How the Feds Tracked Down $3.6 Billion in Stolen Bitcoin
- February 10, 2022
The U.S. government’s $3.6 billion bitcoin bust this week appears to reflect its success five years ago in disrupting some operations used by criminals to launder stolen funds.
The Justice Department said that it executed a search warrant last week and seized 94,636 bitcoins from the online wallets of two alleged money launderers,
31 years old, and her husband,
The seized bitcoin allegedly comprised the bulk of about 120,000 bitcoins stolen in 2016 from the crypto exchange Bitfinex in a hack.
According to the federal government’s complaint, the couple moved the stolen funds through sites such as AlphaBay, which exist in what is called the dark web—a part of the internet accessible only through special browsers designed to hide identities—and services called mixers used to break up crypto transactions to make them harder to track. They set up fictitious accounts with unhosted wallets and at about 10 other cryptocurrency exchanges, using numerous email addresses, according to the government.
The couple haven’t been charged with the original theft from Bitfinex, nor has anybody else so far been charged with that.
Attempts to reach Mr. Lichtenstein and Ms. Morgan for comment on Wednesday were unsuccessful. An attorney for the couple, Anirudh Bansal, declined to comment.
Mr. Bansal on Tuesday told a judge that his clients had been aware of the government’s investigation since November and hadn’t tried to flee the country.
On Tuesday, federal prosecutors announced that they had arrested Mr. Lichtenstein and Ms. Morgan and charged them with trying to launder the stolen funds.
In July 2017, the Justice Department seized and shut down AlphaBay, which the government said had 200,000 users buying and selling stolen identification documents, counterfeit goods, malware, firearms and other illicit goods.
Prosecutors didn’t detail in this week’s complaint exactly how they initially linked Ms. Morgan and Mr. Lichtenstein to the stolen bitcoins. According to Tom Robinson, co-founder of the crypto analytics firm Elliptic Enterprises Ltd., it is likely the government identified the two through the AlphaBay marketplace.
The complaint includes flow charts that show the stolen funds moving from Bitfinex through AlphaBay, and across the bitcoin blockchain to the various other accounts the couple had allegedly set up.
“This likely allowed [the government] to access AlphaBay’s internal transaction logs, which would enable them to trace the stolen Bitfinex funds,” Mr. Robinson said.
The Justice Department declined to comment.
The authorities said they traced the flow of funds through the unhosted wallets and across exchanges, according to the complaint, finding transactions that landed in accounts on exchanges that the two alleged launderers had in their real names. In one instance, according to the complaint, two of these accounts shared a login from the same location in New York.
About $2.9 million was moved from those accounts into bank accounts held by Mr. Lichtenstein and Ms. Morgan, prosecutors alleged.
The authorities also traced some of the funds through two exchanges and different accounts to transactions in 2020 with a gift-card service, the account for which was held in Mr. Lichtenstein’s real name, according to the complaint.
Mr. Lichtenstein and Ms. Morgan allegedly exchanged some of the bitcoin into other cryptocurrencies, according to the complaint, cashed some out via bitcoin ATMs and used the stolen funds to purchase nonfungible tokens, or NFTs. These digital collectibles have lately become another way crypto thieves launder digital money, the U.S. Treasury Department said last week in a report.
On Jan. 31 and Feb. 1, agents with the U.S. Justice Department executed a search warrant and seized the bitcoins from the online wallets, according to the complaint.
Federal authorities have had their own crypto wallets they use to hold seized assets.
Over the past decade the U.S. government has built up its infrastructure to track down crypto thefts, supplementing its traditional investigative methods with those aimed at the unregulated digital-asset market.
While the SEC hasn’t announced major actions against big crypto exchanges, the commission has threatened to sue companies offering crypto lending. WSJ’s Dion Rabouin explains why this one part of the crypto market has drawn such a strong reaction. Photo: Mark Lennihan/Associated Press
The federal government has contracts with analytics firms including Chainalysis Inc. and Elliptic to build software programs designed to track illicit funds across the blockchain. While the blockchain tracks every bitcoin transaction publicly, there are hundreds of millions of pseudonymous transactions for authorities to wade through.
Both firms declined to comment on whether they contributed to the investigation.
A San Francisco-based digital bank called Anchorage Digital has a contract with the Justice Department through which it hosts the government wallet and related services. The bank declined to comment, though it has previously publicly reported the contract.
Prosecutors said that victims of the hack with legitimate claims can request that the money be returned and that the courts will ultimately decide how to allocate the money.
Write to Paul Vigna at [email protected]
Copyright ©2022 Dow Jones & Company, Inc. All Rights Reserved. 87990cbe856818d5eddac44c7b1cdeb8