Bitcoin Fog Case Could Put Cryptocurrency Tracking To The Test
If prosecutors don’t produce clear evidence as Sterlingov’s case unfolds, it may have to rely on the more indirect digital connections between Sterlingov and Bitcoin Fog that it describes in the statement of facts compiled by the IRS’s criminal investigation division, much of which was based on cryptocurrency tracking techniques. This statement shows a trail of financial transactions dating back to 2011 that allegedly links Sterlingov to payments made to register the Bitcoinfog.com domain, which was not Bitcoin Fog’s actual dark web site, but a traditional website advertising it.
The funds to pay for that domain went through multiple accounts and were eventually switched from Bitcoin to the now-defunct digital currency Liberty Reserve, according to prosecutors. But the IRS says IP addresses, blockchain data and phone numbers associated with the various accounts all link the payments to Sterlingov. A Russian-language document in Sterlingov’s Google account also described a method of obfuscating payments similar to the one he is accused of using for that domain registration.
Sterlingov says he “doesn’t remember” whether he created Bitcoinfog.com and points out that at the time he was working as a web designer for a Swedish marketing company, Capo Marknadskommunikation. “That was 11 years ago,” says Sterlingov. “It’s very difficult for me to say anything specific.”
Although the Govt can prove that Sterlingov created a website to promote Bitcoinfog.com in 2011 – and Ekeland even argues that it is based on false IP address connections that came from Stertlingov’s use of a VPN – Ekeland points out that is very different from running Bitcoin The Fog dark web service for the following decade remained online and laundered criminal proceeds.
To show Sterlingov’s deeper connection to Bitcoin Fog beyond a domain registration, the IRS says it used blockchain analysis to track Bitcoin payments Sterlingov allegedly made as “test transactions” to the service in 2011 before it publicly launched. Investigators also say that Sterlingov continued to receive income from Bitcoin Fog until 2019, also based on their observations of cryptocurrency payments recorded on the Bitcoin blockchain.
Ekeland points out that the defense has not received any details about that blockchain analysis and points out that it was omitted from the latest superseding indictment against Sterlingov, which was filed last week. That means, he argues, that the government has based the core of its case on an untested, relatively new form of investigation — one that he says led them to the wrong suspect. “Has it been peer reviewed? No, says Ekeland about blockchain analysis. “Is it generally accepted in the scientific community? No. Does it have a known failure rate? No. It cannot be verified. They can say total nonsense and everyone has to take it on faith.”
Ekeland says discovery documents in the case show that prosecutors’ cryptocurrency tracking was conducted with tools sold by Chainalysis, a New York-based blockchain analytics startup, along with consulting help from Excygent, a government contractor specializing in cybercriminal and cryptocurrency investigations, which Chainalysis acquired in 2021.
Ekeland argues that Chainalysis, valued at $8.6 billion in a recent investment round and often used in high-profile cybercrime law enforcement investigations, had a conflict of interest in the case, given its financial reliance on US government contracts and a stream of former government investigators who have gone to work for Chainalysis. “This is a story about people who are in the business of profit and advancing their careers, throwing people in jail for promoting their blockchain analysis tool that is junk science and does not stand up to scrutiny,” says Ekeland. He adds that, based on the evidence presented in Sterlingov’s case, he believes that “chainlight is the Theranos of blockchain analytics.”