Identifying the Person Behind Bitcoin Fog

The person behind the Bitcoin Fog was identified and arrested. Bitcoin Fog was an anonymization service: for a fee, it mixed a bunch of people’s bitcoins up so that it was hard to figure out where any individual coins came from. It ran for ten years.

Identifying the person behind Bitcoin Fog serves as an illustrative example of how hard it is to be anonymous online in the face of a competent police investigation:

Most remarkable, however, is the IRS’s account of tracking down Sterlingov using the very same sort of blockchain analysis that his own service was meant to defeat. The complaint outlines how Sterlingov allegedly paid for the server hosting of Bitcoin Fog at one point in 2011 using the now-defunct digital currency Liberty Reserve. It goes on to show the blockchain evidence that identifies Sterlingov’s purchase of that Liberty Reserve currency with bitcoins: He first exchanged euros for the bitcoins on the early cryptocurrency exchange Mt. Gox, then moved those bitcoins through several subsequent addresses, and finally traded them on another currency exchange for the Liberty Reserve funds he’d use to set up Bitcoin Fog’s domain.

Based on tracing those financial transactions, the IRS says, it then identified Mt. Gox accounts that used Sterlingov’s home address and phone number, and even a Google account that included a Russian-language document on its Google Drive offering instructions for how to obscure Bitcoin payments. That document described exactly the steps Sterlingov allegedly took to buy the Liberty Reserve funds he’d used.

Posted on May 3, 2021 at 9:36 AM24 Comments


Chris May 3, 2021 10:54 AM

It’s amazing to me that people still try to use horrible, bolted-on privacy hacks for Bitcoin when something like Monero has existed for quite a while.

humdee May 3, 2021 11:25 AM


I can give you about $50K worth of reasons that people still bolt on privacy to the currency that @Bruce and Charlie Munger love so much. What do they call it? Oh, that is right. “Rat nip.” It’s like cat nip but for rats.

metaschima May 3, 2021 11:41 AM

Crypocurrencies in general do not guarantee anonymity. At most they allow pseudonymity. It’s not that difficult for a competent investigator to track you down, especially given that all transactions are on a ledger that everyone has. There’s a great book I read on how to do it in the last Humble Bundle on cryptography. I await the vehement arguments and perhaps insults from the various cryptocurrency fanatics that often post here.

farm cowork May 3, 2021 12:09 PM

It takes more intelligence to figure out the taxes than it takes to make the money to begin with. S’laughter is the best medicine.

Etienne May 3, 2021 1:02 PM

Says he was arrested at LAX. I wonder if they tricked him into a rendezvous with some famous Hollywood movie star>

Spellucci May 3, 2021 2:16 PM

@metaschima, no argument from me. The S in cryptocurrency stands for security.

Humdee May 3, 2021 2:19 PM


History repeats itself, first time as tragedy the next time as farce.

The latest is that anti-bitcoin sentiment is driven by envious Boomers who are upset that Millennial hipsters beat them to the next hot fad. Which, of course, is exactly what Boomers said about their parents when it came to “sex, drugs, and rock n roll.”

Talk, talking about mine–and your–generation.

Oh and if you wonder where the farce lies, it’s that Munger isn’t even a Boomer or for that matter one of the Silent Generation. Born in 1924, he is one of the last surviving relics of “The Greatest Generation.”

When it comes to bitcoin, facts are the one scarce commodity. Which following the law of supply and demand makes them nearly worthless. Because no matter how scarce the supply of facts are, in any social human endeavor, the demand for them is even lower. Let’s call this Humdee’s law.

SpaceLifeForm May 3, 2021 3:04 PM

@ IRS: Always follow the money laundering.

@ RudyGiuliani, RogerStone, MattGaetz: you guys paying attention yet?

JPA May 3, 2021 3:56 PM


RE: Humdee’s law


“facts are the one scarce commodity. Which following the law of supply and demand makes them nearly worthless. Because no matter how scarce the supply of facts are, in any social human endeavor, the demand for them is even lower.”

That is priceless.

Denton Scratch May 3, 2021 6:37 PM

What’s this guy supposed to have done wrong?

Is it against the law to operate a bitcoin tumbler?

It says “IRS”. Is this a Capone job? Is it tax evation he’s being done for? If that’s the only charge, the dude’s an idiot – he should have simply filed a tax return and paid his dues.

