Bitcoin Fog Case Could Put Cryptocurrency Tracing on Trial

The Department of Justice did not yet respond to WIRED’s request for comment. The IRS declined to comment on pending litigation. Sterlingov and his lawyers yesterday filed a motion to dismiss, a motion for a bill of particulars, a motion to free seized assets, and a motion to reconsider pretrial detention, among other items. The DOJ has produced more than three terabytes of data related to the case during discovery. The defense alleges that the sheer volume of information is difficult to parse but that nothing in it seems to establish a direct connection between Sterlingov and the creation or operation of Bitcoin Fog. And they further argue that the digital forensic analysis the prosecution has shared is flawed and opaque at best. If the prosecution doesn’t produce clear evidence as Sterlingov’s case unfolds, it may have to rely on the more indirect digital connections between Sterlingov and Bitcoin Fog that it describes in the statement of facts assembled by the IRS’s criminal investigations division, much of which was based on cryptocurrency tracing techniques. That statement shows a trail of financial transactions from 2011 allegedly linking Sterlingov to payments made to register the Bitcoinfog.com domain, which was not Bitcoin Fog’s actual dark-web site but a traditional website that advertised it. The funds to pay for that domain traveled through several accounts and were eventually exchanged from Bitcoin for the now-defunct digital currency Liberty Reserve, according to prosecutors. But the IRS says IP addresses, blockchain data, and phone numbers linked with the various accounts all connect the payments to Sterlingov. A Russian-language document in Sterlingov’s Google Account also described a method for obfuscating payments similar to the one he’s accused of using for that domain registration. Sterlingov says he “can’t remember” if he created Bitcoinfog.com and points out that he worked at the time as a web designer for a Swedish marketing company, Capo Marknadskommunikation. “That was 11 years ago,” Sterlingov says. “It’s really hard for me to say anything specific." Even if the government can prove that Sterlingov created a website to promote Bitcoinfog.com in 2011, however—and Ekeland argues even that is based on faulty IP address connections that came from Stertlingov’s use of a VPN—Ekeland points out that’s very different from running the Bitcoin Fog dark-web service for the subsequent decade it remained online and laundered criminal proceeds. To show Sterlingov’s deeper connection to Bitcoin Fog beyond a domain registration, the IRS says it used blockchain analysis to trace Bitcoin payments Sterlingov allegedly made as “test transactions” to the service in 2011 before it was publicly launched. Investigators also say that Sterlingov continued to receive revenue from Bitcoin Fog until 2019, also based on their observations of cryptocurrency payments recorded on the Bitcoin blockchain. Ekeland counters that the defense hasn’t received any details of that blockchain analysis and points out that it was left out of the most recent superseding indictment against Sterlingov, which was filed last week. That means, he argues, that the government has based the core of its case on an unproven, relatively new form of forensics—one that he says led them to the wrong suspect. “Has it been peer-reviewed? No,” Ekeland says of blockchain analysis. “Is it generally accepted in the scientific community? No. Does it have a known error rate? No. It’s unverifiable. They can say total nonsense, and everyone has to take it on faith."