Bitfinex Hacker Sentenced to 5 Years, Guilty of Laundering $10.5 Billion in Bitcoin
https://firewall.firm.in/wp-content/uploads/2024/11/bitcoin.png
Ilya Lichtenstein, who pleaded guilty to the 2016 hack of cryptocurrency stock exchange Bitfinex, has been sentenced to five years in prison, the U.S. Department of Justice (DoJ) announced Thursday.
Lichtenstein was charged for his involvement in a money laundering scheme that led to the theft of nearly 120,000 bitcoins (valued at over $10.5 billion at current prices) from the crypto exchange. Heather Rhiannon Morgan, his wife, also pleaded guilty to the same crimes last year. They were both arrested in February 2022. Morgan is scheduled to be sentenced on November 18.
“Lichtenstein, 35, hacked into Bitfinex’s network in 2016, using advanced hacking tools and techniques,” the DoJ said in a press statement. “Once inside the network, Lichtenstein fraudulently authorized more than 2,000 transactions transferring 119,754 bitcoin from Bitfinex to a cryptocurrency wallet in Lichtenstein’s control.”
TRM Labs said Lichtenstein exploited a vulnerability in Bitfinex’s multi-signature withdrawals setup, which back then would have required at least two signatures — one each from Bitfinex and a third-party digital asset trust company called BitGo — to approve a withdrawal.
“However, Lichtenstein found a way to bypass BitGo’s approval process, effectively allowing him to initiate and authorize withdrawals from Bitfinex without triggering the required BitGo approval,” the financial intelligence firm said.
Besides taking a string of actions to cover up the tracks by deleting access credentials and other log files from Bitfinex’s network, the couple is said to have used fictitious identities to set up online banking accounts to launder the proceeds, depositing them in darknet markets and cryptocurrency exchanges.
The funds were eventually withdrawn, converted to other cryptocurrencies (a technique referred to as chain hopping), depositing a chunk of the ill-gotten assets into mixing services like Bitcoin Fog, converting them to fiat currency and moving to a U.S. bank account, and exchanging a portion of the crypto for gold coins.
The development comes days after Roman Sterlingov, the 36-year-old founder of Bitcoin Fog, was sentenced to 12 years and six months in prison for facilitating money laundering activities between 2011 and 2021. Earlier this year, Lichtenstein had testified in court that he had used Bitcoin Fog 10 times to launder the virtual assets.
Blockchain analytics firm Chainalysis previously revealed how the couple’s purchase of Walmart gift cards using the stolen bitcoin at an unnamed virtual currency exchange eventually proved to be their undoing, after it was found that the gift cards were redeemed using the retail giant’s iPhone app under an account in Heather Morgan’s name.
“That enabled agents to get a search warrant for Lichtenstein and Morgan’s home and cloud storage accounts, where they found files containing details of the cryptocurrency addresses used to move the stolen funds — including their private keys — along with the false information used to open accounts at cryptocurrency exchanges and plans to acquire fake passports,” Chainalysis said.
“That discovery enabled investigators to trace the flow of funds in its entirety.”
According to the Associated Press, Morgan is a business owner and writer. She also adopted the alter ego Razzlekhan to perform rap songs and record videos for her music. The pair had been living in San Francisco at the time of the hack.
“Lichtenstein masterminded and orchestrated the Bitfinex hack without telling [Morgan],” prosecutors said. “He also initially solicited the defendant’s assistance without explaining exactly what he was doing. The defendant was certainly a willing participant and bears full responsibility for her actions, but she was a lower-level participant.”
Chinese National Faces 20 Years in U.S. Prison for Pig Butchering Scam
The sentencing also follows a guilty plea from Daren Li, 41, for partaking in a criminal scheme to launder $73.6 million stolen through cryptocurrency investment scams using a network of shell companies and international bank accounts. Li was arrested back in April 2024 at Atlanta. He is expected to be sentenced next March.
“Li admitted that he conspired with others to launder funds obtained from victims through cryptocurrency scams and related fraud,” the DoJ said. “In furtherance of the conspiracy, he communicated with his co-conspirators through encrypted messaging services.”
“In order to conceal or disguise the nature, location, source, ownership, and control of the fraudulently obtained victim funds, Li would instruct co-conspirators to open U.S. bank accounts established on behalf of shell companies and would monitor the receipt and execution of interstate and international wire transfers of victim funds.”
The funds were subsequently deposited to financial accounts under their control, after which they would be converted to virtual currency like Tether, and distributed to wallets owned by Li and his co-conspirators. Li faces a maximum penalty of 20 years in prison.
“Financial criminals and the money launderers who enable them wreak untold harm, ruining lives in the process,” said U.S. Attorney Martin Estrada for the Central District of California. “Investors should be diligent and on guard against anyone offering quick riches via new, exotic investments. A healthy dose of skepticism could prevent financial ruin down the road.”