The statement of facts is linked to from the press release, and describes generally how the Feds were able to trace the stolen funds (they found a file listing private keys, after gaining access to the suspect's cloud storage)
https://www.justice.gov/opa/press-release/file/1470186/downl...
> The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys.
> ...The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to LICHTENSTEIN’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts
> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products. In 2021, agents obtained a copy of the contents of the cloud storage account pursuant to a search warrant. Upon reviewing the contents of the account, agents confirmed that the account was used by LICHTENSTEIN. However, a significant portion of the files were encrypted
That's wild, I think we were Facebook friends for awhile after I interviewed and hung out over there on a few occasions.
I was doing an onsite with Ilya and the folks at MixRank (in 2012) and talking with the team, and I mentioned something about cryptography and some basic codes that I learned as a child in gifted class. They had no idea what I was talking about - not the codes but "gifted class". I was telling them it was pretty common in public school systems - once a week or a few hours a day where you took advanced topics in another classroom with other kids that had tested into the program. They had no idea.
I started asking the founders if they went to public school. They never had. And then they were curious and started asking the other employees. Not a single one had ever set foot in a public school for elementary, middle, or high school. Then one guy in the back piped up - "you know, I think $devname went to Berkeley."
This is just unreal. this guy was living a double life of being the greatest criminal ever. So among our community was a $4 billion hacker, just nonchalantly posting.
I don't think he will be commenting anytime soon again if this really is him
Heh... He has some comments on "Feds reveal the search warrant used to seize Mt. Gox account " in 2013:
As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law.
--
This was inevitable. People can wax rhapsodic about the decentralized nature of Bitcoin, but once the feds freeze a few million dollars of a major exchange's assets, as they have done with every single anonymous digital currency since the beginning of time (e-gold,1mdc,Liberty Dollar) and launch a criminal investigation, the currency will be severely destabilized.
Within the next year I expect to see a cottage industry emerge where the true believers cash out frozen bitcoin accounts for pennies on the dollar.
"As I build a sales team for my latest software startup, Endpass"
Endpass "Bringing you the delightful and secure Ethereum wallet that's easy enough for grandma to use."
Wait, so did Feds nab them for running Ethereum wallet startup and claim $3B in client wallets as theirs? Or did the pair start Ethereum wallet company to wash stolen coints?
> “After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein,” the press release said. “Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure.”
So most likely,
1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.
2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"
> One overlooked detail in the Razzlekahn arrest. Almost all the money went through AlphaBay, using it as a mixer. The feds were able to see through this because they seized AlphaBay. Its amazing how, even years after, darknet market seizures pay dividends to the feds.
Shouldn't all true crypto believers hate this news?
It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
I'm sitting here trying to understand their mindset.
They had to know what kind of scrutiny would be on those coins forever.
At the time of the theft, the coins are worth $100M+ and they can't touch them. Even worse, anything they do with them will be monitored, researched, dug into, and everything else from law enforcement, amateur detectives, and every major tech+crime group.
Fast forward to now and the coins are worth 50x that.. and now they try to move them? And all the keys are in cloud storage? But it had to be frustrating to be sitting on something so valuable without any way to use it. They had to be stressed and anxious about it.
A life of crime is stupid. A life of crime for something this high profile is far beyond stupid.
Ilya Lichtenstein (YC S11) is the co-founder of YC-backed MixRank. Heather Morgan, his wife, is apparently a serial entrepreneur, investor, and "contributor" to Forbes.
Heather R. Morgan is an international economist, serial entrepreneur, and investor in B2B software companies. She is an expert in persuasion, social engineering, and game theory.
For those unfamiliar with Forbes as a platform, forms allows for independent unpaind (by Forbes) writers to submit content on their platform. If you see a scummy crowdfunding campaign or shady start up claiming "as featured in Forbes,etc etc" that's how they do it.
The hack occurred 5.5 years ago. The Federal statute of limitations on Grand Theft/Larceny is 5 years. Is this why they are charged with Conspiracy to Commit Money Laundring and not charged with the actual theft?
