Secure Line Podcast Episode 7 - Crypto Cold Front
In this episode of Secure Line, Leah, Jess, and Steph sit down with Ari Redbord, Head of Global Policy at TRM Labs.
We discuss how illicit actors are exploiting cryptocurrency to evade sanctions, launder illicit funds, and finance destabilizing activities. While North Korea’s cyber operations and crypto heists have been widely documented, a surprising revelation from TRM Labs’ latest report places Canada among the top 10 countries with the highest exposure to sanctioned entities. This unexpected ranking raises critical questions about Canada’s role in global illicit finance and the vulnerabilities in its regulatory and enforcement frameworks. We explore the world of blockchain intelligence and discuss how financial crime networks—from North Korean cybercriminals to Russian money launderers—are leveraging cryptocurrency to bypass international restrictions. Ari provides firsthand insights into how blockchain analytics tools like TRM Labs work, allowing investigators to track illicit funds across multiple chains and ultimately disrupt criminal enterprises. We also examine the broader landscape of crypto-enabled crime, including ransomware, fraud schemes, and the increasing use of AI in financial deception. As the conversation unfolds, we confront the challenges of enforcement, the gaps in Canada’s response to financial crime, and the urgent need for more resources and regulatory clarity. With cryptocurrency continuing to evolve, the battle between law enforcement and illicit actors is intensifying. What can governments do to stem the tide of crypto crime? How do investigators leverage blockchain data to uncover hidden networks? And what steps must Canada take to address its unexpected prominence in the world of illicit finance? Join us for a fascinating and eye-opening discussion on the world of crypto crime, its implications for national security, and why Canada might be playing a bigger role in this landscape than many realize.
If you enjoy this episode, don’t forget to subscribe, rate, and review on your favorite podcast platform!
Listen to the episode below:
Read the transcript below:
Intro: Steph, Leah, Jess, is this line secure?
Jessica: Welcome to another episode of Secure Line, where we look at the evolving nexus of crypto, illicit finance and national and international security. Today we're joined by Ari Redbord, global Head of Policy for TRM Labs. We're going to focus on Canada and illicit finance using crypto, but Ari will also be our guide into and through the world of cryptocurrency and blockchain analytics.
Prior to joining TRM Labs, Ari served at the United States Department of the Treasury as a senior advisor to the Deputy Secretary and the Undersecretary for Terrorism and Financial Intelligence. In this capacity, Ari worked with teams from the Financial Crimes Enforcement Network, FINCEN, Office of Foreign Assets Control- OFAC, and other Treasury and Interagency components on issues related to cryptocurrency sanctions, the Bank Secrecy Act, and anti-money laundering strategies.
Prior to his role at Treasury, Ari served for 11 years as an assistant United States Attorney for the District of Columbia, where he investigated and prosecuted cases related to cryptocurrency, terrorist financing, sanctions evasion, child exploitation and human trafficking. Stay tuned as we follow the chain of illicit finance in Canada.
Stephanie: Ari, why don't you start by telling us a little bit about TRM Labs.
Ari: First of all, thank you so much for having me. I, uh, I've been a huge fan, as you know. Since that day I slid into your dms and, uh, wanted to talk terror financing with you. I know, I know Stephanie. I see that look on your face.
Stephanie: But, uh, just sliding in someone's dms to talk crypto is I dunno, it's, it's very 2025. I like it though.
Ari: Not only crypto, but illicit finance in crypto. So, I mean, it's a very, very specific group of people who you'd wanna slide into.
Leah: If anyone, anything is gonna get Jess's, attention, that'd be it.
Ari: Super fun to engage. We've talked to law enforcement officials and TRM talks and all kinds of fun stuff, super honored to be on the show. Um, and excited for the conversation.
TRM Labs is a blockchain intelligence company, which means we work with law enforcement globally, primarily as an investigative tool. They use our software to track and trace the flow of funds in crypto to build investigations.
So if there's a hack or a ransomware attack, we're following the illicit proceeds or the, the funds um, you know, across chains to ultimately hopefully seize them back for law enforcement. We then work with the private sector, so traditional financial institutions, cryptocurrency businesses, stable coin issuers.
They use us as a compliance solution to just ensuring that they're not engaging with illicit actors or sanctioned cryptocurrency addresses, to keep their platform safe.
Leah: You've mentioned the term crypto a lot, and for all of those people who feel like they're smart but still don't understand crypto, can you please just explain what we need to know to follow along with this conversation?
Ari: Sure, absolutely. cryptocurrency is digital money. It's essentially money that lives on the internet as opposed to, you know, you're holding it physically in your hand today, like cash. To really understand crypto, you have to understand sort of blockchain technology and blockchains are where cryptocurrencies live and move.
Blockchains are just networks of computers. They are, you know, folks who are sort of all over the world, computer networks that are validating transactions, basically all agreeing that this transaction should go through at the same time. And, cryptocurrency is essentially financial instruments like Bitcoin or Ethereum or meme coins like Trumpcoin and Dogecoin and these types of things that are living on blockchains that people are engaging with.
It's essentially the way to transfer value using blockchain technology.