Clive Robinson May 3, 2021 7:58 PM

@ ALL,

From a more technical asspect the reason he was caught was the “seed” or “startup” problem.

To start anything growing you need a “seed”, but people do not think about the consequences as they “get gowing”.

We should all be aware that there are very many crypto systems that use a “master key” to generate all following keys. The entire security rests on the security of that seed, should it become known it’s “game over” when ever “Anyone in the know want’s to end it”. That was why the “seed theft” for RSA tokens was so devistating.

Consider the Fog scheme, even without the mistake identified in the artical, to work it first needed “bitcoins to mix”, where did those bitcoins come from?

They would have to have been legitimately obtained initially as the “mix value” of “all illegal” is still “illegal” no matter how you split it under all circumstances.

Thus the question even ten years ago was “could you aquire legitimate bitcoins anonymously” to which the answer has in effect been “no”, and is definately no these days.

The reason, is as the article notes all bitcoin transactions are permanently recorded thus traceable both backwards and forwards in time. So if a bitcoin becomes tracable at anytime to an individual by some non anonymous payment system then it can be traced from that point in time (unless stolen, which makes it not legitimate).

But more obviously, how do you aquire something of value that is legitimate, “truley” anonymously?

The answer is you realy can not unless you take extrodinary care and are prepared in quite a few cases to take a significant loss in the process.

In effect you have to find a supplier of bitcoin that takes cash or it’s equivalent such as bullion or even in the infomous story a pizza.

But even if you do find someone who will trade for cash or equivalent, how do you know they have not somehow de-anonymized you?

Lets say they keep one or two of the bank notes, they will have either fingerprints or DNA on them. Even if you took great care to not get your fingerprints or DNA on them, how about those of the person who you got the cash or equivalent from?

Take “gold coins” in theory it’s easy to remove human DNA and fingerprints from them, but what of the equivalent for the gold?

Any one remember the “Brink’s Mat Robbery”[1]?

Well how do you “launder gold”? The answer back then was with a furnace and a little knowledge and some other quite pure metals like copper and lead.

A metallurgical expert can using what is now comparitively inexpensive equipment –compared to that in 1983– give you a very accurate assay of the gold. Because no gold is pure gold, that’s why it is given as 999 Fine. That 1/10th of a percent can accurately say by the metal ratios where the gold came from unless someone knows how to adulterate it… Unfortunately these days the isotopes of the gold and other metals gives a more interesting finger print rather like that of carbon dating that makes it close to too difficult to adulterate it accurately.

Thus the trick back in 1983 for the Brink’s Mat gold, was to melt the gold down and add a little copper to it (about an old British penny worth) and do a further little magic. In the case of the person who assisted the robbers having got the assey right the next step was to fake up the gold into bars with the serial numbers matching those they had on a valid and legitimately obtained gold certificate. Thus they could move the gold around quite safely, even if stopped they had “traceable title” (back in the 1980’s Indian jewellers were a lot less fussy about where their gold came from as long as the price was right, even if the gold had the mark of the “London Brick Company” on it. A popular scam back then was to buy gold coins that did not have VAT charged on the purchase, melt them down and pour into the “frog” of a brick and then sell on as bullion which did have VAT. Thus collecting VAT and pocketing the VAT as profit was an easy earner.

Others used the “scrap gold mix” trick, you basically melt down loads of different “jewellery gold” or that recovered from printed circuit boards and integrated circuits and mix them together. This is obviously not even close to 999 Fine. What you then do is get it refined to 999 Fine which increases it’s value by rather more than the “scrap gold worth”. You get an assay for the gold then the gold is kind of legitimate. The fact is these days any refining house will only deal with people it knows and can trust/trace so the “feed in” of non legitimately aquired gold is somewhat limited.

