How the US Found the Couple Who Stole BRL 23 Billion in Bitcoin

After carrying out one of the biggest Bitcoin heists in history, eccentric hacker couple Ilya “Dutch” Lichtenstein and Heather Morgan had the difficult mission of using this money without being discovered.

However, due to the transparency of the transactions, the hackers were caught some six years later after an investigation that brought together three US agencies: the IRS, the FBI and the HSI.

Estimated at 235 million reais at the time of the Bitfinex hack, the 119,754 BTC appreciated so much during these years that it was worth R$23 billion at the time of the seizure. In this way, it was the largest Bitcoin seizure in history.

Clandestine market and false names in the first steps

In an effort to cover their tracks, the pair sent some of the stolen money to an underground market called AlphaBay, making several deposits into different accounts. Then the pair would then withdraw these coins and send some of them to different accounts on a cryptocurrency exchange.

On this exchange, Lichtenstein and Morgan used fake names, as well as email addresses from an Indian provider. The Department of Justice (DoJ) presented this information through the chart below.

Flow of the bitcoins stolen by the hacker pair. Source: doJ

Note: The acronym VCE refers to Virtual Currency Exchange.

However, the pattern of such deposits, trades and withdrawals caught the attention of this exchange. Below is the list of red flags that Lichtenstein and Morgan have raised.

  • Email Agreement;
  • Access from the same IP address;
  • Account creation around the Bitfinex hack date;
  • Using techniques to shuffle funds before deposits.

In addition, funds from these accounts were halted after the couple failed to complete the Identity Verification (KYC) process. About 1 million reais in Bitcoin are left behind.

More exchanges and service purchases

However, before their fake accounts were frozen on this exchange, the hacker couple made several withdrawals. In this way, the American justice system was able to track down several of these transactions and link the funds to the pair.

In addition to having aggregated balances withdrawn from different accounts – named “CROSS” in the image below – the couple also sent such amounts to several other exchanges where they used accounts in their real name or companies in their name.

Movement of stolen money from one exchange to another. Source: doJ
Movement of stolen money from one exchange to another. Source: doJ

In addition, the transactions indicate that Lichtenstein then used such funds to purchase precious metals through an online service provider — called “BTC PSP 1” in the image above — with your actual home address.

Finally, the US Justice Department document reveals that both Lichtenstein and Morgan used the money to purchase gift cards from various services such as Uber, PlayStation, Hotels.com and Walmart.

Tracking transactions up to the purchase of gift cards. Source: doJ

cloud storage

While the above points already show several points of failure when trying to cover their tracks, perhaps the most surprising point of this story is that the Bitcoin wallets’ private keys were stored in a cloud storage service.

After obtaining a search warrant, in 2021, agents received a copy of the contents of Lichtenstein’s account on a cloud storage service. Although some of the files were encrypted, several files were broken on January 31, 2022. †

Most notably, the account contained a file containing all the addresses in the 1CGA4s wallet and their associated private keys. Using this information, the police seized the remaining contents of the wallet, totaling approximately 94,636 BTC, currently valued at $3,629 billion.

Surprisingly, the couple not only kept their private keys on this service but also other evidence of their crimes, in the plural after all, in addition to the theft of Bitfinex, Lichtenstein and Morgan, they also used false identities and money laundering.

As an example, the DoJ document mentions that there was a folder named “personas” in this cloud storage. In addition to documents and information about the lives of several people, there were also possible contacts of suppliers of passports and false identities for sale.

Finally, a spreadsheet was also kept with login details for the various accounts used by the couple. This worksheet also contained notes about the escrow accounts mentioned at the beginning of this text.

Affair lasted almost six years

Anyway, this was how the US carried out the largest Bitcoin seizure in history in dollar terms. The full version of the investigation can be found in the report from the US Department of Justice.

After the resolution of this case, the US decided to create a special unit to fight the illegal use of cryptocurrencies. Show that they seek justice regardless of the means criminals use.

In addition to this case involving 119,754 BTC, which equates to 23 billion reais, it is also worth noting that the US had already carried out an even larger seizure in 2013 in the case of Silk Road. Therefore, it is noteworthy that your search for criminals will continue incessantly.

Source: Live Coins

follow:
\