On November 8, 2024, Roman Sterlingov, operator of cryptocurrency mixer Bitcoin Fog, was sentenced to 12 years and 6 months in prison for money laundering. A “mixer” is a service that blends digital assets from multiple sources, making it more difficult to follow the transactional trail. Mixers are attractive to illicit actors who seek to launder criminal proceeds. Bitcoin Fog moved more than 1.2 million bitcoin, valued at around $400 million, most of which came from darknet markets linked with narcotics, cybercrimes, identity theft, and other crimes.
Evidence presented in the trial included results from blockchain analytics tools – evidence that was contested, and ultimately found by the Court to be admissible. Beyond the judicial context, the Court’s reasoning on the considerations and limitations on use of blockchain analytic software may inform how financial institutions use decision support technologies, and how they may be scrutinized by regulators.
Address (wallet address)
A unique identifier comprising letters and numbers that is used for sending and receiving digital assets. It is comparable with a bank account number.
Clustering
The process of grouping wallet addresses together where analysis indicates they are likely to be owned by the same individual or entity. This can assist with identifying addresses and transactions that are associated with illicit activity.
Heuristic
A cryptocurrency clustering technique.
Co-spending
An analytical technique (heuristic) used in clustering. A blockchain transaction can contain multiple input addresses and multiple output addresses. Where a transaction contains multiple input addresses, these are said to be “co-spending,” which is an indicator that the input addresses are controlled by the same entity. An approximate real-life equivalent would be if you are in a store and need to pay for an item that costs $15. You have $10 in your wallet (real-life physical one), another $3 in your jacket pocket, and $2 in quarters in your jeans pocket. You combine funds from these different sources to pay the total of $15.
On-chain behaviors
Another analytical technique (heuristic) used in clustering. This method uses the information publicly available on the blockchain to identify digital “fingerprints” and the outcomes of test transactions with addresses known to belong to a target entity, to cluster addresses. While many of the precise details are confidential, one public example is the use of a “peel chain.” For a bitcoin transaction, it isn’t possible to spend only a portion of the bitcoin held in the sending address. Instead, where the sending entity holds more bitcoin needed for a transaction, some bitcoin are sent to the receiving address and the remaining bitcoin is sent to a different “change address”. By following a sequence of transactions, called the “peel chain,” it may be possible to find an address that has co-spent with the address at the start of the chain. This reveals which sequence of transactions are payments and which are change, and from this the “change addresses” can be clustered together as being owned by the same entity.
The judgement in United States v. Sterlingov recognized that software and tools are acceptable when interpreting high volumes of data like blockchain, described by the Court as an “overwhelming mass” where “no jury could possibly discern whether a particular darknet site… had made significant use of a bitcoin mixer without the use of a tool”.
However, while the judgment recognizes the necessity of tools, it also references the importance of being able to verify the outcomes:
“Given the volume of transactions recorded on the blockchain, investigators frequently make use of proprietary software… Much of this work could be done manually given enough time, and … it is possible to corroborate (or to challenge) the results generated by the software for particular clusters with the public blockchain data, a pad of paper, a pencil, and hours of work.”
The significance of this statement is that the blockchain analytics software is not a “black box.” In the Bitcoin Fog case, the Court noted that the defense could have performed its own tracing to assess the accuracy of the clustering results generated by the software and to “corroborate or challenge” the prosecution’s evidence. Another word for this is “deterministic.” In the context of digital assets, this means that when the blockchain analytics software is run on a fixed data set, it will produce the same results every time. This contrasts with “black box” artificial intelligence models which can produce different outputs based on learning patterns and evolving parameters.
In the Bitcoin Fog case, blockchain analytics software was used to associate digital asset wallet addresses with the activity of eight darknet markets – as the sources of the illicit funds – and mixer Bitcoin Fog. The software provided detailed information on which “heuristics,” meaning rules or methods used to cluster addresses, had been used. The three heuristics used in the Bitcoin Fog were:
The software could provide detailed data on how these heuristics were applied to identify the darknet markets, for example:
Finally, to identify the addresses associated with Bitcoin Fog, the software used heuristic 1 (50.26%) and heuristic 2 (49.74%) to cluster addresses.
This level of “traceability” – used in this context to mean the steps in making a decision – ensures that the outputs could be scrutinized, challenged, and verified.
In the Bitcoin Fog case, blockchain analytics were used to establish the “order of magnitude” of the illicit proceeds that passed through Bitcoin Fog. The software clustered and attributed over 900,000 addresses and traced receipt of approximately 1,284,251 bitcoin to Bitcoin Fog and withdrawals of approximately 1,280,935 bitcoin, representing approximately $400 million in receipts and a similar amount in withdrawals.
The blockchain analytics data was just one element of the evidence presented against Sterlingov. In addition, evidence included materials found on his person when he was arrested, online forum posts, analysis of IP addresses, and traditional manual blockchain tracing. Use of blockchain analytics in this context was described as a “minor witness” because the way blockchain analytics were used did not require “precise line drawing.”
