roman sterlingov, accused of laundering $336 million, is proclaiming his innocence—and tough a key investigative device.
tools to trace cryptocurrencies have, over simply the past several years, allowed regulation enforcement businesses to convict darkish-net black-marketplace directors, recover millions in ransomware payments, capture billions in stolen bitcoins, or even disrupt networks of toddler abuse. now one crook defendant claims those equal equipment have also unjustly put him in prison for more than 15 months.
inside the spring of 2021, roman sterlingov, a 33-yr-old swedish-russian countrywide, was arrested by way of internal revenue service criminal investigators at the los angeles airport and was accused of making and operating bitcoin fog, a bitcoin “blending” carrier at the dark net that took in coins from its users and again others with the intention of preventing forensic accountants from following that money’s trail. the united states justice branch accuses sterlingov of no less than $336 million in money laundering over bitcoin fog’s decade on line.
now, sterlingov’s criminal group, led with the aid of the well-known hacker defense lawyer tor ekeland, has fired again: they’re claiming in a sequence of legal motions filed past due the previous day that sterlingov is innocent and vowing to take his case to trial. in doing so, sterlingov’s defense says, they plan to expose not most effective that he never ran bitcoin fog however additionally that the blockchain evaluation techniques used to pin the case on him had been faulty, leading to his wrongful arrest and a lost yr of his existence.
“i did no longer create bitcoin fog. i was never an administrator of bitcoin fog,” sterlingov instructed stressed out, speakme from a northern virginia jail. “i’ve been here for greater than a yr now. i’m really at a loss for words on the device that could positioned me in right here, at what they could do to an harmless guy. it’s a kafkaesque nightmare.”
in contrast to in some greater-uncomplicated investigations of crook use of cryptocurrency, prosecutors in sterlingov’s case haven’t pointed to any smoking-gun virtual evidence retrieved from sterlingov’s possessions or devices while he turned into arrested during his ride to america closing year. instead, the assertion of records released while charges in opposition to sterlingov became public in april 2021 precise a combination of blockchain-primarily based cryptocurrency tracing, ip cope with matching, and on line account records hyperlinks. the irs says that collection of evidence ties sterlingov to bitcoin fog’s advent in 2011 and indicates—thru bitcoin tracing specially—that he endured to receive profits from the service as overdue as 2019.
“wherein’s the corroborating proof?” asks sterlingov’s protection legal professional ekeland. he runs thru the inventory of gadgets found on sterlingov at the time of his arrest, which he says covered laptops, hard drives, backup codes for his money owed, bitcoin debit playing cards, and a customized cellphone for storing cryptocurrency. “however you realize what’s not observed after they trap him touring? a shred of evidence that he operated bitcoin fog. no witnesses, no logs, no communications. they’re pinning it on a multi-layer guessing recreation.”
the department of justice did now not but reply to stressed’s request for comment. the irs declined to comment on pending litigation.
sterlingov and his attorneys the previous day filed a motion to dismiss, a motion for a bill of details, a motion to loose seized belongings, and a motion to reconsider pretrial detention, among different objects. the doj has produced extra than 3 terabytes of information associated with the case all through discovery. the defense alleges that the sheer extent of statistics is hard to parse however that nothing in it seems to set up a direct connection among sterlingov and the advent or operation of bitcoin fog. and they similarly argue that the digital forensic evaluation the prosecution has shared is flawed and opaque at excellent.
if the prosecution doesn’t produce clean proof as sterlingov’s case unfolds, it is able to have to rely upon the greater indirect digital connections between sterlingov and bitcoin fog that it describes inside the statement of records assembled by way of the irs’s criminal investigations division, a great deal of which changed into primarily based on cryptocurrency tracing strategies. that declaration shows a trail of financial transactions from 2011 allegedly linking sterlingov to payments made to sign up the bitcoinfog.com domain, which become now not bitcoin fog’s real darkish-net website however a traditional website that advertised it.
the budget to pay for that domain traveled via numerous bills and have been ultimately exchanged from bitcoin for the now-defunct virtual currency liberty reserve, according to prosecutors. however the irs says ip addresses, blockchain records, and phone numbers linked with the various debts all join the bills to sterlingov. a russian-language document in sterlingov’s google account additionally described a way for obfuscating bills much like the only he’s accused of the usage of for that area registration.
sterlingov says he “can’t keep in mind” if he created bitcoinfog.com and points out that he worked on the time as an internet dressmaker for a swedish advertising corporation, capo marknadskommunikation. “that turned into eleven years in the past,” sterlingov says. “it’s definitely difficult for me to say something specific.”