Leah: And is it correct, am I under correct in my understanding that anybody has the capacity to monitor the blockchain to understand this? Because I hear the term public ledger a lot. Is that true? Could anybody, if they had the capacity and the technology, see these transactions? Or is that something that's not true anymore?
Ari: I love it. It's a, it's a great question. And there are different types of blockchains. There are some that are permissioned, meaning like you have to have permission to engage on that blockchain. But most blockchains that people know today, I mentioned Bitcoin, the blockchain, Ethereum, the blockchain. Tron, Solana, Polygon, so many others are open blockchains. They are public, meaning that anyone can engage on them, which means that every single transaction is logged, verified, right, and immutable, meaning it's there forever. And anyone can use sort of open source tools to see what's happening. On the block on different blockchains, you're essentially running nodes or, having the ability to download data on those blockchains.
What TRM does that, that's special, right? Like sort of what are we doing beyond just monitoring blockchains? We are taking raw blockchain data so that alphanumeric address the two, the, from the, the amount, and we're layering that blockchain data with threat intelligence. We don't wanna just know that that's an alphanumeric address right on the blockchain. We want to associate that with a terrorist financier or a ransomware actor, or North Korea, for example. The largest hack in history by magnitudes happened within the last 48 hours. North Korean cyber criminals attacked ByBit, which is a large cryptocurrency exchange and stole about one and a half billion dollars.
That's the largest hack by double or triple that's ever happened before. We have labeled the addresses associated with those hackers as the ByBit hackers in TRM, so that law enforcement or, frankly, crypto sleuths on Twitter are able to track and trace those funds to hopefully help law enforcement seize them back for customers, hopefully to help exchanges seize them or freeze them in order to get those funds back and stop them from going to North Korea who will use them for weapons proliferation and destabilizing the Korean Peninsula and all kinds of terrible stuff that North Korea does.
Leah: So it's public in the sense that there's an identifiable address associated with all of these things, but it's not necessarily public in that I'm putting @Leah West, like it could be @nationalsecuritylawyerubergeek123 kind of idea behind it, and or it could just be a gobbly gook of numbers with nothing identifiable at all. So while it's public and you can attribute a transaction to an identifier, it's not necessarily that the identifier is associated with a known person. Is that fair?
Ari: Another great question. Yeah, you're, you're on fire, Leah, with these blockchain related address questions. Um, so yeah, we are not associating in TRM or really in any blockchain type of tool in that alphanumeric address with an individual. We are associating with sort of either risk categories or we can say, hey, we know the address belongs to an exchange like Coinbase or Binance or FTX, right we're tracking the funds in the bankruptcy. We know that those addresses were somehow associated with that, right? We are not directly associating that address with Jessica, Stephanie, Leah, but where that comes becomes really important is if Leah is a cyber criminal, law enforcement does wanna associate that address, but so what they do is they use a tool like TRM to track and trace those funds ultimately to a cryptocurrency exchange.
Then they use legal process. They'll serve a subpoena on Binance or Coinbase or Kraken or Gemini, and they'll have that user information that they can provide to law enforcement because they've gotten it through their KYC, their know your Customer process. So the way that law enforcement ultimately associates those Alpha numeric addresses in TRM or just on the blockchain is by sending process to law enforcement to learn that information. And then they use other tools in their toolbox that they've lost used for years, right? Like, just think great police work to go run down, right? You execute a Google, uh, Gmail search warrant then or uh, through AT&T or Verizon or your cell phone company. Where are they getting cell tower hits? And then they kick in a door, execute a search warrant, they do the thing that they have typically done. So I like to think of us, you know, it's not like this silver bullet, we are one tool in a toolbox that great investigators use to build, criminal investigations.
Stephanie: So my last question before we can talk more about your report, just to understand, I'm guessing then that there's like the good actor blockchains, like the legit ones and then the sketchy ones that are in like Russian warehouses that don't necessarily have to know your customer comply with subpoenas. Is that fair to say?
Ari: So it's interesting, you know, I think of blockchains as being sort of agnostic. They're just networks of computers. Uh, think of them as sort of a city now. The city's just there. You know, it's a place where people live and interact, but you have to build infrastructure on top of that city.
And to me, the people that have obligations in the world that we're talking about are those people who are building. So you have developers who are building applications on top of that blockchain. So, for example, there's a lot of meme coin activity on the Solana Blockchain. Solana is not to blame for the rug pulls and the sort of other activity that's going on. It's the people who are building either in a non-compliant way on there, or they're just scammers who are doing rug pulls related to meme coins. There's a lot of really good activity happening there in the NFT space. People are building, you know, neat stuff.
You know, Tron is another example that we really go deep in in our report, that is what we have seen over the last few years a disproportionate amount of illicit activity on the Tron blockchain. That's because Tron processes faster, cheaper payments. That's the only reason, right? Like, bad guys are just like the rest of us, right? They wanna process faster, cheaper payments.
They wanna move money cheaper and more quickly, so they've moved to Tron. Tron has been actively trying through a partnership with us and Tether to actually decrease the amount of illicit activity by specifically going after bad actors who are using Tether, it's a stable coin on Tron, um, to stop people from building, from stop people who are using, who are gonna do it for illicit purposes.
