On February 8, 2022, the Department of Justice announced the seizure of a record $3.6 billion in stolen BTC it alleges was tied to the 2016 hack of Bitfinex, a virtual currency exchange. A husband-wife duo, Ilya “Dutch” Lichtenstein and Heather Morgan of New York, New York were arrested the same day and charged via a criminal complaint with conspiracy to commit money laundering and conspiracy to defraud the United States. Lichtenstein and Morgan are being held on $5 million and $3 million in bail, respectively, and will be on house arrest pending trial.
The Statement of Facts by the government in support of the criminal complaint filed against the defendants reveals a vast and complicated web of transactions that allegedly permitted Lichtenstein and Morgan to transfer approximately 25,000 of the 119,754 BTC stolen by hackers—valued at “only” $71 million at the time of the theft but now worth about $4.5 billion—to various virtual currency exchangers. According to the Statement of Facts, the stolen BTC was shuttled to an unhosted wallet (i.e., a cryptocurrency wallet not controlled by a third-party but by the user) with over 2,000 BTC addresses, then to various accounts at the “darknet market AlphaBay,” later to a number of accounts at four different virtual currency exchangers, then to more unhosted BTC wallets, and finally to accounts at six more virtual currency exchangers where it was converted into fiat currency, gift cards, and precious metals. The defendants further allegedly liquidated BTC through a BTC ATM and purchasing non-fungible tokens.
As if the sheer volume and layers of accounts was not enough, the duo allegedly:
- Moved the funds in a “series of small amounts, totaling thousands of transactions”;
- Used software to “automate transactions” which allowed for “many transactions to take place in a short period of time”;
- “Layered” transactions by depositing and withdrawing the BTC through many accounts to obfuscate the trail, including through extensive layering activity that employed the “peel” chain technique; and
- “Chain hopped” by converting BTC to anonymity-enhanced virtual currency to cut and disguise the blockchain trail.
Lichtenstein and Morgan also allegedly opened accounts under fictitious names at various cryptocurrency exchanges. And when they opened accounts under their own name, they explained the source of their otherwise unexplained wealth as the rewards of early investment in and mining of BTC. When exchange accounts were opened in the names of entities, the Statement of Facts alleges Lichtenstein and Morgan lied to the exchanges about nature of the business and the source of the BTC (e.g., that they came from legitimate customers instead of the stolen funds) and used fictitious shell companies to add the appearance of legitimacy to the lies.
Even though the digital nature of the theft, the billions in value, and the technical sophistication of the concealment, transfer, and laundering undoubtedly make this case exceptional, the fundamentals of money laundering remain the same.
First, legitimizing cryptocurrency, just like cash, still requires the use of financial institutions, here virtual currency exchanges. Financial institutions’ Bank Secrecy Act (“BSA”) obligations—including know-your-customer (“KYC”) checks, customer due diligence, and enhanced customer due diligence—can be just as effective in stopping money laundering in the digital world. For example, the Statement of Facts alleges that Lichtenstein and Morgan used fictitious names and email addresses from an “India-based email provider” when registering accounts with some exchanges to conceal their identity and the nature of the funds. When the exchanges requested additional KYC, the duo never responded. On at least one occasion, that led to the exchange freezing $186,000 in virtual currency and Lichtenstein and Morgan abandoning the account. On another, it led them to abandon $155,000 in virtual currency.
Interestingly, the criminal complaint’s charge of conspiracy to defraud the United States appears to rest on the theory that the defendants allegedly frustrated the due diligence efforts of virtual currency exchanges and other financial institutions under the BSA, thereby preventing them from filing required Suspicious Activity Reports with the Financial Crimes Enforcement Network (“FinCEN”). This appears to be the first time that the government has charged the “defraud the United States” prong of the federal criminal conspiracy statute, 18 U.S.C. § 371 (a very common charge), by using the theory that causing financial institutions to not comply with their BSA obligations defrauded FinCEN.
This appears to be the first time that the government has charged the “defraud the United States” prong of the federal criminal conspiracy statute, 18 U.S.C. § 371 (a very common charge), by using the theory that causing financial institutions to not comply with their BSA obligations defrauded FinCEN.
Second and relatedly, the use of financial institutions permits law enforcement to connect personal information to otherwise anonymous cryptocurrency wallets and cryptocurrency. Just like with cash, even when the BSA does not stop money laundering in its tracks, KYC and other customer due diligence procedures may provide important information that helps fuel law enforcement’s investigation. For example, Lichtenstein and Morgan had to eventually connect the stolen cryptocurrency to themselves at an exchange to legitimize the funds. The Statement of Facts illustrates, in two of many charts, how funds deposited in exchange accounts clearly linked to Lichtenstein could ultimately be traced back to the stolen BTC. Other paragraphs explain how exchange accounts linked to entities purportedly owned and operated by Lichtenstein or Morgan allegedly received funds not from customers but from the corpus of stolen funds.
Third, once cryptocurrency gets into the “financial system” it can be traced. Unlike fiat currency, the unique nature of cryptocurrency means it is almost always in the “system” and can almost always be traced. Even though cryptocurrency can be anonymity-enhanced, blockchains still generally provide a permanent and immutable record of transactions. If law enforcement becomes aware of one link in the chain of transactions, they can trace transactions both to their source and their conclusion. The Statement of Facts illustrates many times over how this was done through numerous exchange accounts and cryptocurrency wallets. No doubt, the government’s forensic investigation also was assisted by the fact that the Department of Justice had seized AlphaBay’s infrastructure in 2017.
Financial institutions have long been at the front lines for combatting money laundering and the front lines have more recently extended to cryptocurrency. This case reveals that BSA obligations and anti-money laundering principles can still be an effective tool in combatting money laundering involving cryptocurrency and aiding law enforcement officials in their investigation. It also reveals that law enforcement now has at its disposal the technical know-how and resources to track even the most convoluted cryptocurrency path, given sufficient time, resources and luck. The uniqueness of the blockchain’s immutable record make it possible for law enforcement to use those tools to find alleged launderers, even in cases as complex and convoluted as this one.