Andy Warhol once said, "Everyone is famous for 15 minutes." This quote could be applied to Heather Morgan, a rising star in New York technology startups, when she opened a column in Forbes, sharing her "life hacking experience" as a successful person; when she wore a big gold chain and rapped "I'm the best Wall Street Crocodile" on Wall Street; or when her boyfriend Ilya Lichtenstein booked all the screens in Times Square to project her poster, knelt on one knee to propose to her, and she was so moved that she said "I do"...

But none of those were the 15 minutes that ultimately made her famous.

On January 5, 2022, the US police stormed into the couple's luxury apartment on Wall Street and seized more than 50 encrypted electronic devices including mobile phones, hard drives, USB flash drives, and even two hardcover books with hollowed-out pages. Until the last moment of being arrested, Morgan was still negotiating with the police, hoping to take her cat away. While squatting under the bed and calling the cat, she frantically locked a mobile phone placed beside the bed. The police finally had to "wrestle" to get the phone out of her hand.

On February 8, police formally arrested Lichtenstein and the Morgans, and charged them with money laundering for their involvement in a $4.5 billion Bitcoin theft, the largest financial seizure in the history of the U.S. Department of Justice. On February 25, Morgan paid a $3 million bail and a lien on her parents' house in California, and was officially released from detention, awaiting a formal trial.

On the afternoon of the formal arrest, major media outlets began to publish news stories about the double lives of this pair of New York startup stars and "male and female thieves." This time, Morgan really became famous, in the worst way she could have imagined.

When the judiciary has not yet woken up

In 2008, Bitcoin was launched. At first, “miners” obtained Bitcoin through computer calculations, that is, “mining”. As liquidity increased, it was impossible for everyone to “mine” Bitcoin in person, and the method of purchasing Bitcoin with legal currency became popular, and exchanges came into being.

Many people have created their first Bitcoin wallet through cryptocurrency exchanges, but these wallets do not actually contain Bitcoin, but private keys - a garbled string of 64 uppercase and lowercase letters and numbers, equivalent to the transaction password of a bank account. According to complex cryptography, the private key can be used to obtain the unique corresponding public key through an algorithm, and then the public key can be used to obtain the transaction address equivalent to the bank account to realize the transaction.

This series of algorithms is one-way, and the private key cannot be obtained by reversing the address. This ensures the security of the transaction to a certain extent.

Exchanges have greatly lowered the barrier to entry into the Bitcoin world. People no longer need to memorize a long string of garbled codes or worry about losing or hacking the device where they store their private keys. Giving your private keys to an exchange means you only need to remember your username and password to log in to the exchange. Since the birth of cryptocurrency, exchanges have also sprung up like mushrooms after rain.

It was also from that time that the establishment of regulatory institutions failed to keep up with the pace of development of the Bitcoin industry.

In the first few years of the rise of cryptocurrencies and exchanges, policymakers were still struggling with how to define Bitcoin - is it a currency like legal tender, an electronic commodity or a bond? Because of the lack of a clear definition of Bitcoin, it is unclear whether the Securities and Exchange Commission (SEC) or the Commodity Futures Trading Commission (CFTC) should regulate cryptocurrency exchanges.

On the one hand, there is an emerging market full of business opportunities, and on the other hand, there are unclear policies and lack of supervision. Cryptocurrency exchanges have become a regulatory enclave. A large number of exchanges and token issuance (ICO) have emerged, and at the same time, there have been many hacking and theft incidents in exchanges.

The exchange has lowered the entry threshold for Bitcoin, but has also correspondingly increased the risk of Bitcoin theft. Because Bitcoins that were originally scattered throughout the blockchain are now centralized, once the exchange itself has a security vulnerability, hackers can use the vulnerability to obtain most of the Bitcoins concentrated in the exchange.

Take wallet vulnerabilities that often occur during transactions as an example. Some of the funds of customers of the exchange are stored in hot wallets, which can be understood as networked electronic wallets, for the trading platform to reserve funds for daily transactions and improve transaction efficiency. However, precisely because of the connection to the network, hackers can steal private key information through malware or security vulnerabilities.

In contrast, a cold wallet (offline wallet) uses a computer, mobile phone or other device that is not connected to the Internet to store private keys, but there is a risk of physical loss and the transaction speed is slower.

The mainstream cryptocurrency exchanges active in the currency circle, such as Binance, Crypto.com, and Bitmart, all have a history of hacker attacks and thefts. In this adventure paradise, some people make a fortune, while others lose everything and have nowhere to complain.

In the midst of chaos, Morgan was one of the people who smelled "opportunities." In 2014, she "kindly" warned in her blog: "Bitcoin will become a classic bubble full of scams in economics textbooks."