So I say all that to say like, when I think about blockchains, I just think about their networks of computers. I think, we wanna be really careful talking about like any blockchain hosting or actively engaging in list activity. It's the potential, either non-compliance or sort of bad guys that are building on those platforms that we really wanna target.
Stephanie: So helpful. Thank you.
Ari: Love it. Thank you.
Jessica: We wanted to bring you on here today to talk about the illicit finance landscape internationally, but also specifically in Canada. So in your company's most recent report on crypto adopting illicit activity, Canada's featured in a list of the top 10 countries for illicit exposure along with countries like North Korea, Nigeria, Russia, and Iran.
Why? Why is Canada in this list?
Ari: Yeah, look, I admittedly was surprised and that's sort of one of the powerful things about data is that there's no agenda around it, right? It's just like the numbers say what the numbers say. I was, that was, I'd say the only major surprise for me when I read that report was Canada sort of being on the list.
Uh, we immediately reached out to our partners and folks we work with in Canada to talk about the why there. And the why is essentially that, um, the one, one thing we can kind of dig into the report is that the biggest buckets of illicit activity that occur in the crypto ecosystem today all involve sanctions activity.
So to get sort of high on these lists, the question is around like, what sanctions exposure does your jurisdiction have? So Canada cracked the top 10 for illicit exposure, mostly due to exposure to sanctions driven by entities located in their jurisdiction that are transacting with sanctioned entities.
And many of, in many of these cases, these are transactions with sanctioned Russian entities, including Garantex, which is probably the most prominent sanctioned cryptocurrency exchange. In fact, um, it was sanctioned today by European authorities for money laundering activity related to Russia sanctions. Also Cryptex, another sanctioned Russian related entity. So we get deep in the methodology in our report and I would encourage folks to read it, sort of how we come to these numbers. It's the TRM Crypto crime report but the bottom line is really, so much of this is rooted in what exposure Canadian entities had to Garantex and other sanctioned Russian entities.
Leah: Just for the listeners, all three of us had the cringe emoji face going as Ari was explaining all of that. Uh, Jess back to you for all of the important questions.
Ari: Cool. Now, cringe emoji because Canada is on that list or like needing more, uh, from me for the explanation?
Leah: No, for the fact that we have so much exposure because we have so many enterprises dealing with sanctioned entities. Like that is bad.
Ari: Yeah it's bad, but it's definitely something that could be remedied. I think there's other sort - again, sanctions is the biggest driver of illicit finance numbers when it comes to on chain activity this year. That was like a major finding for us, more so than Darknet market exposure or ransomware or hacks or this type of activity. I think the key is like, all right, how do we get folks not engaging with these types of platforms? For sure.
Stephanie: Is the engagement with sanctioned entities, you know, something that people are doing deliberately in trying to circumvent sanctions, or is it something that they are doing unintentionally and therefore they need information.
Ari: It can be both, for sure. Um, you know, I think that at this point, probably enough people who are engaging in the crypto ecosystem should know that Garantex is a pretty big player when it comes to facilitating ransomware activity and Darknet markets and Russian sanctioned activity.
So I think that folks know, I will say that like there's all kinds of ways to gain exposure from sanctioned entities, right? Like you could receive funds from someone who had engaged with a sanctioned actor. So there's like multiple, what we call hops or degrees of separation from the actual sanctioned entity. That's something that I think we need more regulatory guidance around, certainly in the US probably true in Canada as well, about how far we should essentially have to look back to be concerned about sanctions exposure. Um, right. It's sort of the cash analogy, right? I could end up with cash that was 2, 3, 4 hops removed from, um, you know, the Sinaloa Cartel, that's not really something that the government is super worried about when it comes to my risk exposure. But still today in crypto, because we can go so far back, Leah, to your point about the nature of public blockchains, um, we have a lot more of this type of activity or at least the ability to track this activity. So we're almost hold held to a higher standard about how far we should be looking back.
Jessica: Yeah, and my cringe face was really around, um, this whole idea of like how much exposure Canada has to sanctioned entities because we know that the RCMP has, has actually released numbers fairly recently about blocking and freezing a lot of transactions to and from Russia so this is like just part of this broader conversation about Canada's illicit sanctions exposure to Russia.
Ari: Yeah, I would say that like, part of my surprise, but like again, there, there's a process to all of this and, and I think some of this takes time, is that I'd say that like of the law enforcement entities that we work with, um, you know, some of the most dedicated national security agencies, the RCMP obviously, the financial regulators. I mean, you know, we can get into this in a moment, but I mean, Canada has, you know, a long history of regulating the cryptocurrency space as securities in a way that really very few countries in the world have done. So it was a surprise, but I think Canada is doing so much right in this space that, um, this, this one, this is a very, very specific area that exponentially increases your exposure.
Jessica: This is gonna be a nice, um, surprise for a lot of listeners because I say nothing but bad things about the Canadian financial crime system, so it'll be nice for our listeners to hear you say something nice about it.
Ari: I love it. Yeah, no optimism, yes,
Jessica: It's very welcome.
