Law enforcement officers in the United States have arrested a man on suspicion of laundering hundreds of millions of dollars’ worth of Bitcoin (BTC) through a cryptocurrency mixing service.
A crypto-mixing service—also known as a cryptocurrency tumbler—obscures the original source of potentially identifiable or “tainted” cryptocurrency by jumbling it up with other funds in a single pool.
An arrest warrant for Roman Sterlingov was successfully executed in Los Angeles, California, on April 27 and filed in the United States District Court for the District of Columbia on the same day.
The warrant accuses dual Russian and Swedish citizen Sterlingov of unlicensed money transmission, money laundering, and transmitting money without a license.
Sterlingov was arrested by special agent to the Internal Revenue Service Devon Beckett, who had been tasked with investigating the Bitcoin Fog darknet money-laundering service allegedly operated by Sterlingov.
In an affidavit, Beckett describes how Bitcoin Fog’s administrator publicly advertised the organization’s cryptocurrency mixer service “as a way to help users obfuscate the source of their Bitcoin” on a Twitter page and through a clearnet site.
The story told in the criminal complaint against Sterlingov begins with his allegedly founding the site in late 2011, while promoting it under the pseudonym Akemashite Omedetou, a Japanese phrase that means “Happy New Year.” In a post on the Bitcoin forum BitcoinTalk, Omedetou advertised that Bitcoin Fog “[mixes] up your bitcoins in our own pool with other users,” according to the complaint, and “can eliminate any chance of finding your payments and making it impossible to prove any connection between a deposit and a withdraw inside our service.”
Most remarkable, however, is the IRS’s account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov’s purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he’d use to set up Bitcoin Fog’s domain.
Based on tracing those financial transactions, the IRS says, it then identified Mt. Gox accounts that used Sterlingov’s home address and phone number, and even a Google account that included a Russian-language document on its Google Drive offering instructions for how to obscure Bitcoin payments. That document described exactly the steps Sterlingov allegedly took to buy the Liberty Reserve funds he’d used.
Using blockchain analysis, law enforcement confirmed that over 1.2 million BTC valued at approximately $335,809.383 has been sent through the Bitcoin Fog site since it was established in October 2011.
IRS-CI cyber-analysts determined that Bitcoin Fog received approximately 486,861.69 BTC valued at the time as approximately $54,897,316.44 directly from darknet markets.
“Historically, the largest senders of BTC though Bitcoin Fog have been darkness markets, such as Agora, Silk Road 2.0, Silk Road, Evolution, and AlphaBay, that primarily trafficked in illegal narcotics and other illegal goods,” wrote Beckett.
Through an undercover transaction performed in September 2019 plus some analysis, an IRS special agent was able to determine that the crypto-tumbling service offered by Bitcoin Fog worked effectively to break the link in the blockchain between the source and ultimate destination of funds sent.
A second undercover transaction carried out in November 2019 revealed that Bitcoin Fog released funds to a user after being informed by that user that the money was the proceeds of illegal drug sales.
Beckett wrote that analysis of Bitcoin transactions, financial records, internet service provider records, email records, and additional investigative information identified Sterlingov as the principal operator of Bitcoin Fog.
As of Tuesday afternoon, Bitcoin Fog remained online, though it’s unclear who, if anyone, now operates it.