IRS criminal division can better manage seized digital assets, watchdog finds

The IRS Criminal Investigation division needs to tighten up its management of seized digital assets, a new watchdog report warned, especially as legal proceedings involving those virtual currencies play out. 

In a partially redacted report released last week, the Treasury Inspector General for Tax Administration found that IRS-CI “did not always follow established guidelines when seizing and safeguarding digital assets” — tokens that are increasingly used in money laundering operations, tax crimes, terrorism, proliferation financing, drug and human trafficking, ransomware and other cybercrime.

Though TIGTA did not uncover substantial problems with inventorying and recordkeeping, the watchdog said accountability and accuracy are paramount when dealing with seized digital assets, particularly when “the underlying case is being adjudicated.”

From September 2017 to October 2023, IRS-CI said it seized 299 digital assets, totaling roughly $8 billion connected with open criminal probes. When digital assets are captured by the division, memorandums are required to document pertinent elements, including the date of the seizure, the source of the funds, the value of the currency and public addresses of the subject wallets.

Of those 299 seized digital assets, only three were not documented properly, according to TIGTA. But those three held a value of more than $2.8 million. “The absence of this information makes it more difficult to determine custody of the funds through digital asset transactions,” the report stated.

The watchdog also flagged instances of IRS-CI falling short on the safeguarding of seized assets. In one case, the FBI was unable to decrypt three hardware wallets and transferred them to an IRS-CI special agent. The agent claimed to have turned the wallets over to their supervisor before departing the agency, but TIGTA said the IRS’s Asset Recovery & Investigative Services and a redacted person or organization “were not aware of these three wallets.”

Other safeguarding problems detailed by TIGTA included the “inadvertent shredding of the recovery seed phrase for a specific government-controlled wallet” and “a conversion of a digital asset to a different digital asset type during seizure.”

“Best practices dictate that digital assets be kept in the form they were seized until a final order of forfeiture is entered,” the watchdog added.

TIGTA also highlighted a virtual wallet that IRS-CI failed to monitor for criminal activity following the seizure of digital assets. A subject matter expert told TIGTA that for one of those seized assets, there was “the possibility of additional deposits being made into the target’s wallet from dark web activity.”

IRS-CI fully or partially agreed with six of TIGTA’s recommendations: ensuring staff familiarity with memorandum requirements; implementing policies to preserve the form of seized digital assets; enacting procedures for the safe transfer of cases and evidence; establishing an inventory system to manage assets; updating pre-seizure planning and custody guidelines; and updating guidance on timeframe requirements for memorandums and recordkeeping.

“The IRS takes seriously our responsibility to ensure that all policies related to our administration of digital assets seizures demonstrate proper controls with only the highest levels of efficiency and security in mind,” the IRS’s CI chief said in a response letter to TIGTA.