2016 Bitfinex hack

Last updated

The Bitfinex cryptocurrency exchange was hacked in August 2016. [1] 119,756 bitcoins, worth about US$72 million at the time, was stolen. [1]

Contents

In February 2022, the US government recovered and seized a portion of the stolen bitcoin, then worth US$3.6 billion, [2] by decrypting a file owned by Ilya Lichtenstein (born 1989) that contained addresses and private keys associated with the stolen funds. [3] Lichtenstein and his wife, Heather R. Morgan (born 1991), were charged with conspiracy to launder the stolen bitcoin. [3] In August 2023, Lichtenstein admitted to committing the theft. Both Lichtenstein and Morgan pleaded guilty to money laundering. [4]

In November 2024, Lichtenstein was sentenced to five years in a US prison for his involvement in money laundering the stolen bitcoin. [5] Morgan was sentenced to 18 months in prison for fraud and conspiracy charges. [6]

Hack

In August 2016, the Bitfinex cryptocurrency exchange, based in Hong Kong, announced it had suffered a security breach. [7] Around 2,000 approved transactions were sent to a single wallet from users' segregated wallets. [8] [9] Immediately thereafter, bitcoin's trading price plunged by 20%, causing the value of the stolen bitcoins to dip to US$58 million. [1] After learning of the breach, Bitfinex halted all bitcoin withdrawals and trading [10] and said it was tracking down the perpetrators of the hack. [9] Exchange customers, even those whose accounts had not been broken into, had their account balance reduced by 36% and received BFX tokens in proportion to their losses. [11] The exchange's access to U.S. dollar payments and withdrawals was then curtailed. The hack happened even though Bitfinex was securing the funds with BitGo, which uses multiple-signature security. [12]

In July 2023, Bitfinex worked with the Department of Homeland Security to recover about $315,000 in cash and cryptocurrencies stolen in the 2016 breach. The funds will be redistributed to holders of Bitfinex's Recovery Right Tokens, digital coins issued to people who suffered financial losses due to the hack. [13]

Laundering

In early 2017, small amounts of the stolen bitcoins began to be moved from the wallet it had been initially stored in to the Dark Web marketplace AlphaBay with the intention of laundering it. After AlphaBay was shuttered by international law enforcement led by the FBI, the money was rerouted to the Russian marketplace Hydra. The shutdown of AlphaBay may have given law enforcement access to the service's internal transaction logs and allowed it to identify the perpetrators. [8]

In February 2022, a New York couple, Ilya Lichtenstein (aged 34) and his wife Heather R. Morgan (aged 31), [8] were charged by US federal authorities with conspiring to launder the bitcoins, which was worth US$5.3 billion at the time. [2] [14] Lichtenstein was an entrepreneur who had co-founded a sales company called MixRank. Morgan was an entrepreneur, columnist for Inc., former Forbes digital contributor (from 2017 to 2021), and online rapper. [15] [16] Although neither were charged with committing the hack, law enforcement had acquired a search warrant for a cloud storage service used by Lichtenstein, obtaining a spreadsheet of wallet addresses and passwords linked to the hack. [17] Though the stolen bitcoins could be tracked through public transactions logged on the blockchain, it was only after the wallet passwords were recovered that law enforcement could access and seize their contents. [8] [18] [19]

Some of the funds were moved to more traditional financial accounts and spent on gold, NFTs, Uber rides and a PlayStation. [20] Although hundreds of millions of dollars were converted to fiat currency, 80% of the bitcoins (approximately 94,000) remained in the original wallet at the center of the hack. [8]

In August 2023, Lichtenstein pleaded guilty to conspiracy to commit money laundering, and Morgan to one count of money laundering conspiracy and one count of conspiracy to defraud the United States. [21] Lichtenstein additionally admitted to carrying out the hack. [4] An information was filed against both defendants. [22]

In November 2024, Lichtenstein was sentenced to 60 months in prison and three years of supervised release. [23] Morgan was sentenced to 18 months in prison and three years of supervised release for fraud and conspiracy charges. [24]

On December 6, 2024, Netflix released a documentary on the story of Lichtenstein's and Morgan's crimes, titled "Biggest Heist Ever". [25]

See also

Related Research Articles

A cryptocurrency exchange, or a digital currency exchange (DCE), is a business that allows customers to trade cryptocurrencies or digital currencies for other assets, such as conventional fiat money or other digital currencies. Exchanges may accept credit card payments, wire transfers or other forms of payment in exchange for digital currencies or cryptocurrencies. A cryptocurrency exchange can be a market maker that typically takes the bid–ask spreads as a transaction commission for its service or, as a matching platform, simply charges fees.

