The Bitfinex Laundering Story Continues

Federal officials arrested two and seized $3.6B in BTC tied to the 2016 Bitfinex hack. And everyone's paying attention now.

AccessTimeIconFeb 15, 2022 at 6:38 p.m. UTC
Updated May 11, 2023 at 3:48 p.m. UTC
10 Years of Decentralizing the Future
May 29-31, 2024 - Austin, TexasThe biggest and most established global hub for everything crypto, blockchain and Web3.Register Now

The U.S. Congress is holding a slate of hearings right now on cryptocurrencies across different committees. I want to write about them but I think I need some more time to speak to people and put thoughts together. As such, we’ll talk about last week’s House Financial Services Committee stablecoin hearing, Senate Agriculture Committee CFTC hearing and today’s Senate Banking Committee stablecoin hearing next week.

Instead, let’s talk about the story that has everyone else captivated: The alleged Bitfinex hack launderers.

You’re reading State of Crypto, a CoinDesk newsletter looking at the intersection of cryptocurrency and government. Click here to sign up for future editions.

Misfit launderers

The narrative

Ilya Lichtenstein and Heather Morgan, married New York residents, were arrested last Tuesday on charges of money laundering conspiracy and conspiracy to defraud the U.S. in connection with allegations they laundered roughly 25,000 BTC and had access to another 94,000 BTC stolen from Bitfinex in 2016.

Why it matters

We might soon see some $3.5 billion worth of bitcoin reenter the market. The recovery of 94,000 BTC and the arrest of two individuals allegedly tied to the Bitfinex theft was arguably the biggest story in crypto last week, and only partly because of the money involved.

Breaking it down

Where do I even begin with last week?

Last Tuesday, federal officials announced they’d arrested two individuals on charges of money laundering conspiracy in connection with the 2016 Bitfinex hack, which saw just under 120,000 bitcoins (worth around $60 million at the time) stolen in a sophisticated attack.

Ilya Lichtenstein and Heather Morgan then made headlines for being a seemingly (mostly) normal New York couple, just one that happened to have access to what’s now worth more than $4 billion in bitcoin.

Bitfinex used BitGo at the time as its wallet provider, with a multi-signature security setup. (Multisig means you need at least X of Y people with keys to access something, where X > 1. It’s supposed to be more secure than a system where a single individual can access a company’s billions.)

While initial reports suggested there was a server breach at BitGo at the time, the company said it found no evidence of such. Further, Bitfinex held two of the keys. The precise details of the hack itself seem to still be unclear. Worth noting: Federal officials are not charging either defendant with the hack itself, a stance prosecutors reiterated during a pretrial detention hearing on Monday.

Is it possible the two were responsible for the initial hack? Who knows? Anything’s possible. Morgan gave a talk on social engineering and wrote an op-ed on protecting yourself from cybercrime. Lichtenstein appears to have commented about using bitcoin in crime on HackerNews years ago. Nothing here is definitive.

What we do know is the specific allegations laid out and the subsequent testimony from prosecutors. According to the allegations, Lichtenstein and Morgan both had access to some 94,000 BTC (worth around $3.5 billion) that federal officials were able to seize at the end of January.

The two also allegedly had access to much of the remaining 25,000 BTC, which was laundered through various wallets and darknet marketplaces before being cashed out.

Despite these allegations, the part that seemed to get the most attention was the fact that these two just kind of existed in the way they did. Morgan was an aspiring rapper under the moniker “Razzlekhan.” Lichtenstein tweeted complaints about CoinDesk’s coverage.

They took the world by storm. And look, I wasn’t immune, it was a very odd day week but it does also feel like this part is a distraction from the part where they allegedly had ninety four thousand bitcoin at hand.

The questions I have now:

  • What will happen to the bitcoin seized by the feds?

Bitfinex said in a statement it expects to recoup the coins. Former Bitfinex customers will likely also lay a claim. The timeline here is a bit unclear to me.

  • Will we see charges related to the actual hack?

Israeli authorities arrested two individuals three years ago on charges they were behind the Bitfinex hack. I couldn’t find an update on their status. It’s also, again, feasible that our new defendants are behind the hack. It does stretch credulity a bit to suggest that someone hacked Bitfinex and then gave the keys to all 120K BTC to a pair of Wall Street residents.

  • What happened to the 25,000 BTC not already recovered?

Some of these coins have been disposed of to purchase things like gift cards and PlayStations. Some are in different wallets. Prosecutors alleged that some $300 million are still accessible by the defendants. That leaves a ton of BTC not yet recovered.

  • Who locked down Morgan’s YouTube and Instagram accounts?

Her videos are gone, including a Nov. 20, 2021, video of her wedding. November is also when Morgan and Lichtenstein found out their internet service provider had been subpoenaed. Their attorney told a judge they’d been married for three years but the timing is interesting (even if coincidental).

