Bitcoin has a perception of anonymity, but that may be changing.  Chainalysis Reactor, a service that can link cryptocurrency transactions to real-world entities, was found to be reliable and admissible as evidence recently in United States v. Sterlingov.1

Case Summary: United States v. Sterlingov

On March 12, 2024, Roman Sterlingov was found guilty of operating one of the longest running Bitcoin money laundering services on the darknet. For nearly 10 years, he ran Bitcoin Fog, a Bitcoin mixer that moved over 1.2 million bitcoin ($400 million at the time of the transactions), much of it connected to illegal narcotics, computer fraud, and identity theft.

During the trial, Judge Randolph Moss of the U.S. District Court for the District of Columbia heard arguments in a series of Daubert hearings, a procedural environment where he scrutinized the admissibility of expert opinions. Experts from the FBI and Chainalysis were called upon to explain the functionalities of Chainalysis Reactor, a sophisticated tool designed for the analysis of blockchain transactions. These hearings were not merely procedural formalities but were instrumental in determining the reliability of the methodologies used to dissect various blockchains’ opaque layers.

The court ruled that Chainalysis’ blockchain analytics were admissible as substantive evidence in a Daubert order. This ruling, which may still be appealed by the defendant, potentially sets a precedent for the use of Chainalysis Reactor as a reliable tool in the court room.2  Indeed, Sterlingov’s defense counsel says he will work with his client to appeal the verdict and the admissibility of the blockchain analytics of Chainalysis.

Bitcoin Blockchain Primer

The Bitcoin blockchain operates as a decentralized, immutable, and public ledger that records all Bitcoin transactions. At its core, Bitcoin is an entirely digital currency, distinct from traditional forms of money, as it is not backed by physical commodities or government guarantees. Instead, it relies on cryptographic techniques and a peer-to-peer protocol to verify and witness settlements. This dual reliance on cryptography and decentralization ensures the integrity and security of the currency.

The blockchain itself is a chronological series of blocks, each containing a list of transactions. These transactions are publicly accessible, providing transparency, yet they maintain some level of user anonymity through pseudonymous addresses. Each bitcoin transaction includes several key components: the sending address, the receiving address, and the amount of bitcoin transferred. These addresses are long strings of alphanumeric characters, akin to bank account numbers, ensuring a high degree of security and privacy.

crypto transaction example

To initiate a transaction, a user specifies the amount of bitcoin to be transferred, the receiving address, and the sending address, typically through a separate piece of software referred to as a wallet. This transaction is then signed with the sender’s private key, a crucial piece of cryptographic data that authorizes the transfer. Once signed, the transaction is broadcast to the Bitcoin network, where it is picked up by network nodes for verification. These nodes check the digital signature and confirm that the sender has sufficient funds, ensuring the transaction’s validity.

The process of adding transactions to the blockchain involves miners, specialized nodes that collect transactions into blocks. Miners solve complex mathematical puzzles in a process known as proof of work, which validates transactions and secures the blockchain. This work is computationally intensive, providing security against tampering. As a reward for their efforts, miners receive newly created bitcoins and transaction fees.

One of the defining features of the Bitcoin blockchain is its immutability. Once a transaction is recorded in a block and added to the blockchain, it cannot be altered or removed. This feature guarantees the integrity of the ledger, making it a reliable record of all transactions. Furthermore, while the identities of users are pseudonymous, the transparency of the blockchain allows anyone to view the flow of transactions, providing a balance between privacy and openness.

What Is Chainalysis Reactor, and Why is It Important?

The complexity and volume of transactions on the blockchain necessitate sophisticated tools for analysis. One such tool is Chainalysis Reactor, which operates by leveraging the inherent properties of the blockchain. The public ledger allows Chainalysis Reactor to access and analyze transaction data despite the pseudonymous nature of Bitcoin addresses.

At the heart of Chainalysis Reactor’s functionality is the concept of clustering, which involves grouping together Bitcoin addresses that are likely controlled by the same entity.

One of the key techniques used in this process is the co-spend heuristic, which is based on the principle that if multiple addresses are used together in a single transaction, they are likely controlled by the same user, as the private keys for each address must be accessible to authorize the transaction. By identifying these co-spend transactions, Reactor can cluster related addresses, unveiling networks of transactions (and wallets) that are likely connected.

