How policy and regulation impact the crypto world – and the other way around

By Nikhilesh De

Managing Editor, Global Policy & Regulation

May 4, 2021

Sponsored by

If you were forwarded this newsletter and would like to receive it, sign up here. 

Hey folks,

Welcome to State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. I’m your host, Nikhilesh De. You’re probably here because you signed up, but in case you're not a fan, you can unsubscribe here.

Last week, U.S. Internal Revenue Service Criminal Investigations (IRS-CI) agents arrested the alleged operator behind crypto mixing service Bitcoin Fog. An attached “Statement of Facts” helpfully explains how the feds tracked the operator down, but raises new questions about how exactly they uncovered this information.

—Nik

Tracking you

An IRS-CI agent said he identified the alleged operator of crypto mixing service Bitcoin Fog using data from various exchanges the U.S. took down and blockchain analysis.(NeONBRAND/Unsplash, modified via PhotoMosh)

The narrative

Last week, U.S. officials arrested Roman Sterlingov on allegations he operated Bitcoin Fog, a service designed to obscure bitcoin transactions so external parties and blockchain analysis could not tell who sent any given transaction, a process commonly referred to as mixing. The feds charged the Russian-Swedish dual citizen with unlicensed money transmission and money laundering. An affidavit unsealed alongside the executed arrest warrant detailed how law enforcement officials gathered information to indict Sterlingov. 

Why it matters

The affidavit, filed by IRS-CI Agent Devon Beckett, details how his agency tied Sterlingov to Bitcoin Fog, but the information he cites stems from years-old data the U.S. government apparently has about users on the now-defunct BTC-e, Mt. Gox and Liberty Reserve platforms. No, this was not primarily achieved by blockchain analysis. Instead, it appears that federal agents compared email addresses on the centralized platforms to identify Sterlingov before securing an indictment. 

Not only does this action reinforce the idea that crypto exchange users give up much of their privacy when signing up, but it emphasizes the feds might hold onto that data for years.

Breaking it down

Bitcoin Fog launched in 2011 and was allegedly a money launderer for various darknet platforms taken down by federal officials over the years, including Silk Road, Silk Road 2.0, AlphaBay, Agora and Evolution Market. 

A Department of Justice press release even called Bitcoin Fog the “longest-running bitcoin money-laundering service on the darknet,” 

Interestingly, the affidavit initially seems to give the impression blockchain analysis was a part of the investigation into the site’s operator.

“While the identity of a Bitcoin address owner is generally anonymous (unless the owner opts to make the information publicly available), law enforcement can often identify the owner of a particular Bitcoin address by analyzing the blockchain,” Beckett wrote.

The blockchain analysis seems to have been used only to confirm Bitcoin Fog’s volume over the past 10 years (1.2 million BTC), and to prove that it was mixing the bitcoin sent through it (more on that later). The rest of the investigation – meaning the part that actually tied Sterlingov to the site he allegedly ran – may have just depended on user databases connected to Mt. Gox, Liberty Reserve, BTC-e and Google.

Taylor Monahan, the founder and CEO of Ethereum wallet manager MyCrypto, tweeted, “As far as I can tell, the tracing of on-chain BTC transactions played ~zero part in tracking down/confirming Bitcoin Fog's alleged operator's” identity.

The IRS sent a subpoena to Google, but it’s a lot less clear where it got the email address and wallet information for the other platforms. 

The affidavit says: “Analysis of bitcoin transactions, financial records, Internet service provider records, e-mail records and additional investigative information, identifies ROMAN STERLINGOV as the principal operator of BITCOIN FOG.”

It cites bitcoin sent from a Mt. Gox account (opened in Sterlingov’s name) to a second Mt. Gox account. The bitcoin went through a few other exchanges before eventually landing at a Liberty Reserve account, which was then used to pay for the bitcoinfog.com domain.

Monahan questions where this information was recorded.

Under the Privacy Act of 1974 (h/t Andrew Hinkes), a federal agency cannot provide records to another agency without the permission of any individual mentioned in those records. (It’s unclear whether this happened here.)

According to a Department of Justice webpage, there are a few possible exceptions, though none appear to apply to this case at first glance.

It may have taken the U.S. 10 years to arrest Sterlingov just because federal agents needed to verify information stored on BTC-e before affirmatively tying him to Bitcoin Fog, Monahan said. 

The other detail that stood out to me concerns the whole bitcoin mixer aspect. U.S. law enforcement officials have publicly stated their opposition to mixers before, with one last year calling their use “a crime.” And while it seems like it's too early to be reading tea leaves, I wonder if we’ll see more prosecutions against the operators of mixers in the future.

