What just happened
- Ukrainian and Russian-backed forces reported shelling across a ceasefire line in eastern Ukraine.
- France announced it was pulling its forces out of Mali after a six-year mission to suppress jihadism in the Sahel that is now widely seen as having failed.
- British police said they would investigate claims Prince Charles’s charity, the Prince’s Foundation, offered honours to a Saudi citizen in return for funds.
Cryptocurrencies have attracted the attention of fraudsters on the basis that law enforcement ought to find it hard to detect theft, track laundering efforts, freeze assets and prove anything in court.
Wrong, wrong, wrong and wrong, says the US Department of Justice, and it has a point. Item in evidence: the curious case of Heather Morgan (also known as the rapper Razzlekhan) and her husband, Ilya Lichtenstein.
Morgan and Lichtenstein were arrested in New York last week, accused of attempting to launder $4.5 billion worth of bitcoin. The DoJ seized $3.6 billion of it in its biggest ever haul of cryptocurrency. The case is worth examining as an indication that even in the sophisticated pursuit of cybercrime, people matter.
A timeline:
August 2016 – Bitfinex, then one of the world’s largest cryptocurrency exchanges, is hacked. A total of 119,754 bitcoin are stolen and sent to a single digital wallet, wallet 1CGA4. At this point the bitcoin are worth $71 million.
January 2017 – the holders of wallet 1CGA4 start moving small amounts of crypto out of it to begin converting it into cash.
31 January 2022 – Special Agents from the US Internal Revenue Service gain access to the wallet with a search warrant and find 2,000 virtual currency addresses all linked to the 2016 hack, and to Lichtenstein.
4 February 2022 – a court allows the IRS to freeze the bitcoin left in wallet 1CGA4, which by this time are worth $3.6 billion.
8 February 2022 – Morgan and Lichtenstein are arrested in Manhattan, charged with conspiracy to launder cryptocurrency.
Lesson 1. Cleaning up stolen bitcoin is difficult:
- Information about its origins and the transactions made is encoded digitally – and publicly – on a blockchain that anyone with the right skills can decipher.
- Most exchanges require users to prove their identity before converting crypto to cash. Cashing in stolen coins through an account linked to your home address, driving license and passport number isn’t smart for a criminal, but Morgan and Lichtenstein tried it anyway.
They did also attempt some “sophisticated laundering techniques”. According to an extraordinary affidavit by IRS special agent Christopher Janczewski, the pair tried…
- Shuffling: Small amounts of bitcoin were moved out of the first wallet and into a series of other accounts in complex transactions designed to make it difficult to trace the funds.
- The dark web: Bitcoin were moved onto a dark web platform called AlphaBay before being transferred into accounts on legitimate virtual exchanges.
- Chain hopping: Some bitcoin were converted into other cryptocurrencies, a technique that creates a new blockchain ledger and obscures the old blockchain data attached to the stolen bitcoin.
The IRS tracked the bitcoin across the web using software that can seek out patterns – or “clusters” – in publicly available data on crypto ledgers to find out where the wallets containing the stolen currency were, and who they belonged to.
The search was helped by specialist knowledge on the judicial side: the judge who authorised the warrant, Zia Faruqui, served as lead prosecutor in a number of previous cryptocurrency cases. In an opinion supporting the warrant he applauded the precision of the search tools used by the investigating agents. “Humans are ‘Flawed. Weak. Organic,” he wrote, “whereas clustering software strives for perfection.”
Lesson 2. “Cryptocurrency is not a safe haven for criminals.” Thus Lisa Monaco, the US deputy attorney general. She said meticulous law enforcement work had defied the crypto couple’s pursuit of digital anonymity, showing the DoJ can still “follow the money, no matter what form it takes”.
Yes but… This investigation was made easier by the fact that these criminals were a) based in the US; b) using software the agents could access with a warrant; c) not as sophisticated as they seem to have thought. They made mistakes, like linking some of the crypto wallets to accounts set up using their real names and driving licenses. They even had goods bought with the stolen coins sent to their apartment. Cannier criminals wouldn’t do this, and foreign ones are harder to arrest.
To note: Not all crypto exchanges require proof of identity. Most of those that don’t are in Russia and Eastern Europe, and most of those are in one prestigious Moscow skyscraper, the Federation Tower.
