imadethisup.org Retain →
BUSINESS · 2026-06-15

“Follow the money” is no longer enough

A cloned voice induces the wire. A chain of crypto bridges erases the trail. The transactional record still matters — but when the inducement is synthetic and the laundering is on-chain, tracing alone no longer proves the case.

~ 8 min read · LAW BUSINESS

For decades, financial tracing has been the workhorse of fraud litigation. Subpoena the bank records, identify the transfers, follow the money to its final disposition, and the case largely builds itself. The methodology is mature, courts are comfortable with it, and forensic accountants have refined it into a rigorous discipline. None of that has changed. What has changed is the two ends of the pipe. At the front, generative AI now manufactures the inducement — the cloned executive, the fabricated relationship, the synthetic identity that opens the account. At the back, blockchain rails launder the proceeds at a speed and across a number of jurisdictions that no subpoena can chase in real time. Tracing remains essential. It is simply no longer sufficient.

The scale is not theoretical. The FBI’s Internet Crime Complaint Center logged a record $16.6 billion in reported cyber-enabled losses for 2024, a 33% jump over the prior year, with roughly $9.3 billion of that tied to digital assets — itself a 66% increase.[1] Cryptocurrency investment fraud, the category that includes “pig butchering,” alone accounted for $5.8 billion across more than 41,000 complaints.[1] The Federal Trade Commission, counting a broader universe of consumer reports, put total 2024 fraud losses at $12.5 billion, with investment scams ($5.7 billion) the single largest category and cryptocurrency the second-most-used payment method by dollars lost.[2]

The inducement is now synthetic

Traditional fraud needed a persuasive human — a salesperson, a forged letter, a spoofed email. Generative AI collapses that cost. In December 2024 the FBI warned that criminals are using generative AI “to commit fraud on a larger scale” by mass-producing believable personas, voices, and documents, reducing the time and effort needed to deceive a target.[3] The textbook case is the 2024 Hong Kong incident in which a finance employee at the engineering firm Arup joined a video call populated by deepfaked colleagues — including a synthetic “CFO” — and authorized fifteen transfers totaling roughly $25 million.[4] The funds were gone before anyone in the real chain of command knew a meeting had supposedly occurred. As of the latest public reporting, no arrests had been announced and the money had not been recovered.[4]

The same dynamic operates upstream of any victim contact. In November 2024 the Financial Crimes Enforcement Network issued an alert (FIN-2024-Alert004) describing a surge in suspicious-activity reports tied to deepfake media used to defeat banks’ identity-verification, authentication, and due-diligence controls — synthetic photos and videos deployed to open accounts that then funnel proceeds through check fraud, push-payment fraud, and loan fraud.[5] When the account-opener is a fabricated identity, the “know your customer” record that a tracing analysis relies on to name a beneficiary is itself a forgery.

The trail is now on-chain

Once funds move to cryptocurrency, the assumptions behind classic asset tracing degrade. Bank tracing presumes named, regulated intermediaries who respond to legal process within a single legal system. On-chain laundering presumes the opposite: pseudonymous addresses, automated mixers, and cross-chain bridges used for “chain hopping” that fragment a single flow across networks faster than counsel can serve a single subpoena.[6] Chainalysis reports that stablecoins have come to dominate illicit transaction volume, and that sophisticated actors now insert additional layering steps — mixers and bridges — between an exploit and any cash-out point, precisely to break the linear trail that tracing depends on.[6]

TRADITIONAL TRACE — linear, named, subpoenable Victim Named bank KYC on file Beneficiary identified AI-INDUCED + ON-CHAIN — branching, pseudonymous Deepfake inducement cloned CFO / synthetic ID Wire / exchange on-ramp Mixer layering bridge → chain A Unknown wallets cross-chain hops bridge → chain B FIG. 1 — Same dollar, two trails: one ends at a name; the other forks across chains.
FIG. 1 — A synthetic inducement at the entry point and on-chain layering at the exit. The transaction still happened; what tracing alone can no longer reconstruct is who, and with what knowledge.

