Security

Cyber-crime

Bitfinex burglar bags 5 years behind bars for Bitcoin heist

A nervous wait for rapper wife who also faces a stint in the clink


The US is sending the main figure behind the 2016 intrusion at crypto exchange Bitfinex to prison for five years after he stole close to 120,000 Bitcoin.

Ilya Lichtenstein, now 35 years old, broke into Bitfinex and stole around $69 million worth of the cryptocurrency, per the exchange rate at the time, and siphoned it from the exchange into his own wallet over the course of more than 2,000 transactions.

He and his wife, Heather Morgan, who also goes by "Razzlekhan" when she performs rap songs and promotes her music, both pleaded guilty to later laundering the proceeds.

Court documents state that Lichtenstein carried out the attack on Bitfinex after reluctantly leaving marketing company MixRank in 2016, which he co-founded in 2011. It was a "painful decision" he made following a "bitter disagreement" with his fellow co-founder.

In 2017, MixRank was on Inc 5000's list of fastest-growing companies in the US and had investment backing from the likes of Mark Cuban. The company still operates today.

Following his departure, the court heard that Lichtenstein spent a lot of time at his computer and it was during this period that he carried out the attack on Bitfinex.

Prosecutors said he took steps to delete his digital footsteps from the exchange's systems before engaging in a series of "sophisticated laundering techniques" in an attempt to hide his tracks on Bitcoin's blockchain.

The sentencing is a long time coming, with Lichtenstein having previously pleaded guilty [PDF] to one count of conspiracy to launder monetary instruments back in August 2023.

Lichtenstein's wife and co-defendant, tech entrepreneur Morgan, also admitted to one count of conspiracy to launder monetary instruments. She additionally pleaded guilty to one count of conspiracy to defraud the United States.

The pair were arrested in February 2022.

Per a sentencing memo [PDF] submitted by her lawyer, Morgan claims she only discovered Lichtenstein carried out the attack nearly four years later, at the beginning of 2020, at which point he asked for help in laundering the proceeds. 

According to the sentencing memo, she agreed and over the next two years followed the direct instructions of Lichtenstein, who told Morgan not to carry out any internet research related to their activity.

The laundering activity, which her lawyer claims was carried out at times with Morgan's assistance, involved:

Morgan met Lichtenstein at venture capital tech accelerator 500 Startups in 2013, where she also met an older Brazilian startup founder to whom she soon became attached.

Much of the relationship's details were redacted in the court documents submitted by her counsel, but the memo claimed the pair soon married in a courthouse and moved to Brazil.

Morgan started her cold email campaign business SalesFolk in 2014, the same year in which she and Lichtenstein started dating. 

They married in 2019 following Lichtenstein's departure from MixRank and after Morgan began to perform as her surreal rapper alter-ego Razzlekhan.

Submitted last week, shortly after her lawyer's memo, Lichtenstein himself submitted a letter describing Morgan's character [PDF] to the court in highly flattering terms.

Morgan has been under house arrest for 33 months, with her lawyers requesting she be sentenced with time served. She is due to be sentenced on November 18.

Funds secured

As part of the pair's guilty pleas, they agreed to forfeit all assets and property related to the crime. The vast array of assets seized by the US government is set out in a separate court document [PDF] and includes various cryptocurrency tokens, fiat currencies held in bank accounts, and gold coins.

Had the same number of Bitcoin tokens been stolen at today's exchange rate, at the time of writing, they would be worth around $10.7 billion.

One interesting tidbit related to the US's seizure was that during the government's process of converting some of the seized cryptocurrency into dollars, an unnamed cybercriminal was apparently watching this going on and attempted to hijack the funds involved.

On October 24, regarding $20.7 million worth of "a relatively obscure virtual currency token" accepted by the US Marshals Service, an attacker "was able to access the funds and/or manipulate the transaction and thereby steal the tokens."

The attacker was unable to liquidate around $19.5 million worth of these after the US froze the other $1.2 million and, as a result, anonymously returned them to the US, minus around $200,000 worth of blockchain fees, which are now lost for good. ®

Send us news
4 Comments

Bitfinex heist gets the Netflix treatment after 'cringey couple' sentenced

Streamer's trademark dramatic style takes on Bitcoin Bonnie and Clyde

Suspected LockBit dev, facing US extradition, 'did it for the money'

Dual Russian-Israeli national arrested in August

Phishers cast wide net with spoofed Google Calendar invites

Not that you needed another reason to enable the 'known senders' setting

How Androxgh0st rose from Mozi's ashes to become 'most prevalent malware'

Botnet's operators 'driven by similar interests as that of the Chinese state'

What do ransomware and Jesus have in common? A birth month and an unwillingness to die

35 years since AIDS first borked a PC and we're still no closer to a solution

Don't fall for a mail asking for rapid Docusign action – it may be an Azure account hijack phish

Recent campaign targeted 20,000 folk across UK and Europe with this tactic, Unit 42 warns

Critical security hole in Apache Struts under exploit

You applied the patch that could stop possible RCE attacks last week, right?

Ransomware scum blow holes in Cleo software patches, Cl0p (sort of) claims responsibility

But can you really take crims at their word?

Deloitte says cyberattack on Rhode Island benefits portal carries 'major security threat'

Personal and financial data probably stolen

Are your Prometheus servers and exporters secure? Probably not

Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more

Iran-linked crew used custom 'cyberweapon' in US critical infrastructure attacks

IOCONTROL targets IoT and OT devices from a ton of makers, apparently

Cryptocurrency policy under Trump: Lots of promises, few concrete plans

Pro-crypto lawmakers are in, but will that translate to action? Doubt it