THEOS Cybernova: The Cybersecurity Podcast for APAC Leaders

Paul Jackson: Welcome to yet another episode of THEOS Cybernova podcast in season two. I’m delighted to welcome to the show, Jussi, and I’m not even going to try and pronounce your surname, but Jussi, thanks so much for joining me all the way from Finland. Wait, not Finland, but you’re in Singapore nowadays, right?

Jussi Aittola: Yes, that is correct. Thank you so much for the welcome. And thank you for having me. Of course.

Paul Jackson: Oh, it’s a real pleasure. I’ve only got to know you fairly recently and yet I’ve seen that we have quite similar backgrounds. You, ex-law enforcement, right?

Jussi Aittola: Did a stint over at the National Bureau of Investigation in Finland, based in the FIU and in criminal intelligence. So, yeah, law enforcement FIU. So combined, like investigations and financial intelligence and criminal investigations. Very interesting path that led me to where I am today in Singapore.

Paul Jackson: Right, we’ll talk a bit more about that as we go through the conversation today. But I’m going to start by asking the golden question that I always get asked when crypto scams or crypto hacks take place: Are the assets recoverable? Because the general consensus is that once you’ve lost your crypto, it’s gone and there’s no chance of getting it back. So, what’s the truth?

Jussi Aittola: Well, it’s a very good question. Unfortunately, there is no simple answer to it. But yes, crypto is recoverable. It is difficult. Not impossible. It depends on so many different like integers in the mix, like how many spoons there is in the soup, as said. So, speed off the recovery efforts, the quality of the evidence. You have cooperation, public and private, and of course, the public and private place, very big role in in criminal investigations as many of the frauds are like related to investment frauds. I would not like to say pig butchering scam because it’s called more of a romance investment scam nowadays, based on new terminology, but business disputes and so forth. Crypto is difficult to recover, but it’s recoverable. With the help of many of the industry players, it has been made a little bit easier than it used to be.

Paul Jackson: That’s fascinating. And I am really looking forward to digging into that a bit more with you later in this conversation. But I’m going to start by just asking going back to what you just mentioned about being in law enforcement, what made you make the move to the private sector and how the hell did you end up in the crypto space?

Jussi Aittola: Well, the crypto space. How I ended up there was actually, I first landed in the crypto space, and then law enforcement, but in my background, I used to work very closely with the public sector, doing security, doing service stuff and so forth. Then the opportunity came, before the file AMLD, in the Finnish NBI, they were looking for a crypto expert who kind of help them to build their file AMLD, like it was going to the European Parliament at the time. So I’ll be directive. And of course, after that also, the implementation of local legislation into Finnish law once the AMLD comes into force in Europe.

But how it happened there really, really needed crypto training and stuff like that in the police. So kind of wandered off also doing, criminal investigations and so forth. But all in all, my crypto background started almost sixteen years ago. Next year it will be sixteen, incredible journey. I’ve been in criminal investigations ten years.

I started as a hobbyist, you know, playing around with mining, doing Bitcoin mining, even with my laptop back in the day, it was profitable. So, it was quite interesting and like working in security, cyber investigations, and cybersecurity. I already lived in Thailand when I was younger, doing government cyber, government cybersecurity.

So kind of all things came into a place when they were looking for somebody who had expertise in the field of crypto and of course, that’s how I ended up in the police. But like, all in all the fifteen years, I’ve seen quite a few ups and downs in the industry, bear and bull markets, on and off.

Paul Jackson: Yeah. So, look, I’m intrigued. Do you really need to work? You must be a crypto billionaire by now.

Jussi Aittola: Everybody needs to work. You know life would be boring without doing something you are passionate about.

Having been so long in the industry I have been personally lost money to crypto hacks, and I have also been investigating quite a few. I’ve been probably scammed a few times and like making the industry safer for all of the user is, something I’m quite passionate about. So, being able to recover and  help victims of crime, is of course, an amazing opportunity.

How I ended up in the private sector was of course when I started to work for Chainalysis and also head of investigations there. So very closely working with police. Then supporting them in their investigations, training them how to investigate, seeing the actionable results, how they succeed in cases and how they learn.