Beckett wrote that an undercover IRS agent successfully sent some small portion of bitcoin from one wallet to another, but “investigators were unable to directly trace any direct link between” the two wallets. This is how the IRS agent proved the mixer was being used to obfuscate transfers, as well as verify that the platform was not conducting any know-your-customer checks.

A message from Mandala

Introducing Mandala Exchange, Powered by Binance Cloud.

The first ever privately owned Binance Cloud cryptocurrency exchange. With shared Binance liquidity and security, trade over 900+ pairs with confidence on Mandala Exchange. Take advantage of the largest liquidity pools in the world. Lock $MDX and trade with fees as low as .05%. With shared wallet architecture, trade DeFi cheaper on Mandala and transfer to Binance to stake for free! Sign up today and start saving on trades instantly.

The Biden Bunch

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

The Securities and Exchange Commission has appointed Wharton School Professor Jessica Wachter as its chief economist and the director of the Division of Economic and Risk Analysis. Professor Wachter has also taught a course on crypto (h/t Andrew Hinkes). 

We’re still waiting to see who U.S. President Joseph Biden will nominate to head the Commodity Futures Trading Commission and Office of the Comptroller of the Currency. Consumer Finance Protection Bureau Director-Nominee Rohit Chopra is also still waiting for his confirmation vote.

A message from INATBA

The global trade association INATBA (the International Association for Trusted Blockchain Applications) is the bridge between public and private entities in the blockchain ecosystem. Join our 170+ member base today to network with peers, attend industry-leading events, author cutting-edge reports and contribute to the development of regulations through engagement with governments and international organizations.

Elsewhere

• Russian News Outlet Calls for Crypto Donations as Kremlin Cracks Down on Media: The Russian government has designated the media outlet Meduza a “foreign agent,” forcing it to display that text prominently up top. Meduza is now accepting crypto donations (bitcoin, ether, BNB) to make up its funding shortfall after advertisers started leaving.

• Colombia’s Crypto Use Soars, and Local Regulators Step In: Regulators are paying attention to crypto in Colombia after trading volumes in the South American country skyrocketed through the first few months of 2021. Importantly, financial regulators don’t look like they’re eyeing a ban; rather, they’re creating a fintech sandbox and updating tax and anti-money laundering rules.

• Cardano in Africa: Inside IOHK’s Ethiopia Blockchain Deal: Just 15% of Ethiopia’s population has access to the internet. Cardano maker IOHK is hoping to grow this figure in a partnership with the Ministry of Education. Under the agreement, IOHK is creating an Ethiopia office, beginning to program a digital ID project (planned to go live in January 2022) and will reportedly provide IDs and tablets to 5 million students.

Unlocked 101 at Consensus by CoinDesk 2021

The countdown is on to Consensus by CoinDesk, our virtual big-tent event this May.

For those who need a primer or to brush up on the fundamentals, we're hosting Unlocked 101, a free educational series designed to give you the tools you need to navigate crypto.

Sessions run May 4–20, covering the basics of Bitcoin, DeFi, scams and hacks and the NFT boom.

Register for Unlocked 101.

Outside CoinDesk

• (Krebs on Security) Credit bureau Experian leaked credit score information for U.S. persons through an API issue. Anyone who had an individual’s name and address could look up that individual’s credit score, which is insanely insecure for personal information. Experian claims to have patched the hole but security researcher Bill Demirkapi, who found the flaw, believes any number of companies might be leaking this data through Experian’s API.

• (Texas Monthly) There’s a push to make Texas more blockchain-friendly, with a number of bills before the legislature and a new lobbying group, according to the Texas Monthly. The state apparently now has the largest mining presence in the U.S.

• (CNN) The U.S. Department of Homeland Security is reportedly considering working with private companies to track U.S. citizens online and in private messaging apps in an expansion of its surveillance efforts. According to CNN, DHS officials believe it could help them monitor extremist groups, though the same unit has collected intelligence on protestors and journalists in the past.

Today's Tweet

If you’ve got thoughts or questions on what I should discuss next week, or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde. 

You can also join the group conversation on Telegram. 

May the 4th be with you!

ATTENTION: Scammers have been sending fraudulent emails with links to sites disguised to look like coindesk.com. If you are in doubt about a link, type https://www.coindesk.com directly into your browser; do not copy and paste. Remember, if something seems too good to be true, it probably is.

State of Crypto

A newsletter from CoinDesk

See Previous Editions

Copyright © 2021 CoinDesk, All rights reserved. 

250 Park Avenue South New York, NY 10003, USA

You can manage your preferences here or unsubscribe from all CoinDesk email.