Terminologies

Fiat Currencies
Fiat means "by decree." Fiat currencies have value because some central authority,
like a central bank, has minted them and has decreed that they have monetary value.
Examples of fiat currencies include the US dollar, British pound, euro and Japanese
yen.

Distributed Ledger Technology (DLT)

n, which is a distributed ledger system, consists of a series of blocks. These blocks
contain DLT, more commonly referred to as blockchain technology, is the
infrastructure and protocols used to sync ledgers across a network. The blockchain
verified transactions.

Blockchain
A Blockchain is a digital ledger (record) of transactions that is distributed across a
network of computers. It is the underlying technology that powers cryptocurrencies like
Bitcoin. Most cryptocurrency blockchains are publicly available online and have a list
of every transaction ever conducted between addresses. Some popular block
explorers include blockchair.com and etherscan.io.

Each 'block' in the blockchain contains a list of transactions and a unique code called
a "hash." Once a block is added to the blockchain, the information it contains is
permanently recorded and cannot be altered. New transactions are added to the
blockchain in the form of new blocks, and each new block is linked to the previous
one, creating a chain of blocks - hence the name, Blockchain. This creates a tamper-
proof record of all transactions on the network, making blockchain technology secure
and transparent.

Different cryptocurrencies run on different blockchains. For instance; Bitcoin (BTC)

runs on the Bitcoin blockchain whilst Ether (ETH) runs on the Ethereum blockchain.
Some cryptocurrencies, like Tether (USDT), work by leveraging data across multiple
blockchains.

INTERPOL For official use only

 Cryptocurrency
Digital monetary units that are transacted and stored on a blockchain. You may also
hear these referred to as "Digital Assets" or "Virtual Assets." These assets each have
their own value. Examples of Cryptocurrencies are Bitcoin (BTC), Ethereum (ETH)
and Dogecoin (DOGE). There are millions of different cryptocurrencies on the market.

Cryptocurrencies are often built on private and public ledgers known as blockchains.
Public blockchains (sometimes called "chains" for short) contain transactional data
that is viewable by anyone and everyone who wishes to do so.

Address
An address is basically a destination where a user sends and receives crypto. In a
way, it is similar to a bank account. These addresses usually include a long series of
letters and numbers.

● 1H5SBbWnYLoN6xZAcB3yomJCPow84wvmA -- Bitcoin Address

● Oxbb5c6d35bd20d2c8f79945d3e9017c182d7d90c -- Ethereum Address
● TV6MuMXfmLbBqPZvBHdwFsDnQeVfnmiuSi -- Tron Address

Private Key
Private keys are paired with public addresses to allow users to spend their
cryptocurrency or transact with their virtual assets. Since we described an address as
similar to a traditional bank account, we will call the private key akin to a pin code or
account-holder signature: something unique to prove ownership. Private keys can be
expressed in a number of different ways, see below for some examples.

● Seed Words: laundry buyer drop protect violin choice face laugh deal infant
chicken section
● Master Private Key:
xprv9s21ZrQH143K2yiHLrFkh9Mv2SCVs5mopC2qzGEymvgWUnCPb84d3E
e9whPbCDWaknouJu51yc rKsuZeBWt6zyohYcp1DxjgUHC988gm9bi

INTERPOL For official use only

 Anyone with access to the private keys can move the associated cryptocurrency.
Great care should be taken when handling these keys so as not to expose them to a
wider audience and risk loosing your suspects funds.

Wallet
A cryptocurrency wallet is a device or service that stores users' public and private
keys, allowing them to interact with various blockchains and to send and receive crypto
assets. Wallets can contains a multitude of key-pairs, depending on the user.
Wallets can be:
● Digital (software) or Physical (hardware)
● Hot (connected to the internet) or Cold (disconnected from the internet)
● Custodial (a trusted third party has control of a user's private keys) or Non-
Custodial (only the user controls their private keys)

Modern wallets are typically generated by using a string of 12-24 mnemonic seed
words. These words are like having a master password for all of your crypto assets, if
you lose these words, or they get compromised, you risk losing access to your entire
portfolio. When dealing with wallets, take extreme care in handling the seed words. If
these words are exposed, anyone could take control of the wallet and steal your
suspect's cryptocurrency.

Mining
Mining is the process for creating new units of a digital currency. For example, the
Bitcoin network releases new bitcoins every time a block is mined. In this instance,
mining involves confirming transactions and combining them into blocks.
This verification requires hardware and electricity, and miners are rewarded with digital
tokens for contributing these needed resources. Some blockchains, like Ethereum and
Tron, do not use mining to confirm their blocks. They use a system call "Proof of
Stake" (PoS) which has a similar result to mining but uses significantly less electricity
and resources than mining.

