Security news that informs and inspires

DoJ Seizes $3.6 Billion in Bitcoin Stolen From Bitfinex Hack

The Department of Justice (DoJ) on Tuesday said that it seized $3.6 billion in bitcoin - its largest cryptocurrency seizure ever - that was stolen as part of a 2016 hack of virtual currency exchange Bitfinex. In addition, U.S. officials announced that two individuals were arrested for allegedly playing a central role in laundering cryptocurrency stolen in the hack.

After a hacker breached Bitfinex’s systems in August 2016, the two arrested individuals, Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, both of New York, allegedly conspired to launder the proceeds of 119,754 bitcoin that were stolen from the platform. At the time of the breach, the valuation of that 119,754 bitcoin was around $71 million; now, due to the increase of bitcoin's value since the breach, the value of the stolen funds has soared to $4.5 billion as of February. The arrest and cryptocurrency seizure comes as the federal government continues to crack down on cybercriminals using cryptocurrency exchanges for money laundering, ransomware payments and other illicit activities.

“Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system,” said Assistant Attorney General Kenneth A. Polite Jr., of the DoJ's Criminal Division, in a statement. “The arrests today show that we will take a firm stand against those who allegedly try to use virtual currencies for criminal purposes.”

Sophisticated Money Laundering Tactics

Court documents painted a “complicated money laundering process” that began with the hacker behind the cyberattack sending stolen bitcoin to a digital wallet under Lichtenstein’s control, and ended with some of the stolen funds being deposited into financial accounts allegedly controlled by Lichtenstein and Morgan. The remainder of the stolen funds that weren’t deposited, amounting to more than 94,000 bitcoin (valued at $3.6 billion at the time of seizure), remained in the digital wallet. The DoJ said that special agents were able to obtain access to this digital wallet - giving them the ability to seize this amount - after a court-authorized search warrant of online accounts led them to a file containing private keys for the digital wallet.

The duo allegedly utilized several sophisticated laundering techniques, including using programs to automate transactions in a way that enabled them to make many transactions in a short period of time. Federal prosecutors said that they also deposited stolen funds into accounts at a variety of virtual currency exchanges and darknet markets, such as darknet market AlphaBay, before withdrawing them, which helped obfuscate the trail of the transaction history by breaking up the fund flow.

The pair also allegedly relied on a well-known practice known as chain-hopping, where they converted bitcoin to anonymity-enhanced currency (AEC), a type of virtual currency that use non-public or private blockchains, in order to obfuscate the origin of their funds. In order to make their banking activity appear legitimate, the two allegedly utilized U.S.-based business accounts and set up online accounts using fictitious identities.

Many of these money laundering tactics were illustrated by a FinCEN report in October that shed light on the various ways that attackers are leveraging cryptocurrency exchanges to transfer funds. The report noted an increase in the use of AECs like Monero in 2021, for instance. The use of AECs, which is one of the methods allegedly used by Lichtenstein and Morgan, gives cybercriminals an easy way to sidestep policies aimed at rooting out suspicious activities, such as the Anti-Money Laundering/ Combating the Financing of Terrorism (AML/CFT) compliance controls, a set of regulations that financial institutions follow to detect and prevent money laundering.

Crackdown on Illegal Cryptocurrency Transactions

Overall, on the heels of several significant ransomware attacks last year, the federal government is taking steps to crack down on cryptocurrency payments used for money laundering. In October, the DoJ announced the formation of the National Cryptocurrency Enforcement Team, a new team focused on cryptocurrencies, exchanges, and enforcing federal financial laws in how they operate (of note, a DoJ spokesperson said that the NCET is still being staffed up and is not part of this announcement). Also in October, the Treasury Department’s Office of Foreign Assets Control (OFAC) issued guidance for promoting sanctions compliance in the cryptocurrency industry.

According to the DoJ, Lichtenstein and Morgan are charged with conspiracy to commit money laundering, which carries a maximum prison sentence of 20 years, and conspiracy to defraud the U.S., which carries a maximum prison sentence of five years. Of note, the two are not being accused of carrying out the initial hack of Bitfinex itself, but instead for their part in laundering the money stolen from the cyberattack. The two are scheduled to make appearances in federal court on Tuesday afternoon.

Bitfinex, which was founded in 2012 and is based in Hong Kong, said in a statement it was “pleased” with the recovery of the stolen bitcoin.

“We have been cooperating extensively with the DOJ since its investigation began and will continue to do so,” according to the Bitfinex statement. “Bitfinex will work with the DOJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin. Bitfinex intends to provide further updates on its efforts to obtain a return of the stolen bitcoin as and when those updates are available.”