Ari: It's my jam.
Jessica: So the US and Canada have both recently designated and listed a number of drug trafficking organizations as terrorist entities, how is that gonna affect your work?
Ari: Yeah, it's a great, it's a great question. At TRM, we have been thinking about cartels for years. It's mostly how cartels are laundering illicit funds, and obviously the overwhelming amount of that is in things like bulk cash smuggling and networks of shell companies and other types of activity. But we've seen more and more cartels leveraging Chinese money laundering networks, uh, which do use cryptocurrencies. We put out a report maybe two weeks ago on how cartels specifically are leveraging crypto in the wake of this designation. From the US perspective, I spent about 11 years at the Department of Justice and much of that time was prosecuting cases involving terrorist financiers and other types of designated terrorist organizations. And a powerful tool that we had was to be able to charge people with what we call material support of a terrorist organization, which, which has significant higher penalties, jail time, et cetera, than some other statutes we would be able to be using otherwise - money laundering statutes and other types of statutes, so if you're giving, you know, financial support, sandwiches, hamburgers, whatever you're given to terrorist organizations, we can charge you with providing material support. And we can now do that with cartels, Sinaloa and others, which I think is a really powerful authority.
The other really powerful authority here is the more sort of Department of Defense, national security things that we're now able to do. I don't know that we're necessarily going to strike Mexico, you know, on Mexican soil. But we do that in places like Syria, in places like Afghanistan, in places like, Iraq, yeah. We only have that authority because we've designated these groups as foreign terrorist organizations, FTOs. So I think it's super significant designation, um, for at least those two. But I can probably give you a few more reasons.
Leah: So am I right that the idea there would be, you'd be authorized to use military force against cartels in Mexico?
Ari: Correct. Amongst other authorities. Really what it's doing is it's elevating a law enforcement issue to a national security or DoD Department of Defense type issue, and just like unleashes a whole host of additional tools.
The US Attorney's Office for the District of Columbia, which is the only federal prosecutor in America that also prosecutes the local crime, because we are a district, we're not a state, so we don't have a state's attorney or a DA, so it's DOJ who's prosecuting every crime. So like, on the one hand, I was prosecuting national security cases involving, you know, FTOs, like, you know, Hamas and Hezbollah and ISIS and others, but also prosecuting local street crime involving MS13 and these types of organizations and I can tell you, like, it's very interesting to me to now think to myself, alright, wow, could I have used like, if, if this was, let's say a year from now or two years from now, when, when that statute's been around for a while, could I now use like these really robust terrorism statutes to go after sort of the street crime that's occurring in, you know, US and Canadian cities and all over the world.
Jessica: I wanted to ask a little bit more about some of the biggest challenges facing the crypto industry these days with respect to illicit finance. So like what do you see? Are these the, the big challenges shaping the ecosystem right now?
Ari: Yeah, no, really, really good question. Look, I think whenever I try to have this conversation, and you and I have had several of these, like I try to level set a little bit, you know, in that report that we've been talking about, the 2025 crypto crime report, which is really 2024 numbers, we ultimately say that 0.4% of activity within the crypto ecosystem is illicit. That means 99 plus percent of activity is lawful users. Um, I think it's really important to level set that way. That number is much smaller than in the traditional, the traditional numbers that you see.
I don't know what those are. I don't even guess at those. I've heard three to 5% thrown around, but. It is what it is. But in crypto you do have that visibility. I think we have a pretty deep sense of that. That's not a forever number. I think what people don't understand and we go through in terms of the methodology a lot in our report is that that number will increase over time, it will not dramatically increase, but it will significantly increase because, we'll, we'll learn more, we'll have more attribution on old addresses that engaged in that year. So, uh, again, read the report, read that methodology because I think people are always questioning these numbers but I think we really do a good job of, of spelling that out.
So level setting, we're still talking about, you know, less than 1%, but, you know, uh, when that less than 1% involves, you know, people losing their life savings, right? You have these scammers and fraudsters and, um, you know, pig butchering scams that have become really a global epidemic in my mind. Um, on two fronts.
One on the people who are being scammed, right? The western victims in these cases. But then also the folks who are being trafficked in Southeast Asia and Africa and the Middle East. But for folks who aren't super following, there are these scam centers in places like Cambodia and Laos and Vietnam and Myanmar, where people are literally being human trafficked in order to force them to engage in, you know, sending Jessica Davis a hey baby text that ultimately, you know, results in, um, in that sort of pig butchering dynamic. So I think that's, that's, that's something that's really, really top of mind for us today at TRM. How do we stop these types of scam and fraud activity? I mentioned ByBit the largest ever hack, um, hacks are terrible. Uh, they are absolutely devastating when North Korea is involved.
To give you some perspective, this report that we put out, the crypto crime report. Said that we saw about $800 million stolen last year by North Korea in hacks. In one day on Friday, they stole, double that number. Um, so we've already doubled the number for 2025, from 2024.
Stephanie: How do you steal that much money?