Back in the late 1980’s I had a relationship with an organisation near Heathrow UK that recoverd gold from IC’s they purchased at auction houses, a friend had convinced them that actually advertising and selling the components was both more profitable and considerably less paperwork hassle. However I did on one occassion have to take recovered gold from PCB edge connectors to a refiners in Chesington in Surrey, talk about making you jump through hoops…

My friend parted company with the company near Heathrow when he realised that something was not on the level. Basically as far as he could tell the company was still submitting all the IC purchases as for “gold recovery” when infact a big number of them were passing through my friends hands and being sold quite profitably. It could have been a mistake, or a tax fiddle by the company, but there was also another possibility… Whilst a couple of ounces of gold a quater does not sound a lot, you have to ask the question as to where that extra gold going to the refiners came from? I’d severed ties with the company as I was nolonger aquiring sufficiently old scrap PCB’s and chopping the gold edge connectors off. When my friend mentioned the paperwork problem as the reason he was quitting his association with them, I’d no contact with the company any longer, so we never did find out what they were upto, nor did we want to, all our paperwork was in order so we did a “sunset ride”…



rhh May 3, 2021 8:13 PM

Money-laundering-as-a-service, for a fee.

Laundering hundreds of millions of dollars worth of bitcoins, much of which was sent to or from dark web drug markets, isn’t primarily about tax evasion. I would think the drug mafia would gladly pay tax, if by doing so they could legalize their illicit gains. The IRS was involved because they are equipped for this sort of analysis.

Butcoin Fog belongs to Government May 4, 2021 7:28 AM

Butcoin Fog belongs to Government.

Whatsapp is not secure.


SpaceLifeForm May 4, 2021 4:12 PM

@ Moderator

On current squid, I would zap everything starting at comment-376332 to the end.

It is GMT+3, and the attack was obviously planned in advance. Evidence is that the attacker used old comments and then mis-attributed them.

Immediate server problem to address:


Whatever they are, the bytes in the PREVIEW/SUBMIT formbox, MUST NOT CHANGE upon SUBMIT.

As I noted previously, the HTML pre tag is broken. Specifically, it looks fine in PREVIEW, but vanishes upon SUBMIT.

That is just one example.

JonKnowsNothing May 4, 2021 5:27 PM


re: Comment Abuse

Just to say, there are likely any number of reasons why modifications may not be done. I’m sure you can come up with at least a dozen reasons why not.

I would like the comments cleaned up too but there are managerial implications both short and long term. Some of those might inhibit things.

There are also legal reasons why comments may linger past their sell by date. Given some of the topics spewed, they must have lit up a few boards around the technosphere.

iirc(badly) When the blog first migrated there was a long “moderated” delay, among other things. Moderated delay, breaks the “forum like” exchange but allows unwanted comments to be zapped first, un-moderated posting risks trash posts that have to be sieved.

Either method, someone or someAI has to pre-screen or post-screen comments.

Pre-screen means the lights-on doesn’t happen and the content doesn’t land in a public accessible area where warrants (where used) are not needed. Austism-Spectrum defense has a limited use.


ht tps://

ht tps://

(url fractured to prevent autorun)

SpaceLifeForm May 4, 2021 5:35 PM

@ Butcoin Fog belongs to Government, Clive

Did you recently notice that BoJo was using both Whatsapp and Signal?

And that he just recently changed his phone number that was out there for years?

Criminals are not sharp. Just saying.

Clive Robinson May 4, 2021 6:08 PM

@ SpaceLifeForm,

Criminals are not sharp. Just saying.

It’s not just criminals, we are all to some extent vulnerable to our habits, habits being just one more form of convenience.

Thus convenience is your enemy in the long run…

SpaceLifeForm May 4, 2021 6:12 PM

@ JonKnowsNothing, Moderator, Clive, -, Winter

The comments are in the database.

Whether they are visible is a different issue than whether can LE can get copies.

And the metadata associated, like IP address and timestamp.

It is GMT+3, and even if they are using TOR or other proxies, they will be identified.

The modifications I propose will not allow the attackers to hide in any manner.

SpaceLifeForm May 5, 2021 3:29 PM

I’ll believe it when I see it.

This is disingenuous apology.

One does not go back and find old comments, cut-and-paste, and then mis-attribute them.

someone1 May 9, 2021 8:06 PM


Why do you say that it’s impossible to obtain anonymous Bitcoins nowadays? It’s as simple as going to a Bitcoin ATM and put in cash.

SpamSpamSpamEggsSpam June 16, 2021 11:27 PM

Sometimes, I think that anyone who falls for spammers like the above, should not be allowed out unsupervised.

I’d love to know why anyone thinks it is legitimate.

Leave a comment


Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via

Sidebar photo of Bruce Schneier by Joe MacInnis.