Lichtenstein and Morgan are charged with conspiracy to commit money laundering
If so, this means that (outside tax obligations) they may have gotten away with it essentially by sitting on the money doing nothing for 5 years and then openly transferred it to themselves. Since they took actions that were meant to launder the money, they opened themselves up to the money laundering charges on their own.
This is similar to many financial regulations where you can have completely legally obtained money but if you deposit $9,000 followed by depositing $1,000 thereby avoiding a CTR notification to the government required for a $10,000 deposit, you're guilty of "structuring" your deposits.
So government was moving bitcoins not hackers. Like I said in that thread it is easier to launder cash than bitcoins because bitcoins are on chain forever and cold cash can be laundered in numerous ways.
> The Justice Department announced Tuesday it had seized more than $3.6 billion in bitcoin allegedly stolen as part of a 2016 hack of Bitfinex, saying authorities have also arrested and charged a husband and wife in New York for allegedly trying to launder the cryptocurrency fortune.
> Officials said Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, were arrested on charges of conspiring to launder money. They are accused of trying to launder 119,754 bitcoin that were stolen after a hacker breached Bitfinex, a cryptocurrency exchange, and initiated more than 2,000 unauthorized transactions. Prosecutors said the bitcoin was sent to a digital wallet controlled by Lichtenstein.
From the actual charging statement (https://www.justice.gov/opa/press-release/file/1470186/downl...), the Feds have more details and fascinating traces through the various methods which the accused laundered the funds. Raises the question of whether they would've attracted so much attention if it were "only" a $70M hack instead of the multibillion dollar one due to BTC appreciation.
> In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet. At the time of the breach, 119,754 BTC was valued at approximately $71 million. Due to the increase in the value6 of BTC since the breach, the stolen funds are valued at over $4.5 billion as of February 2022.
Sometimes I wonder what the chances are that certain (highly privileged) staff at Google (or other similar data storage or e-mail companies) could run a query across Google Drive looking for a specific public key. Much like a malware scanner, just looking for "a key", just to see if there is an account matching. Unofficially, of course. A rogue employee perhaps. And, what if, in such a case, the employee (in the best of cases) reports the person anonymously, or in other cases, takes off with the private key if also found.
Or does anyone know if the data is so encrypted that nobody at Google can override? I would highly doubt that, looking at US law enforcement pressure. And I am sure there's a million and one barriers and access requests blocking raw queries, but technically...
Of course, a hefty hefty conspiracy-laden thought, but I just found myself curious if that would even remotely be an option.
I haven't work for google, but other cloud provider I worked has very strict production access policy. You cannot just access prod, or run script. Even in cases that you must access prod, it needs special temporary access. (Just in Time Tokens), which is audited, and linked to a case. Few people in management line have to approve the access, and it expires once used. I would say the chance that some random engineer does this is very very low. Unless Google actually does something like that as a product for law enforcment. I have heard few cases of these scripts for things like child abuse images. I have never seen one though in action.
The I/O cost would be more than any loot you find !.
Jokes apart, it is not easy even for Google in-house teams such a query scanning all their drive folders would be very, very expensive computationally.
Most files are stored as binary blobs, i.e. bin formats like PDF etc with some level of compression. Retrieval costs and file read costs for even most common formats can be expensive and slow
Why would a Russian national with so much BTC to launder, who hasn't touched it in 6 years suddenly perform the action from New York City of all places from within the USA.
I don't know why people assume that Russia is a lawless land where you can just cash out billions of dollars worth of stolen cryptocurrency.
Even if that were the case, maybe they rationally decided that the risk of pissing off United States federal authorities was better than pissing off Russian authorities and organized crime.
For example Mt. Gox hack was also most probably hack not an inside job because that guy Mark Karpelès was so incompetent running the exchange no wonder it got hacked every now and then.
"The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
This is really surprising, given that the Bitfinex hack was quite complex (unless they had inside knowledge). There are several ways to hold crypto for an amount as large (hardware wallet, brain wallet, pre-signed transactions, etc...)
