The second-largest bitcoin theft culminated in February with the arrests in New York of 34-year-old Ilya Lichtenstein and 31-year-old Heather Morgan. The cryptocurrency hoarded in a digital wallet found at the couple’s home amounts to nothing less than the largest financial seizure ever in the United States (and likely the world).
The story begins six years earlier, with the 2016 hack of cryptocurrency exchange Bitfinex, a company founded in Hong Kong and registered in the British Virgin Islands. During the breach, hackers seized 119,756 bitcoins, or the equivalent of approximately C$92 million at the time of the theft, based on the price of bitcoin at the time. But since then, the rise of this cryptocurrency has increased the value of the prize pool to $5.75 billion.
Authorities don’t know how the two larger-than-life figures (they describe themselves as entrepreneurs, and Heather Morgan runs rampant on her YouTube channel as a rapper under the pseudonym Razzlekhan) got the bitcoins (they’re only charged at this time. than money laundering, not the Bitfinex hack).
What the investigation reveals most interesting, in addition to the inconceivable sums for ordinary mortals, is how criminals who launder cryptocurrencies go about camouflaging their illicit origins and transforming them into money.
Discloser: it is a much more complex operation than simply running a currency exchange office, as the Montreal mafia did in the 80s. And the result is far from guaranteed.
Criminals and police hone their techniques
Reading the arrest warrant issued for Ilya Lichtenstein and Heather Morgan lifts the veil on some more advanced techniques used by the couple to launder their booty.
To achieve this, the duo made numerous transactions to different anonymous wallets. Money was not transferred in large sums, but rather through thousands of small automated transactions using software. Bitcoins were also converted into several other cryptocurrencies, in addition to being exchanged on anonymous sites in the deep web (the same corners where arms trafficking takes place, for example). Lichtenstein and Morgan would also have benefited from an open and accessible tool, CoinJoin, where the transfers of several users are mixed into one in order to anonymize the transactions.
Once the bitcoins were laundered, they were converted into cash using cryptocurrency ATMs, such as are found in Quebec, and they were used to buy gift cards and even a gold bar .
Managing money laundering on this scale is a major undertaking that requires a great deal of attention to detail. She is also very slow. In May 2021, a company specializing in blockchain technology, Elliptic, had estimated that it would have taken another 114 years to launder all of the 119,756 stolen bitcoins into good old banknotes. “The slow movement of stolen funds and the various ways in which they have been laundered or converted into other assets speaks to the maturation of the crypto industry and how law enforcement, regulation and blockchain analysis have made crypto crime very difficult,” the company’s co-founder wrote on his website.
The more time passes, the more transactions accumulate; thus, the greater the risk of error.
This is what happened with Ilya Lichtenstein and Heather Morgan, according to the FBI (the couple have been charged, but not yet convicted). They managed to set up a complex system of money laundering, but they also committed major blunders. For example, they had their purchases paid for with a gift card obtained with Bitfinex funds delivered to their homes and they used their passport to open certain online cryptocurrency accounts. A raid on a deep web exchange site in 2017, which had been used by the couple, also reportedly helped police link the funds to the launderers themselves.
Note that 80% of the bitcoins stolen from the Bitfinex exchange platform were recovered by the FBI, not laundered.
Stealing bitcoins is one thing, but laundering them is another.
Although they are sometimes perceived as anonymous, cryptocurrencies are not completely so. Because like Tom Thumb, each bitcoin leaves traces throughout its journey.
Although no name or personal data is recorded when a cryptocurrency unit changes ownership, the transaction remains forever recorded on a blockchain, the technology behind cryptocurrencies. Every bitcoin transaction made, from the very first in 2009 to an average of 250,000 per day in 2022, can also be viewed on the web.
Unlike a bank robbery, where the stolen money can be hidden, Bitfinex bitcoins have never really been “lost”. The police and victims of the hack could track them on the blockchain, but not recover them, because they did not have the security keys necessary to repossess them.
Tools have been developed over the past few years to allow law enforcement and regulators to automate cryptocurrency tracking across thousands of transactions, across blockchains. Investigative techniques aren’t perfect, but they work: in the United States, $4.5 billion in the form of cryptocurrency was seized in 2021 alone, an amount that will obviously explode in 2022 with the seizure of funds from the bitfinex hack.
Tracking illicit funds with these tools also provides insight into the finances of criminal organizations. According to the blockchain analysis firm Chainalysis, the biggest ones, those with digital currency wallets worth more than one million US dollars, would for example possess nearly 32 billion dollars in the form of bitcoins, ethers or cardanos. Funds that are now tracked, showing that cryptocurrencies are both a boon and a drag on cybercriminals.
#launder #billion #worth #bitcoins
