‘Crypto Couple’ Ilya Lichenstein and Heather Morgan Plead Guilty
New York resident Ilya “Dutch” Lichtenstein on Thursday confessed to hacking billions of dollars from virtual currency exchange Bitfinex and laundering the stolen funds with his wife.
Russian emigré Lichtenstein, 35, and his wife, Heather Morgan aka “Razzlekhan,” 33, a self-described “cringe” rapper, were expected to plead guilty in Washington, D.C., federal court to laundering a significant amount of the $4.5 billion stolen in the 2016 hack. Until today’s hearing, the public did not know the identity of the hacker, and neither defendants had been charged for the hack.
Lichtenstein pleaded guilty to conspiracy to commit money laundering and Morgan pleaded guilty to one count each of money laundering conspiracy and conspiracy to defraud the United States. Lichtenstein could be sentenced to a maximum of 20 years in prison, and Morgan could face 10 years, the Department of Justice said.
The admission of being the hacker could explain how Lichtenstein may have been able to provide valuable information to prosecutors in addition to disclosing how the couple laundered stolen cryptocurrency, Ari Redbord, global head of policy at TRM Labs, told Information Security Media Group.
Lichtenstein used “a number of advanced hacking tools and techniques” to access Bitfinex’s network and fraudulently authorize more than 2,000 transactions to steal the cryptocurrency, the Justice Department said. He also hid his tracks by retracing his steps into Bitfinex’s network and deleting access credentials and other log files that may have given him away to law enforcement.
At the time of the theft in 2016, the 120,000 stolen bitcoins had been worth $71 million but their value soared to $4.5 billion at the time of the couple’s arrest in 2022. Law enforcement also seized $3.6 billion in cryptocurrency linked to the hack during their arrest and later seized an additional $475 million.
Federal agents arrested the defendants, known as the “Crypto Couple,” in February 2022.
The case marks the largest seizure of stolen cryptocurrency in U.S. history. Its significance can’t be overstated, Redbord said. “Big hack and cybercrime cases often involve governments, entities and individuals operating in rogue states like Russia and North Korea, where arrest and extradition is impossible. The fact that this couple was residing in New York City and accessible to law enforcement is very unique,” he said.
The case is also extraordinary for the investigation process, he said. The investigation occurred across years – from 2016 to 2022 – and across multiple blockchains.
“The launderers literally used every possible obfuscation technique,” Redbord said. They set up fictitious identities, used computer programs to automate transactions, set up various accounts at numerous exchanges, and used darknet markets, mixers and anonymity-enhanced coins to move funds and obfuscate transactions. They also used U.S.-based business accounts to legitimize their banking activity, he said.
It took the combined efforts of IRS-Criminal Investigations, Homeland Security Investigations and the FBI to follow the funds, execute a search warrant, make arrests and, finally, obtain a guilty plea. This is, in part, because of the native properties of blockchain, which allowed investigators to trace and track funds over seven years. It also speaks to how difficult it was for Lichtenstein and Morgan to off-ramp funds even after years of laundering, Redbord said.
“This is an ‘only in crypto’ investigation and guilty plea. The evidence was forever on the blockchain,” Redbord said.