Getty Images

DOJ recovers $3.6B from 2016 Bitfinex hack

A couple was arrested Tuesday morning after the DOJ traced 120,000 bitcoin to a digital wallet containing funds stolen during the 2016 hack of cryptocurrency platform Bitfinex.

The U.S. Department of Justice announced the largest financial seizure in its history Tuesday, recovering more than $3.6 billion lost in the Bitfinex hack.

In 2016, nearly 120,00 bitcoin were stolen out of users' accounts from the cryptocurrency exchange Bitfinex. The bitcoin stolen, which initially were valued at $66 million, currently sit at over $4.5 billion and were recently traced back to a husband and wife in Manhattan, according to the DOJ.

Following the blockchain path, federal agents were able to link the stolen cryptocurrency back to the digital wallets of Ilya Lichtenstein, 34, and Heather Morgan, 31, who were arrested Tuesday morning on charges of conspiracy to commit money laundering. The two suspects are scheduled to be arraigned Tuesday afternoon.

Upon gaining access to the stolen cryptocurrency, the couple began the process of laundering the coins and dispersing it into financial accounts. The DOJ said, "in a futile effort to maintain digital anonymity, the defendants laundered stolen funds through a labyrinth of cryptocurrency transactions."

The "labyrinth" as described in the report was a long process of moving about 25,000 bitcoin through fabricated identities, currency exchanges and dark web markets including the now-defunct AlphaBay. Once through several layers of transactions and false personas, the bitcoin was then converted to other forms of cryptocurrency and liquidated into the personal accounts of Lichtenstein and Morgan.

The remaining 95,000 bitcoin obtained by the government were found sitting in the same digital wallet that it had been moved to six years ago after the Bitfinex hack. According to the DOJ's statement of facts in the case, law enforcement agents obtained a warrant for Lichtenstein's cloud storage account and were able to decrypt a file that gave agents access to the cryptocurrency wallet containing the stolen bitcoin, currently valued at more than $3.6 billion.

The file also contained 2,000 cryptocurrency addresses and corresponding private keys. According to the statement of facts, nearly all of the addresses were directly linked to the Bitfinex hack.

While Bitfinex was initially taken offline after the attack, the cryptocurrency exchange has since recovered and is currently operational. In a statement, Bitfinex applauded the arrests and seizure.

"We are pleased that the U.S. Department of Justice has today announced that it has recovered a significant portion of the bitcoin stolen during the August 2016 security breach," the company said on its website. "We have been cooperating extensively with the DOJ since its investigation began and will continue to do so."

When it comes to how the DOJ treats stolen cryptocurrency like the bitcoin removed from Bitfinex accounts, Assistant Attorney General Kenneth A. Polite Jr. said, "Today, federal law enforcement demonstrates once again that we can follow money through the blockchain, and that we will not allow cryptocurrency to be a safe haven for money laundering or a zone of lawlessness within our financial system."

In recent months, we have seen cyber attacks against cryptocurrency exchanges continue to rise. In January,, one of the most well-known exchanges, had user funds stolen after a cyber attack.

Despite this recent recovery and arrests made by the DOJ, cryptocurrency exchanges have proved to be rather vulnerable and profitable targets for threat actors who can get into user accounts and wallets.

Dig Deeper on Threat detection and response

Enterprise Desktop
Cloud Computing