The Court recognized other situations where the use of blockchain analytics may be approached differently, while this did not apply in the Bitcoin Fog case. Firstly, in Bitcoin Fog, blockchain analytics were not used to identify whether a single address, or small number of addresses, had been correctly attributed using the software. The judgement recognized that this would be “very different” from order of magnitude use.
Secondly, the analysis of the admissibility of blockchain analytics evidence took place during a “Daubert trial,” which means that the Court was deciding whether the blockchain analytics could be presented to a jury, where it could be challenged. This contrasts with a decision on whether the blockchain analytics software produced accurate results.
“This is not a case in which the government’s theory that Sterlingov was the operator of Bitcoin Fog turns exclusively, or even primarily, on Scholl and Bisbee’s [the government experts] use of the Reactor software.”
The investigators for Bitcoin Fog used Chainalysis’ “Reactor” as the blockchain analytics tool. The judgement recognized that other analytics tools, including those provided by Elliptic and TRM Labs, are comparable with Chainalysis in the provision of blockchain analytics.
In addition to the ability to validate the results, described above, the Court recognized that the investigators had actually validated the results using TRM Labs’ blockchain analytics tool and – for five addresses – by manual analysis of the blockchain “by hand.”
What can Chief Compliance Officers learn from the use of blockchain analytics data in the Bitcoin Fog case, that they can apply within their department?
We’ve previously outlined the actions a Chief Compliance Officer can take to fulfil their responsibilities when using automation and AI. Now we can use the Bitcoin Fog case to add three more best practices, including detail on how they apply to blockchain analytics.
Example – Digital Assets: For blockchain analytics decision support tools, use well-established and reputable software. Compliance teams could consider evaluating several tools in parallel to identify which ones produce the most reliable and comprehensive results for the business’ specific client base, before making a decision.
Example – Digital Assets: The results of blockchain analytics tools can be replicated using manual tracing to demonstrate that the analytics software produce accurate results – at least for a sample.
Example – Digital Assets: If you use blockchain analytics to inform a decision to exit (or retain) a specific customer, you should rigorously validate the data and methodology – rather than simply rely on an automated system. You could consider corroborating the results using a different blockchain tool. This contrasts with use of blockchain analytics to identify the risk profile at the aggregated level, for example for client segments.
While the Court’s findings on the use of blockchain analytics data as evidence have limitations, their admissibility represents a milestone. More broadly than the judicial context, it demonstrates another step in blockchain and crypto becoming established elements of the financial system.
The defense had contended that blockchain analytics is “junk science” and was not the product of reliable principles and methods. Giving the Court the final word, it was “unpersuaded” on these points and instead it was “persuaded by ample corroborating evidence and testimony that [blockchain analytics tool] Reactor’s reliability has been established by a preponderance of the evidence.”
Author
Catherine Woods is an Associate Managing Director at the Institute for Financial Integrity where she leads content development on emerging technologies including digital assets, export controls, and other counter-illicit finance domains. For more information about our courses and services, please contact info@finintegrity.org.
Join the Institute for Financial Integrity for a roundtable discussion with financial institutions, policy experts, and practitioners to assess the digital asset landscape: the environment today and the outlook for the future.
https://finintegrity.org/wp-content/uploads/2025/02/article-walking-sanctions-tightrope-bg.jpg
1200
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-02-18 07:00:342025-02-18 10:02:48Walking the Sanctions Tightrope
https://finintegrity.org/wp-content/uploads/2025/01/article-wicked-games-bg.jpg
1029
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-02-04 07:00:562025-02-04 09:17:33Wicked Games
https://finintegrity.org/wp-content/uploads/2025/01/bg-russia-energy-sanctions.jpg
1157
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-30 07:00:372025-01-30 07:57:09Biden Takes Final Shot at Russia’s Energy
https://finintegrity.org/wp-content/uploads/2025/01/bg-the-chips-are-down.jpg
1013
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-28 07:00:182025-01-28 08:30:49The Chips Are Down
https://finintegrity.org/wp-content/uploads/2025/01/article-jan2025-webinar-recap.jpg
1013
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-17 07:00:002025-01-22 10:38:062024’s Top 10 Major Developments
https://finintegrity.org/wp-content/uploads/2025/01/syria-sanctions-relief-bg.jpg
1307
2000
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-16 07:00:582025-01-15 12:40:18Syria Sanctions Relief
https://finintegrity.org/wp-content/uploads/2025/01/article-green-gold-rush.jpg
1261
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-13 07:00:472025-02-18 16:30:01The Green Gold Rush
https://finintegrity.org/wp-content/uploads/2025/01/article-shell-companies.jpg
1261
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-08 07:00:302025-01-03 14:44:41Shell Companies as an Enabler of Export Control Violations
https://finintegrity.org/wp-content/uploads/2025/01/article-ai-compliance.jpg
1261
1800
IFI
https://live-black-pebble.pantheonsite.io/wp-content/uploads/2023/12/GIFI-Placeholder2.png
IFI2025-01-06 07:00:412025-01-03 14:59:22Lessons from the Frontlines of AI in Compliance