Two years later, the warning came true. In 2016, the Hong Kong-based cryptocurrency exchange Bitfinex was hacked. Through more than 2,000 unauthorized transactions, the hacker transferred 119,754 bitcoins worth $71 million at the time out of Bitfinex's trading wallet.

In 2022, the police arrested Lichtenstein and Morgan. Although the court has only charged them with money laundering, it has not yet been confirmed that the two were the hackers who robbed the exchange. But in the public opinion field, the Bitcoin thieves have become their new identity.

It’s easy to steal coins, but hard to launder them

If they had not been caught by the police, this pair of thieves would have been in luck. From 2016 to 2022, the value of Bitcoin would have skyrocketed. The total value of the stolen Bitcoins they obtained in 2016 was only US$71 million, but by 2022 it was worth US$4.5 billion.

However, at a time when Bitcoin is not yet widely popular, not exchanging Bitcoin for US dollars or other legal currencies is like sitting on a mountain of gold but only being able to spend a small piece of it. And even if you use Bitcoin transactions directly, the traces of stolen exchanges on these funds will immediately expose them as ill-gotten gains.

Money laundering becomes a must. Compared with stealing coins, this is the more difficult step.

One of the important evidences used by the police to arrest the thief couple was an Excel sheet created by Lichtenstein in the cloud storage space. The sheet diligently recorded the names, passwords and current status of their fake accounts on some cryptocurrency exchanges. Just laundering one account and recording one account, it was as simple as when people first used computers for work in the last century.

Bitcoin's transaction path is clear, traceable, and cannot be tampered with. Its transactions are decentralized: peer-to-peer transactions (P2P) are conducted between users, without the need for a central bank as a third party to supervise transactions. This can speed up transactions, and no institution has absolute control over this transaction system.

But without a central agency, how can we ensure that a transaction has been successfully completed and not a duplicate payment?

The design of Bitcoin is to delegate the third-party supervision role of the "central bank" to the entire community participating in Bitcoin transactions. Simply put, each transaction is timestamped and recorded in an ever-growing "ledger", which is recorded and stored by all participants in the community, rather than a central institution. Therefore, when a false transaction is to be carried out, at least more than half of the community's ledgers need to be tampered with, otherwise the transaction will not be authenticated.

Therefore, Bitcoin transactions are even clearer and more transparent than paper currency transactions - the time, amount, initiator and recipient of each transaction will be broadcasted throughout the network, clear, traceable and traceable. This is also the main reason why Bitcoin transactions are considered to be very safe.

The relationship between the stolen Bitcoin and the two people|U.S. Department of Justice

"Laundering" Bitcoin is a physical job - setting up as many wallets and accounts as possible, and transferring the money through as many transactions as possible to confuse the flow of the money, thereby confusing the police into thinking that the source of the money came from the same stolen wallet.

Not cool at all.

Go to the dark web and get it back

According to judicial authorities, a few months after the huge amount of Bitcoin was stolen, the Lichtensteins turned their attention to the dark web AlphaBay. After thousands of small transactions, they transferred some of the stolen Bitcoins from the original wallet to the dark web market, registered 7 virtual accounts on the dark web, and dispersed the money to 10 different cryptocurrency exchanges to exchange for various cryptocurrencies, legal currencies and other assets.

These are all to obscure the path of Bitcoin transactions so that the police cannot find the ultimate source of the money. But it was at that time that the police began to track these transaction records that unfolded like a tree diagram as the money flowed.

The process was extremely arduous for both the police and the thieves. The court's statement of facts showed that before finally entering the cryptocurrency wallet registered by Lichtenstein's real identity, a sum of about 3 Bitcoins, currently worth about $118,000, had been traded in 6 accounts, 2 different exchanges and the dark web.

In order to confirm that the final recipients of the money were Lichtenstein and Morgan, the police had to clarify the connection between various exchange accounts and traders, and sort out the thieves' tricks of changing their appearance.

The first time the police saw the possibility of victory was when the dark web AlphaBay was seized in July 2017. At that time, the Lichtensteins had not yet moved the bitcoins frozen in AlphaBay, and they could no longer use the dark web to launder money. So they changed to a new way to launder money: chain hopping. This can be understood as changing a ledger to record an account, such as exchanging Bitcoin for Monero, blurring the transaction path, and then looking for an opportunity to exchange it back in the future.

However, without the support of the dark web, transactions between different cryptocurrencies need to go through exchanges. But at that time, hiding your identity in an exchange is no longer as easy as before.