>According to court documents, Lichtenstein and Morgan allegedly conspired to launder the proceeds of 119,754 bitcoin that were stolen from Bitfinex’s platform after a hacker breached Bitfinex’s systems and initiated more than 2,000 unauthorized transactions. Those unauthorized transactions sent the stolen bitcoin to a digital wallet under Lichtenstein’s control. Over the last five years, approximately 25,000 of those stolen bitcoin were transferred out of Lichtenstein’s wallet via a complicated money laundering process that ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan.
Sounds like they were very much involved in the hack... or someone hacked Bitfinex and gifted them the coins?
Yeah -- It reads like they didn't have the evidence to prove they hacked Bitfinex, but plenty of evidence they're the only ones that moved the hacked funds. Hence the lack of CFAA or other charges in favor of money laundering ConFraudUS.
Probably stupid question: Why not just exchange it to zcash or monero or some other coin that hides transaction details? Then you can send it to a new wallet; theoretically 100% untraceably.
They did that apparently, it is mentioned in the article. There are still ways to trace it. For example, if they do it in a short timeframe or in just two transactions you can match the amounts. Not many people send 100k$ in zCash around.
What possesses someone who just stole billions to stay in New York while trying to launder their money? Staying and pretending it didn't happen, I get. Pulling a Marsalek, I get. But staying? While continuing to try and access that wealth?
Is it arrogance? Stupidity? Misplaced faith in the anonymity of crypto?
"CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol."
[+] [-] danso|4 years ago|reply
> The 2017 transfers notwithstanding, the majority of the stolen funds remained in Wallet 1CGA4s from August 2016 until January 31, 2022. On January 31, 2022, law enforcement gained access to Wallet 1CGA4s by decrypting a file saved to LICHTENSTEIN’s cloud storage account, which had been obtained pursuant to a search warrant. The file contained a list of 2,000 virtual currency addresses, along with corresponding private keys.
> ...The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to LICHTENSTEIN’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts
> ...Lichtenstein Email 2 was held at a U.S.-based provider that offered email as well as cloud storage services, among other products. In 2021, agents obtained a copy of the contents of the cloud storage account pursuant to a search warrant. Upon reviewing the contents of the account, agents confirmed that the account was used by LICHTENSTEIN. However, a significant portion of the files were encrypted
[+] [-] albroland|4 years ago|reply
[+] [-] jboggan|4 years ago|reply
I was doing an onsite with Ilya and the folks at MixRank (in 2012) and talking with the team, and I mentioned something about cryptography and some basic codes that I learned as a child in gifted class. They had no idea what I was talking about - not the codes but "gifted class". I was telling them it was pretty common in public school systems - once a week or a few hours a day where you took advanced topics in another classroom with other kids that had tested into the program. They had no idea.
I started asking the founders if they went to public school. They never had. And then they were curious and started asking the other employees. Not a single one had ever set foot in a public school for elementary, middle, or high school. Then one guy in the back piped up - "you know, I think $devname went to Berkeley."
[+] [-] paulpauper|4 years ago|reply
I don't think he will be commenting anytime soon again if this really is him
https://news.ycombinator.com/threads?id=il
like your neighbor being a serial killer or something
[+] [-] spyder|4 years ago|reply
As the anarchists and idealists on HN will soon learn, the decentralized nature of Bitcoin won't make a difference if anyone transmitting it is in violation of federal law. --
This was inevitable. People can wax rhapsodic about the decentralized nature of Bitcoin, but once the feds freeze a few million dollars of a major exchange's assets, as they have done with every single anonymous digital currency since the beginning of time (e-gold,1mdc,Liberty Dollar) and launch a criminal investigation, the currency will be severely destabilized. Within the next year I expect to see a cottage industry emerge where the true believers cash out frozen bitcoin accounts for pennies on the dollar.
and a few other:
https://news.ycombinator.com/threads?id=il&next=5714990
[+] [-] vmception|4 years ago|reply
Should have just become a limited partner in one of the Silicon Valley PE funds, next to the Oligarchs
[+] [-] rednerrus|4 years ago|reply
[+] [-] tiffanyh|4 years ago|reply
In the US, it's "innocent until proven guilty".
Media is so quick to assume the person is guilty just because of an allegation.
