#7 - How DOJ found the Bitfinex money launderers
The Department of Justice (DOJ) of the United States announced the arrests of Ilya Lichtenstein and Heather Morgan, accused of laundering around 120,000 Bitcoins at a current valuation of $4.6 billion. The stolen Bitcoins probably came from the Bitfinex crypto exchange hack of 2016. They also seized over $3.6 billion in cryptocurrency linked to that hack.
In 2016, the value of the 119,756 BTC stolen from Bitfinex was roughly $66m. The Bitfinex theft was the most considerable loss of bitcoins after Mt Gox lost 744,408 BTC in early 2014 (worth $350m). The most likely cause of the hack was a vulnerability in the Multi-signature process developed by Bitfinex and Bitgo. As a result, the exchange reduced the accounts of every customer on the platform by more than 30 percent to average out the loss and credited them with a new token called BFX.
But Lichtenstein and Morgan are not precisely what we can imagine as partners in crime. It seems that the crypto ecosystem, like a parody of the financial system trying to disrupt, also parodies the traditional concept of criminal masterminds. Here goes a “selection” of some of Morgan’s online presence:
Morgan defines herself as a “renaissance woman, an entrepreneur/economist/influencer/surreal artist/comedian/self-described”. Her presence in every social media platform is massive, with hundreds of videos posted online. If you want to flagellate, you can try and google for her rapper battle name “Razzlekhan”.
Her husband Ilya is a Russian-American tech entrepreneur. He founded several companies, being MixRank the most relevant. The DOJ is examining his latest ventures as part of the laundering schema. They are investigating if the customers of these companies exist or they pretended to have customers and inflated the revenue with the stolen crypto. These companies had workers in Russia, Vice contacted some of them and it seems they were doing real stuff.
The DOJ considers these companies a shell to visit Russia and Ukraine to set up false identities and create a financial structure in those countries: They “have established financial accounts in Russia and Ukraine, and appear to have been setting up a contingency plan for a life in Ukraine and Russia before the COVID-19 pandemic.”
But how did they do it? Right after the Bitfinex hack, all the Bitcoins were moved to a single wallet. The majority of the stolen Bitcoins have remained in that wallet, without many updates. Due to the open (and transparent) nature of the Bitcoin blockchain, researchers and investigators have tracked the funds’ movements. Between 2016 and 2017, part of the Bitcoins were transferred to AlphaBay. Alphabay was a darknet marketplace offering from drugs to ‘mixer’ services. A ‘mixer’ is a service that hides a cryptocurrency’s source by mixing it with other funds and can be used as a laundering service for criminals. In 2017 Alphabay was shut down by the authorities and all the servers, databases, and logging information was seized.
The Department of Justice were able to access internal databases and logs of Alphabay and they could determine that the destination of some of the mixer services used by the owner of the wallet of the Bitfinex hack were a list of accounts in several crypto exchanges. These so-called Virtual Currency Exchanges (VCE in the DOJ terminology) were either in the name of Lichtenstein or Morgan or in the name of one of their companies.
One of the most shocking discoveries about this investigation is the crucial evidence of the case: Ilya Lichtenstein, the mastermind behind the laundering schema, stored all the information in multiple password-protected files in a cloud storage account he owned (I read in Twitter it was Apple Cloud, but I couldn’t verify it). Thanks to a search warrant, investigators obtained a copy of the files. Once the agents were able to decrypt them, they could access the Bitfinex hack's wallet. Game over.
But is this the end of the case? No. Because the money laundering schema is only part of the mystery of the Bitfinex hack. They are not accused of stealing or hacking Bitfinex; they’re charged with conspiracy to launder Bitcoin. So this is not over yet.
The music snippet
Flu is killing me and this week the newsletter is shorter. Some adrenaline to kickstart me.