StoneTurn’s multidisciplinary global team of investigators, cybersecurity experts, and forensic specialists successfully responded to and addressed a cryptocurrency theft, preventing further unauthorized access to customer assets. A large cryptocurrency investment platform engaged StoneTurn to conduct an internal investigation into the theft of digital codes used to uniquely identify and authenticate customers. The stolen information may have allowed for the theft of customers’ digital assets from other third-party custodians without their consent. The StoneTurn team, comprised of investigators, forensic accountants, cybersecurity experts and forensic technology and data specialists, worked together to collect and review data, review application security, interview employees, and conduct dark web research to identify the source of the theft.

As part of this engagement, StoneTurn’s team of investigative professionals conducted due diligence on suspected accomplices, their backgrounds and roles within the company in order to refine a list of potential suspects for further interviewing and forensic analysis. StoneTurn’s Cybersecurity team specifically provided expert advisory around the technical investigation of potential external and/or internal malicious network activity, as well as producing actionable leads from the dark web and other intelligence sources. Our Crypto team performed asset tracing and blockchain analysis to identify fraudulent wallet activity and threat actors; and our Intelligence and Investigations team performed extensive document review of communications and performed all-source research on persons of interest investigations.

The StoneTurn investigative team was able to decipher how the initial cyber breach occurred as well as how stolen customer funds were moved across the blockchain through our team’s forensic accounting and crypto expertise. Our team is currently collaborating with U.S. and international law enforcement to attempt to recover stolen customer funds. We are also working with the company on its remediation planning and implementation of corrective controls, policies, and procedures to reduce the risk of similar events occurring.