<span class="mw-page-title-main">Cryptocurrency</span> Digital currency not reliant on a central authority

A cryptocurrency, crypto-currency, or colloquially, crypto, is a digital currency designed to work through a computer network that is not reliant on any central authority, such as a government or bank, to uphold or maintain it.

Coinbase Global, Inc., branded Coinbase, is an American publicly traded company that operates a cryptocurrency exchange platform. Coinbase is a distributed company; all employees operate via remote work. It is the largest cryptocurrency exchange in the United States in terms of trading volume. The company was founded in 2012 by Brian Armstrong and Fred Ehrsam. In May 2020, Coinbase announced it would shut its San Francisco, California, headquarters and change operations to remote-first, part of a wave of several major tech companies closing headquarters in San Francisco in the wake of the COVID-19 pandemic.

<span class="mw-page-title-main">Bitstamp</span> Bitcoin exchange based in the UK

Bitstamp is a Luxembourg-based cryptocurrency exchange founded in 2011. It is the world’s longest-running cryptocurrency exchange. It allows trading between fiat currency, bitcoin and other cryptocurrencies, such as the U.S. dollar, the euro, the pound sterling, Ethereum, Litecoin, Ripple, Bitcoin Cash, Algorand, Stellar, and USD Coin. Business operations are conducted from its registered headquarters in Luxembourg City, with a satellite office in Ljubljana.

<span class="mw-page-title-main">History of bitcoin</span> Cryptocurrency

Bitcoin is a cryptocurrency, a digital asset that uses cryptography to control its creation and management rather than relying on central authorities. Originally designed as a medium of exchange, Bitcoin is now primarily regarded as a store of value. The history of bitcoin started with its invention and implementation by Satoshi Nakamoto, who integrated many existing ideas from the cryptography community. Over the course of bitcoin's history, it has undergone rapid growth to become a significant store of value both on- and offline. From the mid-2010s, some businesses began accepting bitcoin in addition to traditional currencies.

A cryptocurrency tumbler or cryptocurrency mixing service is a service that mixes potentially identifiable or "tainted" cryptocurrency funds with others, so as to obscure the trail back to the fund's original source. This is usually done by pooling together source funds from multiple inputs for a large and random period of time, and then spitting them back out to destination addresses. As all the funds are lumped together and then distributed at random times, it is very difficult to trace exact coins. Tumblers have arisen to improve the anonymity of cryptocurrencies, usually bitcoin, since the digital currencies provide a public ledger of all transactions. Due to its goal of anonymity, tumblers have been used to money launder cryptocurrency.

BitGo, Inc. is a digital asset trust company and security company, headquartered in Palo Alto, California. It was founded in 2013 by Mike Belshe and Ben Davenport. Galaxy Digital announced its acquisition of BitGo in 2021 for $1.2 billion, although this acquisition was announced to have been canceled in 2022 after the crypto downturn, with BitGo continuing as an independent company.

Kraken is a United States–based cryptocurrency exchange, founded in 2011. It was one of the first bitcoin exchanges to be listed on Bloomberg Terminal and was valued at US$3 billion in January 2024. The company has been the subject of several regulatory investigations since 2018, and has agreed to cumulative fines of over $30 million. It was the first cryptocurrency company to obtain a bank charter.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the group, researchers have attributed many cyberattacks to them since 2010.

Bitfinex is a cryptocurrency exchange owned and operated by iFinex Inc, and is registered in the British Virgin Islands. Bitfinex was founded in 2012. It was originally a peer-to-peer Bitcoin exchange, and later added support for other cryptocurrencies.