I also want to leave you with CoinDesk’s (in my biased opinion) outstanding coverage of the past week, spearheaded by my colleague Cheyenne Ligon, who not only read the filings but traveled to both hearings to provide on-the-ground reporting:

Super Bowl LVI

Because I watch a lot of football and I make the rules for this newsletter, I’m going to not talk about regulations for a minute. Instead, let’s talk Super Bowl crypto ads. My colleague Will Gottsegan already provided his own ranking of the ads. I’m going to take a different tack: I want to walk through the reactions my friends, who are not into crypto, had.

eToro: This was basically a standard ad, I think. No one really said anything about it. The focus on the ad itself was more on the brokerage business rather than the crypto-specific components.

TurboTax: I won’t lie, I thought this ad they began airing before the Super Bowl was funnier than the one they ran during the Super Bowl. None of my friends commented on the ad.

Crypto.com: Crypto.com has annoyed basically all of my football-loving, crypto-agnostic/crypto-skeptic friends with the Matt Damon ad. The new version, featuring Lebron James and not even mentioning crypto, garnered a lot more praise.

Coinbase: I saw mainly two reactions to the floating QR code. Information security types expressed concern that asking people to scan a random QR code might reinforce less-than-ideal practices. This seems a valid concern, but realistically there's a difference between a QR code paid for by a real, legitimate company advertised during the largest U.S. sporting event of the year and other places. Those QR code menus restaurants have are probably more obvious attack vectors.

The other reaction seemed to be largely curiosity (which seemed to have crashed Coinbase’s website).

FTX: Wait, is Larry David still a crypto skeptic? Or..?

Closing thoughts: Something that struck me was the lack of explicitly marketing crypto. eToro listed crypto as something to invest in like stocks, but FTX and Crypto.com mainly focused on marketing their own services, despite concerns seen on Twitter. This would have seemed unthinkable a year ago. Some of you may remember there was an immense amount of excitement over the possibility of a crypto ad in Super Bowl LV (there ended up being no crypto ads). This year, it was basically seen as inevitable. I’m not sure if this is an Overton Window shift or just a sign of how much money has poured into the industry over the past year. The important part now will be ensuring people don’t get hosed if they decide to invest in a speculative asset that sometimes gets very volatile at 11:00 p.m. on Fridays just as they are ready to wind down for the weekend. My favorite ad had to be Reddit’s. And, like everyone else, I was immensely disappointed we didn’t get a Kenobi ad.

Biden’s rule

Changing of the guard

Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)
Key: (nom.) = nominee, (rum.) = rumored, (act.) = acting, (inc.) = incumbent (no replacement anticipated)

There will be a full Senate Banking Committee markup for the Fed nominees today at 2:15 p.m. Eastern (so presumably shortly after the stablecoin hearing ends).

Elsewhere:

Outside CoinDesk:

  • (The Verge) The Verge’s Corin Faife reports that government agencies are still using biometric (read: face scanning) startup ID.me for official business. The company in question also seems to be struggling a bit due to the amount of work.
  • (Vice) This is a good profile of the overall Web 3 zeitgeist by Motherboard’s Maxwell Strachan. It’s always worth reading and engaging with the criticisms, a lesson some parts of the crypto industry could perhaps learn.

If you’ve got thoughts or questions on what I should discuss next week or any other feedback you’d like to share, feel free to email me at nik@coindesk.com or find me on Twitter @nikhileshde.

You can also join the group conversation on Telegram.

See ya’ll next week!

CORRECTION (Feb. 15, 2022, 23:35 UTC): Corrects that BitGo said it did not suffer server breach, clarifies that while BitGo offered a wallet service, this is not the same as the custodian services it offers at present.

Disclosure

Please note that our privacy policy, terms of use, cookies, and do not sell my personal information has been updated.

CoinDesk is an award-winning media outlet that covers the cryptocurrency industry. Its journalists abide by a strict set of editorial policies. In November 2023, CoinDesk was acquired by the Bullish group, owner of Bullish, a regulated, digital assets exchange. The Bullish group is majority-owned by Block.one; both companies have interests in a variety of blockchain and digital asset businesses and significant holdings of digital assets, including bitcoin. CoinDesk operates as an independent subsidiary with an editorial committee to protect journalistic independence. CoinDesk employees, including journalists, may receive options in the Bullish group as part of their compensation.

Nikhilesh De

Nikhilesh De is CoinDesk's managing editor for global policy and regulation. He owns marginal amounts of bitcoin and ether.


Learn more about Consensus 2024, CoinDesk's longest-running and most influential event that brings together all sides of crypto, blockchain and Web3. Head to consensus.coindesk.com to register and buy your pass now.