The

Bitfinex Bitfinex is a cryptocurrency exchange owned and operated by iFinex Inc, and is registered in the British Virgin Islands. Bitfinex was founded in 2012. It was originally a peer-to-peer bitcoin exchange, and later added support for other cryptocu ...

cryptocurrency exchange A cryptocurrency exchange, or a digital currency exchange (DCE), is a business that allows customers to trade cryptocurrencies or digital currencies for other assets, such as conventional fiat money or other digital currencies. Exchanges may acce ...

was hacked in August 2016. 119,756

bitcoins Bitcoin (abbreviation: BTC; sign: ₿) is the first decentralized cryptocurrency. Based on a free-market ideology, bitcoin was invented in 2008 when an unknown entity published a white paper under the pseudonym of Satoshi Nakamoto. Use o ...

, worth about million at the time, were stolen. In February 2022, the US government recovered and seized a portion of the stolen bitcoin, then worth billion, by decrypting a file owned by Ilya Lichtenstein (born 1989) that contained addresses and private keys associated with the stolen funds. Lichtenstein and his wife, Heather R. Morgan (born 1991), were charged with conspiracy to

launder Launder or Launders may refer to: * Launder (surname) * Launders (surname) See also

* Laundering (disambiguation), several types of washing, literally or metaphorically {{Disambiguation ...

the stolen bitcoin. In August 2023, Lichtenstein admitted to committing the theft. Both Lichtenstein and Morgan pleaded guilty to money laundering. In November 2024, Lichtenstein was sentenced to five years in a US prison for his involvement in money laundering the stolen bitcoin. Morgan was sentenced to 18 months in prison for fraud and conspiracy charges.

Hack

In August 2016, the

, based in

Hong Kong Hong Kong)., Legally Hong Kong, China in international treaties and organizations. is a special administrative region of China. With 7.5 million residents in a territory, Hong Kong is the fourth most densely populated region in the wor ...

, announced it had suffered a security breach. Around 2,000 approved transactions were sent to a single

wallet A wallet is a flat case or pouch, often used to carry small personal items such as physical currency, debit cards, and credit cards; identification documents such as driving licence, identification card, club card; photographs, transit pass, b ...

from users' segregated wallets. Immediately thereafter,

bitcoin Bitcoin (abbreviation: BTC; Currency symbol, sign: ₿) is the first Decentralized application, decentralized cryptocurrency. Based on a free-market ideology, bitcoin was invented in 2008 when an unknown entity published a white paper under ...

's trading price plunged by 20%, causing the value of the stolen bitcoins to dip to million. After learning of the breach, Bitfinex halted all bitcoin withdrawals and trading and said it was tracking down the perpetrators of the hack. Exchange customers, even those whose accounts had not been broken into, had their account balance reduced by 36% and received BFX tokens in proportion to their losses. The exchange's access to U.S. dollar payments and withdrawals was then curtailed. The hack happened even though Bitfinex was securing the funds with

BitGo BitGo, Inc. is a digital asset trust company and security company, headquartered in Palo Alto, California. It was founded in 2013 by Mike Belshe and Ben Davenport. Galaxy Digital announced its acquisition of BitGo in 2021 for $1.2 billion, altho ...

, which uses multiple-signature security. In July 2023, Bitfinex worked with the

Department of Homeland Security The United States Department of Homeland Security (DHS) is the U.S. federal executive department responsible for public security, roughly comparable to the interior, home, or public security ministries in other countries. Its missions invol ...

to recover about $315,000 in cash and cryptocurrencies stolen in the 2016 breach. The funds will be redistributed to holders of Bitfinex's Recovery Right Tokens, digital coins issued to people who suffered financial losses due to the hack.

Laundering

In early 2017, small amounts of the stolen bitcoins began to be moved from the wallet it had been initially stored in to the

Dark Web The dark web is the World Wide Web content that exists on darknets ( overlay networks) that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communica ...

marketplace

AlphaBay AlphaBay was a darknet market operating at different times between September 2014 and February 2023. At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforceme ...

with the intention of laundering it. After AlphaBay was shuttered by international law enforcement led by the

FBI The Federal Bureau of Investigation (FBI) is the domestic Intelligence agency, intelligence and Security agency, security service of the United States and Federal law enforcement in the United States, its principal federal law enforcement ag ...

