Forensics Investigations

5 Notable Digital and Crypto Forensics Investigations of 2022

By ERMProtect Staff

A hacker steals cryptocurrency. A former employee copies trade secrets. A child pornographer downloads and distributes illegal photographs.


In each of these crimes, digital forensic and crypto fraud investigators unearthed critical information that led to the prosecution of the perpetrators.

The cases illustrate the power of forensics in high-stakes criminal and civil investigations. Using complex forensic and decryption techniques, investigators advanced cases from suspicion to conviction.

Digital forensics delivers actionable intelligence in all types of cases. Here are some of the notable examples, so far, this year:

$4.5 Billion in Stolen Bitcoin Recovered

Using a series of sophisticated laundering techniques, a husband-and-wife pair from New York City, both in their 30s, attempted to steal and launder cryptocurrency worth approximately $4.5 billion.

A hacker initially stole the money in a 2016 cyberattack on cryptocurrency exchange Bitfinex. Over the next five years, approximately 25,000 Bitcoin were transferred out of that wallet through a  complicated money laundering process, ending up in financial accounts controlled by the two alleged perpetrators.

Thanks to a detailed investigation by digital forensic and cryptocurrency experts, the stolen currency was ultimately traced and seized, and the perpetrators were arrested on February 8, 2022. Agents recovered Bitcoin valued at time of seizure at over $3.6 billion.

Child Pornographers Identified and Convicted

A comprehensive digital forensics investigation of computers and thumb drives led to the discovery of more than 200 child sexual abuse materials and the arrests of two men in Oklahoma.

The investigation, led by The Tulsa Police Department with assistance from Homeland Security, identified how one of the perpetrators used BitTorrent to download and distribute multiple videos and images containing child pornographic materials.

The two perpetrators were convicted and sentenced in July 2022.

Three Men Arrested in $4 Million Crypto Fraud

In early 2020, three Miami men created accounts with a leading cryptocurrency exchange, using fake passports and drivers’ licenses. They then purchased $4 million worth of cryptocurrency and moved it to cryptocurrency wallets outside of the exchange. Afterwards, the men claimed that the cryptocurrency purchases were unauthorized and asked their banks for a reversal.

The exchange was defrauded of over $3.5 million in cryptocurrency, after banks processed reversals of the transactions.

But thanks to a thorough digital forensics investigation conducted by the Department of Homeland Security, the fraud was brought to light. The three men were arrested on August 23, 2022.

Investigation Proves Theft of Apple’s Trade Secrets

In 2018, an Apple engineer took parental leave and visited China, never to return. The engineer instead joined a Chinese-based startup developing autonomous technology for cars.

His abrupt departure gave rise to suspicion, prompting an investigation by Apple’s New Product Security Team. The team used digital forensics tools to examine the engineer’s network activity, and extract data from his Apple devices, which he left behind when he quit the company.

The investigation revealed that the engineer had downloaded a number of files from Apple’s servers before he left. This included engineering schematics of a circuit board for an autonomous vehicle, and information about prototype and testing hardware. Most of this information was related to Apple’s Project Titan self-driving car technology.

The former Apple engineer pled guilty in August 2022, and is awaiting sentencing. The case against him would not have been as strong without the comprehensive digital forensics investigation Apple conducted.

ERMProtect Cracks Open A Crypto Scam and Recovers $1.2 Million Dollars

In a recent crypto forensics’ investigation, ERMProtect helped NBC6 investigators trace $ 1.2 million of cryptocurrency funds obtained through fraudulent means.

Using Chainalysis, a licensed crypto tracing tool, ERMProtect’s certified crypto investigators were able to trace around $1.2 million in cryptocurrency back to an alleged scammer who persuaded South  Florida  victims to send him money using the Ethereum network.

The victims were led to believe that the alleged scammer was sending crypto funds back to them, but the victims never actually received the money.

ERMProtect investigators used the public nature of the blockchain to examine the transfer of funds, and learned they were cashed out almost immediately, rather than invested.

How ERMProtect Digital Forensics Investigators Can Help

ERMProtect has 25 years of experience in cybersecurity and digital forensics. Our cyber experts are also certified to conduct cryptocurrency fraud investigations, using Chainalysis, the world’s most comprehensive cryptocurrency investigation and transaction monitoring tool. For more information, call 305-447-6750 or email us at [email protected].

Get a curated briefing of the week's biggest cyber news every Friday.

Stop Phishing Attacks with ERMProtect's Security Awareness Training

Turn your employees into a human firewall with our innovative Security Awareness Training.

Our e-learning modules take the boring out of security training.

Intelligence and Insights

payment card industry

What are the 12 Requirements of PCI DSS Compliance?

PCI Compliance requirements are created by the PCI Standards Council in order to secure and protect the entirety of the payment card ecosystem …
hiring pci compliance services

7 Tips for Hiring PCI Compliance Services for Your Business

Read here for 7 practical tips for hiring PCI compliance services for your business …
pci compliance test

Why Do I Need a PCI Compliance Test?

PCI Compliance tests are a critical step in protecting against cyber threats. We outline the importance of PCI Compliance tests …