New Yorker faces 5 years sentence following $10B Bitfinex theft

Getting your Trinity Audio player ready...

Ilya Lichtenstein, the infamous tech entrepreneur behind one of the largest ‘crypto’ heists in history, has been sentenced to five years in prison for stealing $10 billion worth of BTC from the Bitfinex exchange.

Lichtenstein and his rapper wife, Heather Morgan, pleaded guilty to conspiracy to commit money laundering last August. Lichtenstein admitted to orchestrating the 2016 hack on Bitfinex, in which he siphoned 119,754 BTC from the exchange through at least 2,000 transactions. He then deleted the access credentials and other log files from the exchange, making him impossible to trace. His wife claimed she was unaware of the crime but later admitted that he helped Lichtenstein launder at least 25,000 BTC through fake identities, darknet markets, digital asset exchanges, and mixers.

Lichtenstein faced two decades behind bars for his crime. However, prosecutors called for a more lenient sentence, arguing that he had been cooperative, had no priors, and had only laundered about 20% of the stolen BTC. Additionally, he had assisted authorities in recovering most of the remaining BTC.

Judge Colleen Kollar-Kotelly sentenced Lichtenstein to five years in prison on Thursday in the U.S. District Court in Washington, D.C. He took into account the two years and nine months Lichtenstein had spent in jail since his February 2022 arrest. He also sentenced the New Yorker to three years of supervised release.

The judge noted that it was important for the court to send a message “that you can’t commit these crimes with impunity, that there are consequences to them.” He added that Lichtenstein had “meticulously planned” the heist for months and that it wasn’t an impulsive act.

The 35-year-old took full responsibility for his actions in a remorseful speech before the sentencing, AP reports. He regretted “wasting my talents on crime instead of a positive contribution to society” and pledged to use his expertise for good once he gets out of prison.

Judge Kollar-Kotelly will sentence Morgan on Monday, November 18. Morgan, formerly a rapper named ‘Razzlekhan,’ is likely to get a lighter sentence. Prosecutors recently recommended 18 months in prison for her, which they said “would adequately serve the interests of justice.” They claimed Morgan wasn’t involved in the heist, and her husband only reeled her in to launder the proceeds.

The couple’s downfall came about when they purchased a Walmart gift card using some of the stolen BTC. Investigators found that the gift cards were redeemed using Morgan’s Walmart app, and after obtaining search warrants for their home and online accounts, they busted them as the orchestrators of the hack.

Indian police arrest $235m WazirX hacker

In India, police have arrested a man from the eastern region of Bengal whom they claim was deeply involved in the $235 million July hack of local exchange WazirX.

The hackers attacked the exchange on July 18, targeting its Ethereum hot wallet to drain nearly 50% of the funds. Digital asset sleuths revealed that the hacker modified the signatures required to authorize such a transaction by tricking the exchange’s security team members into altering the smart contract that would have otherwise thwarted such an attempt.

Police in the capital, New Delhi, revealed Thursday that they had arrested the man who created the fake account that orchestrated the attack. This revelation lends credence to the exchange’s long-held defense, where it denied that the attack was due to its lax internal security measures.

A charge sheet seen by media outlets alleges that the arrested man, SK Masud Alam, was part of an organized group of hackers who opened fictitious accounts to infiltrate the exchange. Alam allegedly claimed that he had been offered a “good amount” by another Telegram user for the WazirX accounts, which were later used to conduct the attack.

The charge sheet further fanned the flame of the conflict and blame game between WazirX and Liminal Custody, the digital asset custodian that the exchange relied on to protect its users’ assets.

Following the breach, Liminal blamed the exchange, alleging that its internal machines had been compromised. However, days later, WazirX claimed to have conducted a preliminary investigation and found “no evidence that WazirX signers’ machines were compromised.” Three months later, Liminal hit back, accusing the exchange of a “disinformation campaign” and denied any role in the breach.

Delhi police now claim that Liminal refused to cooperate with investigators, frustrating their efforts to recover the lost funds and nab the criminals. When it finally cooperated, Liminal still withheld “crucial information” from the investigators, the charge sheet claimed, raising even more questions about the custodian’s role in the breach. Security vulnerabilities for Liminal would impact several players relying on its custody solutions, including India’s Central Bureau of Investigation (CBI).

Watch: Digital Asset Recovery takes token recovery seriously