As Bitcoin’s influence grows, regulators have begun to take action, such as introducing a KYC (Know Your Costumer) system that requires customers to provide varying degrees of personal information, such as name, phone number, ID card, and bank account number, when conducting cryptocurrency transactions, just like opening an account at a traditional financial institution.

This is a blow to some "fundamentalists" who admire the decentralization and anonymity of Bitcoin: handing over private keys to centralized exchanges for safekeeping is already a compromise, and now personal information has to be sent to the exchange. How is this different from traditional financial institutions?

But some people also believe that this is the only way for Bitcoin to enter the mainstream market. If it wants to attract more funds from institutional investors and even get policy support from the government, it is necessary to avoid letting cryptocurrency exchanges become a criminal paradise like the dark web.

In fact, compared with traditional financial institutions, the authentication of cryptocurrency exchanges is still more crude. In banks, without identity information, even opening an account is not possible, but in cryptocurrency exchanges, some functions can be completed by providing a certain amount of personal information. Take the exchange Binance as an example. It allows users to create accounts and perform limited transactions without submitting identity information. Only when they want to increase the deposit and withdrawal limits, they need to complete the verification.

Because of this, the Lichtensteins were still able to set up multiple wallets on different cryptocurrency exchanges and perform some limited money laundering operations. But many wallets ran into KYC verification after a few transactions. Court records show that when the exchange staff asked for a bank account to prove their identity, the couple never responded. In the end, the exchange froze their $150,000 account.

What the Lichtensteins, who were “not short of money”, did was to give up using the wallet, create the next wallet, and start a new round of counterfeiting.

Running, rapping, and pointing fingers

While the thief and the police were playing hide-and-seek, the Lichtensteins also thought about fleeing the United States physically. In August 2019, the newly engaged couple went to Ukraine for a month, where cryptocurrencies have always been open. The police later found in Lichtenstein's cloud storage space that they had collected detailed guides on how to apply for fake passports, fake mobile phone cards, and how to anonymously sign for mail in Ukraine. They also contacted Russian dark web vendors and used fake IDs to open a bank account and mail it to the hotel where they were staying. It can be said that they were fully prepared for the future escape.

This idea is reliable. In September 2021, Ukraine passed a bill to determine the legal status of virtual currency in the country. But the two did not wait for that day. A few months after returning to the United States, the epidemic came and they stayed in the United States.

But the couple who stayed in the United States were not idle. They officially got married in November 2021, and Morgan described the luxurious wedding as "unreal"; she continued to write columns for (Forbes), publishing a series of articles titled "How to" and "X Tips"; she did not give up her rap career, and continued to publish her life Vlog and latest singles under the pseudonym Razzlekhan.

Lichtenstein continues to be active on Twitter. In December 2021, he mocked an article written by a (New York) magazine author for not mentioning important content such as keeping private keys safe.

But apparently his own efforts to keep his private keys safe weren't enough.

Finally caught

The police have been tracking the money, but have yet to reveal the complete chain of clues, especially how to match real-world people with chaotic online addresses. Perhaps no matter how cleverly they cover up the truth, they will still leave clues all over the place in real life.

The Lichtensteins may have fallen for a $500 Amazon shopping card: In May 2020, they transferred a sum of Bitcoin to an exchange that can be used to purchase shopping cards with virtual currency, and purchased various gift cards including Amazon shopping cards. Although different email addresses and trading accounts were used, the IP addresses of all transactions ultimately pointed to a cloud storage address in New York City. These physical shopping cards, including the PlayStation game console they later bought, provided the police with key information such as the couple's real name, home address, and phone number.

Eventually, the police obtained a search warrant, raided their million-dollar luxury apartment and found Lichtenstein's cloud storage space. Through a series of decryptions, the police finally found the Bitcoin wallet that stored the private key. At that time, most of the stolen money was still lying safely in the first external wallet after the Bitcoin was stolen from Bitfinex. After 6 years, the largest money laundering case in the United States worth $4.5 billion was solved.

Valentine's Day 2022 was the couple's second court appearance. The judge decided to detain Lichtenstein, while Morgan could be released on bail on the condition that he paid $3 million in bail and used his parents' house as collateral. Morgan, who had lost a huge amount of money, did not take out the money until March 25 and walked out of the detention center.

Although the court did not have evidence pointing to Lichtenstein and Morgan as the hackers who stole the money, they could face up to 25 years in prison for money laundering and other fraudulent activities alone.

Paul M. Abbate, Deputy Director of the FBI, commented that “criminals always leave a trail” and that it is through persistent and dedicated police work that we can “uncover the origins of even the most sophisticated schemes and bring to justice those who seek to exploit the security of our financial infrastructure.”