On February 8, the Department of Justice (DOJ) announced the arrest of Ilya Lichtenstein and Heather Morgan on charges of conspiracy to launder cryptocurrency stolen during the 2016 Bitfinex hack, and conspiracy to defraud the United States.
The story has captured mainstream fascination this week like few other crypto stories do, in particular because people have been fascinated with the alleged culprits, who showed off their New York City social lives and rapped on Instagram and TikTok.
As Bitcoin analyst Jason Deane of Quantum Economics told Decrypt, “It seems impossible to marry the sheer extent of the alleged crime with the meme-rich videos of these two ‘influencers’ who appear as far away from being master criminals as it is possible to be."
Here’s what we know thanks to the public legal documents: The DOJ seized $3.6 billion worth of Bitcoin; both Lichtenstein and Morgan have been charged with conspiracy to launder cryptocurrency, and conspiracy to defraud the U.S.; and if found guilty, both parties face up to 20 years in prison.
Simple enough, right? But there's plenty about this saga that we still don't know.
Why did they get caught?
According to the DOJ press release, both Lichtenstein and Morgan allegedly employed “numerous sophisticated laundering techniques.”
These included using fake identities to set up online accounts, automating transactions, and depositing stolen funds into accounts at several exchanges and darknet marketplaces. IRS Criminal Investigation chief Jim Lee described the scheme as “methodological and calculated.”
Over the last five years, approximately 25,000 BTC underwent a complicated money laundering process before allegedly being deposited in financial accounts controlled by both parties.
The sheer amount of time that has gone by since these events begs the question—why did these alleged master criminals get caught now?
Lichtenstein stored his crypto keys (private access codes to a wallet) in the cloud, which didn't help. After establishing a search warrant, law enforcement accessed a file saved to Lichtenstein’s cloud account which contained 2,000 virtual currency addresses—as well as the corresponding private keys needed to access the funds.
“I think the entire case was cracked primarily because of poor infosec on behalf of the alleged criminals,” computer programmer and crypto critic Stephen Diehl told Decrypt.
Where is the Bitcoin now?
According to the criminal complaint that accompanied the DOJ press release, the funds seized by law enforcement remain “secured in the U.S. Government’s possession.”
Based on previous cases, we can only speculate what might happen next. In March 2021, the US General Services Administration auctioned off 0.7501 Bitcoin at a 21% premium, which, at the time, netted the government about $53,000. The government never said how it came to be in possession of that Bitcoin stash, but it also auctioned off a selection of forfeited items including cars, a storage container, and a tractor.
On other occasions, the US government has auctioned off illicit Bitcoin recovered from criminal cases. In February 2020, it sold 4,000 BTC (worth $37 million at the time) that had been forfeited in a series of federal, civil and administrative cases. In 2014, it auctioned 30,000 BTC ($19 million at the time) seized from the now-closed dark web marketplace Silk Road.
The government could also use its freshly seized Bitcoin to entice dark web informants to come forward with information on hackers seen as threats to the country’s national security. Since 1984, the State Department has had a “Rewards for Justice” program running that offers up to $10 million for information about individuals or groups participating in cyber activity against the United States.
Last summer, the government began offering these bounties in cryptocurrency. “Finding people where they are and reaching them with the technology on which they are most comfortable, I think, is the name of the game for Rewards for Justice,” a State Department official told CNN at the time.
What about the hack itself?
It’s worth reiterating that Lichtenstein and Morgan have not been charged with participating in the 2016 Bitfinex hack itself.
The DOJ press release says Lichtenstein and Morgan conspired to launder the stolen funds after a hacker “breached Bitfinex’s systems and initiated more than 2,000 unauthorized transactions.” Those 2,000 accounts were uncovered when law enforcement decrypted a file saved on Lichtenstein’s cloud storage.
Crucially, the criminal complaint adds that “blockchain analysis confirmed almost all of those addresses were directly linked to the [Bitfinex] hack.”
This begs another question: were Lichtenstein and/or Morgan involved in the hack itself, or might they have had a relationship with the hacker? We do not know, but it is likely this question—also asked by crypto journalist Laura Shin—gets raised during future court proceedings.
Overall, some onlookers may view the arrest and the seizure of the stolen Bitcoin—albeit years after the Bitfinex hack itself—as a sign that crime doesn’t pay, even in crypto land. For others, the Bitfinex arrests, like the hack of The DAO in 2016 and the Silk Road takedown in 2013, may merely be another reminder of Bitcoin's lingering image problem.