Last week, U.S. Internal Revenue Service Criminal Investigations (IRS-CI) agents arrested the alleged operator behind crypto mixing service Bitcoin Fog. An attached “Statement of Facts” helpfully explains how the feds tracked the operator down, but raises new questions about how exactly they uncovered this information.
You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.
Last week, U.S. officials arrested Roman Sterlingov on allegations he operated Bitcoin Fog, a service designed to obscure bitcoin transactions so external parties and blockchain analysis could not tell who sent any given transaction, a process commonly referred to as mixing. The feds charged the Russian-Swedish dual citizen with unlicensed money transmission and money laundering. An affidavit unsealed alongside the executed arrest warrant detailed how law enforcement officials gathered information to indict Sterlingov.
The affidavit, filed by IRS-CI Agent Devon Beckett, details how his agency tied Sterlingov to Bitcoin Fog, but the information he cites stems from years-old data the U.S. government apparently has about users on the now-defunct BTC-e, Mt. Gox and Liberty Reserve platforms. No, this was not primarily achieved by blockchain analysis. Instead, it appears that federal agents compared email addresses on the centralized platforms to identify Sterlingov before securing an indictment.
Not only does this action reinforce the idea that crypto exchange users give up much of their privacy when signing up, but it emphasizes the feds might hold onto that data for years.
Bitcoin Fog launched in 2011 and was allegedly a money launderer for various darknet platforms taken down by federal officials over the years, including Silk Road, Silk Road 2.0, AlphaBay, Agora and Evolution Market.
A Department of Justice press release even called Bitcoin Fog the “longest-running bitcoin money-laundering service on the darknet.”
Interestingly, the affidavit initially seems to give the impression blockchain analysis was a part of the investigation into the site’s operator.
“While the identity of a Bitcoin address owner is generally anonymous (unless the owner opts to make the information publicly available), law enforcement can often identify the owner of a particular Bitcoin address by analyzing the blockchain,” Beckett wrote.
The blockchain analysis seems to have been used only to confirm Bitcoin Fog’s volume over the past 10 years (1.2 million BTC), and to prove that it was mixing the bitcoin sent through it (more on that later). The rest of the investigation – meaning the part that actually tied Sterlingov to the site he allegedly ran – may have just depended on user databases connected to Mt. Gox, Liberty Reserve, BTC-e and Google.
Taylor Monahan, the founder and CEO of Ethereum wallet manager MyCrypto, tweeted, “As far as I can tell, the tracing of on-chain BTC transactions played ~zero part in tracking down/confirming Bitcoin Fog’s alleged operator’s” identity.
The IRS sent a subpoena to Google, but it’s a lot less clear where it got the email address and wallet information for the other platforms.
The affidavit says: “Analysis of bitcoin transactions, financial records, Internet service provider records, e-mail records and additional investigative information, identifies ROMAN STERLINGOV as the principal operator of BITCOIN FOG.”
It cites bitcoin sent from a Mt. Gox account (opened in Sterlingov’s name) to a second Mt. Gox account. The bitcoin went through a few other exchanges before eventually landing at a Liberty Reserve account, which was then used to pay for the bitcoinfog.com domain.
Monahan questions where this information was recorded.
Under the Privacy Act of 1974 (h/t Andrew Hinkes), a federal agency cannot provide records to another agency without the permission of any individual mentioned in those records. (It’s unclear whether this happened here.)
According to a Department of Justice webpage, there are a few possible exceptions, though none appear to apply to this case at first glance.
It may have taken the U.S. 10 years to arrest Sterlingov just because federal agents needed to verify information stored on BTC-e before affirmatively tying him to Bitcoin Fog, Monahan said.
The other detail that stood out to me concerns the whole bitcoin mixing aspect. U.S. law enforcement officials have publicly stated their opposition to mixing services before, with one last year calling their use “a crime.” And while it seems like it’s too early to be reading tea leaves, I wonder if we’ll see more prosecutions against the operators of mixing services in the future.
Beckett wrote that an undercover IRS agent successfully sent some small portion of bitcoin from one wallet to another, but “investigators were unable to directly trace any direct link between” the two wallets. This is how the IRS agent proved the mixing service was being used to obfuscate transfers, as well as verify that the platform was not conducting any know-your-customer checks.
The Securities and Exchange Commission has appointed Wharton School Professor Jessica Wachter as its chief economist and the director of the Division of Economic and Risk Analysis. Professor Wachter has also taught a course on crypto (h/t Andrew Hinkes).
We’re still waiting to see who U.S. President Joseph Biden will nominate to head the Commodity Futures Trading Commission and Office of the Comptroller of the Currency. Consumer Finance Protection Bureau Director-Nominee Rohit Chopra is also still waiting for his confirmation vote.
If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde.
You can also join the group conversation on Telegram.
May the 4th be with you!