So, I’m quite passionate about, helping the industry and helping different agencies and people to investigate crypto related incidents.

Paul Jackson: Well you know your admission there that you’ve also been victim of scams and frauds, must actually give some comfort to those who are listening who’ve also fallen victim in some form because it’s not easy, is it? I mean, some people say well, how could you be so stupid to fall victim to a scam? But these guys are clever aren’t they. The fraudsters, the criminals. Super clever. Right?

Jussi Aittola: Yeah. Well, in my case it was like not so much about investment or that kind of fraud or just plain up scam, which is we have this scampandemic as said, but in my case it was like back in the days I was actually acquiring crypto miners.

This one company came up with new product. I invested a small amount but the product never delivered. So, it was kind of a fraud, the   whole thing. Some of the people who has been in the mining industry longer remembers maybe Butterfly Labs, when they were doing their first were PGA miners.

There was a sudden spike in the Bitcoin mining, like efficient or the Bitcoin mining difficulty, which kind of give people clues that maybe they’re using those miners before shipping. And later on, it actually turned out to be true, that they used the miners themselves that they funded with people’s money to develop, to kind of build out their machines to mine themselves some bitcoins and so forth.

So, yeah there’s all kind of scams when you come to unregulated kind of money as a very loosely would say, it’s unregulated money steal. But there’s different scenarios and victimising of course is the worst thing that can be done.

That’s why I also like by Interpol wanted to say, like send the message that we shouldn’t be using victimising terms when people fall for different kind of frauds or scams, because that always makes the barrier to report higher. Anybody can fall for a victim and the people just unfortunately fall for different kind of frauds and scams a little bit without thinking where they’re putting their money.

They just say the high returns and high investments that they can make a lot of money on and make hasty decisions without doing proper research.

Paul Jackson: Yeah. So, I think you’re right there you know, obviously we both were in law enforcement and victim blaming is never the answer here.

I’m just going to pause the second there and just say to anybody listening at the moment who’s enjoying these conversations to like and subscribe our podcast because, it does make a difference. It gets out to more people that we’re able to help and to advise. So please do click that like or subscribe button. We promise it’s not a fraud.

But, let me go back to a point you just raised about working with law enforcement, because that’s critical, isn’t it? We can’t do this alone in the private sector and we need to collaborate in this. I know it’s a cliché, the public-private partnership, you know.

But I get asked at conferences quite a lot why is it that law enforcement seems so helpless when it comes to investigating crypto frauds and thefts? The general consensus is that law enforcement doesn’t seem to really care, you know, because it’s an overseas problem or, you know, the success rate of investigating it is so minimal or so low that it impacts their overall metrics of success in policing. But what were your thoughts around law enforcement and their capabilities and their effectiveness?Jussi Aittola: Yeah, that’s a very good question. You also come from law enforcement to understand that  when you have 200-plus digital asset cases on your table, you just don’t have the time to investigate every single second something moves or something is transferred. There’s just the backlog is so big that they’re overwhelmed.

MLAs take years to go through the system, so do mutual legal assessment requests. They go through the Justice Department and so forth. Luckily for me, when I was in law enforcement, I was stationed in the FIU, and we, of course, have the Egmont network and other methodologies that we are able to receive intelligence quite quickly, even abroad.

But I also like to think in many cases it’s the cost of the investigation, putting the efforts into investigating every single small instant, but collectively try to group the cases into similar buckets and investigate from there to find common methodologies and common operations.

On the other hand, crypto requires so specialised tools and training. So many of the police don’t even have the funding for this. The training takes quite a lot of time. I’ve been in the investigation space for ten years, and I still don’t comprehend everything that is going on there and happening. So yeah, it is a very difficult question.

But usually when there’s cross-border crime, that also puts different kind of regulations that the law enforcement needs to follow in place. And typically, the first milestone is that certain criteria of loss need to be satisfied, which quite often is not, because it might be, depending on the jurisdiction: one million dollars, five million dollars, ten million dollars.