The evidentiary gap tracing leaves open

The limitation of pure tracing was always evidentiary, not analytical. Tracing can establish flow and identify nominees, layering structures, and ultimate beneficiaries. It cannot, on its own, prove what people knew, what they said to one another, and how decisions were made. A defendant who claims to have processed transactions without knowledge of their character has a real defense even when every dollar can be followed; knowledge and intent live in communications, not in ledgers. The synthetic-inducement era widens that gap. When the persuasion was performed by an AI persona, there is no human salesperson to flip, and the deepfake artifact itself — the call recording, the generated image, its metadata and provenance — may be the only proof of how the victim was deceived.

This is why a tracing analysis offered in isolation invites the argument that fund movement is consistent with many explanations, only some of them fraudulent — and why a communications record offered without financial corroboration invites the argument that statements were aspirational or taken out of context. Correlated, the two foreclose the alternative explanations each leaves open. A wire at 2:14 p.m. becomes different evidence when it sits in a sequence: a recorded video call at 11:30 a.m. in which a synthetic executive ordered a “secret transaction,” a messaging directive at 1:47 p.m., a device geolocation, an account opened weeks earlier with a face that detection software flags as machine-generated.

What investigators and counsel must add

The transactional record stays the backbone. Around it, four additions have moved from optional to essential:

  1. Preserve the inducement, not just the transfer. Capture the call recording, the synthetic media, and their metadata and provenance signals at the earliest moment. A deepfake artifact is both the proof of deception and, increasingly, contested evidence whose authenticity must itself be established. See /provenance.
  2. Pair financial and on-chain forensics from day one. Bring blockchain-analytics capability in at intake, not after the bank tracing stalls. Mixers and cross-chain bridges defeat sequential subpoenas; following the flow requires tooling built for pseudonymous, multi-chain movement.[6]
  3. Reconstruct the digital ecosystem. Messaging platforms, cloud repositories, device metadata, and geolocation supply the knowledge-and-intent record that ledgers omit — the difference between a transaction that occurred and a fraud you can prove.
  4. Move at on-chain speed. Identity-verification controls assume a human; FinCEN’s alert is a reminder that they no longer can.[5] Freezes, exchange notices, and preservation demands have to be triggered in hours, because the laundering is.

“Follow the money” was never wrong; it was complete. In an era when the inducement is generated and the trail is engineered to branch, the durable case is built on both ends at once — the synthetic artifact that proves how the victim was deceived, and the on-chain analysis that proves where the value went. Trace the money, yes. But authenticate the lie that started it, and chase the value across the rails that hid it.

Sources

  1. [1]
    Federal Bureau of Investigation, Internet Crime Complaint Center. “2024 IC3 Annual Report” ($16.6B total losses; ~$9.3B tied to digital assets; $5.8B crypto-investment / “pig butchering” fraud across 41,557 complaints).ic3.gov
  2. [2]
    Federal Trade Commission. “New FTC Data Show a Big Jump in Reported Losses to Fraud to $12.5 Billion in 2024” (investment scams $5.7B; cryptocurrency second-largest payment method by losses). 10 Mar. 2025.ftc.gov
  3. [3]
    FBI / IC3 Public Service Announcement I-120324-PSA. “Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud.” 3 Dec. 2024.ic3.gov
  4. [4]
    Heather Chen & Kathleen Magramo. “Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’.” CNN, 4 Feb. 2024 (Arup later confirmed as victim, 16 May 2024).cnn.com
  5. [5]
    Financial Crimes Enforcement Network. Alert FIN-2024-Alert004, “Fraud Schemes Involving Deepfake Media Targeting Financial Institutions.” 13 Nov. 2024.fincen.gov
  6. [6]
    Chainalysis. “2025 Crypto Crime Report” (stablecoins’ dominance of illicit volume; mixers and cross-chain bridges used for layering and “chain hopping”).chainalysis.com
More

When the trail goes synthetic.