More than $3.6bn worth of Bitcoin stolen during a hack on the Bitfinex cryptocurrency exchange has been seized by the US Department of Justice in what has been described as the largest ever confiscation of its kind. Though this is a victory for the DoJ and its newly formed cryptocurrency enforcement team, tracking stolen cryptocurrencies remains fiendishly difficult and expensive. Experts say this case represents the US government going after quick wins rather than making significant progress to track those at the heart of illegal cryptocurrency trading.
Two people, Ilya Lichtenstein, 34, and his wife Heather Morgan, 31, were arrested by the DoJ on Tuesday morning for an “alleged conspiracy to launder cryptocurrency”. The DoJ says the couple were conspiring to move 119,754 Bitcoin, worth more than $4bn at the time of writing. The cryptocurrency had been stolen during a hack of the Hong Kong-based crypto-trading platform Bitfinex in 2016, and so far $3.6bn of it has been reclaimed by agents.
Lichtenstein and Morgan are charged with conspiracy to commit money laundering, which carries a maximum sentence of 20 years in prison, and conspiracy to defraud the United States, which carries a maximum sentence of five years.
The successful reclamation of funds comes just months after the launch of the National Cryptocurrency Enforcement Team (NCET) by the DoJ. The team was assembled to draw on the department’s cyber and money laundering expertise and “to strengthen our capacity to dismantle the financial entities that enable criminal actors to flourish,” according to deputy attorney general Lisa Monaco.
Pooling the crypto tracking talent of the DoJ together in one team shows how seriously the US Government is taking the retrieval of illicit or stolen cryptocurrencies, explains Sayed Rahman, serious fraud and asset tracing specialist at law firm Rahman Ravelli. “It is clear that law enforcement in the US are taking significant steps to deal with cryptocurrency fraud, which is further reinforced by the NCET,” he says. “The DOJ appears to be focusing on cryptocurrency exchanges, with the NCET set to target abuse on cryptocurrency platforms in order to boost user confidence.”
What happened in the Binfinex hack?
The hacker who infiltrated Binfinex’s systems in 2016 initiated more than 2,000 unauthorised transactions at the time of the hack, which transferred the illicit Bitcoin to a digital wallet that was allegedly under Lichtenstein’s control.
"Over the last five years, approximately 25,000 of those stolen Bitcoin were transferred out of Lichtenstein’s wallet via a complicated money laundering process, which ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan," the DoJ said.
This still left 94,000 Bitcoin in the wallet used to receive and store stolen proceeds from the hack. The investigating of online accounts controlled by Lichtenstein and Morgan found files containing the private keys to accounts that directly received the funds from the Bitfinex hack. This "allowed special agents to lawfully seize and recover more than 94,000 Bitcoin that had been stolen from Bitfinex."
Will Bitfinex cryptocurrency seizure help the fight against cybercrime?
Though the funds from the Bitfinex hack represent a significant amount of money, it's unrealistic to expect most stolen cryptocurrencies to be recovered says Roger Grimes of KnowBe4. "There's too much [cryptocurrency] and not enough legal resources to go around," he says. "It costs money to go after cryptocurrency criminals and most aren't stealing enough every day to make it worth going after."
If a cybercriminal isn't stealing $1m per day, they probably won't even come onto law enforcement's radar, Grimes argues. In this case, it is possible the DoJ's interest was triggered by the couple's attempt to move the funds. One week before the arrests were made, the Twitter account Whale Alert, which tracks large movements of cryptocurrencies, tweeted that 10,000 BTC of stolen funds from the Bitfinex hack of 2016 had been moved to an unknown wallet.
— Whale Alert (@whale_alert) February 1, 2022
Other cryptocurrency watchers had noticed strange behaviour relating to the funds as early as January 31. These mistakes mean the seizure of the Bitfinex hack funds represents low-hanging fruit for the DoJ, explains Jake Moore, global cybersecurity advisor at security company ESET. "These are the people that would always make the mistakes," he says. More sophisticated criminal operations which hide stolen cryptocurrencies remain harder to find. "The cleverest of the clever are still a few steps ahead," Moore says.
This means that cryptocurrency seizures such as these are unlikely to deter criminals, who will remain confident they can evade detection. "Cybercrime is so rampant because it has so little risk and a very high chance of gain," Grimes says. He adds that law enforcement agencies need tougher powers to act against those who steal and launder cryptocurrencies. "Today's real-world bank robber is going to get far less cash at far higher risk and is far more likely to spend a lot of time in prison," he says. "We need to do the same thing for cybercrime."