So, when even the biggest exchanges are located, just for example, in the next country it’s still a cross-border crime and it needs cross-border efforts and this and that. So, it’s very difficult for just like jumping into every single case immediately. They drowning in cases of course.

But then again like some of my most successful cases came through like thinking outside the box. So back then, of course, there was no regulation in place, but coming from law enforcement and reaching out to many of these companies, who now, of course, have centralised platforms to do that. Back then there was none.

So, you need to know somebody who knows somebody who could point you to the right direction, or you already had a contact. I don’t recover even by sending email and sending a documented and stamp seizure warrant via email to some of the exchanges and being able to recover funds.

So sometimes, if for example, that jurisdiction the law enforcement is operating that allows something like this, then the recovery possibilities are of course much higher than in just like straight up international law enforcement communication channels. So, it ultimately depends on the case.

But like I would say that the biggest issue is that they have so many cases. As mentioned, there’s already a terminology for this “scamdemic” so everybody knows that. It means that it’s so many millions of cases and highly professionalised scammers out there. It’s very difficult to keep up with the pace of work that they currently receiving.

Paul Jackson: Yeah. That’s interesting. And you’re actually well based out you really being in Singapore now must give a plug to your company Sphere State who do excellent work. I mean I know some of your team, obviously I go back quite a long way with some of them and I know how good they are investigating. But you were you well placed in Singapore because you’re right next to the Interpol Cyber Headquarters. So, do you have relationships with them? You know, and because you talked about cross-border issues and I really that’s all transnational issues. And really, that’s the crux of why investigating, you know, crypto frauds and scams, etc. is so challenging, right?

Jussi Aittola: Interpol, UNODC, these multinational agencies, they do a lot of events and training for law enforcement at Interpol. They do it here in Singapore. They also do a lot of that around/across APAC.

So, I think these large organisations like you and Interpol, Europol and so on, they do an amazing job sharing the knowledge, doing workshops, doing training, also of course they have their own action days, and they do a lot of action around these main and larger kind of institutionalised criminals already.

They have so many hats to wear also at Interpol. Crypto is just one of them. Of course, it’s a very good centre of knowledge, a very good centre of sharing knowledge. And of course they also have quite a lot of good ways to help you in cases.

So, of course, we work very closely with them, and we share intelligence with them. And sometimes you need to reach out to them that “hey, I have a case in country X, can you help me to put me through to the right officer in that country.” They help very often to support those cases cause they kind of know that the officer will get free training on top of that.

Paul Jackson: Yeah, that’s a very good point. That’s a very good point. Before we move on to talk perhaps about some of the most common types of crypto fraud you’re seeing, just a quick one on your company Sphere State. Where does that name come from?

Jussi Aittola: You know, we are spearheading many things. And then of course crypto investigation is just one part of the company because it’s a Sphere State Group. So, we have different categories what we do and where we are located. But like I lead the crypto investigation function for us.

We also do traditional business disputes, litigations, traditional financial investigations, assets, searches for physical assets. So. kind of that is a good combo from the crypto space also to the physical asset world, that if we have a suspect in country X and we want to identify what kind of assets that person is having, what kind of lifestyle they’re doing and so forth.

If we are able to identify 100% that this person is behind for example this crime, we are also able to then to use on some of our on-ground people to identify like probable assets that belongs to this perpetrator.

We kind of combine the on chain and off chain elements to the investigations, which of course helps then the end victim to hopefully recover some of their assets that they lost in different scenarios.

Paul Jackson: Right. I think our regular listeners are now probably started to join dots as to why we know each other. Because, obviously here at THEOS, we do deep dive technical investigations into hacks, breaches incident responses, etc. but we don’t do we don’t follow the funds. You know, we have to rely on true experts like yourselves to follow, stolen assets, be like crypto or dormant normal money.

Jussi Aittola: Yeah. And this happens more often than you think. We have clients from, even the banking industry who have cyber incidents where funds are lost in either traditional fiat money or even nowadays in crypto. So, if people lose funds to regular opportunity scammers or investment frauds, sort of big institutions also. That’s why we kind of need each other there down, there’s so many separate fields to specialise in the cyber side, in the cyber security side on, like the real life and real events that happen, if people walk into an office, like the physical side. And then, of course, we had the crypto side, where we trace the funds on the chain. And what happens on the blockchain.