[+] [-] sokoloff|4 years ago|reply
[+] [-] sydthrowaway|4 years ago|reply
[+] [-] rasz|4 years ago|reply
One of the first Google results for the names returns 'Get your first $1 million in enterprise sales with zero marketing spend' https://www.youtube.com/watch?v=DuIr5IFQ9Xg
Heather R Morgan
Serial entrepreneur SaaS Investor Razzlekhan = Surrealist Artist, Rapper & Fashion Designer with synesthesia Also Forbes writer
https://www.inc.com/heather-r-morgan/dont-hire-a-salesperson...
"As I build a sales team for my latest software startup, Endpass"
Endpass "Bringing you the delightful and secure Ethereum wallet that's easy enough for grandma to use."
Wait, so did Feds nab them for running Ethereum wallet startup and claim $3B in client wallets as theirs? Or did the pair start Ethereum wallet company to wash stolen coints?
[+] [-] AlexanderTheGr8|4 years ago|reply
So most likely,
1) they didn't launder it properly, leading to police being able to trace it to their bank accounts. I wonder if tornado.cash was used.
2) then police had their names, leading to warrants for all online accounts - google account, apple account, etc.
3) they made the big blunder of keeping their private keys in their online account. Most likely a txt file in google drive. That is such a silly blunder. Without the private keys, the police has zero proof of anything. They could have made a hundred excuses for how they got money in their bank account, as long as the police didn't have the private keys. Who keeps their private keys in an online account?
Apparently the biggest criminals make too many silly mistakes. The old saying applies here: "you don't have to be smart, just don't be an idiot"
[+] [-] AlexanderTheGr8|4 years ago|reply
Another fascinating detail.
Source: https://twitter.com/ncweaver/status/1491118233973571585
[+] [-] fxtentacle|4 years ago|reply
It's the government trying to enforce their opinion of who should own those Bitcoins, thereby taking power away from the owner that the network has decided on, which would be "whoever has the cryptographic keys".
[+] [-] caseysoftware|4 years ago|reply
They had to know what kind of scrutiny would be on those coins forever.
At the time of the theft, the coins are worth $100M+ and they can't touch them. Even worse, anything they do with them will be monitored, researched, dug into, and everything else from law enforcement, amateur detectives, and every major tech+crime group.
Fast forward to now and the coins are worth 50x that.. and now they try to move them? And all the keys are in cloud storage? But it had to be frustrating to be sitting on something so valuable without any way to use it. They had to be stressed and anxious about it.
A life of crime is stupid. A life of crime for something this high profile is far beyond stupid.
[+] [-] pdog|4 years ago|reply
[+] [-] localhost|4 years ago|reply
[+] [-] cam0|4 years ago|reply
Heather R. Morgan is an international economist, serial entrepreneur, and investor in B2B software companies. She is an expert in persuasion, social engineering, and game theory.
[+] [-] elkos|4 years ago|reply
[+] [-] vmception|4 years ago|reply
https://www.buzzfeednews.com/article/sarahemerson/crypto-lau...
[+] [-] 300bps|4 years ago|reply
Lichtenstein and Morgan are charged with conspiracy to commit money laundering
If so, this means that (outside tax obligations) they may have gotten away with it essentially by sitting on the money doing nothing for 5 years and then openly transferred it to themselves. Since they took actions that were meant to launder the money, they opened themselves up to the money laundering charges on their own.
https://www.law.cornell.edu/uscode/text/18/3282
This is similar to many financial regulations where you can have completely legally obtained money but if you deposit $9,000 followed by depositing $1,000 thereby avoiding a CTR notification to the government required for a $10,000 deposit, you're guilty of "structuring" your deposits.
https://www.fincen.gov/sites/default/files/shared/CTRPamphle...
[+] [-] mrkramer|4 years ago|reply
https://news.ycombinator.com/item?id=30162085
So government was moving bitcoins not hackers. Like I said in that thread it is easier to launder cash than bitcoins because bitcoins are on chain forever and cold cash can be laundered in numerous ways.
