• Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
MUST READ

Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

 | 

U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

 | 

UK NCA arrested four people over M&S, Co-op cyberattacks

 | 

PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

 | 

Qantas data breach impacted 5.7 million individuals

 | 

DoNot APT is expanding scope targeting European foreign ministries

 | 

Nippon Steel Solutions suffered a data breach following a zero-day attack

 | 

Iranian group Pay2Key.I2P ramps Up ransomware attacks against Israel and US with incentives for affiliates

 | 

Hackers weaponize Shellter red teaming tool to spread infostealers

 | 

Microsoft Patch Tuesday security updates for July 2025 fixed a zero-day

 | 

Italian police arrested a Chinese national suspected of cyberespionage on a U.S. warrant

 | 

U.S. CISA adds MRLG, PHPMailer, Rails Ruby on Rails, and Synacor Zimbra Collaboration Suite flaws to its Known Exploited Vulnerabilities catalog

 | 

IT Worker arrested for selling access in $100M PIX cyber heist

 | 

New Batavia spyware targets Russian industrial enterprises

 | 

Taiwan flags security risks in popular Chinese apps after official probe

 | 

U.S. CISA adds Google Chromium V8 flaw to its Known Exploited Vulnerabilities catalog

 | 

Hunters International ransomware gang shuts down and offers free decryption keys to all victims

 | 

SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 52

 | 

Security Affairs newsletter Round 531 by Pierluigi Paganini – INTERNATIONAL EDITION

 | 

North Korea-linked threat actors spread macOS NimDoor malware via fake Zoom updates

 | 
  • Home
  • Cyber Crime
  • Cyber warfare
  • APT
  • Data Breach
  • Deep Web
  • Digital ID
  • Hacking
  • Hacktivism
  • Intelligence
  • Internet of Things
  • Laws and regulations
  • Malware
  • Mobile
  • Reports
  • Security
  • Social Networks
  • Terrorism
  • ICS-SCADA
  • POLICIES
  • Contact me
  • Home
  • Breaking News
  • Cyber Crime
  • Digital ID
  • US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

US seizes $3.6 billion worth of cryptocurrency stolen in 2016 Bitfinex hack

Pierluigi Paganini February 08, 2022

The law enforcement seized $3.6 billion worth of cryptocurrency linked to the 2016 Bitfinex cryptocurrency exchange hack.

Ilya Lichtenstein (34) and his wife, Heather Morgan (31), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex.

Law enforcement also seized over $3.6 billion in cryptocurrency linked to that hack.

We’ve been cooperating with DOJ since its investigation began and appreciate the dedication and hard work by the DOJ team that led to this great success. Learn more https://t.co/RAlgJO0ggN

— Bitfinex (@bitfinex) February 8, 2022

In August 2016, the Asian Bitfinex suffered a security breach that resulted in the theft of 120,000 Bitcoin, the hack had serious repercussions on the Bitcoin value that significantly dropped after the security breach (-20% decrease).

Bitfinex security breach impact

The investigation launched by the Bitfinex exchange along with law enforcement allowed it to determine that 119,756 Bitcoin (roughly $72 million in value before the hack) were stolen from customers’ wallets.

Threat actors transferred the stolen funds through more than 2,000 unauthorized transactions to a wallet under Lichtenstein’s control. Over the last five years, the duo transferred approximately 25,000 of those stolen bitcoin out of Lichtenstein’s wallet attempting to launder them before depositing the funds into financial accounts under the control of the couple.

According to court documents, the couple allegedly used multiple laundering techniques, including:

  • (1) using accounts set up with fictitious identities;
  • (2) moving the stolen funds in a series of small amounts, totaling thousands of transactions, as opposed to moving the funds all at once or in larger chunks;
  • (3) utilizing computer programs to automate transactions, a laundering technique that allows for many
    transactions to take place in a short period of time;
  • (4) layering the stolen funds by depositing them into accounts at a variety of VCEs and darknet markets and then withdrawing the funds, which obfuscates the trail of the transaction history by breaking up the fund flow;
  • (5) converting the BTC to other forms of virtual currency, including anonymity-enhanced virtual currency in a practice known as “chain hopping”;
  • (6) using U.S.-based business accounts to legitimize activity.