Ari: It's extraordinary. It really is. They were able to get access to basically the wallet that holds a lot of funds that were on the ByBit exchange on. It was not through the phishing or social engineering that we see. They were able to crack essentially the, the cold wallet.It's a very, very unique, unique situation and uh, I think folks are still sort of really uncovering, what exactly what exactly happened there. It's absolutely wild. Possibly a supply chain attack, maybe insider threat. Or what we so call like a sophisticated private key compromise. They were able to, get the information around the private keys and open the, and basically open a wallet and drain all that, all those funds.
Stephanie: So, you know, everything you've just said is awful. Everything about North Korea using this is awful. Human trafficking is awful. Um, also recently in the news there's been a number of so-called rug pulls", and we've seen that with, recently the Trump coin, the Melania coin and also recently the president of Argentina, uh, got involved in something called Libra Coin, which, um, he said was going to help fund investment in Argentina. But of course, like within an hour of him tweeting his support, the rug was pulled again. So there just seems to be a lot of criming here, I guess is the point, is this something we even should allow? Um, and, and if not, um, like what should we be maybe doing all this with all the kind of uncertainty and and instability around crypto.
Ari: So as I said initially, like look 0.4%, right? But I worry about that point 0.4% quite a bit, particularly in this area, right where people, consumers who are engaging in this space are losing money. So you mentioned meme coins, right? Leah asked this great question about crypto and what it is. Meme coins are essentially cryptocurrencies. That engage in that sort of social media culture. You know, you have this 24/7 social media culture of these like pseudo celebrities who people want to engage with.
Um, you know, I have two little boys -
Stephanie: like Hawk Tuah coin.
Ari: So, yeah, I'll get to Hawk Tuah coin. Um, if you had ever asked me a year ago if I would be saying Hawk Tuah publicly, as much as I've been saying Hawk Tuah. It would be absolutely shocking to me and really anyone who knows me
Stephanie: We're all feeling those feels.
Ari: Yeah. Really horrifying. But, um, but Hawk Tuah is a really good example. So Hailey Welch, who is the Hawk Tuah girl, uh, came to become an internet meme sensation, based on this sort of interview and this very like, I don't know, unfortunate tagline. Um, and has like one of the most highly rated podcasts on Spotify or did for a while.
Anyway, she launched a meme coin, that was the Hawk Tuah a coin and ultimately, you know, there were folks behind it who kind of did what you're describing. They pumped it up and they ultimately, you know, took off with, um, a lot of the funds you were asking about, sort of specifically like rug pulls, or pump and dump schemes, which are very, very similar.
Rug pulls are a type of crypto scam where developers abruptly lift, uh, withdraw liquidity from a project, essentially causing the token's value to crash, leaving the investors with worthless assets. Pump and dumps are like, basically what they imply. They occur when, um, owners of an asset artificially inflate the value only to sell it off when it reaches its peak. So, you know, think about when you're talking about the president of Argentina. You know, either he was involved or he was just, uh, you know, taking advantage of, but he was pumping that coin, right? This is great value for the country. These are these types of things. Ultimately the developers who are still controlling the asset, pull it out and folks lose a lot of funds. So that's the rug pull where you're sort of pulling it. Examples are Squidcoin. Uh, we have used, TRM has written pretty extensively about mean coins recently because they're such a huge deal. There's a piece on Libra, on our website. A piece on Trumpcoin, a piece on Hawk Tua, and a piece on, um, Squidcoin, which was from the Squid Game Show on Netflix.
One thing I do think is I, which is important, is that I don't see Trumpcoin in this same category. Um, it really, it, it doesn't have the sort of indicia of a rug pull, right? Uh, you saw funds go up, you saw funds go down, uh, but not to zero. And I mean, it's being listed on sort of major cryptocurrency exchanges, like Kraken-
Stephanie: but there's a difference with like Melania coin.
Ari: Um, so I'm not tracking Melania coin as closely, but I do understand that there were some different, different type issues. But you know, there are, there are legitimate meme coins depending how interested in this space you are. Like Doge, like Pepe, like a whole bunch of these other ones. Look, I am not investing in meme coins, this is not investment advice. Um. I see them as digital collectibles. More like NFTs than like actual, like crypto assets that you trade and hold and invest in. Um, I think that there is a generation of people who are 24/7 digital native living on the internet who want to relate in some way with these memes and are getting involved in these things.
You know, I was a, when I was a kid growing up in New Jersey, I was a big collector of baseball cards. I worked at a baseball card store, called Bruce's House of Baseball in South Orange, New Jersey, and Bruce told me one day like, hey, you should just buy what you like because this is all just cardboard at the end of the day. I kind of see meme coins as the same thing, right? Like, buy what you like. If you wanna hold this and own this and have this part of like your digital footprint, then by all means, but like, I'm not entirely sure it's something like that you're investing in to see huge profits. I think a very few people ultimately make huge profits for most of these, um, most of these platforms.
Leah: I'm really surprised that some millennial hasn't come up with a Shrute Buck Coin because. If anybody was a fan of The Fffice, they should remember Shrute Bucks. And every time I hear about Melaniacoins or true Trumpcoins, all I think of is Dwight Shrute holding up his Shrute Bucks. But anyways, I digress.
