The world has seen its fair share of criminal masterminds, from Frank Absgnale Jr. to Leonardo Notarbartolo.
However, few have pulled off heists as monumental as Ilya Lichtenstein, the Bitfinex hacker. Surprisingly, so little is known about him.
Here is the fascinating story about the silent mastermind who stole almost 10 billion USD in Bitcoin and how he was caught.
In 2016, Ilya Lichtenstein, with the assistance of his wife Heather Morgan, stole 119,754 Bitcoins from the Bitfinex cryptocurrency exchange, valued at over 75 million USD at the time.
Today, that same amount of Bitcoin is worth more than 10 billion dollars, reflecting a staggering growth of over 133.33 times in less than ten years, showing the trust Bitcoin has been able to find in recent years and across several industries.
While there are several new altcoins with plenty of promise, with the next 1000x crypto coin appearing in crypto expert Kane Pepi’s review, it is crucial to know that the vulnerabilities that made this Bitfinex hack happen are now shored up, ensuring unwavering institutional and investor safety.
However, at the time, Lichtenstein, a skilled hacker, masterminded the attack and devised a strategy to obscure the stolen funds, while Morgan played a key role in laundering the money.
But how was this even possible, given the security measures in place by major cryptocurrency exchanges?
Like many top companies that have been breached, there’s always a certain vulnerability or fatal flaw. In the case of Bitfinex, it was its multi-signature withdrawal system.
For those who do not know, a multi-signature withdrawal system requires multiple parties or keys to approve a withdrawal or transaction before it can be executed. This feature makes transactions safer and reduces the chances of scams.
Bitfinex’s multi-signature withdrawal system requires approvals from Bitfinex and BitGo, a third-party service, to approve a transaction.
However, to make transactions faster and more efficient, Bitfinex permitted certain security exemptions that allowed a bypass of BitGo’s manual approval in specific conditions.
Lichtenstein took advantage of these conditions to bypass the need for BitGo’s approval. This way, he was able to authorize transactions to wallets he owned.
But he didn’t stop there. To throw investigators off his scent, he deleted log files from Bitfinex’s network, erasing critical evidence of the breach.
Additionally, he stole the credentials of many users from Bitfinex to access their accounts on other cryptocurrency exchanges and steal extra funds.
Once Lichtenstein had stolen the funds from Bitfinex, he needed to launder the money to avoid alerting the authorities. With his wife’s help, Lichtenstein used several sophisticated laundering operations to obscure the origin of Bitcoin.
These included creating fake accounts to disperse the funds across multiple platforms, converting Bitcoin into other cryptocurrencies (chain hopping), routing the transactions through anonymous darknet platforms and mixing services to hide their source, converting Bitcoins into physical assets such as gold, and using thousands of intermediary wallets to create complex transaction trails. By 2019, their laundering operation had grown into a full-scale network involving thousands of intermediaries.
By now, this story already resembles the plot of a blockbuster movie with a happily ever after ending where the criminals are never caught.
However, unlike these blockbuster movies, the criminals were caught even though it took investigators more than six years to do so.
So how were law enforcement able to catch them despite their elaborate scheme to launder the money and throw investigators off their scent?
A Combination Of Strategies
Investigators used a combination of strategies to follow the money trail and eventually catch the perpetrators:
Blockchain Tracing
Even though the stolen Bitcoin was moved through a complex series of transactions, the immutability and publicity of blockchain technology made it possible for law enforcement to track the flow of the funds through thousands of wallets.
Investigators also used specialized blockchain analytic tools to track the movement of the stolen funds. These tools analyzed transactions and identified patterns that led to Lichtenstein and his wife, Morgan.
Critical Data From AlphaBay Takedown
Do you remember we talked about Lichtenstein using a darknet to obfuscate the source of the transactions?
One of the major darknet platforms used was AlphaBay. When AlphaBay was shut down in 2017, law enforcement obtained its internal transaction logs.
With these logs, they traced the stolen funds to accounts controlled by Lichtenstein.
The logs helped law enforcement understand how the stolen Bitcoin was deposited into AlphaBay accounts, layered, and then withdrawn into accounts linked to him.
Lichtenstein’s Cloud Storage Mistake
Without a bit of foolishness on Lichtenstein’s part, he may never have paid for his crimes: Liechtenstein stored incriminating information in his cloud storage account, which investigators discovered after obtaining a search warrant on his cloud account.
Within the cloud storage, investigators discovered an encrypted file containing private keys to over 2,000 cryptocurrency wallets. Upon decryption, investigators gained access to over 94,000 Bitcoin stored in those wallets.
This single file provided the evidence investigators needed to seize the majority of the stolen Bitcoin worth almost 4 billion USD at the time he was arrested.
Lichtenstein and Morgan were arrested and charged on February 8, 20022. They were charged with laundering nearly 4.5 billion USD worth of stolen cryptocurrency during the Bitfinex hack in 2016.
The couple collaborated with law enforcement to help recover the stolen funds, and in return, they received light sentences.
Lichtenstein was sentenced to 5 years in prison for his role in laundering the cryptocurrency on November 9, 2024, while Morgan was sentenced to 18 months in prison shortly after, on November 18, 2024.
