Cryptocurrency theft has reached staggering proportions, with estimates suggesting between $50 to $158 billion stolen from U.S. citizens annually. Recovery rates remain dismally low at just 2%, leaving institutional investors vulnerable to sophisticated fraud schemes. Ralph Dahm, Founder & Certified Blockchain Investigator at Twin Oaks Holdings, LLC, brings over a decade of cryptocurrency investigation experience to help institutions navigate these treacherous waters and develop effective recovery strategies.
Understanding Crypto Crime Origins
Ralph’s introduction to cryptocurrency came was in 2013 during his studies at Utica University. “Our instructor handed out a flyer saying, ‘We are going to talk about Bitcoin today,'” he recalls. “My first thought was, ‘What the heck is Bitcoin?’ It was very new then, nobody had heard of Bitcoin. It was literally trading at $17.” His initial interest wasn’t in its investment potential but in its connection to criminal activity. The digital currency world, he explains, was “the wild west. You could buy hand grenades, any kind of drugs, or weapons on the Silk Road Exchange. It was a crazy time for cryptocurrency.”
That early exposure proved valuable when he later as CEO of Pre Charge, Inc., a digital currency company that was “a bit ahead of the industry.” The regulatory environment proved too restrictive. “I remember the government telling me, ‘Well, if you happen to have someone that uses your tokens in any state, then you are required to obtain a license in that state.’ How do I know where everybody lives?” After selling his interest, Ralph turned to executive search work until founding Twin Oaks CRS a year ago to tackle the growing cryptocurrency theft problem.
Spotting Deepfake Scams
Modern cryptocurrency scams have reached levels of sophistication that would have seemed impossible just years ago. Ralph describes a case that illustrates how far criminals have advanced: “A corporate CFO was working at home on his laptop and received a video call request. The call was from his CEO, who says, ‘Hi Bob, how you doing?'” Ralph explains. “The fake CEO discussed business matters before mentioning a time-sensitive acquisition opportunity requiring a $5 million wire transfer.”
The technology was so convincing that the CFO complied immediately. The next morning at the office, the real CEO was waiting for him, asking, “Why did you send $5 million out of our account?” The CFO replied, “Because you told me to.” The entire interaction had been generated using artificial intelligence, complete with real-time responses to mimic the CEO’s appearance and voice. The U.S. Secret Service was unable to recover the stolen funds. These operations often originate from sophisticated criminal enterprises. Ralph points to Cambodia, where “fraudsters operate out of large apartment complexes housing thousands of people. All day they target U.S. citizens to try to steal their money.” Workers in these facilities face harsh conditions. “If they do not scam enough money out of U.S. citizens, they do not get to eat that night. Worse, they are often tortured.”
Key Principles for Institutional Recovery
Based on his extensive experience, Ralph emphasizes three critical steps for institutions that have been victimized by crypto theft:
Speed is Everything
Ralph emphasizes that successful recovery requires immediate action above all else. “First step is to reach out quickly,” he explains, because criminals move funds constantly. “It’s not unusual to see 3,000 movements in an hour. These crypto scammers are becoming very, very sophisticated.” The longer institutions wait, the more complex the trail becomes. Criminal organizations use artificial intelligence to disperse stolen funds across thousands of transactions, making recovery exponentially more difficult with each passing hour.
Documentation and Law Enforcement
Filing proper police reports becomes crucial for larger cases that might attract federal attention. After discovering a large theft involving digital currencies, a decision needs to be made as to filing a police report immediately, or waiting until courtroom-level evidence confirming the movement of the stolen assets through one or more blockchains to a liquidation point where the assets can be frozen. Institutional investors and large firms may not want the publicity of having been victimized. A report to law enforcement at the local or federal level will be more productive if compelling evidence of the location of stolen digital currencies is provided. Proper documentation creates the foundation for any serious recovery effort.
Professional Tracing Capabilities
Professional tracing services can follow digital trails even through complex obfuscation attempts. “We can do cluster tracing in real time, literally watching the money move. Plus we are not following the false leads, focusing on the large dollar values,” Ralph explains. Advanced artificial intelligence enhanced tools allow investigators to track funds through mixers and cross-chain transactions. “Sooner or later the assets are going to stop moving. Then law enforcement can strike.” Success requires sophisticated technology matching criminal capabilities.
Navigating Law Enforcement Challenges
Law enforcement cooperation remains the biggest challenge Ralph faces. Many departments lack both the training and resources to handle cryptocurrency cases effectively. “Law enforcement many times do not understand what’s going on,” he explains. “This is not to disparage them, as most police departments haven’t been provided the tools and training.” Even when Ralph provides clear evidence and detailed instructions, progress often stalls. “I’ve literally given evidence to a district attorney. All they had to do was write a subpoena. In fact, I typically provide a blueprint for the subpoena, so they just need to copy it and submit it. Their response: ‘We don’t think it’s going to work, so we’re not going to move forward.'”
Time becomes the enemy while bureaucracy moves slowly. Ralph recalls one particularly frustrating case: “In August 2024 I was approached by a suburban Chicago police department who had a citizen file a report due to having lost over $750,000 to a fake cryptocurrency investment site. While the detectives wanted to use my pro bono services, the bureaucracy of the city wanted to review the agreement”. Over 8 months later I am still waiting on a decision. The victim remains without assistance. The threshold for federal involvement remains disappointingly high. “If you lost $400,000, FBI isn’t even going to look at it. They’ll tell you file a report on ic3.gov but you’ll never hear from them.” Only cases involving millions of dollars swindled typically receive serious attention, leaving many victims without recourse. The FBI simply does not have the budget or manpower to respond to the over 800,000 reports filed annually.
Ralph’s work reveals both the sophisticated nature of modern cryptocurrency fraud and the critical importance of acting fast when institutions face theft. Depending on the tracing results of the stolen assets it may be desirable to request the assistance of various federal agencies. Blockchain tracing has revealed stolen funds located in digital wallets controlled by criminal organizations (such as Mexican cartels) that hold hundreds of millions of dollars of stolen funds. These types of cases are of high interest to agencies such as the FBI, Homeland Security, or the IRS Criminal Investigations Unit. Bringing reliable evidence to our contacts within these agencies can be very beneficial to a successful recovery.
If you’re dealing with crypto-related fraud or want to protect your organization, connect with Ralph Dahm at rdahm@TwinOaksCRS.com or on LinkedIn to learn how to initiate a confidential forensic analysis investigation.