A cryptocurrency wallet is a device, physical medium, program or an online service which stores the public and/or private keys for cryptocurrency transactions. In addition to this basic function of storing the keys, a cryptocurrency wallet more often offers the functionality of encrypting and/or signing information. Signing can for example result in executing a smart contract, a cryptocurrency transaction, identification, or legally signing a 'document'.

Tether is a cryptocurrency stablecoin launched by Tether Limited Inc. in 2014.

Alexander Vinnik is a Russian computer expert. From 2011 to 2017, he worked at BTC-e, a Russian cryptocurrency exchange.

Binance Holdings Ltd., branded Binance, is a global company that operates the largest cryptocurrency exchange in terms of daily trading volume of cryptocurrencies. Binance was founded in 2017 by Changpeng Zhao, a developer who had previously created high-frequency trading software. Binance was initially based in China, then moved to Japan shortly before the Chinese government restricted cryptocurrency companies. Binance subsequently left Japan for Malta and currently has no official company headquarters.

Cryptocurrency and crime describe notable examples of cybercrime related to theft of cryptocurrencies and some methods or security vulnerabilities commonly exploited. Cryptojacking is a form of cybercrime specific to cryptocurrencies used on websites to hijack a victim's resources and use them for hashing and mining cryptocurrency.

<span class="mw-page-title-main">Changpeng Zhao</span> Chinese-Canadian business executive

Changpeng Zhao, commonly known as CZ, is a Chinese-born Canadian businessman. Zhao is the co-founder and former CEO of Binance, the world's largest cryptocurrency exchange by trading volume as of July 2024. He resigned as the CEO in November 2023 after pleading guilty to a money laundering charge in the United States and was sentenced to four months in prison in April 2024 and completed his sentence by September of the same year.

BitMEX is a cryptocurrency exchange and derivative trading platform. It is owned and operated by HDR Global Trading Limited, which is registered in the Seychelles.

<span class="mw-page-title-main">Tornado Cash</span> Virtual currency mixer on the Ethereum blockchain

Tornado Cash is an open source, non-custodial, fully decentralized cryptocurrency tumbler that runs on Ethereum Virtual Machine-compatible networks. It offers a service that mixes potentially identifiable or "tainted" cryptocurrency funds with others, so as to obscure the trail back to the fund's original source. This is a privacy tool used in EVM networks where all transactions are public by default.

Kucoin is a Seychelles-based cryptocurrency exchange. It was founded in China in 2017, but was later moved to Singapore following the Chinese government's restrictions on cryptocurrency companies, and subsequently to the Seychelles.

Arkham Intelligence, branded Arkham, is a global company that operates a cryptocurrency exchange platform as well as a public data application that enables users to analyze blockchain and cryptocurrency activity. Founded by Miguel Morel in 2020, the company's platform utilizes AI to identify and catalog the owners of blockchain addresses. Its partners include various cryptocurrency and blockchain companies.

