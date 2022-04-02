A police think tank has for the first time issued a standard operating procedure for law enforcement agencies in India on how to probe crypto crimes, and seize and preserve cryptocurrencies during investigation.

Law enforcement agencies must have their own crypto wallet to store seized virtual digital assets, and they need for liaise with crypto exchanges to block a suspect’s wallet or resetting the keys to defuse transactions in an ongoing investigation, the guidelines by the Bureau of Police Research Development (BPRD), a think tank under the home ministry, said in its guidelines.

Investigators dealing with cyber crimes involving cryptocurrencies have been asked to thoroughly document the scene during the process of opening a crypto wallet so that the evidence can be preserved and used in a court of law.

Currently, there are no national guidelines on cryptocurrency related cases, due to which enforcement agencies often struggle, particularly in seizure as well as tracing suspects.

Although the central government has started taxing earnings from crypto transactions at the rate of 30%, the country is yet to regulate cryptocurrencies and investigations in such cases are probed through existing cyber laws.

Illicit transactions using cryptocurrencies in 2021 were estimated to be $14 billion, up 79% from $7.8 billion the previous year, according to a January 6 report in the Wall Street Journal.

The value of Bitcoin alone currently stands at $1.98 trillion, T Rabi Shankar, deputy governor of the Reserve Bank of India, said at a keynote addressed at the Indian Banks Association on February 14. There were 17,436 cryptocurrencies and 458 crypto exchanges, he had said.

Once it is established that there has been the involvement of cryptocurrencies in a crime, there should be a quick response by law enforcement agencies to seize them, according to the standard operating procedure, which has been reviewed by HT.

“The law enforcement should determine if it is possible to access the wallet by obtaining the necessary passcodes or keys,” the guidelines said.

If the wallet is not encrypted, the document said, the officers could have complete access (provided proper warrants have been obtained for the seizure of the device), but if the wallet is encrypted, getting the suspect to provide the encryption code, passwords, or seed words was the easiest method of access.

If immediate access to a suspect’s wallet is not possible, or the suspect denies access to encrypted wallets, the concerned device should be switched to airplane mode, or placed in a faraday bag to prevent tampering, the guidelines said. A faraday bag blocks electromagnetic fields and shields enclosed digital devices.

To open crypto wallets, the officers can ask a suspect for passwords, seeds, or any credentials required to log in. “A good practice is to look around for any possible trashed papers for seeds or any credentials as well,” the SOP said.

To store seized cryptocurrency, “the law enforcement agencies must have their own Bitcoin/crypto wallet”, the bureau said.

For online wallets, help of third parties where the currency is stored can also be taken to freeze accounts and assist in the seizure of funds left online. “Police can do so using the same method to freeze traditional bank accounts, but the warrant must be directed at the online wallet operator,” the SOP stated.

Law enforcement officers have been asked to thoroughly document the scene while seizing cryptocurrencies.

Since access to a crypto wallet is often encrypted, the bureau asked police officers to follow best practices for maintaining the current state of the device to prevent it from locking from inactivity, in the event the suspect’s computer of mobile is unlocked. “In the case of a mobile phone, a faraday bag should be used,” it said.

“The crypto wallet can be opened in another device by documenting the whole process with an independent witness by following the proper chain of custody,” the SOP read.

The biggest issue faced by law enforcement in dealing with cryptocurrency related cases is traceability of transactions and the suspects, according to Karnal Singh, former chief of Enforcement Directorate that investigates financial crimes.

“Since the cryptocurrency uses a decentralized network of computers or nodes, it is difficult to know who is doing the transaction, and a person can have as many public keys and could be sitting anywhere in the world, which makes traceability of suspects impossible,” said Singh.

A public key is like an account number, which is visible to anyone with internet access when transactions are added to the blockchain.

“While cryptocurrency is a boon for people in countries with unstable currencies, the anonymity poses a major challenge for law enforcement agencies. While all transactions are transparent on blockchain, it is difficult to pin a wallet to a physical person. As a result, it’s a safe haven for criminals who carry out ransomware attacks, crypto exchanges hacks and carry out transactions in bitcoins,” said Tarun Wig, co-founder of Innefu, a data analytics and cyber security company.

“As a country, our law enforcement agencies do not yet have SOPs to investigate a crypto crime and identify the perpetrators,” Wig said. “While some of the exchanges have made KYC (know your customer) mandatory, there is an urgent need for pinning every wallet to a physical entity and classify all transactions on a risk score.”