Purported ransom note for Savannah Guthrie's mom demanded payment in bitcoin. Could it be tracked?

The disappearance of "Today" show co-host Savannah Guthrie's mother, Nancy Guthrie, includes a tantalizing clue: an apparent ransom note that demanded payment in bitcoin. 

The note, which is being taken seriously by investigators, included a deadline of 5 p.m. Thursday, although it didn't specify a time zone. If the payment wasn't made, the note specified another deadline of Monday, investigators said Thursday. 

The demand for bitcoin raises questions about whether the cryptocurrency could be used to hide a kidnapper's identity, given the financial product's semi-anonymous nature. Experts tell CBS News that law enforcement officials can track down information about the people or organizations behind crypto transactions, increasing the chances that the ransom demand could produce possible leads in the Guthrie case.

All bitcoin transactions are recorded and monitored on the public blockchain, which is similar to a bank ledger. To conduct a transaction, a user must also have a bitcoin wallet with an alphanumeric address, which stores private keys for authorizing transfers and public keys for receiving funds.

Those pieces of information — a blockchain transaction and a bitcoin wallet — can offer a starting point for law enforcement to track down a bad actor, said Ari Redbord, global head of policy at TRM Labs, which helps track crypto fraud and crimes, and a former Department of Justice and Treasury official who investigated financial crimes.

"Every transaction in bitcoin is logged on an open public ledger, and it's immutable, meaning it's there forever," Redbord told CBS News. "We're able to track and trace every transaction to and from that address in order to potentially identify the holder of the wallet address."

Not untraceable

Blockchain analyses can examine whether that wallet has been used for illicit activity in the past, or if the account is associated with ransomware or other cybercrimes, he noted. They can also examine which other addresses are sending funds to the wallet in question, and then build out a map to help track the identity of the bad actor. 

"It's a common misconception that crypto, including bitcoin, is totally anonymous and untraceable, but it's actually the exact opposite of that," said Madeleine Kennedy, vice president of communications at Chainalysis, which makes apps and software for blockchain investigations, including tracking crypto crimes. 

That means the blockchain may be able to provide more information to investigators than other valuables often used to pay ransoms, including art, diamonds or even cash, Redbord said.

"Our law enforcement customers regularly tell us they would much rather follow the money in crypto than in cash," Kennedy added.

What "know your customer" laws can tell you

Once the owner of a bitcoin wallet goes to a crypto exchange — such as Binance or Coinbase — to cash out the cryptocurrency, law enforcement can gain even more information, experts said. Crypto exchanges in the U.S. are subject to the same "know your customer" laws, which are anti-money laundering regulations requiring a financial institution to collect customer information.

That data includes a customer's full legal name, birth date and home address, which is usually collected through a user's government ID, according to Coinbase.

"Law enforcement can send a subpoena to a cryptocurrency exchange where they know the funds went and say, 'Hey, we need to know more about the user of this address — what is their name, what is their birthday, what is their Social Security number, their phone number, what email did they use to set up the account'," Redbord told CBS News. 

He added, "When you can really catch them is when they're trying to move funds through a cryptocurrency exchange."

One question is whether law enforcement will be able to act fast enough to trace the money before it's transferred out of a crypto exchange and disappears, experts said. Criminals could also possibly transfer the crypto to an illicit exchange that doesn't follow "know your customer" regulations.

"The challenge is that bad actors can move faster than ever, and it really becomes this race to the off-ramps in cases like this," Redbord said.