This article is more than 1 year old

FBI seizes $3.6bn in Bitcoin after New York 'tech couple' arrested over Bitfinex robbery

Ilya Lichtenstein and partner cuffed via blockchain records

Updated Two New York-based "tech entrepreneurs" were arrested on Tuesday for allegedly conspiring to launder $4.5bn in stolen cryptocurrency, the US Department of Justice said, adding it's so far recovered $3.6bn in purloined digicash - based on current prices.

Ilya Lichtenstein, 34, and Heather Morgan, 31, husband and wife, are expected to appear in a Manhattan court this afternoon on charges that the pair conspired to launder 119,754 Bitcoin (BTC) taken from Hong Kong-based exchange Bitfinex in 2016.

"In a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions," said Deputy Attorney General Lisa Monaco in a statement. "Thanks to the meticulous work of law enforcement, the department once again showed how it can and will follow the money, no matter what form it takes."

According to Monaco, the feds have seized more than $3.6bn in cryptocurrency linked to the Bitfinex hack, representing the largest financial seizure ever. At the time the funds were stolen in August 2016, a single BTC traded for about $540, making 119,754 BTC worth about $65m. Today, one BTC sells for roughly $43,170, making the total haul worth about $5.2bn; it was valued at around $4.5bn at the time the feds filed their court documents.

The accused Lichtenstein founded marketing biz MixRank and decentralized identity platform Endpass, and is a venture investor with Demandpath; Morgan is the CEO of marketing firm SalesFolk, a partner in Demandpath, and, according to her LinkedIn page, a former rapper, fashion designer and surrealist artist. Judge for yourself below.

Youtube Video

Lichtenstein and Morgan are charged with conspiracy to commit money laundering and conspiracy to defraud the US government but not for the hacking of Bitfinex or theft. Nonetheless, according to the feds, the funds stolen from Bitfinex, through a series of around 2,000 transactions, are alleged to have ended up in a digital wallet controlled by Lichtenstein.

The feds say they have recovered 94,000 BTC, worth about $3.6bn at the time of seizure. Over the past five years, they claim, about 25,000 BTC made its way out of Wallet 1CGA4s, controlled by Lichtenstein, through various intermediary accounts, and into financial accounts controlled by the pair.

"[B]eginning in or around January 2017, a portion of the stolen BTC moved out of Wallet 1CGA4s in a series of small, complex transactions across multiple accounts and platforms," explained IRS investigator Christopher Janczewski in his affidavit [PDF]. "This shuffling, which created a voluminous number of transactions, appeared to be designed to conceal the path of the stolen BTC, making it difficult for law enforcement to trace the funds."

Despite these efforts, said Janczewski, authorities traced the stolen BTC to multiple accounts controlled by Ilya "Dutch" Lichtenstein, a Russian-US national living in New York, and his wife Heather Morgan.

Alleged laundering flow chat

Alleged money laundering flow

Janczewski's affidavit details the maze of transactions the pair allegedly used to launder the stolen funds. It describes: accounts set up with fictitious identities; efforts to move the stolen funds in small amounts to avoid detection; the use of computer programs to automate transactions; layering stolen funds by depositing them into various virtual currency exchanges and darknet markets then withdrawing them to obfuscate the transaction history; converting BTC to other cryptocurrencies on different blockchains ("chain hopping"); and using US-based business counts to make transactions appear legitimate.

Apart from the 25,000 BTC said to have been laundered since the Bitfinex hack, most of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. That's when the feds gained access, according to Janczewski, "by decrypting a file saved to Lichtenstein’s cloud storage account, which had been obtained pursuant to a search warrant."

"The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys," said Janczewski. "Blockchain analysis confirmed that almost all of those addresses were directly linked to the hack."

"Criminals always leave tracks, and today’s case is a reminder that the FBI has the tools to follow the digital trail, wherever it may lead," said FBI Deputy Director Paul Abbate.

The pair, if convicted, face up to 20 years in prison on the money laundering charge and up to five years on the charge of defrauding the US. The IRS would now like a word too, presumably. ®

Updated to add

"We are pleased that the US Department of Justice has today announced that it has recovered a significant portion of the bitcoin stolen during the August 2016 security breach. We have been cooperating extensively with the DOJ since its investigation began and will continue to do so," Bitfinex said in a statement.

"Bitfinex will work with the DOJ and follow appropriate legal processes to establish our rights to a return of the stolen bitcoin. Bitfinex intends to provide further updates on its efforts to obtain a return of the stolen bitcoin as and when those updates are available."

More about


Send us news

Other stories you might like