Ari: You know, all things like, I think that is the really interesting thing about cryptocurrency and just the thing about money, right? We did this TRM talks recently, and there's this extraordinary woman who is the, uh, Director of the Numismatics Collection at the Smithsonian Museum and Numismatics is the study of money.
Um, I've got to know her really well. A woman named Ellen Feingold and she's, she's, she's amazing. Like, I mean, this is, she's spent her life dedicated to like building this incredible collection.
Leah: Her last name is Fine Gold and she studies money?
Ari: Isn't that, isn't that amazing? So recently. My colleague Christian Chesky, who is a IRS, he was a former IRS criminal investigator now is at uh, TRM Labs, he's our Head of Global Investigations. He used a laptop to seize what, at the time was the largest seizure in world history. It was the $4.2 billion Bitfinex seizure. In that hack, there was a Netflix documentary that we were both in called The Biggest Heist Ever that kind of like tells that story and Ellen put Chris's laptop in the permanent collection at the Smithsonian of for numismatics to show how digital money works, right? That money can live on computers or networks of computers. Um, but what I've learned from her is that like shells, right? Like you, you look at the history of money, like all kind, anything has value that people attribute value to and will, will ultimately exchange it for other value.
Leah: So I guess this is my question for both you and Jess. Jess, maybe you can explain it as well, is almost all of our money lives online now. Like how many of us actually carry physical currency anymore. Like nobody. So why do we -
Jessica: My dad does.
Leah: Oh, okay. I guess there are people of a certain generation who do like, I think it's a generational thing.
Ari: I think it's a really, it's a really important point. Yeah. I get where you're going. Jess feel free to jump in here. But the difference between crypto and sort of digital money, the way you think of it today at your bank or Venmo or you know, PayPal, non crypto related products is there are intermediaries. Okay. In order to use Venmo, you have to go through your bank or your credit card or PayPal, right because they own that app. It's always through an intermediary. So Leah just can't send Stephanie funds, uh, directly. They have to go through an intermediary. Crypto lives and moves on a public ledger where Leah is sending funds directly to Stephanie without an intermediary. That's what's really so extraordinary about the technology, right?
It provides potential banking services to the unbanked corners of the world, Africa, Asia, Middle East, places people, you know, hey, rural United States, Appalachia and, and, and inner cities and across the world that people wouldn't otherwise have access to banking or credit cards, uh, humanitarian relief, you send it peer to peer, so you get all of it, right? I'm not having to send through Western Union where I'm dealing with, you know, huge charges. So I say all that to say that's the difference. Everything. I totally appreciate everything. Every money is digital, but that is the significant difference. It's being able to transact without an intermediary.
Jessica: I think that, I think that point is really useful too because it's intermediaries are where we've decided to build our anti-money laundering, counter-terrorist financing architecture. And this is, I think, where we get so much pushback against crypto is because there is no natural intermediary where a lot of that can live. Yes, maybe the crypto exchanges, but in many cases that wallet to wallet transaction can occur without that intermediary. So there is no way to apply that kind of know your customer due diligence checks, all of those kinds of things. And I just wanna talk a little bit back to Steph's question about the criming, because I think it's really interesting when Ari was talking.
All of the scams that Ari just talked about all exist in other kinds of investment schemes, pump and dump as investment schemes, Ponzi schemes, all of these kinds of things. The difference for me with crypto is just how fast it happens, how wide it goes, and then the number of people who can be impacted by it.
You know, if you were involved in a Ponzi scheme in the 1980s, maybe this is the kind of thing that could affect a couple hundred people in your community. Now you can have these sort of crypto scams that can affect tens of thousands, hundreds of thousands of people and it's that scope and scale issue.
Ari: Yeah, no, I think that's exactly right. I, I totally agree with you. People talk about, you know, ransomware, um, crypto being responsible for ransomware and it's not. We had ransomware long before crypto. We had scams long before crypto, but it has now enabled us to send larger amounts of funds faster than ever before.
It supercharges a lot of these types of crimes, these types of scams, people are losing more money because they could send more money faster. Right? You're now dealing with cyber criminals at the speed of the internet. And I think that's really the challenge. And to me, going back to Leah's initial question, which I honestly always do because it's so fundamental to me, and that is the native qualities of public blockchains actually allow us to investigate in ways we never could.
You know when I was a prosecutor, I would have to trace those cases that you're referring to in the 1990s and the 2000s through networks of shell companies and hawalas and high value art and real estate, right? There was no TRM for those things. Um, now, you know, I'm literally watching all day in real time these hacked funds move. They're moving very, very fast. But we've been able to alert, essentially, a network of banks, crypto exchanges, globally, that they need to make sure that if those funds hit their platform, that they freeze them. And, you know, that's, that's a only in crypto type of story. The $4.2 billion seizure in the Bitfinex case is an only in crypto type story. Again, they were able to steal more funds, but we were also able to track and trace those funds to seize them back. So I, you know, look, I'm, I'm definitely very much understand and appreciate the paradox and I will tell you that like, something that I've been really, really focused on the last couple of months is the power of AI to even supercharge all of this, right? AI is removing the human bottlenecks for cyber criminal activity. So you don't have, if you're a ransomware actor, you don't have to rely on, these, uh, affiliates to, to buy your software and to essentially do it for you. Uh, malware, you, you have agents that are, AI agent affiliates. You know, we talked about the human trafficking that's happening around scams. That won't exist. Why? Because we don't need to traffic humans. That seems like a bad business, right? Like that's a lot of friction. We could just create AI agent scammers to do that work for us if we're, if we're scams right? I did a TRM Talks that drops this week on deep fakes with a guy named Hani Fareed and like just learning so much about the way you can now, you know, do scams at unprecedented speed and scale. So I say all that to say that like. Look, we're in the age of technology right now and I think the key is we have to fight technology with technology and that's like where I spend my life trying to think about how best to do that.