Paul Jackson: Yeah, no, it’s super important. I’m glad that you are based out here in Asia because there’s a lot of victims out here that need help from a company like yours. So let’s talk about these frauds. So, is this really evolved, or are we just seeing the same old techniques that are still effective? Or what do you see most commonly in crypto fraud at the moment?

Jussi Aittola: Yeah. So this, romance investment scams of course, have been professionalised. It is these big call centres, big like professionalism behind it. Sometimes even there is a little bit of protection of these kind of super institutionalised, and I would almost say companies that run these operations we are aware that they are also sometimes even nations, backed that there might be nation state actors that run these centres that do 24/7 investment frauds, investment platforms, romance investment, hybrids on chain, off chain, brokers and so forth.

Paul Jackson: Yeah. And, you know, we talk about organised crime, but it truly is when it comes to the cyber world, truly organised. Right. You know, they’re structured almost like your average company with HR, recruitment, CFOs, and it’s what I’ve seen insights into, these organised crime groups that commit these types of romance scams, etc., and other types of fraud. It really is quite staggering how well set up they are and how professional, if you can call them that. These criminals, but in what they do.

Jussi Aittola: One hundred percent, they are full-run companies, they have the leaders, directors, just like in any other business company, and they make hundreds of millions of dollars.

Paul Jackson: Yes they do. And yeah, that’s where half the problem is, isn’t it, when we’re battling this, you know, such well-organised and structured entities. Can you describe a challenging investigation that you’ve worked on and what made it kind of complex?

Jussi Aittola: Yeah, I can kind of not describe it. I can describe it in general ways, but, like. Yeah

Paul Jackson: Anonymise it, yeah

Jussi Aittola: Typically, I can use a loosely tied connection to a real-life case where actually a private individual fell into a hack, and this hack was actually done by a nation-state. So, it was quite intriguing to see that these nation-state actors also target individual wallets. That was very surprising because the funds didn’t move for quite some time. But once they start to move, I was very quickly able to identify which nation-state attacker was behind this because of the money laundering typology.

So, we have cross-chain hopping, so we go through bridges. We go even through some of the mixing services. Mixing services, of course, being the old-style, obvious case: the source and destination of funds. Some of the bridges actually do quite similar things, but you’re kind of able to track where the new funds have been issued and where the funds are being distributed. After the new funds have been issued. Some of them are highly automated, which of course makes the tracking ever so more difficult because the funds moved so quickly through this whole process. The whole money laundering typologies and layering techniques and structure are automated, which will take then a manual investigator much longer time to figure out.

Of course, we have built some internal tools to be able to detect and to be able to kind of identify some of these typologies, as they moved. But it is still a very probabilistic approach when you’re going through multiple blockchains we are different bridges using automated and manual typologies. It’s quite difficult to state track on the real actual assets that were either stolen or fraud or defrauded.

But in this case, it was actually stolen via a malware that was installed within, it was an iPhone. It was even more surprising that the malware was within the iPhone. And when the person backed up their crypto wallet, the seed price was stolen during the backup process and that person had more than $20sh million in that wallet. That then laundering process then enabled us to did that kind of identify that there was this actually a very well-known, nation-state actor.

So to me, it came as a surprise that they also do this very kind of low entry level thefts, but the sophistication came through the malware that was actually installed on an iPhone, which is not that easy if you know about cybersecurity that getting a malware into an iPhone or even an Android it’s not that easy. The complexity maybe is more from first identifying how the MO was done and how it was compromised. Then of course, parallel laundering paths to see going into bridges, mixers, which is ofcourse, obfuscation techniques.

Then you need to build custom tooling to identify some of the demixing flows. That of course, is a little bit easier nowadays, with the help of some sophistication with the LLM and some of that that can be done, like the decompiling, some of those laundering paths with, LLM makes the job a little bit quicker. But then, once you have identified and been able to decompile the obfuscation techniques and trails, then comes international cooperation between exchanges, potentially law enforcement.

