Litigation involving blockchain technology is on the rise, and so is the risk to organizations and law firms. Joshua McDougall’s standing-room only crowd at Relativity Fest suggests that lawyers and technologists see the imminent threat and want to prepare for it.

In his session, “Blockchains: New Opportunity and New Risk,” the director of Duff & Phelps’s cybersecurity practice—and co-chair of their Blockchain Task Force—gave the crowd what they wanted: insight on how to recognize when digital assets are involved in an engagement, uncover and understand all the relevant information, and reduce your exposure to risk.

First Things First: Terms to Know

Before diving in, Joshua took a minute to get everyone on the same page with some common terms:

Blockchain , the word of the hour, is a digital and immutable ledger, where transactions are recorded chronologically and publicly. “It’s a really slow database you can’t change without everyone agreeing,” explains Joshua.

, the word of the hour, is a digital and immutable ledger, where transactions are recorded chronologically and publicly. “It’s a really slow database you can’t change without everyone agreeing,” explains Joshua. A wallet is used to secure, send, and/or receive digital currency like Bitcoin. Wallets can take many forms, including desktop applications, mobile apps, and third-party services; physical forms, such as paper, metal, or special devices; and even mental forms such as complex phrases.

Additionally, there are four types of digital assets that Joshua says might show up in a blockchain case:

Cryptocurrencies , like Bitcoin or Ethereum

, like Bitcoin or Ethereum Utility tokens , which provide users with future access to a product or service

, which provide users with future access to a product or service Security tokens , which Joshua says are “a representation of a share that’s hard to counterfeit, since it’s backed by cryptography”

, which Joshua says are “a representation of a share that’s hard to counterfeit, since it’s backed by cryptography” Collectibles, or digital pieces of information that are cryptographically unique and cannot be reproduced (e.g. cryptokitties, because who doesn’t want to collect and breed digital cats?)

It’s important to remember that digital assets are not held. They’re assigned, and they can be assigned to multiple entities, says Joshua.

“You will not find Bitcoin on a machine. You’re not holding a Bitcoin. You’re storing keys, but not the actual Bitcoin,” he explains.

How to Recognize When Digital Assets Are Involved

This new technology sounds complicated, but the first step toward identifying whether your case involves crypto is simple: just ask.

“The first procedure we have to start doing now is simply asking, ‘Are digital assets involved?’” says Joshua. Here are a few questions he suggests you start with:

Has the business or individual mentioned that digital assets are involved?

Is there suspicion of hidden assets?

Has any other evidence implied digital assets are relevant (for example wallets, browsing history, or communications such as chats talking about “crypto”)?

If blockchains and digital assets are involved in your case, don’t panic. It’s new territory, but you have a compass.

“Blockchains and cryptocurrencies are the new technologies, but strategies for related cases are the same,” Joshua says. “The EDRM hasn’t changed. The same project structure is still important, despite the fact that digital cats are now involved.”

How to Uncover Relevant Information

If you find yourself in a blockchain-related case, Joshua has some trails you can follow as a start:

Understand how much the individual or organization holds

Track where funds went and where they originated

Make connections between blockchain transactions and real-life exchanges

Make connections between accounts/addresses and their true associations

Analyze network forks for additional assets

Prove control/access to digital assets

Valuate digital assets/portfolios

“Most people don’t just buy Bitcoin out of nowhere. Usually it’s lifestyle pattern, and with that comes evidence,” says Joshua. “The evidence is there if you know what to look for.”

For example, you won’t find digital assets, like Bitcoin, on a machine, but you might find a “private key” that authorizes changes to a digital asset, such as the change in ownership. Additionally, you might also find lists of accounts, addresses, wallets, transactions, and third-party services. Each of these can then stem off into a helpful trail, if you know what to look for.

Wallets When was it created? When was it last used? Which addresses are related? Have we seen them involved in cryptocurrency communities?

Services Does the custodian have accounts on cryptocurrency exchanges? What’s their trade history? What other related communities were they a part of? Are mixing services (which are commonly used to hide the location of funds) involved? Did the custodian access Dark Markets?

Transactions Who was involved (organizations, individuals, services, or only pseudo-anonymous addresses)? Are there connections to real-life transactions?

Addresses Who has control over an address? What transactions are associated with an address? What other addresses may be related? What type of address is it?



You’ll also encounter different types of documents and content in a blockchain-related case, including communications, transaction lists, wallet lists, and exchange trading data. But one thing can be particularly telling: privacy coin “view keys.”

“View keys are used to try to hide events within them,” says Joshua. “If you see it, it’s probably an indication that they are trying to hide some funds.”

Monitor, Monitor, Monitor

Okay, so you know that digital assets are involved in your case, and you’ve followed the evidence paths that Joshua laid out. You’re sticking to the process, following the EDRM, like usual. But there’s a catch—a new problem digital assets present: they’re constantly changing. That makes this type of evidence difficult to track over the course of a case.

“Blockchains and the ecosystems surrounding them progress 24/7, so it’s important to build a monitoring process into your workflow,” Joshua says. “Assets held at the beginning of an investigation may differ by the end, either via transactions altering the possession of assets or through changes in the technology or network.”

Basically, assets may move, new assets may be gained, and the value of assets will fluctuate—constantly. Monitoring it closely is an important component of evidence tracking as you build your case.

"It's not like the stock market where the bell rings and we all go home. [Changes] happen all the time, and there's no stopping it. We have to be able to know where we are, but we also have to understand that it's not where we're going to be,” he says.

Joshua recommends that you monitor assets in your case 24/7, and if you can, create a system of alerts so you can get a clear understanding of when things change.

Reducing Your Exposure to Risk

If there’s one point that left a mark on the audience (or at least me) it’s this: overcollection can be dangerous. You probably already know that overcollection poses risks with all kinds of data—but with digital assets, the dollars and cents of it can feel more real.

To illustrate, Joshua presented a scenario.

“Cops go in and collect a computer. They’re then accused of stealing $3 million. Yes, they collected the computer, but maybe the owner of the computer—with a private key—moved those funds.”

Unfortunately, Joshua doesn’t have an answer to avoid this. But there are a few things you should keep in mind:

Are you aware of privacy keys on a device/share?

Are you prepared to take on the responsibility of custodianship?

Are you sure that no other party has access to the digital assets?

Can your insurance still cover the loss of the asset if it was suddenly worth 100x more than when originally collected?

Are you prepared to handle an infinite amount of assets with varying worth and technical requirements that may be unknowingly accessible by private keys collected?

“We have to be careful because the best thing we can do is not put ourselves in a position where we can steal something. I know I'm not going to, but if I can be accused of it, it's a very bad thing," he says.

Where Do We Go Next?

“The tools for investigations involving crypto and blockchains are still immature, if existent at all,” says Joshua. “Similarly, the standard procedures and policies are still in development and often debated, especially around how to protect your firm, client, and the opposing side.”

But he’s optimistic, looking at the situation as an exciting opportunity for the industry—and you.

“This technology is still new and exciting. It will and already has changed the world,” he says. “It's a fun opportunity to contribute and make a name for yourself and do something new or challenging. I welcome people to join in that challenge and help us figure this stuff out.

“If you leave this presentation with more questions than answers, but the curiosity to

dig deeper, we’re on the right track.”

Kristy Esparza is a member of the marketing team at Relativity, specializing in content creation.