The most common of these co-spend heuristics is based on Unspent Transaction Output (UTXO), which is a fundamental concept in the Bitcoin network. It represents the amount of bitcoin that remains unspent after a transaction is executed. Bitcoin transactions are composed of inputs and outputs. Inputs are references to previous outputs that are being spent. Outputs specify new ownership of bitcoins and include the amount of bitcoin and the recipient’s address. When a transaction is made, the bitcoins from the inputs are considered “spent,” and the outputs become the new unspent transaction outputs (UTXOs). Each UTXO is a discrete, indivisible unit of bitcoin that can be used as input for future transactions. UTXOs are stored in the blockchain until they are spent in a subsequent transaction.

transaction input and output

In addition to the co-spend heuristic, Chainalysis Reactor employs other heuristics and algorithms to refine its analysis, including behavioral patterns and peel chains.

First, Chainalysis Reactor examines the on-chain behaviors and patterns of entities. For example, it may look at how specific entities handle transaction fees and change addresses, which are unique identifiers based on the distinctive ways digital wallets manage transactions.

Second, peel chains involve tracking the gradual expenditure of bitcoin from a single wallet through a series of transactions, identifying change addresses that receive leftover funds. By mapping out these peel chains, Chainalysis Reactor can further solidify its clustering of related addresses.

peel chain example

Third, Chainalysis Reactor also utilizes off-chain intelligence to enhance its clustering capabilities. This includes data gathered from sources such as data leaks, court documents, and partnerships with cryptocurrency exchanges that share address information. This intelligence-based heuristic, often referred to as direct attribution, helps to confirm and corroborate the on-chain analysis, providing a more comprehensive view of the entity’s activities.

In practical use, Chainalysis Reactor provides law enforcement and financial investigators with detailed maps of Bitcoin transactions, highlighting connections between addresses and identifying clusters that signify potentially illicit activities. For example, in the investigation of Bitcoin Fog, Chainalysis Reactor clustered and attributed over 900,000 addresses to this mixer service, tracing significant amounts of bitcoin through various darknet marketplaces.

The reliability of Chainalysis Reactor is further validated through its application in real-world investigations. For instance, when law enforcement agencies conduct sting operations, they can trace the funds using Chainalysis Reactor and manually verify the accuracy of its clustering. In the Bitcoin Fog case, undercover transactions confirmed Chainalysis Reactor’s attributions, with traditional blockchain analysis corroborating its results.

Chainalysis Reactor, now rebranded as “Investigations,” has been employed in various cases, including criminal investigations, marital dissolutions, and bankruptcy proceedings. If someone claims they do not own any Bitcoin, for instance, Chainalysis can help verify this claim.

The admissibility of Chainalysis Reactor data could be a game-changer for Bitcoin’s perceived anonymity. While steps can be taken to enhance privacy, the ability to attribute transactions to a specific wallet address – and owner – fundamentally alters the notion that cryptocurrencies are entirely anonymous.

What Does This Decision Mean for Future Litigation?

The increasing acceptance of cryptocurrency is leading to more disputes and, consequently, more litigation. But the rise of cryptocurrency exposes the current lack of regulation in this space. In the United States, there is no legal framework for cryptocurrency, and questions about its status as a security or a currency persist.

This ruling may alleviate a key concern in relying on Chainalysis for tracing cryptocurrency transactions across the various blockchains and providing expert reports and testimony. Chainalysis Reactor’s methodologies and results have been scrutinized and accepted in a courtroom, meeting the rigorous standards set by legal frameworks. Expert testimony based on Chainalysis Reactor’s analysis were deemed reliable under the Daubert standard, which assesses the validity and scientific basis of expert evidence.

However, this is one case in one district court and does not establish a precedent that other judges must follow. Nevertheless, it may provide a foundational roadmap and factor in the minds of future judges and their decisions when considering the admissibility of Chainalysis Reactor. Rest assured that proponents of Chainalysis Reactor will cite the case and watch the appeal closely.

Finally, this case highlights the increasing maturity of blockchain forensics and the judiciary’s acceptance of new technological paradigms, where software tools such as Chainalysis Reactor may be pivotal in piercing the anonymity afforded by cryptocurrencies. Reactor offers a powerful means of uncovering the hidden connections within the blockchain, aiding in the fight against financial crimes and ensuring the integrity of digital transactions.

In legal contexts, the reliability of tools like Chainalysis Reactor is crucial, as these tools enable investigators to untangle the web of transactions associated with illicit activities, providing critical evidence in cases involving money laundering and other financial crimes. The ability to trace and analyze Bitcoin transactions with such precision highlights the sophistication and importance of blockchain forensics in maintaining the integrity of digital currencies and combating financial crimes.


1) United States v. Sterlingov, United States District Court, District of Columbia, Criminal Action No. 21-399, February 29, 2024.

2) Chainalysis Reactor has since been rebranded as Crypto Investigations.