Is the person going to law enforcement? Are they going down the civil court route and delays, and relying on the goodwill to the exchange system to keep the funds frozen or the seizure or complementary freeze in place that is also quite time critical. So it’s always like a multiple different, piece needs to come together.

But like when you do the tracing properly, not relying too much on some of the automation tools that are out there, you are actually able to definitely say that these are the actual funds, like with the last-in-first-out trace or first-in-first-out trace. Instead of saying that this address is somewhat involved based on aggregate heuristics. So, attribution is possible. Of course, because of the matching the patterns to previously known laundering techniques and paths, but also a lot of collaboration within and within the industry, and also again, with the private and public sector cooperation. That is pretty much most often how we lead to successful cases.

Paul Jackson: Well, that all sounds very easy. Yeah. No, but joking aside, are you getting good cooperation from the exchanges? Because I guess there’s those that cooperate more readily. And those that may be a bit tougher. Is that because that’s the key really, isn’t it to onto getting funds restored? Is the cooperation really of the exchanges?

Jussi Aittola: I would say again, the industry has evolved quite a bit in the past ten years. Like I said, back in the day, sending an email with this initial warrant with a couple of stamps from the DCI would be enough.

Nowadays, of course, we have a regulation. We have PII regulation in place. We have exchanges, which have been more institutionalised and they need to follow different set of rules. So of course that makes it a little bit more challenging.

Some of the exchanges, are not so accepting to private sector investigators to do complementary freezers than others. But typically, when we work on a case, the almost the first thing what we do is identify investigator within that jurisdiction where the victim is to get the law enforcement or, if they come through law or legal firm, then we might already have some civil court orders in place that helps.

Then you can reach out that, “hey, there’s a civil court order coming from this and that.” Of course, some of the exchanges are much more willing to cooperate, still on good faith, than others. But then again, so much depends on the case. And for example, the publicity of the case is are willing they are to cooperate.

But it’s a very delicate balance because they also have their set of rules and their set of legislation that they nowadays need to follow.

Paul Jackson: I agree. You raised an interesting point about the legal side of things because obviously, often we need to involve law firms in this. Do you have go to partners in law firms that, you know, have got the right expertise in this space?

Jussi Aittola: Yes. We work with many of the big law firms throughout Southeast Asia, and we have gotten very good results with them. Again, it depends on the amount of expertise required, what type of case it is and what kind of funds and amount of funds were lost. But we do have very good partners within the legal community, and we work with many of the biggest law firms throughout Southeast Asia.

Paul Jackson: Oh, that’s very good. Yeah, because I often get asked this question, which law firms are the best in terms of understanding what is a very complex, you know, issue. I don’t know if you want to name any. You probably don’t on the podcast, but certainly anybody could reach out to you if they are looking for legal, help them unless you do want to name any.

Jussi Aittola: Yeah. I always try to be neutral and respect all of our partners and all of our clients. Also, it depends so much on the case, in some cases, people reach out to me that, hey I want to do this and that. What law firm might be the best for us and can quite easily say that you don’t need a law firm.

I can write you the documentation, you need. Okay, you need a civil court order from this in that place, then this might be the best solution for you, if you are on a budget, etc., so it all depends. But, we work with all of the big ones and all some a lot of the smaller ones also. We’re happy to work with the ones that need.

So, I think I would say that like, what we’re going to be talking about tools soon, there would be a good bridge to build here. You need to be tool agnostic that you’re able to reproduce those results dependent on which, where you go left or right.

Paul Jackson: Well, that’s a good segue into the tool side of things. I mean tools just like us in DF/IR forensics work critical right. Getting the right tools, very often here at the THEOS, we script our own, we have a very talented DF/IR leader, who knows how to, and that speed is important, and we get the best results through tweaking our own versions of tools, etc. And I guess some similarities there that there will be tools that are off-the-shelf kind of thing. But there’s also, you know, the ways that you adapt it in your own work. Am I right?

Jussi Aittola: Yeah, the tool industry, when I started in the investigation space about ten years ago, it was quite narrow. There was only a couple of tool providers, some upcoming that are already gone and so forth. But nowadays, that’s at least ten to fifteen different tool providers, and they all have their own strengths.