even supposing the authorities can prove that sterlingov created a internet site to promote bitcoinfog.com in 2011, however—and ekeland argues even this is based on defective ip deal with connections that got here from stertlingov’s use of a vpn—ekeland factors out that’s very distinct from strolling the bitcoin fog dark-internet provider for the following decade it remained on line and laundered crook proceeds.
to reveal sterlingov’s deeper connection to bitcoin fog beyond a website registration, the irs says it used blockchain analysis to trace bitcoin bills sterlingov allegedly made as “test transactions” to the carrier in 2011 before it was publicly launched. investigators also say that sterlingov persevered to acquire sales from bitcoin fog till 2019, also based on their observations of cryptocurrency payments recorded at the bitcoin blockchain.
ekeland counters that the defense hasn’t acquired any info of that blockchain analysis and points out that it was overlooked of the most recent superseding indictment against sterlingov, which was filed remaining week. that means, he argues, that the government has primarily based the center of its case on an unproven, incredibly new form of forensics—one which he says led them to the incorrect suspect. “has it been peer-reviewed? no,” ekeland says of blockchain analysis. “is it usually general in the scientific network? no. does it have a known errors rate? no. it’s unverifiable. they could say overall nonsense, and every person has to take it on faith.”
ekeland says that discovery documents within the case show that the prosecution’s cryptocurrency tracing become completed with gear offered by means of chainalysis, a big apple–based blockchain analysis startup, together with consulting help from excygent, a central authority contractor specializing in cybercriminal and cryptocurrency investigations, which chainalysis obtained in 2021.
ekeland argues that chainalysis, valued at $eight.6 billion in a current funding spherical and frequently used in excessive-profile cybercriminal law enforcement investigations, had a battle of interest within the case, given its monetary dependence on us government contracts and a float of former government investigators who have long gone to work for chainalysis. “this is a tale of people profiteering and advancing their careers, throwing humans in jail to promote their blockchain evaluation tool that is junk technological know-how and doesn’t withstand any scrutiny,” says ekeland. he provides that, primarily based on the proof supplied in sterlingov’s case, he believes “chainalysis is the theranos of blockchain evaluation.”
chainalysis declined to remark about the motions filed yesterday, their broader implications, or ekeland’s characterization of its work.
sterlingov, for his element, says his cryptocurrency holdings—all of which were frozen on the time of his arrest—got here now not from bitcoin fog but from early funding in cryptocurrency. he concedes that he did ship and acquire bills to bitcoin fog as a user of the carrier looking for privateness, however says he didn’t use his bitcoins for whatever unlawful. “i assume some of my transfers have to are becoming combined up with everything,” he says.
in conjunction with their motions, the defense filed professional declarations with the court docket, one from cybersecurity researcher chris vickery and the opposite from intelligence analyst eric garland. the files are intended to guide sterlingov and his legal professional’s accusations about the prosecution’s virtual forensic analysis and chainalysis and excygent’s alleged conflicts of interest in investigating sterlingov’s ability ties to bitcoin fog.
sterlingov, who moved together with his circle of relatives from voronezh, russia, to gothenburg, sweden, whilst he became 14, also argues that as a swedish citizen he ought to be attempted in sweden in place of the usa. he had flown to the united states, he says, most effective to go to flight college to train as a business pilot. his defense has argued in monday’s motions that the district of columbia prosecutors charging sterlingov don’t have any venue to pursue the case, given that he has no connection to washington, dc.
“i don’t apprehend how i’m in an american prison. i’ve by no means finished commercial enterprise with the united states,” says sterlingov. “i’m involved. i don’t recognise what’s going to show up. i’m thousands of miles from my home. if i have been a few kind of crypto criminal kingpin, which i’m now not, sweden could address me.”
moreover, sterlingov’s legal professionals argue in their motion to push aside that the statute of barriers has run out on the fees in opposition to him, for the reason that alleged behavior at issue, such as registering the bitcoinfog.com area and undertaking precise bitcoin transactions, happened in 2011. the motion argues that three of the counts brought in opposition to sterlingov have a five-12 months statute of obstacles and that one has a six-year statute.
given that blockchain analysis and cryptocurrency payment tracing techniques have matured during the last decade and have become principal to many cybercriminal investigations within the us and worldwide, it’s miles inevitable that their technique and validity can be called into question and interrogated. sterlingov’s case is taking step one to establish that battleground.