With more and more fraudsters working in the shadows of the crypto world, investigators of all kinds must become familiar with these new and evolving technologies. A panel of four experts helped unpack these mysteries at the 34th Annual ACFE Global Fraud Conference in a session entitled “Cryptocurrency Tracing and Investigations: Real-World Successes and Challenges.”

Indeed, chasing scammers in the borderless world of cyberspace presents its own unique challenges. Not only are the legal parameters of this ever-changing technology still fuzzy and global in nature, but simply gathering the necessary evidence can prove tricky.

Lili Infante, founder and CEO of crypto asset company CAT Labs, remembered some of the complications she encountered when she was pioneering cyber investigations at the U.S. Department of Justice as a special agent. She once cornered a French administrator of a dark web marketplace who was visiting the U.S. for a convention, and even managed to get hold of his electronic devices as he disembarked at the airport. The problem was that she had no password to access the bitcoin wallet, which Infante knew was linked to his criminal activity, as she had earlier traced his movements on the blockchain and found the wallet’s address. To make matters worse, the suspect’s wife was on her way back to France, where she was likely going to access the wallet and extract the cryptocurrency once she arrived.

With little else to go on, Lili hurriedly tried different combinations using the wife’s and the fraudster’s names, dates of birth and other guesses for the password. After three hours, miraculously, one of those guesses worked and the wallet opened. “Now I have a million dollars staring me in the face,” she said. “I am in my house with no witnesses.”

That put Infante in an awkward spot. “We had to figure out on the spot procedures for this kind of situation. How do I make sure there is a proper chain of custody so no one can just accuse me of stealing the money?” she said.

So, she took screen shots, FaceTimed her partner to make sure somebody else in law enforcement knew what was happening, and showed him that she was transferring the money into government custody. “I had to create policies and procedures for a lot of these cases because they weren’t in place yet.”

Even storing illicitly gained bitcoin is not as simple as it may seem. Here are some of the types of wallets where people can place cryptocurrencies and the terms used by the panel’s experts to describe them.

• Cold storage or hardware wallet: A wallet that isn’t exposed to the internet and stores private keys offline. (This is where the IRS stored the bitcoin that Infante discovered.)

• Hot storage wallets: A wallet that is connected to the internet and is accessible through mobile phones, laptops and tablets.

• Self-custody wallets: This is when you own the keys to the wallet. (The fraudsters in Infante’s case above had a self-custody wallet.) An account on a crypto exchange like Coinbase is a hot wallet but is not a self-custody wallet, as Coinbase owns the keys.

Sean Tweed, CFE, a fraud investigator at the Preston Matthews Group, faces his own difficulties when it comes to helping clients who have been tricked into sending cryptocurrencies to scammers. “Some of the difficulties we deal with is that we can’t recover funds in the way that most people assume we can, unless we have access to a private key of (crypto) wallet,” he said. The company can, however, trace the whereabouts of the stolen cryptocurrency with blockchain analytics software, hopefully to a regulated exchange that has some sort of know-your-customer protocols. Tweed’s company then provides a letter to the client to explain their findings so law enforcement can take action. However, law enforcement can be suspicious of legitimate companies like Preston Matthews as fraudsters often claim to be private investigators, saying they have found the stolen cryptocurrency which they can release – for a fee. “Don’t send big wire transfers before you see any results,” warns Tweed.

“One of our biggest issues is dealing with law enforcement and explaining we are licensed private investigators and have regulatory standards. We are not trying to defraud these people.”

Brett Johnson, CFE, conducts crypto tracing and blockchain forensics, often in partnership disputes during a divorce. “When it comes to crypto, it is a fun way to hide money,” he says. “It is easy and fairly inexpensive.”

It’s also easy to miss if you don’t know where to look. Johnson recalls a divorce case where they spotted a small Venmo transfer of cryptocurrency received by the husband, who said he only had one account. That small Venmo transfer led Johnson to the crypto exchange where he asked for more details and discovered that the husband had been funneling cryptocurrency to a girlfriend’s account.

Panel moderator Lourdes Miranda, CFE, a former CIA officer and FBI analyst, asked how law enforcement agencies determine jurisdiction for crimes in a crypto space that extends across borders. In her experience, especially in drug cases, “whoever owns the source, whoever found the source, whoever vetted the source and finally whoever is paying the source has jurisdiction (over the case),” he said. “But that can change.”

Infante said that she would often try to bring different agencies into her task force, but if another agency had more leads or probable cause on a particular case, she would hand over whatever relevant information she had garnered and walk away. “There are so many fish in the sea,” she said. “I don’t need to be fighting over cases.”

Sometimes it was just a question of tying a crime to a particular jurisdiction. That may seem complicated with dark web markets involving vendors and administrators across the globe. Infante said law enforcement agencies could get around this problem by simply buying narcotics through that site and having them sent to the relevant jurisdiction.

Tweed, who works out of Canada, finds legal means to help clients recover crypto stolen by anonymous fraudsters who may be working outside the country. So called Norwich and Bankers Trust orders are used in Canada and the U.K. to extract information about fraudsters who may have funneled stolen funds through crypto exchanges or other regulated entities. “When law enforcement drops its hat and says the jurisdiction is too difficult here, these are two ways we can move forward (from an investigation side) and get that information. And from a lawsuit side, we have a name of an individual you can potentially get assets from.”