, the money was rerouted to the Russian marketplace Hydra. The shutdown of AlphaBay may have given law enforcement access to the service's internal transaction logs and allowed it to identify the perpetrators. In February 2022, a New York couple, Ilya Lichtenstein (aged 34) and his wife Heather R. Morgan (aged 31), were charged by US federal authorities with conspiring to launder the bitcoins, which was worth billion at the time. Lichtenstein was an entrepreneur who had co-founded a sales company called MixRank. Morgan was an entrepreneur,

columnist A columnist is a person who writes for publication in a series, creating an article that usually offers commentary and opinions. Column (periodical), Columns appear in newspapers, magazines and other publications, including blogs. They take the ...

for '' Inc.,'' former ''Forbes'' digital contributor (from 2017 to 2021), and online rapper. Although neither were charged with committing the hack, law enforcement had acquired a

search warrant A search warrant is a court order that a magistrate or judge issues to authorize Police, law enforcement officers to conduct a Search and seizure, search of a person, location, or vehicle for evidence of a crime and to Confiscation, confiscate an ...

for a

cloud storage service A file-hosting service, also known as cloud-storage service, online file-storage provider, or cyberlocker, is an internet hosting service specifically designed to host user files. These services allow users to upload files that can be accessed o ...

used by Lichtenstein, obtaining a spreadsheet of wallet addresses and passwords linked to the hack. Though the stolen bitcoins could be tracked through public transactions logged on the

blockchain The blockchain is a distributed ledger with growing lists of Record (computer science), records (''blocks'') that are securely linked together via Cryptographic hash function, cryptographic hashes. Each block contains a cryptographic hash of th ...

, it was only after the wallet passwords were recovered that law enforcement could access and seize their contents. Some of the funds were moved to more traditional financial accounts and spent on gold,

NFTs A non-fungible token (NFT) is a unique digital identifier that is recorded on a blockchain and is used to certify ownership and authenticity. It cannot be copied, substituted, or subdivided. The ownership of an NFT is recorded in the blockchai ...

Uber Uber Technologies, Inc. is an American multinational transportation company that provides Ridesharing company, ride-hailing services, courier services, food delivery, and freight transport. It is headquartered in San Francisco, California, a ...

rides and a

PlayStation is a video gaming brand owned and produced by Sony Interactive Entertainment (SIE), a division of Japanese conglomerate Sony. Its flagship products consists of a series of home video game consoles produced under the brand; it also consists ...

. Although hundreds of millions of dollars were converted to fiat currency, 80% of the bitcoins (approximately 94,000) remained in the original wallet at the center of the hack. In August 2023, Lichtenstein pleaded guilty to conspiracy to commit money laundering, and Morgan to one count of money laundering conspiracy and one count of conspiracy to defraud the United States. Lichtenstein additionally admitted to carrying out the hack. An

information Information is an Abstraction, abstract concept that refers to something which has the power Communication, to inform. At the most fundamental level, it pertains to the Interpretation (philosophy), interpretation (perhaps Interpretation (log ...

was filed against both defendants. In November 2024, Lichtenstein was sentenced to 60 months in prison and three years of supervised release. Morgan was sentenced to 18 months in prison and three years of supervised release for fraud and conspiracy charges. On December 6, 2024,

Netflix Netflix is an American subscription video on-demand over-the-top streaming service. The service primarily distributes original and acquired films and television shows from various genres, and it is available internationally in multiple lang ...

released a documentary directed by Chris Smith featuring the story of Lichtenstein's and Morgan's crimes, titled '' Biggest Heist Ever''. In 2025, the US President signed an executive order to create a

Strategic Bitcoin Reserve The strategic bitcoin reserve is a reserve asset, funded by the United States Treasury's forfeited bitcoin, announced by President Donald Trump in March 2025. Separately, a digital asset stockpile for non-bitcoin assets was also created. Trump ...

including Bitcoin seized by US law enforcement. In theory, this includes over 100,000 Bitcoin seized from the Bitfinex hackers, but the US Department of Justice has recommended to the courts that the Bitcoin seized after the hack be returned to Bitfinex.

References

{{Hacking in the 2010s Cryptocurrency theft Money laundering Robberies in the United States Hacking in the 2010s Bitfinex hack Bitfinex hack