So, it depends on what you’re looking from a budgetary need, which market areas you’re looking at because some of the tools are stronger in different market areas. Even localised data, like over-the-counter trading platforms, like all synth on, like darknet markets and darknet industries. Some of them have better data on Europe, while some of them have better data on the Americas. So again, it depends on the requirements of yourself.

I have used pretty much all of the tools out there and there. So of course, I would say that there’s like tier one, tier two, tier three tools and like I said, I want to be very tool agnostic here. I’m not going to be promoting any tool specifically but again, it depends on your needs. Some of them are very highly technically sophisticated. You can do very, very accurate tracing. Some of them have amazing knowledge of entities. Some of them have very good other capabilities.

But of course, some of them also come with a very high price tag, some come with a bit lower. I would say, in general, the crazy pricing of tooling those days are over, and there are so many tools out there. It’s getting very competitive, the space. So many of the tool providers have needed to drop their pricing. And also, the price point for getting a reliable basic-level tool is somewhat reasonable nowadays.

So you don’t need to spend like one hundred grand getting one tool priced. Then you can get pretty good tools for like ten to fifteen grand per license, but it’s still quite expensive. And I said, when law enforcement need tools, they typically need more than one or two licenses. They might need like fifty our hundred licenses. So at the end of the day, it still costs very costly.

Paul Jackson: It does. And there’s so many parallels between the work we do. You know, the top tiers you mentioned the other tools that are nice to have that kind of thing, for specific cases. But it’s really at the end of the day, though I think to draw a line under this conversation, it’s about the people using them, and it’s about being able to make the right decisions on the right tools for the right investigation.

I don’t think I’d recommend anybody to go out and buy DF/IR tools in the same way. I wouldn’t recommend them to go out and buy crypto investigation tools. I would say go to the right people to help you who know how to use them properly and get the best out of them.

Switching gears, North Korea who frequently seems to be synonymous with crypto frauds and thefts in the news. How accurate is this? And what can you tell us about their activities?

Jussi Aittola: Well, I would have to say that they are indeed a very interesting actor on any kind of cyber-enabled or cyber-related. Also, nowadays, crypto-related incidents and crime are very active. It’s a little bit hot potato around the industry.

But of course, we know that Lazarus has been active for quite a few years, APT38, also quite a few years, typically, when something big happens, quite a few are very eager already to point out to the actors behind those kinds of incidents. Definitely, when you look at the reports, I think like a couple of past years, we are talking three, four billion dollars in crypto-related hacks and stolen funds that we are aware of that have stolen.

But as mentioned already, we also see different kinds of other incidents that are not directly related, but with likelihood might be done by DPRK or one of these highly structured sub-entities. They’re very well-funded. They operate of course, from different continents, typically where there might be a little bit of political restlessness that might not have very structured framework around crypto.

But they are very active. Yes, like I said it’s a little bit hot potato here. Trying to avoid, maybe even unintentionally disclose too much. But yeah, they of course their motives bypassing sanctions and funding state operations mainly their WMD programs.

When you imagine them doing billions of dollars past years in different kind of from crypto-related attacks and in stolen and fraud funds,  they are also very well-funded and they have a lot of funding coming from these incidents.

Paul Jackson: This links in with a question that I was going to ask you on money laundering. I mean, how do they get the illicit crypto funds back into the monetary system?

Jussi Aittola: That’s a good question. The funny thing here is that they are actually quite transparent on their fund movements that they use typically few mixers, few cross-chain bridges before they kind of dilute the funds into different exit points where they then exchange those for a real currency or whatever is in their interest at that time.

But they’re surprisingly like they don’t care if some of the accounts get caught or frozen, and cause they have those in some amplitude, some of them might be done years and years ago already, just being dormant for a long time might be real people. Real stolen identities might be people in vulnerable positions who have been given them or unknowingly sold their KYC documentation, verified them to exchanges just for a small tip.

