The case of the Bitfinex 120,000 Bitcoin theft: hacker identity, investigation process, and market impact

Author: Colin Wu, Wu Says Blockchain

Original Title: "Bitfinex 120,000 Bitcoin Theft Case Solved: Causes and Consequences, Hacker Identity Revealed, Market Crash Unlikely"

On February 9, Beijing time, the U.S. Department of Justice disclosed that two individuals were arrested in Manhattan on the morning of February 8, charged with conspiracy to launder cryptocurrency that was stolen during a hack of the virtual currency exchange Bitfinex in 2016, currently valued at approximately $4.5 billion. The arrested individuals, 34-year-old Ilya Lichtenstein and his 31-year-old wife Heather Morgan, both reside in New York City. Lichtenstein and Morgan are charged with conspiracy to launder money, which carries a maximum sentence of 20 years in prison, and conspiracy to defraud the U.S. government, which carries a maximum sentence of 5 years in prison. However, they were (strangely) not charged with the hacking itself. At least since November of last year, after a subpoena was received by one of their service providers, the defendants had already "realized" the investigation but did not flee before their arrest. The two are currently out on bail of $5 million and $3 million.

In 2016, 119,756 bitcoins were stolen from Bitfinex user accounts, making it the second-largest bitcoin theft case after the Mt. Gox incident. As a result, bitcoin plummeted 23% that day. After the 2016 theft, the exchange offered BFX Tokens to all affected users. Each token represented a loss of $1. These BFX tokens began trading on Bitfinex at a price below $0.20 and gradually appreciated to nearly $1. Redemptions began on September 1, 2016, with the last BFX redeemed in early April 2017. Over 52 million BFX were converted to shares of iFinex Inc. at a 1:1 ratio. There were rumors in the market that Zhao Dong, a well-known figure in the industry, became a minor shareholder of Bitfinex at that time.

After hackers infiltrated Bitfinex's system and initiated over 2,000 unauthorized transactions, Lichtenstein and Morgan conspired to launder the proceeds from the theft of 119,754 bitcoins from the Bitfinex platform. These unauthorized transactions sent the stolen bitcoins to digital wallets controlled by Lichtenstein. Over the past five years, approximately 25,000 of the stolen bitcoins were transferred out of Lichtenstein's wallet through a complex laundering process, some of which were deposited into financial accounts controlled by Lichtenstein and Morgan. The remaining stolen funds, including over 94,000 bitcoins, still remain in wallets used to receive and store the hackers' illicit proceeds. After executing a court-authorized search warrant on online accounts controlled by Lichtenstein and Morgan, agents gained access to files in Lichtenstein's online accounts. These files contained the private keys needed to access the digital wallets that directly received the stolen funds from Bitfinex, allowing agents to legally seize and recover over 94,000 bitcoins stolen from Bitfinex. At the time of seizure, the recovered bitcoins were valued at over $3.6 billion. (On February 1, according to Whale Alert, 64,633 BTC from the 2016 Bitfinex theft wallet were transferred to an unknown wallet, suspected to be part of the U.S. Department of Justice's ongoing fund removal.)

The criminal complaint states that Lichtenstein and Morgan employed numerous complex laundering techniques, including using virtual identities to establish online accounts; utilizing computer programs to automate transactions, a laundering technique that allows for many transactions in a short period; depositing the stolen funds into various cryptocurrency exchanges and dark web market accounts, then withdrawing the funds to obscure the transaction history; converting bitcoins into other forms of virtual currencies, including those that enhance anonymity (AEC); and using U.S. business accounts to legitimize their banking activities.

Investigations by CoinDesk and court debate records revealed more personal information about the two: Lichtenstein was born in Russia, moved to the U.S. at age 6, holds a Russian passport, and is an alumnus of the renowned Silicon Valley accelerator program Y Combinator; with initial funding, he co-founded a data and advertising technology startup called MixRank, which received funding from investors like Mark Cuban. Occasionally, Lichtenstein would warn people on Twitter about the threats of hackers.

His wife Morgan is a young marketing entrepreneur and rapper, with many bylines in business magazines. She graduated from the University of California, Davis, obtained a master's degree in International Economic Development from the American University in Cairo, and studied Turkish monetary policy at Bilkent University in Ankara. At the age of 23, she founded a company called SalesFolk, which uses stable copywriters to send emails for companies looking to market their products online.

Bitfinex's statement noted that they are pleased the U.S. Department of Justice announced today that it has recovered most of the bitcoins stolen during the security breach in August 2016. Since the DOJ began its investigation, we have been cooperating extensively with them and will continue to do so. Bitfinex will work with the DOJ and follow appropriate legal procedures to establish our rights to the returned stolen bitcoins. If Bitfinex receives the stolen bitcoins, as described in the LEO white paper, Bitfinex will use 80% of the amount equivalent to the net funds recovered to repurchase and destroy LEO within 18 months of receiving the recovered funds. (Previously, Bitfinex issued the platform token LEO to compensate for the stolen funds, and the price of LEO surged at one point due to the news on February 9.) Industry insiders point out that as a traditional supporter of bitcoin in the market, the concerns of some market participants about a potential market crash after receiving the bitcoins are almost unlikely to occur. Bitfinex is also collaborating with El Salvador to issue bitcoin bonds.

In 2020, Bitfinex stated that a reward of 5% of the total recovered assets would be given to anyone who helps establish a connection between Bitfinex and the hackers, and the hackers (if they return the assets) would receive 25% of the total recovered assets' market value. The community joked that the hackers should have accepted this compromise earlier; others questioned whether 30% of the bitcoins should be returned to the U.S. Department of Justice.