Feds Arrest Couple Who Allegedly Laundered $1 Billion in Stolen Bitcoins

The authorities seized around $3.6 billion stolen in the 2016 Bitfinex hack.
Image: Elmar Gubisch/GettyImages
Screen Shot 2021-02-24 at 3
Hacking. Disinformation. Surveillance. CYBER is Motherboard's podcast and reporting on the dark underbelly of the internet.

The police arrested a couple accused of laundering cryptocurrency stolen in the 2016 hack of crypto exchange Bitfinex.  

The Department of Justice announced the arrests and indictment of Russian-U.S. national Ilya Lichtenstein, 34, and his wife, Heather Morgan, 31, in a press release on Tuesday. Prosecutors accused Lichtenstein and Morgan of attempting to launder almost 120,000 BTC (currently worth around $5 billion) through a wallet owned by Lichtenstein. 


In the last five years, the couple was allegedly able to launder 25,000 bitcoins (around $1 billion), and the rest of the hacked money remained in Lichtenstein’s wallet. As a result of the investigation, the US government said it recovered and seized the remaining 94,000 bitcoins, valued at over $3.6 billion at the time of seizure, according to the press release.

Do you have any information about similar crimes? Or do you research vulnerabilities on cryptocurrencies and their networks? We’d love to hear from you. You can contact Lorenzo Franceschi-Bicchierai securely on Signal at +1 917 257 1382, Wickr/Telegram/Wire @lorenzofb, or email

In a statement of facts published by DOJ, an investigator stated that law enforcement was able to trace the bitcoins to accounts controlled by Lichtenstein and Morgan. On January 31, 2022, investigators gained access to the wallet storing the stolen bitcoin “by decrypting a file saved to Lichteinstein’s cloud storage account, which had been obtained pursuant to a search warrant.”

The file contained a list of 2,000 cryptocurrency addresses used in the laundering operations as well as their private keys. At that point, the authorities obtained warrants to seize the cryptocurrency, according to the document.


This is how authorities traced the stolen bitcoin:

Screen Shot 2022-02-08 at 12.12.03 PM.png

Lichtenstein and Morgan laundered money using the following techniques, according to the document:

 “(1) using accounts set up with fictitious identities; (2) moving the stolen funds in a series of small amounts, totaling thousands of transactions, as opposed to moving the funds all at once or in larger chunks; (3) utilizing computer programs to automate transactions, a laundering technique that allows for many transactions to take place in a short period of time; (4) layering the stolen funds by depositing them into accounts at a variety of VCEs and darknet markets and then withdrawing the funds, which obfuscates the trail of the transaction history by breaking up the fund flow; (5) converting the BTC to other forms of virtual currency, including anonymity-enhanced virtual currency, in a practice known as “chain hopping”; and (6) using U.S.-based business accounts to legitimize activity.”

Screen Shot 2022-02-08 at 12.13.19 PM.png

“Criminals always leave tracks, and today’s case is a reminder that the FBI has the tools to follow the digital trail, wherever it may lead,” FBI Deputy Director Paul M. Abbate said in the press release. “Thanks to the persistent and dedicated work of our FBI Investigative teams and law enforcement partners, we're able to uncover the source of even the most sophisticated schemes and bring justice to those who try to exploit the security of our financial infrastructure.

The investigation was conducted by the IRS Criminal Investigation unit and the FBI, according to the statement of facts. 

Subscribe to our cybersecurity podcast, CYBER. Subscribe to our new Twitch channel.