Is Blockchain Forensics Junk Science?

Is Blockchain Forensics Junk Science?

Not quite, but digital sleuths should expect increased scrutiny.

The prosecution of Roman Sterlingov for money laundering has sent ripples far beyond the Washington courtroom in which he stood trial. Might it also have caused a bitcoin-hunting tool to sink without trace?

Sterlingov was convicted on multiple counts of money laundering in March. He could spend decades in jail.

US prosecutors accused the 35 year old Swede of being the creator of Bitcoin Fog, a cryptocurrency “mixer”. The blockchains on which crypto transactions are performed are public. Consequently, those transactions can be monitored, and the flow of tokens traced from owner to owner. A mixer jumbles up tokens belonging to many different owners, making the tracing process much harder: a boon for wrongdoers.  According to American investigators, Sterlingov was the mastermind of a “go to money laundering service for criminals seeking to hide their illicit proceeds”.

A central plank of Sterlingov’s defence concerned the prosecution’s use of work by Chainalysis, the market leader in blockchain forensics. The firm’s investigation supported the case that Bitcoin Fog was Sterlingov’s creation.

Sterlingov’s defence team commissioned CipherTrace, a rival blockchain forensics outfit, to go over Chainalysis’ work. Jonelle Still, then director of investigations and intelligence at CipherTrace, was emphatic: she said that Chainalysis tools were “misused”, that blockchain forensics “are insufficient as a primary source of evidence”; and that their use had led to Sterlingov’s “wrongful arrest”. She recommended that: “Chainalysis attribution data should not be used in this case nor any other case: it has not been audited, the model has not been validated, nor has the collection trail been identified.”

Sterlingov’s lawyers seized on Still’s report, dismissing Chainalysis’ tracing software as “junk science”. His supporters dubbed Chainalysis the “Theranos of Blockchain Forensics”, a reference to a blood-testing start-up that was a Silicon Valley darling before being exposed as a scam.

The criticism centred on the heuristics used by Chainalysis’ Reactor tool. Simply put, heuristics are calculations made using assumptions about users’ behaviour. Based on prior analysis of millions of data points, the software makes assumptions, for example, about which cryptocurrency addresses can be linked to a given person. Heuristics are, by definition, imperfect but “good enough”. Sterlingov’s defence team argued that Chainalysis’ software had not been peer reviewed and the rate at which it threw up false matches (because of wrongly-made assumptions) had never been calculated.

The Judge didn’t agree and admitted the Chainalysis evidence, citing several justifications. Likely the biggest blow to Sterlingov’s defence came when CipherTrace itself disowned Still’s report as the trial loomed. It offered little explanation for this volte face, saying only that it had decided her data was “unverifiable and unauditable”.

Inevitably, crypto libertarians see dark forces at work. They wonder if Mastercard, a credit card giant that acquired CipherTrace in 2021, disowned Still to keep sweet with US authorities. Others say that the yanking of her evidence supports their claim that the entire blockchain forensics industry is peddling false assurances.

Now that there is wider knowledge that blockchain forensics relies on probabilities, not certainties, it is likely that other defendants will try the “junk science” defence. Experts should expect greater challenge. Cases will need to be buttressed by other types of evidence.

Meanwhile, CipherTrace has told clients it is withdrawing its tracing product. Visitors to the former CipherTrace website are redirected to Mastercard’s other blockchain offerings. For now, crypto sleuths seem unable to explain – or are keeping schtum – why CipherTrace has vanished so mysteriously, like bitcoin lost in the fog.

Contact us:

"*" indicates required fields

This field is for validation purposes and should be left unchanged.