Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial Leave a comment

If the prosecution doesn’t produce clear evidence as Sterlingov’s case unfolds, it may have to rely on the more indirect digital connections between Sterlingov and Bitcoin Fog that it describes in the statement of facts assembled by the IRS’s criminal investigations division, much of which was based on cryptocurrency tracing techniques. That statement shows a trail of financial transactions from 2011 allegedly linking Sterlingov to payments made to register the domain, which was not Bitcoin Fog’s actual dark-web site but a traditional website that advertised it.

The funds to pay for that domain traveled through several accounts and were eventually exchanged from Bitcoin for the now-defunct digital currency Liberty Reserve, according to prosecutors. But the IRS says IP addresses, blockchain data, and phone numbers linked with the various accounts all connect the payments to Sterlingov. A Russian-language document in Sterlingov’s Google Account also described a method for obfuscating payments similar to the one he’s accused of using for that domain registration.

Sterlingov says he “can’t remember” if he created and points out that he worked at the time as a web designer for a Swedish marketing company, Capo Marknadskommunikation. “That was 11 years ago,” Sterlingov says. “It’s really hard for me to say anything specific.”

Even if the government can prove that Sterlingov created a website to promote in 2011, however—and Ekeland argues even that is based on faulty IP address connections that came from Stertlingov’s use of a VPN—Ekeland points out that’s very different from running the Bitcoin Fog dark-web service for the subsequent decade it remained online and laundered criminal proceeds.

To show Sterlingov’s deeper connection to Bitcoin Fog beyond a domain registration, the IRS says it used blockchain analysis to trace Bitcoin payments Sterlingov allegedly made as “test transactions” to the service in 2011 before it was publicly launched. Investigators also say that Sterlingov continued to receive revenue from Bitcoin Fog until 2019, also based on their observations of cryptocurrency payments recorded on the Bitcoin blockchain.

Ekeland counters that the defense hasn’t received any details of that blockchain analysis and points out that it was left out of the most recent superseding indictment against Sterlingov, which was filed last week. That means, he argues, that the government has based the core of its case on an unproven, relatively new form of forensics—one that he says led them to the wrong suspect. “Has it been peer-reviewed? No,” Ekeland says of blockchain analysis. “Is it generally accepted in the scientific community? No. Does it have a known error rate? No. It’s unverifiable. They can say total nonsense, and everyone has to take it on faith.”

Ekeland says that discovery documents in the case show that the prosecution’s cryptocurrency tracing was performed with tools sold by Chainalysis, a New York–based blockchain analysis startup, along with consulting help from Excygent, a government contractor specializing in cybercriminal and cryptocurrency investigations, which Chainalysis acquired in 2021.

Ekeland argues that Chainalysis, valued at $8.6 billion in a recent investment round and frequently used in high-profile cybercriminal law enforcement investigations, had a conflict of interest in the case, given its financial dependence on US government contracts and a flow of former government investigators who have gone to work for Chainalysis. “This is a story of people profiteering and advancing their careers, throwing people in jail to promote their blockchain analysis tool that is junk science and doesn’t withstand any scrutiny,” says Ekeland. He adds that, based on the evidence provided in Sterlingov’s case, he believes “Chainalysis is the Theranos of blockchain analysis.”