Cryptocurrency Fraud , Finance & Banking , Fraud Management & Cybercrime

Couple Charged in Laundering Bitfinex Heist to Plead Guilty

Russian Entrepreneur, Would-Be Rapper to Seal Plea Deal in NY Federal Court
Couple Charged in Laundering Bitfinex Heist to Plead Guilty
Heather Morgan, a U.S. citizen also known by her rap name "Razzlekhan" (Image: TikTok)

A U.S. couple is set to file a plea deal for their role in laundering $4.5 billion in cryptocurrency from the Bitfinex virtual currency exchange in 2016. Federal prosecutors say they moved crypto to hide their tracks, withdrew it from ATMs and used gift cards to spend the money.

See Also: User Entity & Behavior Analytics 101: Strategies to Detect Unusual Security Behaviors

Heather Morgan, a U.S. citizen also known by her rap name "Razzlekhan," and her husband Ilya "Dutch" Lichtenstein, who holds dual U.S. and Russian citizenship, are expected to appear to plead guilty on Aug. 3 before U.S. District Judge Colleen Kollar-Kotelly in Washington, according to a report in the New York Times, citing a court document.

Authorities say the New York couple laundered cryptocurrency now worth $3.6 billion stolen from the Bitfinex virtual currency exchange in 2016. The stolen bitcoin was valued at around $71 million at the time of the theft, but worth over $4 billion at the time of their arrest in February 2022, according to a report from blockchain research firm Chainalysis.

They initiated over 2,000 unauthorized BTC transactions and an approximately 119,754 BTC was transferred from a victim's wallet to an outside wallet controlled by the couple, according to the court document. The multiple small, complex transactions across multiple accounts and platforms "appeared to be designed to conceal the path of the stolen BTC, making it difficult for law enforcement to trace the funds" (see: Bust of Cryptocurrency Couple Shows Money Laundering Risks).

The blockchain research firm said U.S. authorities recovered over 94,000 of the stolen bitcoin following a joint investigation by the FBI, IRS-CI and HSI in February 2022. U.S. authorities in August 2022 recovered an additional 12,267 Bitcoin directly from the wallets of the initial theft.

Finally, they recovered a further 1,155 bitcoins in November 2022 and an 2.5 bitcoins in January 2023. The second, third and fourth recoveries bring the amount recovered by U.S. authorities to over 108,068 bitcoin, according to Chainalysis.

"Between the 2016 hack and the present, Morgan and Lichtenstein engaged in a diverse array of virtual currency transactions, including transacting in numerous altcoins, liquidating BTC through a BTC ATM and purchasing non-fungible tokens," the court document said.

The FBI said in court documents that on Jan. 31, 2022, it executed a search warrant on a cloud storage account used by Lichtenstein and managed to decrypt a file that revealed "wallet 1CGA4s," which "contained a list of 2,000 virtual currency addresses, along with corresponding private keys."

The same cloud storage also contained the accounting spreadsheet, detailing the login information and status of accounts at numerous virtual currency exchanges, including a notation of which accounts had been frozen or emptied.

In addition, the cloud storage account contained a folder named "personas" containing numerous individuals' biographical information and identification documents. Evidence also tied to different darknet vendor accounts that appeared to be offering passports or identification cards for sale.

"The cloud storage account contained a folder holding data files for numerous financial institutions with notes that appear to be reconnaissance of potential laundering avenues," court document said.

They also bought a $500 gift card from Walmart to pay for Uber, Hotels.com charges and buy a PlayStation.


About the Author

Prajeet Nair

Prajeet Nair

Assistant Editor, Global News Desk, ISMG

Nair previously worked at TechCircle, IDG, Times Group and other publications, where he reported on developments in enterprise technology, digital transformation and other issues.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.