References

  1. 1 2 3 Tsang, Amie (August 3, 2016). "Bitcoin Plunges After Hacking of Exchange in Hong Kong". The New York Times . Hong Kong. Archived from the original on May 18, 2017.
  2. 1 2 Barrett, Devlin (February 8, 2022). "Feds arrest couple, seize $3.6 billion in hacked bitcoin funds". The Washington Post . Archived from the original on February 16, 2022. Retrieved February 9, 2022.
  3. 1 2 "Case: 1 :22-mj-00022 - Complaint with Arrest Warrant" (Press release). February 7, 2022. Archived from the original on February 9, 2022. Retrieved February 10, 2022.
  4. 1 2 Paúl, María Luisa (4 August 2023). "'Bitcoin Bonnie and Clyde' plead guilty in 'spy novel'-like laundering case". Washington Post. Retrieved 5 August 2023.
  5. Hoskins, Peter (2024-11-15). "US hacker sentenced over Bitcoin heist worth billions". BBC Home. Retrieved 2025-01-30.
  6. Davis, Wes (2024-11-18). "Razzlekhan, crypto's most embarrassing rapper, is going to prison". The Verge. Retrieved 2025-01-30.
  7. Nakamura, By Yuji (May 21, 2017). "Bitfinex comes back from $69 million bitcoin heist". Sfgate. Archived from the original on May 22, 2017.
  8. 1 2 3 4 5 Chow, Andrew R (February 10, 2022). "Inside the Chess Match That Led the Feds to $3.6 Billion in Stolen Bitcoin". Time . Archived from the original on 2022-02-10. Retrieved February 12, 2022.
  9. 1 2 "Bitcoin Worth $72M Was Stolen in Bitfinex Exchange Hack in Hong Kong". Fortune. Archived from the original on November 20, 2016. Retrieved October 26, 2016.
  10. Shekhtman, Lonnie (August 3, 2016). "Bitcoin security breaches raise questions about digital currency's future". Christian Science Monitor. Archived from the original on May 28, 2017.
  11. Baldwin, Clare (August 6, 2016). "Bitfinex exchange customers to get 36 percent haircut, debt token". Reuters. Archived from the original on March 16, 2019. Retrieved June 20, 2018.
  12. "Bitcoin worth $72 million stolen from Bitfinex exchange in Hong Kong". Reuters. 2016-08-03. Archived from the original on 2020-11-11. Retrieved 2021-10-14.
  13. "Crypto Exchange Bitfinex Says $315,000 From 2016 Hack Recovered". Bloomberg. July 6, 2023. Archived from the original on 2023-07-07. Retrieved 2024-05-21 via www.bloomberg.com.
  14. Lyngaas, Sean (February 8, 2022). "Feds arrest a New York couple and seize $3.6 billion in stolen cryptocurrency". CNN News. p. 1. Archived from the original on February 14, 2022. Retrieved February 9, 2022.
  15. Hissong, Samantha (2022-02-08). "Accused Bitcoin Mega Crook Made Rap Videos. And Dear God, Are They Cringey". Rolling Stone . Archived from the original on 2022-03-05. Retrieved 2022-03-05.
  16. Dugan, Kevin (2022-02-15). "The Many Lives of Crypto's Most Notorious Couple How the accused bitcoin launderers spent their time". New York Magazine . Archived from the original on 2024-05-13. Retrieved 2024-05-13.
  17. "US Justice's largest ever financial seizure sees two arrests over $3.6bn stolen crypto". InternationalInvestment. 2022-02-09. Archived from the original on 2022-02-17. Retrieved 2022-02-17.
  18. Cohen, Luc (July 21, 2023). "Crypto rapper 'Razzlekhan,' husband reach plea deal over Bitfinex hack laundering". Reuters. Archived from the original on July 26, 2023. Retrieved July 26, 2023 via www.reuters.com.
  19. "In Bitfinex Cryptocurrency Heist, 2 Charged Reach Plea Deal". The New York Times. 2023-07-21. Archived from the original on 2023-07-26. Retrieved 2023-07-26.
  20. "The Ballad of Razzlekhan and Dutch, Bitcoin's Bonnie and Clyde". Vanity Fair. 2022-08-16. Archived from the original on 2022-08-18. Retrieved 2022-08-18.
  21. https://cointelegraph.com/news/bitfinex-hacker-heather-morgan-bitcoin-conference-2024
  22. Forkin, Dan Mangan, Jim (July 21, 2023). "'Crypto Couple' appear set to plead guilty in bitcoin hack money laundering case". CNBC. Archived from the original on July 25, 2023. Retrieved July 26, 2023.{{cite web}}: CS1 maint: multiple names: authors list (link)
  23. "Bitfinex Hacker Sentenced in Money Laundering Conspiracy Involving Billions in Stolen Cryptocurrency". justice.gov. November 15, 2024.
  24. Davis, Wes (2024-11-18). "Razzlekhan, crypto's most embarrassing rapper, is going to prison". The Verge. Retrieved 2024-11-19.
  25. Brodsky, Rachel (2024-12-06). "The True Story Behind Netflix's 'Biggest Heist Ever'". TIME. Retrieved 2025-01-30.