exchanges will carry a low-risk score.
The output of a KYT check on a wallet address gives your compliance team a risk-rated picture of where the funds originated. This is the baseline for any SAR decision involving crypto — whether you are an MLRO in a casino, a compliance officer in a payment institution, or a risk manager in a corporate treasury function. Without it, you are guessing.
At the investigative level, on-chain tracing can go further: following specific transaction flows across multiple hops, identifying cluster associations (wallets controlled by the same entity), and mapping fund flows to specific entities — exchanges, services, counterparties — at the point where the blockchain intersects the conventional financial system.
What Evidence You Need for a SAR or Law Enforcement Referral
A SAR involving cryptocurrency needs to be more detailed than a conventional SAR to be actionable. Under the Proceeds of Crime Act and equivalent legislation across regulated sectors, the Suspicious Activity Report should include:
- The blockchain address(es) associated with the subject's activity - The transaction hashes for relevant transfers - The risk score and flag categories from your analytics tool (with the tool identified) - A plain-language summary of what the on-chain analysis reveals — not raw blockchain data, but an interpreted account of what it means - The connection between the on-chain findings and the predicate offence suspected
Law enforcement agencies — NCA, Europol financial crime units, national FIUs — increasingly have blockchain analytics capability. A well-constructed SAR that gives them a starting point dramatically increases the likelihood that the report generates a meaningful investigative response. This is true whether the SAR is filed by a casino operator, a law firm, a payment institution, or a corporate.
Cross-Border Complexity
Crypto fraud is rarely domestic. A subject may be in one jurisdiction, their wallet funded through exchanges registered in another, their account or business relationship operated from a third, and their withdrawal destination in a fourth. This creates jurisdictional complexity that can defeat conventional mutual legal assistance processes.
The practical implication for compliance teams across all sectors is that SAR decisions need to be made based on what you know, not deferred pending legal certainty about jurisdiction. File the SAR in your jurisdiction, preserve all evidence, and be prepared to respond to requests from multiple competent authorities.
Building Crypto Fraud Capability Without a Full Analytics Team
Most regulated businesses — particularly smaller operators and mid-market corporates — do not have the scale to justify a dedicated crypto analytics function. But meaningful capability is buildable without one:
At minimum: Ensure any crypto payment gateway, wallet service, or digital asset custodian you work with provides transaction risk screening as part of their service. Require contractual access to the risk score data for compliance review.
Intermediate capability: Subscribe to a blockchain analytics platform directly and train your MLRO and at least one senior compliance officer in its use. Chainalysis has certification programmes; Elliptic and TRM offer training. This is a day-and-a-half investment that significantly improves your investigative capacity.
For high-crypto-volume organisations: Embed on-chain analysis in your EDD workflow for all counterparties transacting material crypto volumes. This is already best practice in iGaming and in crypto-native financial services, and will become a regulatory expectation more broadly as crypto use in mainstream commercial activity grows.
The era of accepting or transacting cryptocurrency without examining where it came from is over. The tools exist. The regulatory expectation is forming. The question is whether your organisation is ready to use them.
About the Author
Ryan Best
Strategic Compliance & Investigative Consultant
Strategic compliance and investigative consultant with 26 years of operational and executive experience across regulated industries. Ryan advises boards, operators and institutions on compliance architecture, financial crime risk, investigation strategy and corporate governance.