Bitcoin Fog is one of the landmark mixer prosecutions because it covered a very long operating window and forced courts to evaluate how far modern blockchain forensics can go when combined with conventional records. According to U.S. prosecutors, the service started in 2011, processed very large volume over time, and became a go-to custodial tumbler for users who wanted distance from traceable Bitcoin flows. By the time the case reached trial, the argument was no longer just about one service. It was about whether historical on-chain activity, infrastructure payments, and account records could be stitched into a criminal attribution narrative years later.
How Bitcoin Fog Operated
Operationally, Bitcoin Fog followed the classic custodial model: users sent BTC to service-controlled wallets, the operator applied fees, then returned different outputs after delays and batching. That approach can reduce straightforward input-output linkage for users, but it creates a central point of custody, a central operations layer, and a central legal target. Fog marketed privacy protections, including delay controls and no-log style claims, yet the model still required customers to trust that backend behavior matched public messaging.
That gap between marketing and infrastructure is where many custodial services fail under scrutiny. Once investigators can subpoena providers tied to hosting, payments, domains, or account recovery channels, even older operations can become legible again. This is exactly why many current privacy workflows now emphasize non-custodial alternatives such as CoinJoin and Monero bridge strategies.
How Investigators Built The Case
Authorities described a blended methodology rather than one single silver bullet, combining on-chain analysis with traditional legal process:
- Blockchain clustering: heuristic tracing linked historical mixer flows with known exchange activity, including older platform records.
- Subpoena-driven metadata: email, payment, and infrastructure records were used to connect service operations to the defendant.
- Controlled test activity: investigators reportedly ran deposits and tracked outputs to points where identity-linked records could be requested.
- Corroborating travel/timing data: movement records were presented as context around key operational events.
For the wider ecosystem, the key takeaway is that courts accepted this multi-source evidentiary approach, reinforcing that blockchain analytics are strongest when paired with off-chain records rather than treated as standalone proof.
Arrest, Trial, and Defense Arguments
Sterlingov was arrested in April 2021 and fought the case through trial, with the defense challenging attribution quality and forensic reliability. The government position focused on long-term operational linkage: infrastructure payments, records, and traced flow patterns were presented as a coherent ownership story rather than independent coincidences.
In March 2024, a federal jury found him guilty on major counts including money laundering conspiracy and unlicensed money transmission. In November 2024, sentencing included 150 months in prison, supervised release, and large forfeiture orders. In practical terms, the result aligned with the tougher posture seen across related cases such as Bestmixer and later actions in the broader DOJ timeline.
Lessons For Custodial Services
- Historical data ages slowly: old transactions can still become actionable when new records or counterparties appear.
- Jurisdiction is layered: offshore hosting does not neutralize risk when infrastructure, customers, or payment rails intersect high-enforcement regions.
- Intent signals matter: marketing, clientele profile, and operational behavior can be used together to argue facilitation.
- Users absorb operator risk: if one service holds custody, one seizure or conviction can expose years of downstream users to review pressure in exchange freeze workflows.
Key References
Author
NotATether
Bitcoin privacy researcher and maintainer of BitMixList. Focused on mixer history, enforcement timelines, and practical privacy workflows for users operating in high-friction jurisdictions.