[+] [-] mikeyouse|4 years ago|reply
> Officials said Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, were arrested on charges of conspiring to launder money. They are accused of trying to launder 119,754 bitcoin that were stolen after a hacker breached Bitfinex, a cryptocurrency exchange, and initiated more than 2,000 unauthorized transactions. Prosecutors said the bitcoin was sent to a digital wallet controlled by Lichtenstein.
From the actual charging statement (https://www.justice.gov/opa/press-release/file/1470186/downl...), the Feds have more details and fascinating traces through the various methods which the accused laundered the funds. Raises the question of whether they would've attracted so much attention if it were "only" a $70M hack instead of the multibillion dollar one due to BTC appreciation.
> In or around August 2016, a hacker breached Victim VCE’s security systems and infiltrated its infrastructure. While inside Victim VCE’s network, the hacker was able to initiate over 2,000 unauthorized BTC transactions, in which approximately 119,754 BTC was transferred from Victim VCE’s wallets to an outside wallet. At the time of the breach, 119,754 BTC was valued at approximately $71 million. Due to the increase in the value6 of BTC since the breach, the stolen funds are valued at over $4.5 billion as of February 2022.
[+] [-] mittermayr|4 years ago|reply
Or does anyone know if the data is so encrypted that nobody at Google can override? I would highly doubt that, looking at US law enforcement pressure. And I am sure there's a million and one barriers and access requests blocking raw queries, but technically...
Of course, a hefty hefty conspiracy-laden thought, but I just found myself curious if that would even remotely be an option.
[+] [-] rehitman|4 years ago|reply
[+] [-] manquer|4 years ago|reply
Jokes apart, it is not easy even for Google in-house teams such a query scanning all their drive folders would be very, very expensive computationally.
Most files are stored as binary blobs, i.e. bin formats like PDF etc with some level of compression. Retrieval costs and file read costs for even most common formats can be expensive and slow
[+] [-] bagacrap|4 years ago|reply
[+] [-] paulpauper|4 years ago|reply
[+] [-] sjg007|4 years ago|reply
[+] [-] counternotions|4 years ago|reply
https://twitter.com/matthewesp/status/1491116443207094272?s=...
[+] [-] johnmarcus|4 years ago|reply
[+] [-] joshbaptiste|4 years ago|reply
[+] [-] pavel_lishin|4 years ago|reply
Even if that were the case, maybe they rationally decided that the risk of pissing off United States federal authorities was better than pissing off Russian authorities and organized crime.
[+] [-] miohtama|4 years ago|reply
[+] [-] polynomial|4 years ago|reply
[+] [-] majani|4 years ago|reply
[+] [-] mrkramer|4 years ago|reply
[+] [-] gzer0|4 years ago|reply
"The DOJ said it was able to seize the funds after an FBI search warrant of one of Lichtenstein's cloud storage accounts found a file containing cryptocurrency addresses and their corresponding private key that granted access to funds stored within."
[+] [-] csomar|4 years ago|reply
[+] [-] kart23|4 years ago|reply
no way they just kept an unencrypted private key on the cloud.
[+] [-] newbie789|4 years ago|reply
[deleted]
[+] [-] duxup|4 years ago|reply
Sounds like they were very much involved in the hack... or someone hacked Bitfinex and gifted them the coins?
[+] [-] mikeyouse|4 years ago|reply
[+] [-] jrav|4 years ago|reply
Is this not a valid approach?
[+] [-] Gasp0de|4 years ago|reply
[+] [-] miohtama|4 years ago|reply
[+] [-] uncomputation|4 years ago|reply
[+] [-] AlexanderTheGr8|4 years ago|reply
[+] [-] JumpCrisscross|4 years ago|reply
Is it arrogance? Stupidity? Misplaced faith in the anonymity of crypto?
[+] [-] mmh0000|4 years ago|reply
"CoinJoin is a trustless method for combining multiple Bitcoin payments from multiple spenders into a single transaction to make it more difficult for outside parties to determine which spender paid which recipient or recipients. Unlike many other privacy solutions, coinjoin transactions do not require a modification to the bitcoin protocol."
[0] https://en.bitcoin.it/wiki/CoinJoin