INTERPOL For official use only

 Virtual Asset Service Providers (VASPs)
Often simply called "exchanges," VASPS refer to any natural or legal person that
conducts one or more of the following activities or operations for or on behalf of another
natural or legal person:
● Exchange between virtual assets and fiat currencies
● Exchange between one or more forms of virtual assets
● Transfer of virtual assets
● Safekeeping and/or administration of virtual assets or instruments enabling control
over virtual assets
● Participation in and provision of financial services related to an issuer's offer and/or
sale of a virtual asset
● Virtual Asset Service Providers
● On-ramps and off-ramps
● Third party services to improve access to crypto

Transactions
At its simplest, a cryptocurrency transaction is a transfer of a digital asset from one
person to another. A transaction contains, amongst other things, inputs, outputs and
the amount of cryptocurrency transferred.
Each transaction can be identified by a unique identifier called a transaction hash.
This hash or identifier is unique to the transaction it describes.

1312caa6dfb4e6ad1778873c5990106b8d9da2c2d4eb762425a7e6ae865999fe is an
example of a transaction hash.

Transactions need to be confirmed, or verified, on the blockchain. Depending on the

blockchain, this can be done in several ways, but it almost always comes at a cost to
the sender. This cost is known as the Transaction Fee. Once confirmed, transactions
are permanently included in a block on the blockchain.

As blockchain technologies develop, these transactions are becoming more and more
complicated. It is now possible to use a transaction to sign contracts, make
agreements, send messages and much more. But the fundamentals still remain, there
will always be an input, output and a hash to ID the transaction.

INTERPOL For official use only

 Seed phrase

What are Seed Phrases and why are they important?

Seed phrases simplified the process of recording the private keys to recreate a
cryptocurrency wallet. Rather than long strings of Hexadecimal characters, wallets can
be created with a list 12-24 easily recordable words. These words do not create a
wallet randomly, but rather follow a hierarchical deterministic (HD) path. This
ensures that any wallet created with those seed words will generate the same
addresses, allowing investigators to have a complete view of a suspect's transaction
history.

Potential Risks
Because seed words can easily be recorded, shared and used to recreate a wallet, it
may be that by the time your team is ready to seize the assets, crypto may already
have been moved, therefore speed is of the essence. You may encounter lists of words
that appear to be incomplete, containing 10 or 11 words rather than the full list. In this
case it may be that the suspect has memorized the last few words. Questioning the
suspect for the missing words, or using brute force computing techniques may reveal
the missing words.

Recreating a wallet
Recreating a wallet from a list of seed words is very straightforward. Most software
and hardware wallets enable you to either restore a wallet where it will ask you to input
the seed words. Once they are entered correctly, the wallet should be recreated in the
wallet software. You should be able to see the history of all the transactions and if
there are assets that are still being controlled by that private key. You should then be
able to spend or move those assets if you wish. Next, we will consider Derivation
Paths, and how they impact an investigation.

Derivation Paths
The reason seed phrases create HD wallets in such an ordered way is because of
Derivation Paths. These paths can be quite technically complex, but from a seizure
point of view, it is important to understand they work and impact wallet creation.

INTERPOL For official use only

 Fundamentally, derivation paths create different wallet types, producing different
address types. For example, with Bitcoin, there are Bitcoin addresses that begin with
a "1", this is a specific address type. There is another type of Bitcoin address that
begins with a "3". Both of these addresses have different functions, but both work
together on the Bitcoin Blockchain.

It is important when recreating a wallet, we ensure that we have found all wallet types,
otherwise we could miss assets controlled by our suspect. The ian coleman site allows
you to recreate a wallet and its derivation path using your seed words. This site will
show you how the same set of seed words can be used to recreate different wallet
types with different address types.

Handling and securing evidence

Evidence Bags
As seen above, evidence bags are typically tamper proof but they tend to be see-
through, enabling you to see the contents of the evidence that's been placed in the
bag. The problem when dealing with cryptocurrency is that an entire crypto portfolio
can be recreated and controlled using 12-24 unique words. You might find these words
on a small piece of paper, on a card from the box of a hardware wallet.

These words will then be placed in a see-through evidence bag, which means that
anyone with sight of the bag can make a copy of those seed words and is able to take
control of the assets controlled by them.

So, what can we do? We need to be prepared. As well as having evidence bags we
need to have envelopes. Place any seed words or private keys you find whatever it
might be into an opaque envelope, then into the evidence bag. This will reduce the
risk of funds being stolen and action being taken against yourself or the department.

Body Worn Camera Footage/Photography

As above, footage from body worn cameras carries a similar risk to placing seed words
in clear bags. When conducting a search, it is more than likely that officers will be
running their cameras. As such if one was to encounter seed words or private keys,
anyone with access to the footage could abscond with the crypto assets. Departments

INTERPOL For official use only

 need to consider how they would obfuscate and/or protect the footage so that the
individual's assets are protected.

______________

Additional definitions may be found at the INTERPOL Darknet and Virtual Assets
Taxonomy:
https://interpol-innovation-centre.github.io/DW-VA-Taxonomy/

INTERPOL For official use only