If the prosecution does not produce clear evidence as Sterlingov’s case unfolds, it may have to rely on the more indirect digital connections between Sterlingov and Bitcoin Fog, which it describes in the statement of facts compiled by the IRS’s Division of Criminal Investigations, much of which was based on cryptocurrency tracking techniques. This affidavit shows a trail of financial transactions from 2011 that allegedly links Sterlingov to payments made to register the Bitcoinfog.com domain, which was not Bitcoin Fog’s actual dark web site, but a traditional site advertising it.
The funds to pay for that domain traveled through multiple accounts and were eventually exchanged from Bitcoin to the now-defunct digital currency Liberty Reserve, according to prosecutors. But the IRS says IP addresses, blockchain data and phone numbers associated with the various accounts all link the payments to Sterlingov. A Russian-language document on Sterlingov’s Google account also described a payment obfuscation method similar to the one he is accused of using for the domain registration in question.
Sterlingov says he “can’t remember” whether he created Bitcoinfog.com, pointing out that at the time he was working as a web designer for a Swedish marketing firm, Capo Marknadskommunikation. “That was 11 years ago,” says Sterlingov. “It’s really hard for me to say anything specific.”
Even if the govt able to prove that Sterlingov created a website to promote Bitcoinfog.com in 2011, and Ekeland claims that even that is based on faulty IP address connections that came from Stertlingov’s use of a VPN—Ekeland points out that this is very different from running the Bitcoin Fog Dark web service for the ensuing decade, it remained online and laundered criminal proceeds.
To show Sterlingov’s deeper connection to Bitcoin Fog beyond a domain registration, the IRS says it used blockchain analysis to trace Bitcoin payments Sterlingov allegedly made as “test transactions” to the service in 2011 before it publicly launched. Investigators also say that Sterlingov continued to receive income from Bitcoin Fog until 2019, also based on their observations of cryptocurrency payments recorded on the Bitcoin blockchain.
Ekeland counters that the defense has not received any details of that blockchain analysis, pointing out that it was omitted from the latest superseding indictment against Sterlingov, which was filed last week. That means, he argues, the government has based the core of its case on an unproven, relatively new form of forensics — one that he says led them to the wrong suspect. “Has it been peer-reviewed? No,” Ekeland says of blockchain analysis. “Is it generally accepted in the scientific community? No. Does it have a known failure rate? No. It cannot be verified. They can say total nonsense and everyone has to take it on faith.’
Ekeland says discovery documents in the case show the prosecution’s cryptocurrency tracking was done with tools sold by Chainalysis, a New York-based blockchain analytics startup, along with consulting help from Excygent, a government contractor specializing in cybercriminal and cryptocurrency investigations, which Chainalysis acquired in 2021.
Ekeland alleges that Chainalysis, valued at $8.6 billion in a recent investment round and often used in high-profile cybercriminal law enforcement investigations, had a conflict of interest in the case because of its financial reliance on U.S. government contracts and a stream of former government investigators who are went to work for Chainalysis. “This is a story of people profiting and advancing their careers, throwing people in jail to promote their blockchain analysis tool that is junk science and does not stand up to any scrutiny,” Ekeland says. He adds that, based on the evidence in Sterlingov’s case, he believes that “Chainalysis is the Theranos of blockchain analytics.”