A joint investigation by three US agencies — Internal Revenue Service (Criminal Investigation), Federal Bureau of Investigation (FBI), and Homeland Security Investigations (HSI)— revealed that eight email ids hosted by an India-based service provider were allegedly used to launder $4.5 billion worth of stolen cryptocurrency.
An American couple, Ilya “Dutch” Lichtenstein and his wife, Heather Morgan were arrested by the agencies for their alleged involvement in the laundering of the stolen bitcoins after the 2016 Bitfinex hack.
However, a senior Karnataka police official on condition of anonymity told News18 that no connection has yet been found between Srikrishna (Sriki) Ramesh, the infamous hacker, and the US couple. Sriki was arrested by the Bengaluru crime branch for allegedly procuring drugs using bitcoins in the darknet market.
“We are still investigating the claims made by Sriki that he had hacked the Bitfinex cryptocurrency exchange and what he used the bitcoins for,” the official said, refusing to comment on whether there were any links between the arrested American couple and Sriki.
In a voluntary statement, Sriki claimed to be the “first person to have hacked Bitfinex” and having done so twice, once in 2016 and then again in 2017. He further said that he used the money from the hack to support his lavish lifestyle and drug addiction. He also admitted to hacking the Karnataka government’s e-procurement portal in 2019 and transferring a total of around Rs 36 crore to the account of one Hemanth Mudappa.
In a political twist to the bitcoin fraud, the opposition parties in Karnataka— the Congress and Janata Dal (Secular)— alleged that several of the bitcoins defrauded by Sriki, who is said to have close connections with several politicians and senior police personnel, were used as bribes to pay senior police and government officials in Karnataka.
The money laundering couple
In a complaint-arrest warrant filed before a New York magistrate on February 7 by special agent Christopher Janczewski, the agencies found that the hacker who breached Bitfinex’s security systems in 2016 initiated over 2,000 unauthorised BTC transactions of approximately 119,754 BTC to a foreign wallet.
The stolen bitcoins were then traced to an India-based email service provider where virtual crypto exchanges (VCEs) were created to transfer the stolen bitcoins after the hack. At the time, the value of the stolen bitcoins was estimated to be approximately $71 million.
According to a statement released by the US Justice Department, 94,636 stolen bitcoins, “the department’s largest financial seizure ever”, were confiscated from the arrested couple.
They have been charged with conspiring to launder $4.5 billion in stolen cryptocurrency funds, of which the US government has been able to seize BTC worth $3.6 billion from them. They were able to trace “some of the stolen funds being deposited” into accounts controlled by the arrested duo.
The US Justice Department document showing the arrest mentions that stolen BTCs were found to be being moved across multiple platforms and accounts in order to conceal their path. However, several transactions were made to accounts belonging to the arrested couple.
During the course of the investigations, the US agencies found thousands of transactions being made through dozens of accounts owned by Lichtenstein and Morgan. They also found that the initial movement of the funds to other wallets was made using a “peel chain” technique. Peel chain refers to a technique where when large amounts of bitcoin are parked in one address, a series of transactions is initiated to transfer smaller amounts of BTC to multiple new addresses.
A small portion of the stolen bitcoins was sold on Alphabay, an online darknet market, and later sent to eight email accounts, all hosted by an India-based email service provider, the document stated.
Bitfinex sent out requests to the listed email id owners, asking them to provide “additional identifying information to verify their account ownership”. However, they received no response.
According to the US Justice Department document, the accounts belonging to the Indian email service provider contained over $186,000 worth of virtual currency.