Bitfinex burglar bags 5 years behind bars for Bitcoin heist

The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000 Bitcoin.

Ilya Lichtenstein, now 35 years old, broke into Bitfinex and stole around $69 million worth of the cryptocurrency, per the exchange rate at the time, and siphoned it from the exchange into his own wallet over the course of more than 2,000 transactions.

He and his wife, Heather Morgan, who also goes by "Razzlekhan" when she performs rap songs and promotes her music, both pleaded guilty to later laundering the proceeds.

Court documents state that Lichtenstein carried out the attack on Bitfinex after reluctantly leaving marketing company MixRank in 2016, which he co-founded in 2011. It was a "painful decision" he made following a "bitter disagreement" with his fellow co-founder.

In 2017, MixRank was on Inc 5000's list of fastest-growing companies in the US and had investment backing from the likes of Mark Cuban. The company still operates today.

Following his departure, the court heard that Lichtenstein spent a lot of time at his computer and it was during this period that he carried out the attack on Bitfinex.

Prosecutors said he took steps to delete his digital footsteps from the exchange's systems before engaging in a series of "sophisticated laundering techniques" in an attempt to hide his tracks on Bitcoin's blockchain.

The sentencing is a long time coming, with Lichtenstein having previously pleaded guilty [PDF] to one count of conspiracy to launder monetary instruments back in August 2023.

Lichtenstein's wife and co-defendant, tech entrepreneur Morgan, also admitted to one count of conspiracy to launder monetary instruments. She additionally pleaded guilty to one count of conspiracy to defraud the United States.

The pair were arrested in February 2022.

Per a sentencing memo [PDF] submitted by her lawyer, Morgan claims she only discovered Lichtenstein carried out the attack nearly four years later, at the beginning of 2020, at which point he asked for help in laundering the proceeds. 

According to the sentencing memo, she agreed and over the next two years followed the direct instructions of Lichtenstein, who told Morgan not to carry out any internet research related to their activity.

The laundering activity, which her lawyer claims was carried out at times with Morgan's assistance, involved:

• Using fake IDs to create online accounts

• Using software to automate transactions

• Depositing stolen funds into dark web marketplaces and then withdrawing them

• Converting the Bitcoin to other token types

• Using crypto mixer services

• Using genuine US business bank accounts to legitimize the pair's financial activity

• Exchanging stolen crypto for gold coins

Morgan met Lichtenstein at venture capital tech accelerator 500 Startups in 2013, where she also met an older Brazilian startup founder to whom she soon became attached.

Much of the relationship's details were redacted in the court documents submitted by her counsel, but the memo claimed the pair soon married in a courthouse and moved to Brazil.

• LottieFiles supply chain attack exposes users to malicious crypto wallet drainer
• 'Newport would look like Dubai' if guy could dumpster dive for lost Bitcoin drive
• FBI created a cryptocurrency so it could watch it being abused
• Feds reach for sliver of crypto-cash nicked by North Korea's notorious Lazarus Group

Morgan started her cold email campaign business SalesFolk in 2014, the same year in which she and Lichtenstein started dating. 

They married in 2019 following Lichtenstein's departure from MixRank and after Morgan began to perform as her surreal rapper alter-ego Razzlekhan.

Submitted last week, shortly after her lawyer's memo, Lichtenstein himself submitted a letter describing Morgan's character [PDF] to the court in highly flattering terms.

Morgan has been under house arrest for 33 months, with her lawyers requesting she be sentenced with time served. She is due to be sentenced on November 18.

Funds secured

As part of the pair's guilty pleas, they agreed to forfeit all assets and property related to the crime. The vast array of assets seized by the US government is set out in a separate court document [PDF] and includes various cryptocurrency tokens, fiat currencies held in bank accounts, and gold coins.

Had the same number of Bitcoin tokens been stolen at today's exchange rate, at the time of writing, they would be worth around $10.7 billion.

One interesting tidbit related to the US's seizure was that during the government's process of converting some of the seized cryptocurrency into dollars, an unnamed cybercriminal was apparently watching this going on and attempted to hijack the funds involved.

On October 24, regarding $20.7 million worth of "a relatively obscure virtual currency token" accepted by the US Marshals Service, an attacker "was able to access the funds and/or manipulate the transaction and thereby steal the tokens."

The attacker was unable to liquidate around $19.5 million worth of these after the US froze the other $1.2 million and, as a result, anonymously returned them to the US, minus around $200,000 worth of blockchain fees, which are now lost for good. ®