On August 2, 2016, Bitfinex – notably one of the largest virtual currency exchanges in the world – experienced a massive security breach.
In a span of fewer than two hours, around 120,000 Bitcoins (BTC) had been stolen from Bitfinex and spread across 2,075 different crypto addresses under the control of the hacker(s).
On February 8, 2022, law enforcement made the arrest of Ilya Lichtenstein and his wife, Heather Morgan in connection with the alleged hack in New York, NY.
As noted by blockchain security firm Chainalysis, 94,643 BTC valued at around $3.6B have now been recovered via a joint effort between IRS-CI, FBI and HSI in connection with the hack.
From the complaint, it is “clear that the permanence of the blockchain contributed significantly to the recovery of assets,” the team at Chainalysis noted. They added that blockchain shows a permanent record of the funds “stolen from Bitfinex to the hackers’ wallet, and the transfer to a US government-controlled address.” This transparency shows “very clearly that the funds taken from the victim, Bitfinex, are now in the possession of the US government.”
The team at Chainalysis added:
“This marks the largest recovery of assets from a theft in history. As hackers continue to target businesses and individuals, this case demonstrates how the permanent record left by the blockchain can assist in recovery. Law enforcement now has the technology and techniques to keep the industry safe.”
Blockchain security firm Elliptic also mentioned that the US Department of Justice (DoJ) noted that about 21% of the stolen bitcoins have been “moved and laundered over the past five years – a process that Elliptic has been tracking through blockchain analytics.”
The DoJ confirmed Elliptic’s findings that the stolen crypto-assets were laundered using a variety of techniques, including:
“utilizing computer programs to automate transactions, a laundering technique that allows for many transactions to take place in a short period of time; depositing the stolen funds into accounts at a variety of virtual currency exchanges and darknet markets and then withdrawing the funds, which obfuscates the trail of the transaction history by breaking up the fund flow ”
Elliptic’s analysis showed that a variety of money laundering techniques were used, including “sending the funds through darknet markets such as Alphabay and Hydra.” More recently, the Wasabi Wallet privacy wallet was used “to attempt to hide the blockchain money trail.”
As noted by Elliptic, the arrest warrant describes “exactly how the suspects were identified.” In January 2017, a small portion of the stolen bitcoins were moved, and sent via Alphabay, a darknet marketplace. This was likely done “to hide the blockchain trail.” Services like Alphabay pool all user funds together, “making it impossible for anyone other than Alphabay to link incoming bitcoin transactions with outgoing ones.” The launderers effectively used Alphabay as a “mixer,” the team at Elliptic explained.
But in July 2017 Alphabay was “seized and shut down by law enforcement.” This likely “allowed them to access Alphabay’s internal transaction logs, which would enable them to trace the stolen Bitfinex funds through Alphabay.” The warrant shows “exactly this being done – the funds are traced out of Alphabay, and on to a cryptocurrency exchange account in the name of Lichtenstein.”
The remainder of the stolen funds, now valued at $4.1 billion, were “moved to a new wallet just last week, the first movement of these funds since the 2016 theft.” This appears “to represent the seizure of the bitcoins from Lichtenstein and Morgan, by law enforcement.”
This demonstrates that even when sophisticated money laundering techniques are used, blockchain records still “allow law enforcement to link criminal activity to individuals, and bring them to justice.”
Bill Callahan from the Blockchain Intelligence Group told Crowdfund Insider:
“The tremendous work done by the agents and prosecutors, as evident in the Statement of Facts, leading up the arrests and seizure is the first phase of what will be a long and arduous legal process. While the defendants will now make their way through a criminal legal process, the seized funds will also go through a legal forfeiture process, that could take place as part of a criminal or civil action, this could tie up the funds for several years. Before the U.S. Government writes a check for $4.5 billion to Bitfinex, potential victims or claimants may file a legal action, and make a claim for all or a portion of the funds. They will have an opportunity to prove that their claim is justified and will likely rely on blockchain analytics and expert testimony to support their claims.”
He added:
“Today, law enforcement has access to sophisticated software that allows them to cross-reference multiple pieces of data across DeFi exchanges and tokens. In this case, law enforcement obtained the cloud storage account and eventually decrypted files, uncovering the private keys to over 2,000 addresses, leading to the seizure. They likely followed the virtual money from one account to the next to make a connection to the alleged criminals.”
He also mentioned:
“Digital currencies make it harder for criminals to hide stolen funds and launder ill-gotten gains, and in this instance, Walmart gift cards were likely a contributing factor to the undoing of this massive hack. According to the DOJ’s Statement of Facts, the arrested couple sent the stolen bitcoin to a Virtual Currency Exchange that sells prepaid gift cards in exchange for BTC. A $500 Walmart gift card transaction was conducted through an IP address linked to a cloud service provider, and they used the gift card to purchase personal items that were delivered to their home address.”
He continued:
“The agents on this case showed their aptitude in navigating the complexities of cryptocrimes, and agents, prosecutors, and analysts will work just as hard in the coming months and years, as the agents did who executed this seizure. As we see a larger adoption of cryptocurrency, this case highlights the growing importance for law enforcement at all levels to build broader awareness and education relating to cryptocrimes.”