The remainder part of the stolen bitcoins, more than 94,000 bitcoin, remained in the original wallet.

Law enforcement recovered the stolen funds executing court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan to seize files with the private keys required to access the wallets containing the stolen bitcoins.

“After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex.” reads the press release published by DoJ. “The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”

The couple could face a maximum sentence of 20 years in prison, and an additional maximum sentence of five years for conspiracy to defraud the USA.

“Today’s arrests, and the department’s largest financial seizure ever, show that cryptocurrency is not a safe haven for criminals,” said Deputy Attorney General Lisa O. Monaco. “In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions. Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes.”

This was the largest seizure of cryptocurrency that resulted from criminal activities ever made by DOJ.

“IRS-CI Cyber Crimes Unit special agents have once again unraveled a sophisticated laundering technique, enabling them to trace, access and seize the stolen funds, which has amounted to the largest cryptocurrency seizure to date, valued at more than $3.6 billion,” said Chief Jim Lee of IRS-Criminal Investigation (IRS-CI).

Bitfinex published a statement in response to the DoJ announcement:

“Bitfinex will work with the DOJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin. Bitfinex intends to provide further updates on its efforts to obtain a return of the stolen bitcoin as and when those updates are available.” reads the statement. “If Bitfinex receives a recovery of the stolen bitcoin, as described in the UNUS SED LEO token white paper, Bitfinex will, within 18 months of the date it receives that recovery use an amount equal to 80% of the recovered net funds to repurchase and burn outstanding UNUS SED LEO tokens. These token repurchases can be accomplished in open market transactions or by acquiring UNUS SED LEO in over-the-counter trades, including directly trading bitcoin for UNUS SED LEO.

We want to express our appreciation for the dedication and hard work by the DOJ team that led to this great success. We will continue to support their efforts.”

Follow me on Twitter: @securityaffairs and Facebook

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Bitfinex)

[adrotate banner=”5″]

[adrotate banner=”13″]


facebook linkedin twitter

Bitcoin Bitfinex Cybercrime hacking news information security news IT Information Security Pierluigi Paganini Security Affairs Security News

you might also like

Pierluigi Paganini July 11, 2025
U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog
Read more
Pierluigi Paganini July 10, 2025
UK NCA arrested four people over M&S, Co-op cyberattacks
Read more

leave a comment

newsletter

Subscribe to my email list and stay
up-to-date!

    recent articles

    Athlete or Hacker? Russian basketball player accused in U.S. ransomware case

    Uncategorized / July 11, 2025

    U.S. CISA adds Citrix NetScaler ADC and Gateway flaw to its Known Exploited Vulnerabilities catalog

    Hacking / July 11, 2025

    UK NCA arrested four people over M&S, Co-op cyberattacks

    Cyber Crime / July 10, 2025

    PerfektBlue Bluetooth attack allows hacking infotainment systems of Mercedes, Volkswagen, and Skoda

    Hacking / July 10, 2025

    Qantas data breach impacted 5.7 million individuals

    Data Breach / July 10, 2025

    To contact me write an email to:

    Pierluigi Paganini :
    pierluigi.paganini@securityaffairs.co

    LEARN MORE

    QUICK LINKS

    • Home
    • Cyber Crime
    • Cyber warfare
    • APT
    • Data Breach
    • Deep Web
    • Digital ID
    • Hacking
    • Hacktivism
    • Intelligence
    • Internet of Things
    • Laws and regulations
    • Malware
    • Mobile
    • Reports
    • Security
    • Social Networks
    • Terrorism
    • ICS-SCADA
    • POLICIES
    • Contact me

    Copyright@securityaffairs 2024

    We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept All”, you consent to the use of ALL the cookies. However, you may visit "Cookie Settings" to provide a controlled consent.
    Cookie SettingsAccept All
    Manage consent

    Privacy Overview

    This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities...
    Necessary
    Always Enabled
    Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
    Non-necessary
    Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
    SAVE & ACCEPT