Pierluigi Paganini February 08, 2022

The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack.

Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Law enforcement also seized over $3.6 billion in cryptocurrency linked to that hack.

In August 2016, the Asian Bitfinex suffered a security breach that resulted in the theft of 120,000 Bitcoin, the hack had serious repercussions on the Bitcoin value that significantly dropped after the security breach (-20% decrease).

The investigation launched by the Bitfinex exchange along with law enforcement allowed it to determine that 119,756 Bitcoin (roughly $72 million in value before the hack) were stolen from customers’ wallets.

Threat actors transferred the stolen funds through more than 2,000 unauthorized transactions to a wallet under Lichtenstein’s control. Over the last five years, the duo transferred approximately 25,000 of those stolen bitcoin out of Lichtenstein’s wallet attempting to launder them before depositing the funds into financial accounts under the control of the couple.

According to court documents, the couple allegedly used multiple laundering techniques, including:

• (1) using accounts set up with fictitious identities;
• (2) moving the stolen funds in a series of small amounts, totaling thousands of transactions, as opposed to moving the funds all at once or in larger chunks;
• (3) utilizing computer programs to automate transactions, a laundering technique that allows for many
  transactions to take place in a short period of time;
• (4) layering the stolen funds by depositing them into accounts at a variety of VCEs and darknet markets and then withdrawing the funds, which obfuscates the trail of the transaction history by breaking up the fund flow;
• (5) converting the BTC to other forms of virtual currency, including anonymity-enhanced virtual currency in a practice known as “chain hopping”;
• (6) using U.S.-based business accounts to legitimize activity.

The remainder part of the stolen bitcoins, more than 94,000 bitcoin, remained in the original wallet.

Law enforcement recovered the stolen funds executing court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan to seize files with the private keys required to access the wallets containing the stolen bitcoins.

“After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex.” reads the press release published by DoJ. “The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”

The couple could face a maximum sentence of 20 years in prison, and an additional maximum sentence of five years for conspiracy to defraud the USA.

“Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” said Deputy Attorney General Lisa O. Monaco. “In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

This was the largest seizure of cryptocurrency that resulted from criminal activities ever made by DOJ.

“IRS-CI Cyber Crimes Unit special agents have once again unraveled a sophisticated laundering technique, enabling them to trace, access and seize the stolen funds, which has amounted to the largest cryptocurrency seizure to date, valued at more than $3.6 billion,” said Chief Jim Lee of IRS-Criminal Investigation (IRS-CI).

Bitfinex published a statement in response to the DoJ announcement:

“Bitfinex will work with the DOJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin. Bitfinex intends to provide further updates on its efforts to obtain a return of the stolen bitcoin as and when those updates are available.” reads the statement. “If Bitfinex receives a recovery of the stolen bitcoin, as described in the UNUS SED LEO token white paper, Bitfinex will, within 18 months of the date it receives that recovery use an amount equal to 80% of the recovered net funds to repurchase and burn outstanding UNUS SED LEO tokens. These token repurchases can be accomplished in open market transactions or by acquiring UNUS SED LEO in over-the-counter trades, including directly trading bitcoin for UNUS SED LEO.

We want to express our appreciation for the dedication and hard work by the DOJ team that led to this great success. We will continue to support their efforts.”

Follow me on Twitter: @securityaffairs and Facebook

Pierluigi Paganini

(SecurityAffairs – hacking, Bitfinex)

[adrotate banner=”5″]

[adrotate banner=”13″]