Stephanie: So I think that this idea of, of using technology to fight technology brings me to a question I would like to ask the three of you. Um, and Leah, I know, I know you're still in Shrute Bucks, but um, if you have some legal ideas here as what should be done, I would appreciate it, but yeah, exactly. What, what is it that is to be done about all of this crypto crime, AI, human trafficking Gordian knot, um, what, what do you think we should be doing to, you know, perhaps keep the legit crypto, um, investments and, and things like this, but, um, take apart some of the more illicit uses that you've been talking about in this podcast?
Ari: I'm happy to take a crack at that. Okay, cool. Look, I think we have to do the same thing that we've always done when it comes to criminal activity and go after the criminals. Um, you know, like this ByBit hack is attributed to North Korea, we need to go after North Korea. I don't know that our government, certainly the US government has ever gone after North Korea using the tools that we ultimately can use against them.
Um, there's a network of Chinese, uh, money launderers, OTC brokers and others who are involved in the money laundering that's going on. We need to go after those networks. That was always, that's always been true when it was counterfeit cigarettes and counterfeit a hundred dollars bills before any of the crypto stuff was sort of happening.
So I think we need to bring international pressure on North Korea in a way that it's that, that it's never seen it before, to include China.
Stephanie: Sorry to interrupt, but when you say tools, like what specifically do you mean? Like when you wanna, like is it about imposing costs? Is it about actually being able to hack in and get that crypto back? Like what do you mean by tools?
Ari: Yeah. No, I love it. These are like some really good questions now. Um, yeah, so like, lemme give you an example. When I was a federal prosecutor at the Department of Justice, we were the only, uh, group of federal prosecutors ever to issue a subpoena on a Chinese bank. Um, and you ask us, how do you do that?
Well, we had to go to the Attorney General of the United States and the Treasury Secretary for them to sign off because, if they (the bank) didn't comply, it wasn't because we had jurisdiction, we don't have jurisdiction, but if they didn't comply, we could cut off their correspondent banking, which is essentially a death penalty for an international bank in the, in the world we live in today. Um, we should do more of that. We should use every authority in our toolbox to put pressure on China to shut down what's happening in North Korea, to shut down these networks of money launderers who are laundering, not just North Korea funds, but also, um, you know, pig butchering and other types of, of funds.
So I think that -
Leah: sorry, you're gonna have to explain pig butchering.
Ari: Yeah. Just quickly. Yeah, yeah, yeah. So, no, no, for sure. Like, it's, it's a terrible, terrible term. I use it. I go back and forth. The US Department of Justice does not use it. Erin West, who is a stalwart in our space and really leading a lot of the conversations around this. She runs a thing called Operation Sham she uses it, uh, aggressively. Um, I often fall in the middle here. So Pig Butchering is a scam. It's a romance scam. Um, but it's a romance scam that essentially involves cryptocurrency.
So, you know, you know those, um, texts you get like, “Hey, are you golfing today?” Or, uh, “Hey Leah, it was great to see you” or. You're like, who's this? And then they'll start into a conversation that will ultimately involve possible romance, definitely eventually an investment opportunity. And the pig butchering comes from sort of a Chinese proverb around you have to fatten up the pig before you slaughter it.
So ultimately they're fattening up that pig, getting to send funds, sending funds, maybe even sending some returns back so you send more funds and then ultimately slaughter the pig by stealing, um, all those funds. A really, really terrible visual, but like powerful.
We talked about cartels, right? Like we have special tools that now we can use against cartels that we couldn't before.
Are there other authorities that we could use?
Um, I think we have to build public-private partnerships. Um, we run a website called Chain Abuse, open source. You can jump on your phone or on your computer and check it out. It's the largest reporting database for scams, uh, anywhere. People are, you can report to law enforcement through our portal or you can just sort of say, hey, I was a victim of this scam, you shouldn't be. And you can look up types of activity there.
I mentioned our partnership with Tether and Tron, what we call the T3 Financial Crime Unit, right? We are trying to go after actors who are using Tether, a US backed stable coin on the Tron blockchain. So I think it's, it's a combination of public-private partnerships leveraging international partners, and yet doing absolutely anything else we can, you know, I think that exchanges are gonna, after this, I think if they hadn't already are gonna work much more closely together to ensure that they're blocking funds.
