State of Crypto: The Bitcoin Fog Indictment Shows the Permanence of User Data

The feds arrested the alleged operator of bitcoin mixing service Bitcoin Fog last week. But where’d they get the information to indict him?

AccessTimeIconMay 4, 2021 at 1:30 p.m. UTC
Updated Sep 14, 2021 at 12:50 p.m. UTC

Last week, U.S. Internal Revenue Service Criminal Investigations (IRS-CI) agents arrested the alleged operator behind crypto mixing service Bitcoin Fog. An attached “Statement of Facts” helpfully explains how the feds tracked the operator down, but raises new questions about how exactly they uncovered this information.

You're reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Tracking you

The narrative

Last week, U.S. officials arrested Roman Sterlingov on allegations he operated Bitcoin Fog, a service designed to obscure bitcoin transactions so external parties and blockchain analysis could not tell who sent any given transaction, a process commonly referred to as mixing. The feds charged the Russian-Swedish dual citizen with unlicensed money transmission and money laundering. An affidavit unsealed alongside the executed arrest warrant detailed how law enforcement officials gathered information to indict Sterlingov. 

Why it matters 

The affidavit, filed by IRS-CI Agent Devon Beckett, details how his agency tied Sterlingov to Bitcoin Fog, but the information he cites stems from years-old data the U.S. government apparently has about users on the now-defunct BTC-e, Mt. Gox and Liberty Reserve platforms. No, this was not primarily achieved by blockchain analysis. Instead, it appears that federal agents compared email addresses on the centralized platforms to identify Sterlingov before securing an indictment. 

Not only does this action reinforce the idea that crypto exchange users give up much of their privacy when signing up, but it emphasizes the feds might hold onto that data for years. 

Breaking it down

Bitcoin Fog launched in 2011 and was allegedly a money launderer for various darknet platforms taken down by federal officials over the years, including Silk Road, Silk Road 2.0, AlphaBay, Agora and Evolution Market. 

A Department of Justice press release even called Bitcoin Fog the “longest-running bitcoin money-laundering service on the darknet."

Interestingly, the affidavit initially seems to give the impression blockchain analysis was a part of the investigation into the site’s operator.

“While the identity of a Bitcoin address owner is generally anonymous (unless the owner opts to make the information publicly available), law enforcement can often identify the owner of a particular Bitcoin address by analyzing the blockchain,” Beckett wrote.

The blockchain analysis seems to have been used only to confirm Bitcoin Fog’s volume over the past 10 years (1.2 million BTC), and to prove that it was mixing the bitcoin sent through it (more on that later). The rest of the investigation – meaning the part that actually tied Sterlingov to the site he allegedly ran – may have just depended on user databases connected to Mt. Gox, Liberty Reserve, BTC-e and Google.

Taylor Monahan, the founder and CEO of Ethereum wallet manager MyCrypto, tweeted, “As far as I can tell, the tracing of on-chain BTC transactions played ~zero part in tracking down/confirming Bitcoin Fog's alleged operator's” identity.

The IRS sent a subpoena to Google, but it’s a lot less clear where it got the email address and wallet information for the other platforms. 

The affidavit says: “Analysis of bitcoin transactions, financial records, Internet service provider records, e-mail records and additional investigative information, identifies ROMAN STERLINGOV as the principal operator of BITCOIN FOG.”

It cites bitcoin sent from a Mt. Gox account (opened in Sterlingov’s name) to a second Mt. Gox account. The bitcoin went through a few other exchanges before eventually landing at a Liberty Reserve account, which was then used to pay for the domain.

Monahan questions where this information was recorded.

Under the Privacy Act of 1974 (h/t Andrew Hinkes), a federal agency cannot provide records to another agency without the permission of any individual mentioned in those records. (It’s unclear whether this happened here.)

According to a Department of Justice webpage, there are a few possible exceptions, though none appear to apply to this case at first glance.

It may have taken the U.S. 10 years to arrest Sterlingov just because federal agents needed to verify information stored on BTC-e before affirmatively tying him to Bitcoin Fog, Monahan said. 

The other detail that stood out to me concerns the whole bitcoin mixing aspect. U.S. law enforcement officials have publicly stated their opposition to mixing services before, with one last year calling their use “a crime.” And while it seems like it's too early to be reading tea leaves, I wonder if we’ll see more prosecutions against the operators of mixing services in the future.

Beckett wrote that an undercover IRS agent successfully sent some small portion of bitcoin from one wallet to another, but “investigators were unable to directly trace any direct link between” the two wallets. This is how the IRS agent proved the mixing service was being used to obfuscate transfers, as well as verify that the platform was not conducting any know-your-customer checks.

Biden’s rule

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)
Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

The Securities and Exchange Commission has appointed Wharton School Professor Jessica Wachter as its chief economist and the director of the Division of Economic and Risk Analysis. Professor Wachter has also taught a course on crypto (h/t Andrew Hinkes). 

We’re still waiting to see who U.S. President Joseph Biden will nominate to head the Commodity Futures Trading Commission and Office of the Comptroller of the Currency. Consumer Finance Protection Bureau Director-Nominee Rohit Chopra is also still waiting for his confirmation vote.


  • Russian News Outlet Calls for Crypto Donations as Kremlin Cracks Down on Media: The Russian government has designated the media outlet Meduza a “foreign agent,” forcing it to display that text prominently up top. Meduza is now accepting crypto donations (bitcoin, ether, BNB) to make up its funding shortfall after advertisers started leaving.
  • Colombia’s Crypto Use Soars, and Local Regulators Step In: Regulators are paying attention to crypto in Colombia after trading volumes in the South American country skyrocketed through the first few months of 2021. Importantly, financial regulators don’t look like they’re eyeing a ban; rather, they’re creating a fintech sandbox and updating tax and anti-money laundering rules.
  • Cardano in Africa: Inside IOHK’s Ethiopia Blockchain Deal: Just 15% of Ethiopia’s population has access to the internet. Cardano maker IOHK is hoping to grow this figure in a partnership with the Ministry of Education. Under the agreement, IOHK is creating an Ethiopia office, beginning to program a digital ID project (planned to go live in January 2022) and will reportedly provide IDs and tablets to 5 million students.

Outside CoinDesk:

  • (Krebs on Security) Credit bureau Experian leaked credit score information for U.S. persons through an API issue. Anyone who had an individual’s name and address could look up that individual’s credit score, which is insanely insecure for personal information. Experian claims to have patched the hole but security researcher Bill Demirkapi, who found the flaw, believes any number of companies might be leaking this data through Experian’s API.
  • (Texas Monthly) There’s a push to make Texas more blockchain-friendly, with a number of bills before the legislature and a new lobbying group, according to the Texas Monthly. The state apparently now has the largest mining presence in the U.S.
  • (CNN) The U.S. Department of Homeland Security is reportedly considering working with private companies to track U.S. citizens online and in private messaging apps in an expansion of its surveillance efforts. According to CNN, DHS officials believe it could help them monitor extremist groups, though the same unit has collected intelligence on protestors and journalists in the past.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at or find me on Twitter @nikhileshde

You can also join the group conversation on Telegram

May the 4th be with you!


Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.