- February 16, 2022
- Posted by: Bogdan
- Category: AML, bitfinex, department of justice, hacks, Netflix, twitter, US Government
It’s the Netflix script that wrote itself. A story so outlandish, it’s stunned the crypto community; an industry accustomed to apparent suicides in Spanish jail cells and nonfungible token auctions for dead rappers.
The plot involves the United States Department of Justice (DoJ), a crypto exchange with a checkered history, a rapper-cum-Forbes magazine writer, a voucher to buy a new PlayStation, an occasional magician and $4 billion worth of Bitcoin (BTC).
The alleged Bitfinex hack money launderers have kept the internet enraptured since the larger-than-life story emerged last week. It’s no wonder that Netflix has actually announced that they will bring the story to life.
In essence, a zany rapper who advises companies on social engineering and tackling cybercriminals named Heather Morgan and her cybersecurity specialist husband Ilya Lichtenstein were caught trying to launder funds stolen from the 2016 Bitfinex hack. Funds were laundered via the purchase of games consoles, Uber rides and other gift vouchers.
Despite their nerdy credentials, according to the DoJ report, law enforcement gained access to the couple’s private keys through a cloud storage account. Yes, they kept their private keys to upwards of $3 billion in Bitcoin in the cloud.
But, with so many unanswered questions and bizarre circumstances, the news of the Bitfinex billions has left Twitter scrambling for puzzle pieces while armchair investigators have their work cut out for them, coming up with even more outlandish theories.
Amid wild theories and some questionable reporting, this article intends to lay out the established facts surrounding the Bitfinex hack and what it means now that the DoJ is now holding 90,000 Bitcoin.
Bitfinex hack 2016
The Hong Kong-based cryptocurrency exchange Bitfinex was hacked six years ago to the tune of $70 million. The attack was fast: In just two Bitcoin blocks spanning circa 20 minutes, Bitfinex wallets under the custody of Bitgo were drained of all their funds. In total, thieves stole 120,000 Bitcoin, now worth over $4 billion.
As one of the biggest hacks in Bitcoin history, the hack caused a sharp selloff and the price per Bitcoin slumped to around $500. It’s important to note that the money laundering couple, Morgan and Lichtenstein, are not accused of hacking the exchange, the hackers are still at large.
The Bitfinex team worked tirelessly in response to the hack, devising an innovative solution to restore investor confidence. Initially, Bitfinex concocted and released BFX tokens and “recovery rights tokens” (RRT). While tokenization is common in 2022, in 2016–17, before the initial coin offering mania, the issuance of tokens was radical.
The tokens served as an IOU to customers affected by the hack and could be redeemed for cash or exchanged for iFinex capital stock (iFinex being Bitfinex’s parent company).
Designed in such a way that Bitfinex could later buy back the tokens from users or offer shares in the platform to compensate, the BFX and RRT solution kept Bitfinex liquid and potentially “compensated investors faster than traditional proceedings.”
By April 2017, Bitfinex recovered enough funds to cover or reimburse all users affected by the hack eight months prior. Erik Voorhees called the recapitalization “F*cking Amazing,” Bitcoin podcaster Peter McCormack described the process as “socializing the losses.”
The hack and subsequent quasi-fund recovery are in stark contrast to the infamous Mt. Gox hack of 2014, as Mt.Gox creditors exchange are only now discussing refund plans.
Fast forward five years, and while some of the Bitfinex Bitcoin moved several times and was effectively laundered over time, law enforcement and blockchain enthusiasts watched the wallets like a hawk.
Given the transparency of the Bitcoin blockchain, the hacked coins were blacklisted from crypto exchanges meaning that laundering the money would prove difficult.
90,000 Bitcoin, roughly $3.6 billion, moved in early February. The DoJ was behind the move and the protagonists, Morgan and Lichtenstein, sprung into the spotlight. The DoJ’s statement explained that:
“Special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex.”
As a result, the DoJ now has 94,000 Bitcoin in its possession. The repercussions of the U.S. obtaining so much Bitcoin are wide reaching from causing a potential Bitcoin price crash to questions regarding when, if and where the funds will be returned.
This is where the Netflix saga takes a breather and speculation takes over. The retrieved Bitcoin remains in a wallet, and while the money-laundering trial unravels, the token UNUS SED LEO (LEO) has mooned while commentators theorize on the stolen Bitcoin.
As a small piece to the Bitfinex puzzle but a large part of the broader Bitfinex saga picture, the LEO token is another example of financial ingenuity. In 2019, the Bitfinex parent company iFinex listed LEO as an exchange utility token.
The token granted traders lower fees and solved problems relating to iFinex’ payments processors. Crucially, the token’s 2019 white paper stated:
“An amount equal to at least 80% of recovered net funds from the BitFinex hack will be used to repurchase and burn outstanding LEO tokens within 18 months from the date of recovery.”
In a bulletin made last week, Bitfinex backed the white paper claim, stating, “Bitfinex will, within 18 months of the date it receives that recovery, use an amount equal to 80% of the recovered net funds to repurchase and burn outstanding UNUS SED LEO tokens.”
Indeed, traders are banking on these funds returning to Bitfinex. The LEO token has soared, reaching new highs and jumping over 50%.
Nonetheless, while Bitfinex may be confident of recovering the hacked Bitcoin, the DoJ has not disclosed the next steps.
The DoJ’s a hodler now?
As stated, the stolen Bitcoin remains in a Department of Justice wallet. The blockchain wallet address holds 94,632 Bitcoin, with the last deposit received on Feb. 11.
A wallet containing over 94,000 Bitcoin in 2022 is considerable: MicroStrategy owns 125,000 Bitcoin and Tesla holds 43,200. We can only assume that the DoJ has better opsec than the alleged money-launderers and will not store the keys in the cloud.
The Bitcoin Treasuries Twitter joked that they would add it to their list of Bitcoin treasuries, implying that the United States would become a holder of the retrieved funds.
Binance CEO Changpeng Zhao asked, “if they [Bitfinex] get the BTC back, how should they split that with LEO holder, or the people who took a loss to accept LEO at the time of the hack (and then sold LEO)?”
Didn’t have time to research it in detail. 2 honest questions.
Did bitfinex lose or make money from the hack?
If they get the BTC back, how should they split that with LEO holders, or the people who took a loss to accept LEO at the time of the hack (and then sold LEO)?
— CZ Binance (@cz_binance) February 8, 2022
In an interview on the WAGMI podcast, Paolo Ardoino, the chief technology officer of Bitfinex, sounded confident about regaining the funds. He said they are “actively working on returning them (the funds) safely,” adding that it may take some time.
Ardoino stressed the importance of “giving back to the community” and reiterated once again that Bitfinex will use 80% of the funds to buy back LEO — but it is unlikely to be a “market buy.”
A securities fraud and investment loss attorney David Silver said that “Bitfinex is going to fight like hell to keep the money for themselves.”
Ultimately, though, he added, “the gov’t will administer the redistribution.” In a boon for privacy, the government may use the opportunity upon returning the funds to identify and consequently tax the original Bitcoin holders.