There's no one in the ecosystem, whatever you think of crypto, who wants to see their funds or their customer funds being used by North Korea. And I think that like. I have found in talking to people all over the world about this, that like there's, you know, that's, this is one area terrorist financing, right, is another where there's just clear agreement and um, I think getting together to try to like partner on this stuff is really, really important.
Jessica: Steph, I kinda like your idea of hacking back. I think this, that's a really interesting one. Um, I think more concretely though, in terms of immediate solutions, there's some things that Canada could do as well. So we don't currently have any ability to designate, well, we don't have a, a separate designation or listing regime for criminal organizations or ransomware actors when some of our partners do. So for instance, United States and I think the UK can both designate or list ransomware actors and sanction them in that way. So that would be one tool for us to consider. There's a whole bunch of different things too that we could think about in the legislative and even just the law enforcement space but I'm gonna come back and beat the drum that I always beat on this issue about capacity and enforcement will.
I think right now we're looking at an illicit finance environment, particularly in the crypto sector that's starting to exceed our law enforcement and security services ability to track and disrupt and so this is the kind of place where governments need to be making serious sustained investments.
Leah: Yeah Steph, to answer your question, I was gonna say this is probably not an area where more law is the solution, but capacity, right. Um, capacity to monitor and inform and engage with those who might be susceptible. So how much of the initial conversation about exposure to sanctions of Asian was in some cases because people were not well informed potentially.
Right. And so like I, I think most people tend to say, well, we need to regulate the platforms, or we need to regulate the blockchains, or we need to put onus on the, on increasing obligations on them. Uh, I think in this case Ari and Jess are right in that we need to use the tools that we already have effectively, and I don't think that, uh, Canada has demonstrated in, uh, illicit finance, generally in terrorism finance at all, um, that we are capable of doing that.
Ari: Look, I think globally there's a cadre of law enforcement agents and investigators who have what we call sort of power users of blockchain intelligence tools. Um, you know, certainly there are a few at RCMP, FBI, IRSCI, um, you know, in Singapore police, uh, you know, Japan. There, there are there, but we know them all.
There's a, it's a relatively small group and I think that like if this ecosystem's gonna grow and by all accounts it's growing, um you know, it's growing like on the good side, right? I think we're gonna see more and more crypto businesses engage in the US and, globally, uh, with coming sort of legal clarity and regulation um, but also in the last 48 hours, about $200 million moved from a hack. We've never seen anything like that happen before. Um, so clearly there's enough liquidity to move that much money that fast, um, in the sort of growing ecosystem. So I would say that like, that this is all growing and every agent, every investigator everywhere is gonna need access to these types of tools.
I try to lead with expertise as opposed to selling, but like I did an ROI calculation recently and like, I mean, governments are seizing billions of dollars of illicit proceeds, right? These, these tools aren't that expensive. Uh, the training is not that expensive. It's like the ROI on blockchain intelligence is through the roof.
We wrote a piece on it recently and in the age of Doge and all the conversations around government efficiency, it's like guys, like you could save billions. Like, use this stuff, learn it, get educated around it. So, um, yeah, excited to kind of see where that goes.
Leah: So. We talked about Trumpcoin and Melaniacoin, been in the news, you know, before he was reelected, um, Trump was big, going all in on crypto. Um, what do you think you can expect from the Trump administration and the regulation of crypto and, and going after all the criming that, uh, that leverages crypto?
Ari: I might steal criming. I kind of like it, not to use in the crypto context, but some other like fiat context. Um, so I think the Trump administration is really good for the crypto, like the broader crypto ecosystem and ultimately getting towards legal clarity. I think over the last few years we've definitely seen an enforcement posture in the US from financial regulators around sort of going after lawful crypto businesses who were like listing various coins as unregistered securities, right? Those firms didn't have guidance as to whether this was a security or a commodity or something else. So they didn't sort of know what they were doing. And honestly, like I'd say in the last month or so since the the new administration, we've seen a total reorganization of the enforcement divisions within the SEC, the CFTC, um, and it's been around, let's focus on the fraud that's happening in the ecosystem, not necessarily sort of the lawful actors.
So my hope. And it's like TBD, very much TBD. We'll see, my hope is that DoJ, the CFTC, the SEC, the US Treasury Department will continue to focus on the stuff we're talking about today. The criming, as Stephanie would say, right? The scammers, the pig butchers, the North Korean actors, the terrorist, those guys, and for the industry bring legal clarity in the form of legislation passed by Congress, in the form of executive orders, in the form of like agreements between the CFTC and the SEC and how they're gonna regulate the space. So, you know, again, Jessica makes fun of me because I'm like super optimistic. But I think legal clarity, we're gonna get legal clarity and ultimately that's gonna mean more regulation where it's supposed to be. More enforcement against actual illicit actors, uh, and, and, and sort of more growth in the ecosystem ultimately.
Jessica: Ari, thank you so much for your time today. This has been absolutely wonderful. I think our audience is gonna love this episode.
Ari: I hope so. Thank you. Thank you so much for having me. This was so much fun.
Stephanie: Thanks everyone for listening to another episode of Secure Line. If you enjoyed this episode, please tell a friend, please share it with your coworkers, and please don't forget to rate and review on all of your favorite podcast platforms. See you soon!