So, the way the money is flowing out of the system. That is, I would say much more complicated than you would imagine, and unfortunately there is still a lot of uncompliant exchanges in exit and entry gateways that are kind of satisfying the current need, what they have, and we have quite a big nations and states that are completely sanctioned and cut off from the monetary systems, which some of the other nations are then maybe not following the same sanctions list like we have the UN sanctions list. We have the OFAC sanctions list and so forth. Not all of these necessarily go hand in hand.

So, there’s quite a few ways how to still get funds out. Like I said, some of these transactions are very transparent and nont that difficult to trace and track. But when you have for example some nations that are more compliant than others, it doesn’t seem to be overly too complicated to get those funds out.

I have to say that on top of that because of the multiple levels of layering and sending funds they might even use legitimate exchanges to take out small amounts, but because they come to 100% like KYC and legitimate accounts, nothing really flags out at that time. Cause their tracking and tracing takes some time, and when they have a lot of automation and scripting and so forth behind all of the movement, the funds might be out to even known and very well respected exchanges, even before they even realise that that has happened.

Paul Jackson: Yes. Well, I think you just highlight to one of the issues with the whole crypto blockchain space is the perception, it is legitimate. But unfortunately, the perception is it’s really used for illicit purposes, for money laundering for criminal proceeds of criminal activity and for other scams, etc. Also, that is one of the biggest challenges I think that the whole space has to face and overcome before it becomes accepted in legitimate mainstream finance, right?

Jussi Aittola: But again, like cryptos and cryptocurrencies, they give you an unprecedented transparency compared to traditional finance. So when you look on the traditional financial investigations, you see only 1 or 2 accounts. If they were in the same country, you might be able to see 5 or 6 accounts.

But then again, in cryptocurrencies, you can see when the whole spending part then goes to multiple different jurisdictions, multiple kinds of addresses, which can be considered bank accounts. You are able to get that data quite quickly, and you are able to track and trace those funds quite quickly.

So this kind of transparency when you compare to traditional banking and for example cash, was never heard of. So again, like cryptocurrencies also enable you to have this level of visibility into the whole ecosystem and of course, that is where we also rely on when we do our recovery investigations and now tracking and tracing that we see where the funds are moving. We see where they are dormant.

We see what we can do, for example, if they’re dormant in a different kind of assets in different kinds of addresses, there are multiple different ways also to recover those funds. So that kind of like, transparency we didn’t have in the traditional find.

Paul Jackson: Oh, I agree with you. Yeah. You know, the old suitcase full of cash, it’s a lot harder to trace than crypto. Look, and we could probably talk for hours on this, but we’re bumping up against time here, and you see, I’m so honoured that, you know, you told me before we started that this was your first ever podcast. So I’m truly honoured that you decided to spend it with me. The suitcase full of cash is on its way to you right now as we speak.

Let me close up by asking you a question. I ask all my guests, you know, the regular audience will know that I’m a music lover, and it’s my way of decompressing at the end of the day. Now, to anybody because you’re from Finland, so to anybody who’s ever listened to the Eurovision Song Contest, and in particular the Finnish entries for the Eurovision Song Contest, we’ll know that your answer to this question is going to be a little bit bizarre. So come on, there, Jussi, what are you currently listening to music-wise?

Jussi Aittola: Well, I will not say the hardest of hard rocks, but you know, I’m a rock fan actually. I go all the way from the 70s rock. I’ve built a reason. So, like anybody from Creedence Clearwater Revival, The Doors, AC/DC, and then of course, we have a lot of Finnish rock bands, but I also listen to R&B, dance music, stuff like that. So, I have quite a large when it comes to music also love. I have my very good audio set-up myself. But essentially, when I’m having a few beers, listening to, like, old classic rock, a little bit newer rock. So I would say more of rock n roll. Rock guy.

Paul Jackson: Brilliant, brilliant. Well, I do hope so. One of these days, we can listen to a few tunes and grab a beer together. Because we clearly have similar tastes and backgrounds, Jussi. Thank you once again, so much for joining us. And, if anyone in the audience, wants to have any follow up questions, there will be links to, to Jussi. He and his company, Sphere State. Thank you again for joining me today. And, you know, wish you all the best.

Jussi Aittola: My absolute pleasure. And thank you for having me.