- Bitfinex says it is entitled to the return of more than 94,000 Bitcoins as the "victim" of the hack.
- That may be unlikely given the company is under a cloud of regulatory and possibly criminal trouble.
Decrypt’s Art, Fashion, and Entertainment Hub.
The Justice Department announced on Tuesday that U.S. law enforcement seized over 94,000 Bitcoins from a New York-based tech entrepreneur and his aspiring-rapper wife. The crypto seizure, related to a 2016 hack, was the biggest of all time—worth nearly $4 billion—and raises the question of who gets to keep all those Bitcoins.
In many seizures, the government will return the funds to victims. That's what happens when law enforcement nabs a swindler who has defrauded senior citizens or hacked a bank account. But in this case, the outcome is uncertain because of the victim in the case: an offshore crypto exchange called Bitfinex.
Shortly after the news of Tuesday's seizure, Bitfinex announced it would "establish our rights to a return of the stolen bitcoin," but there's no guarantee it will get them—not least because the company is engulfed in a series of investigations surrounding its business and accounting practices. According to lawyers, the case over who gets the Bitcoins could turn into a jump-ball between Bitfinex, its customers, and the government.
Founded in 2012 as a platform to exchange Bitcoin, Bitfinex is the subsidiary of a company called iFinex, which is registered in the British Virgin Islands. The 2016 hack, which saw thieves make off with more than 120,000 Bitcoins, was a calamity for the company and for the crypto markets, which briefly plunged 20 percent on the news.
The hack punched a major hole in Bitfinex's coffers and led the company to impose a 36% "haircut" on its entire customer base, including those who owned coins other than Bitcoin. To assuage outrage over the haircut, the company also gave customers IOUs in the form of a token called BFX.
Bitfinex told the customers it could redeem the BFX tokens for shares in iFinex or, eventually, for stablecoins worth the equivalent of the value of the crypto they had lost as a result of the haircut. And, importantly, accepting the BFX tokens may have forced customers to waive their right to sue.
In any event, Bitfinex redeemed all of the outstanding BFX tokens within a year, giving customers stablecoins in their place. Meanwhile, those who chose to redeem their BFX tokens for iFinex shares also received another token called RRT—tokens that came with the promise of a payout in the event Bitfinex recovered the funds lost in the attack.
All of this helped Bitfinex quickly extricate itself from the financial catastrophe of the 2016 hack. But in other respects, the company's troubles were just beginning—specifically when it came to regulators.
At the time of the hack, governments had already grown concerned over Bitfinex's lack of oversight—unlike exchanges such as Coinbase or Gemini, it failed to impose so-called know-your-customer (KYC) requirements that are intended to curtail criminal activity.
Meanwhile, Bitfinex's parent company iFinex began to attract scrutiny from regulators and investors alike over its opaque accounting and governing practices, particularly when it came it its other subsidiary, the stablecoin company .
On several occasions, it appeared that iFinex was sloshing funds back and forth between the two companies, regulators say. The most glaring example came in 2019 when European governments, citing criminal activity, seized $850 million from Bitfinex's payment processor, Crypto Capital–leading Bitfinex to patch the hole with a stablecoin loan from Tether.
Then there is the matter of Tether's own finances. The company has repeatedly refused to undergo a professional audit from a major accounting firm, leading many to wonder if portions of Tether's stablecoin reserves are backed by anything at all. This situation led BusinessWeek to publish a cover story titled "Anyone seen Tether's Billions?"—and to New York's Attorney General to fine the company over alleged misconduct with its books.
While the state of New York has been swarming over the company, so too has the Justice Department, and it's likely other agencies like the SEC are examining iFinex for regulatory, and possibly criminal, misconduct.
Who gets the money?
All of this means the U.S. government is now in a position where it must decide whether to return the funds from the 2016 hack to the "victim"—a victim whose hands, in the eyes of regulators, appear far from clean. Lawyers interviewed for this story were skeptical that will happen.
"They could refuse on the grounds that the money is itself the proceeds of crime ... There is a general skepticism about iFinex and Tether among the legal community. Maybe they get the billions back, maybe they don't," said a veteran crypto attorney who was not authorized to speak publicly about the case.
The situation is more complicated still because both Bitfinex and its customers may owe the U.S. government in the form of fines and unpaid tax bills. David Silver, a Florida-based crypto lawyer, noted that Bitfinex's failure to impose KYC requirements means it is even harder to determine who owes what.
"Verifying account holders is going to be very interesting. If I was forced to venture a guess, I would think the government will want to be in control of the distribution of funds so it can identify and tax everybody. Big brother isn’t letting all of this money get away," said Silver.
In a statement issued shortly after the Justice Department announced the seizure, Bitfinex said it expected to receive the recovered funds and would use them to honor an earlier pledge to use 80% of them to "burn" the platform's native token known as LEO.
Burning the LEO tokens—which are used to receive discounts and other perks on Bitfinex—would result in a smaller supply, and the price of the remaining ones to surge. And indeed, LEO tokens have already popped over 80% following news of the seizure, and so have the RTR tokens that iFinex issued as de facto lottery tickets to those who accepted shares following the 2016 hack.
The spike in the price of LEO and RTR tokens may please some Bitfinex customers but is unlikely to assuage many of those subject to the original 2016 haircut. According to the anonymous operator of Bitfinexed, a popular Twitter account critical of the company, customers still feel cheated because they were forced to accept dollars instead of Bitcoins as restitution—a problem since Bitcoin is worth ten times what it was in 2016.
"Customers should be filing claims. In my opinion, Bitfinex dollarized the losses and should, in a fair world, get back the $72 million dollars [it paid out at the time], then everyone else gets their Bitcoins back pro-rate," said the Bitfinexed account holder in messages to Decrypt. The person also said they believed that any clauses forbidding customers to sue would be found invalid.
The account holder, echoing Silver, also suggested that the U.S. government is likely to keep at least a portion of the recovered Bitcoins to offset the costs of its investigations and to collect fines and taxes from Bitfinex.
"[There's] the possibility that the U.S. government was playing nice to get help from Bitfinex regarding the hacked Bitcoins, [and] now the gloves can come off," they added.
In response to how Bitfinex will respond to new legal claims by customers or the federal government, the company simply directed Decrypt back to its initial statement that said it expects to recover the funds.
The Justice Department, meanwhile, said earlier this week it would set up a claims process related to the recovered Bitcoins but did not provide further details about how or when this would occur. The agency did not respond to a request for additional information.
The upshot is that the Justice Department is likely to be sitting on the over $4 billion in Bitcoins it seized for a while—an amount that could be much higher if Bitcoin recovers from a recent slump.
"Shit's gonna get crazier before it gets less crazy," said the veteran crypto lawyer.