Cryptocurrency Fraud , Cybercrime , Fraud Management & Cybercrime
Feds Seize $3.6 Billion in Allegedly Stolen Cryptocurrency
New York Couple Charged With Laundering Bitcoins Stolen From Bitfinex ExchangeA flashy, social media-savvy married couple is facing federal charges for allegedly conspiring to launder billions of dollars of cryptocurrency stolen from the Bitfinex exchange in 2016.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
In one of the more shocking cryptocurrency cases of the year so far, the U.S. Department of Justice announced that Ilya Lichtenstein, 34, and Heather Morgan, 31, have been arrested and charged. Investigators have seized $3.6 billion in bitcoin. According to the DOJ, the funds were tied to the 2016 hack of Bitfinex, in which around $4.5 billion in cryptocurrency was stolen.
Blockchain experts are calling this arrest one of the most unprecedented" in U.S. history because it is currently the largest cryptocurrency seizure to date.
Prosecutors allege that a bitcoin wallet belonging to Lichtenstein received 119,754 bitcoins in more than 2,000 transactions after a hacker breached Bitfinex's systems. Over the last five years, some 25,000 bitcoins were transferred out of that wallet and laundered, the DOJ alleges.
But the remainder of the funds, around 94,000 bitcoins, remained in that original wallet. Investigators obtained search warrants to gain access to Lichtenstein's online accounts. They uncovered the private keys for the wallet that received the Bitfinex funds, which were seized, the DOJ says.
"In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions," Deputy Attorney General Lisa Monaco said in a statement. "Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes."
Bitfinex, the British Virgin Islands-registered digital asset trading platform, tweeted that it had been cooperating with law enforcement authorities and said it was pleased with the development.
We’ve been cooperating with DOJ since its investigation began and appreciate the dedication and hard work by the DOJ team that led to this great success. Learn more https://t.co/RAlgJO0ggN
— Bitfinex (@bitfinex) February 8, 2022
Lichtenstein and Morgan were not charged with actually hacking Bitfinex itself. The couple, who are charged with money laundering conspiracy and conspiracy to defraud the United States, could face up to 25 years in prison.
Profiling the Accused
Lichtenstein and Morgan used "numerous sophisticated laundering techniques" to carry out this crime, according to the DOJ. A few of the techniques outlined by the DOJ include creating online accounts with fake identities, spreading funds across a variety of virtual exchange platforms and darknet markets to cover the trail of deposits and withdrawals and using business-linked bank accounts to "legitimize" their activity.
"Despite the lengths the accused went to cover their tracks - including depositing portions of the proceeds to darknet markets and various cryptocurrency exchanges, converting Bitcoin to Monero and back again, and automating and layering transactions when moving the funds - they were still caught," says Ronghui Gu, co-founder of CertiK, a blockchain security firm.
Anthony Pompliano, an early investor in cryptocurrency, zeroed in on the couple's portrayal as social media influencers as well as Morgan being a Forbes contributor.
One of the Bitfinex hackers was verified on Twitter and wrote articles for Forbes.
— Pomp (@APompliano) February 8, 2022
Unreal.
The couple's public persona - which is marked by a string of intriguing social media comments and crypto-spending habits - chronicles a series of unusual endeavors that may have assisted in leading to their arrest, according to The Daily Beast.
John Bambenek, principal threat hunter at Netenrich, says the way the suspects stored the cryptocurrency made it possible for law enforcement officials to act.
"Bitcoin is only as secure as the holder of the wallet’s private key. For reasons unknown, the suspects here stored the private key on a cloud storage account," he says. "This made it trivial for law enforcement to lawfully seize the ill-gotten assets. 'Perfect' use of cryptocurrency can be resilient to the efforts of law enforcement. Thankfully, perfect use is extremely difficult."
On American Turf
Ari Redbord, a former U.S. Treasury official, called the arrests "unprecedented," noting that the case represents the largest crypto seizure on record.
"Large hacks are usually perpetrated by nation-state actors like North Korea or cybercriminals beyond the jurisdictional reach of U.S. law enforcement. The arrests in New York today may really help investigators understand how and why these actors laundered billions of dollars," he tells Information Security Media Group.
Redbord, who is currently the head of legal and government affairs for TRM Labs and is also an ISMG contributor, says this case is an example of how with the right tools, law enforcement agencies can follow trails on blockchains.
U.S. agencies "followed the funds across time and the blockchain. If the laundering had occurred through an opaque web of shell companies, hawalas and bulk cash smuggling, they would not have been recovered," Redbord says.
And Karl Steinkamp, director of delivery transformation and automation at Coalfire, says the arrests speak to wider regulatory gaps in the crypto space. He says such gaps have "allowed fraud and abuse to persist."
"Several, but not all, of the financial entities did attempt to obtain Know Your Customer information from the co-conspirators," he says. "The regulation of the crypto asset space is an inevitable next step for more widespread adoption, supported by the Bank Secrecy Act of 1970, in order to help protect U.S.-based individuals, companies and countries from fraud and abuse. Outside of the U.S., however, regulation varies per country, which may continue to permit fraud and money laundering by bad actors."