$3.6 billion bitcoin seizure shows how hard it is to launder cryptocurrency
On Tuesday, Ilya Lichtenstein and Heather Morgan were arrested in New York and accused of laundering a record $4.5 billion worth of stolen cryptocurrency. In the 24 hours immediately afterward, the cybersecurity world ruthlessly mocked their operational security screwups: Lichtenstein allegedly stored many of the private keys controlling those funds in a cloud-storage wallet that made them easy to seize, and Morgan flaunted her “self-made” wealth in a series of cringe-inducing rap videos on YouTube and Forbes columns.
But those gaffes have obscured the remarkable number of multi-layered technical measures that prosecutors say the couple did use to try to dead-end the trail for anyone following their money. Even more remarkable, perhaps, is that federal agents, led by IRS Criminal Investigations, managed to defeat those alleged attempts at financial anonymity on the way to recouping $3.6 billion of stolen cryptocurrency. In doing so, they demonstrated just how advanced cryptocurrency tracing has become—potentially even for coins once believed to be practically untraceable.
“What was amazing about this case is the laundry list of obfuscation techniques [Lichtenstein and Morgan allegedly] used,” says Ari Redbord, the head of legal and government affairs for TRM Labs, a cryptocurrency tracing and forensics firm. Redbord points to the couple's alleged use of "chain-hopping"—transferring funds from one cryptocurrency to another to make them more difficult to follow—including exchanging bitcoins for "privacy coins" like monero and dash, both designed to foil blockchain analysis. Court documents say the couple also allegedly moved their money through the Alphabay dark web market—the biggest of its kind at the time—in an attempt to stymie detectives.