On Tuesday, the Justice Department announced the arrest of tech entrepreneurs Ilya Lichtenstein and Heather Morgan in Manhattan for allegedly conspiring to launder 119,754 Bitcoin (now worth $4.5 billion) that was stolen in the notorious 2016 hack of the cryptocurrency exchange Bitfinex. The agency also reported that it had seized from the married couple more than $3.6 billion of Bitcoin linked to the hack, its largest ever financial seizure. Besides the mind-boggling sum, the case almost immediately inspired online rubbernecking due to Morgan’s disastrous turn as a self-described “sexy horror comedy” rapper named Razzlekhan, which she usefully documented in considerable detail online:
Aside from her nascent career in hip hop, Morgan contributed articles to Forbes and Inc. about cybersecurity and marketing. She is also the founder of a “cold email copywriting” company called SalesFolk, which specializes in email campaigns. Lichtenstein doesn’t seem to have as much of a public presence, but was fairly established in the tech industry. He founded a software company backed by Y Combinator called MixRank, which maintains a database of mobile apps, and also lists himself on LinkedIn as a mentor for the venture capital firm 500 Startups.
While it’s unclear how much Lichtenstein and Morgan were supposedly involved in actual breach of Bitfinex, the Justice Department claims that the hacker deposited the funds into a cryptocurrency wallet under Lichtenstein’s control. Over the past five years, the two have allegedly funneled the money through a dizzying number of transfers, sites, and currencies to hide the fact that it was ultimately going into their personal accounts to purchase things like Walmart gift cards and gold. Here’s a glossary of the various crypto tools and techniques that they’re accused of using to launder their billions.
A hosted wallet is an account controlled by an exchange or other intermediary where you can store cryptocurrency—kind of like a bank or trading account. An unhosted wallet is then, as Coin Telegraph puts it, the crypto equivalent of the billfold where you store your hard cash. (Or in this case, the duffel bags where the burglars stash their stacks of Benjamins.) It’s essentially software on a device where an individual has complete control over the cryptocurrency inside without the involvement of any third parties. These unhosted wallets can still conduct transactions on crypto exchanges or with other individual wallets. Because they aren’t registered with a larger financial institution, owners of unhosted wallets can more easily hide their identities.
According to the Justice Department’s report, the hacker initiated more than 2,000 unauthorized transfers from Bitfinex to an unhosted wallet. No one knew who that wallet belonged to for years, until investigators determined it was under Lichtenstein’s control. Investigators say that the cryptocurrency later traveled through multiple other unhosted wallets in an apparent attempt to obscure its path. Government agencies like the Financial Crimes Enforcement Network (or FinCEN) have been placing more scrutiny on unhosted wallets out of concern that they could aid crime and terrorism. FinCEN has proposed imposing stricter record-keeping requirements for transactions that such wallets conduct.
AlphaBay is a darknet marketplace that auctions off contraband like drugs and firearms. The site facilitates the transactions with cryptocurrency so that users can remain largely anonymous. Investigators say that some of the funds went from the initial unhosted wallet into AlphaBay accounts. Reuters reports that when the Justice Department partnered with other agencies to shut down AlphaBay in 2017, it likely gave investigators access to the site’s internal transaction logs and connected them to an account in Lichtenstein’s name.
Chain-hopping is a technique popular among criminals that involves successively converting funds into multiple different cryptocurrencies and transferring them across exchanges. When done effectively, it can make the money trail too convoluted for law enforcement to trace. Exchanges have tried to crack down on such activity by implementing “know-your-customer” measures, which involves conducting identity and background checks before allowing a user to access its services. Investigators say some of the exchange accounts they were examining had been abandoned by their owners after such “know-your-customer” checks, which was a hint that they may have belonged to Lichtenstein and Morgan. In other cases, Lichtenstein provided his own personal and business info for “know-your-customer” checks.
The peel chain technique entails transferring funds through a series of wallets. During each transfer, a portion of the fund gets “peeled off” and sent to another address outside of the main chain. Because smaller and smaller amounts are getting transferred, the transactions are less likely to set off identity checks or other security measures, and they’re harder to track. Hackers associated with North Korea have been known to use peel chains in their own breaches of crypto exchanges. According to investigators, the early movements of the stolen Bitfinex funds involved a peel chain that gradually deposited cryptocurrency into AlphaBay accounts.
What the Justice Department’s report refers to as “anonymity-enhanced virtual currency” is more commonly known in crypto parlance as “privacy coins.” These are types of cryptocurrency that have special features to help users obscure their identities and transactions. While other major cryptocurrencies like Bitcoin have publicly available ledgers recording all transactions, privacy coins can purportedly make transfer amounts or the parties involved confidential. The Justice Department specifically accuses the duo of converting the Bitcoin into Monero and Dash, which are widely considered to be privacy coins.
Turkish Martha Stewart
Another name that Morgan assumed, along with the “Versace Bedouin” and the “Crocodile of Wall Street,” while rapping about finance and entrepreneurship.