@Mitchell @ChloeWhiteAus @KenKatayama @JoeyNB_COS
Hello IKP + FASE WGs,
Please review the draft for the IKP + FASE - Forensics Analysis Common Lexicon Harmful Activities below, and provide your comments and feedback by March 27..
Thank you
Rola
IKP_FASE_Forensics_Analysis_Common_Lexicon_Harmful_Activities.docx (47.1 KB)
privacymage — IKP Co-Chair Reconstruction
Joint IKP-FASE session bringing together blockchain analytics practitioners, regulators, standards bodies (ISO TC307), and the cybersecurity working group to scope the Taxonomy of Harms as a concrete deliverable. This is the foundational session for what became the IKP-FASE joint work item.
A crypto-native trade surveillance firm provided the empirical grounding we needed. Key data points for the taxonomy:
56% of ERC-20 token listings across three major platforms showed evidence of insider trading (cross-referencing on-chain DEX activity with off-chain listing announcements)
One in four new tokens on top 14 EVM chains + Solana is a hard-coded rug pull scam
98.6% of tokens listed on pump.fun were rug pulls by their definition
~$253M in wash trading on a major prediction market in 27 days pre-election
A novel category emerged: “cross-symbol wash trading” specific to prediction markets where manipulation spans correlated contracts
A Japan-specific case study (account takeover + illiquid asset manipulation across two vectors) demonstrated the cross-on/off-chain convergence that makes this taxonomy work essential
The presentation emphasized that ~80% of crypto activity is off-chain, and cross on/off-chain manipulation creates unprecedented detection challenges. A 2023 FSA study was cited confirming that on-chain data alone is insufficient to understand ecosystem integrity.
The “scam vs. spam” distinction was raised: at what point does something go from being a scam to just being spam? If 98.6% of tokens on a platform fail within hours, the ecosystem has an efficiency problem beyond just a crime problem.
Multiple participants converged on the same conclusion: the problem isn’t a lack of definitions — it’s a cacophony of conflicting definitions. A standards body representative confirmed that even ISO TC307’s existing vocabulary needs revision. The MITRE ADAPT framework was raised as a structural precedent, but it covers adversarial activity on digital asset payment systems (cyber/technical exploits) without market manipulation, AML, or the broader harm categories we need.
Explicitly reaffirmed as the thread connecting all of IKP’s prior work to this new deliverable. The session traced the lineage: analytics companies → common language for information sharing → what’s the difference between analytics and forensics → common lexicon that solves both problems.
A regulator observed that market manipulation requires proving intent (higher burden than AML’s binary sanctioned/not-sanctioned determination) — this adds a critical dimension to our framework. The admissibility question (can probabilistic blockchain analytics meet legal standards for expert testimony?) was flagged as an open research question.
A provocative suggestion was made that natural language is “too naive” to express the complexity of illicit activity and that mathematical or machine-readable formal expressions would enable AI-driven signaling. The room debated this extensively. The landing: we need both. Machine-readable typology definitions for automated detection, but human-readable taxonomy for regulatory alignment and cross-jurisdictional consensus. The observation was made that ISO vocabulary standards take 3-4 years, but mathematical categorization standardizes faster.
The room discussed how agentic AI is compounding market integrity problems. On prediction markets, six of the top ten traders on a major platform are bots. Agents can deploy further bots, manipulate social media to shift markets, and create sophisticated cross-platform manipulation chains. The consensus: “the only way to deal with agents is going to be with other agents” — but this creates a governance question about deterministic vs. probabilistic AI in compliance (deterministic for detection, probabilistic for remediation/documentation).
A participant noted that the cybersecurity working group’s information sharing work “isn’t cyber specific — it’s illicit financing, crypto related information.” This confirmed that the taxonomy and the ISAC threat intelligence framework are two faces of the same deliverable.
Everything discussed here became the working group charter we subsequently drafted. The action items from this session directly map to our deliverable structure: mapping exercise of existing definitions → gap analysis → compression into agreed terminology → machine-readable format → STIX/TAXII compatibility. The “compression” methodology privacymage advocated in the session (find the most meaningful, least amount of words, then expand out) is the same approach we use across all BGIN work and mirrors the proverb compression protocol.
The session explicitly connected this taxonomy work to the cybersecurity working group’s information sharing framework. The STIX/TAXII-compatible database we’re designing for the ISAC is the machine-readable implementation layer for whatever taxonomy we produce here.
The practitioner presentation reinforced our core finding: blockchain analytics detects anomalies probabilistically (the 56% insider trading signal requires investigation, not prosecution); forensics produces evidence-grade attribution for legal proceedings. The regulator’s observation about the intent burden adds a critical dimension.
The session’s discussion on agentic AI as both compliance tool (deterministic detection) and threat vector (sophisticated manipulation) connects directly to our PoP + Agent Duality work: how do you verify the personhood and intent behind agent-driven market activity?
Reading this session alongside the quantum resource estimate papers, the “dormant asset” problem they describe is essentially a harm category this taxonomy needs: cryptographic obsolescence leading to unauthorized asset transfer.
Mapping exercise: Begin with MITRE ADAPT as structural template, expand to include market manipulation, AML/CTF, and governance harms. Map against ISO TC307 vocabulary, FinCEN advisories, FATF typologies, and ESMA’s MiCA definitions. Use existing industry collation as input.
Compression targets: Start with rug pull typology as proof-of-concept for the “compression → expansion” methodology. Define it in both human-readable and machine-readable formats. If we can get agreement on one typology, it becomes the model for all others.
Cross-WG coordination: This session confirmed that the IKP-FASE taxonomy and the CYBER information sharing framework are two faces of the same deliverable. The taxonomy defines what we share; the ISAC defines how we share it. These need to be developed in parallel with explicit cross-references.
ISO TC307 liaison: Use BGIN’s Category A liaison status to push for vocabulary updates based on our taxonomy work. Two liaison organizations pushing together creates more impact.
Practitioner’s guide scoping: The forensics admissibility question (legal standards, probabilistic evidence, expert testimony) should be scoped as a follow-on deliverable once the taxonomy is established.
Compression seal: 
— Map the cacophony, compress the language, then the chain of proof follows.