US investigators recover $3.6bn in digital assets

Husband and wife charged with laundering proceeds from $4.5bn Bitfinex cryptocurrency hack

A couple suspected of laundering the proceeds from the August 2016 cyber-heist against cryptocurrency exchange Bitfinex were arrested by federal investigators on Tuesday (February 8).

Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York City, US, allegedly conspired to launder the proceeds of 119,754 bitcoin obtained after a criminal hacker broke into Bitfinex’s systems before proceeding to make 2,000 unauthorized transactions.

The stolen bitcoin, worth around $70 million at the time of the 2016 hack, has skyrocketed in value so that it is worth around $4.5 billion at the current rate of exchange.

Catch up on the latest cybercrime news and analysis

According to US prosecutors, the stolen funds were sent to a digital wallet under Lichtenstein’s control.

Over the next five years a substantial portion of these funds, totaling around 25,000 bitcoin, allegedly went through a complex money laundering process that resulted in deposits being made into financial accounts controlled by Lichtenstein and Morgan.

The remainder of the stolen funds, more than 94,000 bitcoin, remained in a digital wallet.

Billion-dollar haul

After the execution of a court-authorized search of online accounts allegedly controlled by Lichtenstein and Morgan, federal agents obtained files containing the digital keys needed to access these funds.

They recovered digital currency assets valued at over $3.6 billion at the time of seizure – the largest cryptocurrency seizure to date.

According to affidavit served to obtain an arrest warrant, law enforcement investigators gained access to a wallet linked to the theft from Bitfinex after obtaining a court warrant and decrypting a file saved to a cloud storage account linked to Lichtenstein:

The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys. Blockchain analysis confirmed that almost all of those addresses were directly linked to the hack.

Bitfinex, which said it had worked with the authorities in their investigation, welcomed the “recovery of a significant portion of the bitcoin stolen during the 2016 hack”.

All Bitfinex clients, and not just those whose wallets were emptied, had funds removed from their accounts to cover losses at the time of the hack.

The cryptocurrency exchange put out a statement promising to compensate victims, which cautioning that this process may take up to 18 months and even then may not result in the full return of funds.

YOU MIGHT ALSO LIKE DeepDotWeb administrator gets eight-year stretch in US prison for money laundering

“Bitfinex will work with the DoJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin,” the exchange said in a statement.

Follow the money

According to court documents as summarized in a US Department of Justice statement on the case, Lichtenstein and Morgan used a variety of laundering techniques, including using “fictitious identities to set up online accounts [and] utilizing computer programs to automate transactions”.

They are also said to have converted bitcoin to other forms of virtual currency, including anonymity-enhanced virtual currency through a practice known as ‘chain hopping’.

The pair allegedly sought to disguise the origin of funds by depositing the stolen bitcoin into accounts at a variety of virtual currency exchanges and darknet markets and then withdrawing the funds.

IRS-Criminal Investigation Cyber Crimes Unit special agents “unravelled a sophisticated laundering technique, enabling them to trace, access, and seize the stolen funds”, according to chief Jim Lee of IRS-Criminal Investigation (IRS-CI).

“Federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said assistant attorney general Kenneth Polite of the Justice Department’s Criminal Division.

The investigation was led by IRS-CI Cyber Crime Unit, the FBI’s Chicago field office and US Homeland Security Investigations. German police assisted the investigation.

Lichtenstein and Morgan are charged with conspiracy to commit money laundering, an offence punishable on conviction by up to 20 years imprisonment, as well as the lesser offence of conspiracy to defraud the US.

YOU MAY ALSO LIKE Equifax finalizes data breach settlement with US regulators