Node Ahead 12: The story behind the DOJ’s recovery of $3.2bn worth of stolen bitcoin

A lot has happened in the last couple weeks including both Russia and Ukraine making bitcoin a legal currency in their respective countries while Spain’s central bank approved the first crypto services provider in the country. Blockfi settled with the SEC which now clears a path for American citizens to earn up to 9% APY in a regulatory compliant way. Both Georgia and Illinois lawmakers want to attract bitcoin miners to their states with tax incentives. And U.S. Congressman Warren Davidson introduced the Keep Your Coins Act, protecting the ability to act as a self-custodian and conduct peer-to-peer transactions while Senator Cynthia Lummis said the Federal Reserve should stary buying bitcoin. While any one of these stories were worth writing about, this week’s newsletter dives deep into a story so wild that Netflix just announced they are creating a new series about it. Before we jump into that, let’s take a look at what is happening on-chain.

On-Chain Analysis

Over the past several newsletters, we have covered a number of sophisticated metrics analyzing the state of bitcoin and the larger crypto ecosystem. This week, we thought we would get back to fundamentals and look at some of the more basic metrics that are often overlooked in determining the health and viability of a blockchain.

Let’s start with the number of wallet addresses that contain bitcoin or Ethereum. While this metric isn’t a perfect signal for the total number of users (one user could have multiple wallets or one wallet could hold coins for many users), it does give us a general idea of the growth of the network. What is interesting to note is that for both bitcoin and Ether, the number of wallets that hold either of these coins has been mostly a steady upward climb regardless of the price.

While buying and holding assets is a viable use case, it’s also good to understand how many of these addresses are active. With this metric, we can get a sense of whether the number of wallets using the network is growing. Like the previous metric, the number of active wallets for both bitcoin and ether has generally trended upward over time. However, this metric does have more spikes during periods of market exuberance, as should be expected.

Lastly, let’s look at the growth of computing power on the bitcoin network. Hashrate is a measure of the computational power per second used when mining bitcoin. When aggregated across all miners, it’s a measure of the computing power of the Bitcoin network. Because Bitcoin works on a consensus mechanism, one of the few vulnerabilities it has is what is known as a 51% attack. If any one entity controls most of the network, that entity would be able to dictate which transactions get verified and which don’t. The larger the hashrate, the more difficult and more expensive it is to carry out a 51% attack. Thus, hashrate is a good measure of the security on a blockchain. Bitcoin has the highest hash rate in the world, and therefore the most secure blockchain. Today, bitcoin’s hashrate is so large that it would be practically impossible to acquire enough computing power to execute a 51% attack.

It’s worth noting that following China’s ban of bitcoin mining in March of 2021, nearly 50% of the hash rate left the network as Chinese miners relocated to new jurisdictions. Five months later, the network had fully recovered without any interruption, security threats, or fraudulent transactions. Today, the hash rate is at all-time highs. More and more mining companies are building infrastructure because it’s become such a profitable business.

These are very basic metrics but nonetheless, good trends to follow for the long-term health of the asset class. While price can be a poor indicator in the short term, demand signals such as these tend to be a much better predictor of long-term viability.

As always, the on-chain data is provided by Glassnode. If you would like to have access to the data yourself, you can sign up here:

Glassnode Sign Up Link

DOJ recovers $3.2 billion of stolen bitcoin

In what must be one of the wildest stories thus far in 2022, the Department of Justice recovered $3.2 billion worth of bitcoin that was stolen in a hack in 2016, making it the largest financial seizure in the history of the DOJ. On February 8th, Ilya “Dutch” Lichtenstein and his wife Heather Morgan were arrested and charged with laundering and conspiracy to defraud the United States, though they were not charged with carrying out the hack itself.

In August 2016, hackers stole 119,756 bitcoin from a crypto exchange known as Bitfinex. At the time, the stolen bitcoin was worth roughly $72 million but given bitcoin’s price appreciation over the past six years, those coins are now worth $4.5 billion. For the first few years after the hack, those coins sat dormant. However, over the past couple years, some of the stolen bitcoin slowly began to move out of the wallet now known to be controlled by Ilya Lichtenstein. To be more accurate, the wallet was last controlled by Lichtenstein, though it’s unclear whether Ilya controlled the wallet at the time of the hack. While those bitcoin were moved using mixers and a series of complicated transactions, the DOJ was still able to trace the movement of those coins to an account controlled by the couple who then used the money to buy gold, NFTs and a $500 Walmart gift card. Not what I would have spent millions of dollars on but hey, who am I to judge.

Once the DOJ was able to identify who owned the account the bitcoin was sent to, investigators were able to obtain a search warrant that allowed them to view files held on a public cloud. Turns out that those files contained the private keys to the wallet that was holding the stolen bitcoin. The next day, the DOJ used those private keys to seize 94,636 bitcoin which at the time was worth roughly $3.6 billion. A week later, Ilya and Heather were arrested and while Heather was released on bail, her husband remains in jail.

This entire saga is yet another example of why using bitcoin for illicit activity is a terrible idea. Every transaction is immutably recorded on the blockchain and publicly available for anyone to view. Using on-chain forensics, it is possible for authorities to track the funding of illegal activity on a blockchain and use that information to capture and prosecute criminals. This traceability and transparency is exactly why bitcoin is used for illegal activity far less than cash on both a total value and percent basis.

It turns out that sitting on a hoard of stolen bitcoin isn’t as fun as it might seem. After the hack in 2016, all the stolen coins had been blacklisted by every major exchange and tagged by every blockchain forensics company watching to see when and where these coins moved to. Ilya and Morgan couldn’t simply transfer these bitcoin to Coinbase or Binance without alerting authorities. As a result, this couple was sitting on billions of dollars for several years and was only able to liquidate a few million before getting caught. This couple had a fortune but no good way to access it.

Also, let’s dispel the myth that the government somehow hacked or broke bitcoin to obtain the coins. The DOJ used traditional investigative techniques to trace the transactions on the blockchain and then obtained a search warrant to search a public cloud database that belonged to Ilya and Morgan. That public cloud just so happened to contain exactly what the DOJ needed to recover the stolen bitcoin. The Bitcoin blockchain worked exactly as intended. This wasn’t a case of bitcoin being hacked by the government, it was simply poor key management by the launderers. It’s not exactly a good idea to keep all the evidence of your illegal activity and the keys to the stolen assets in a Google drive. Bitcoin remains perfectly self-sovereign, provided you store your keys in a proper manner.

Which brings us to the couple themselves. It’s worth reiterating that the two of them have not been charged with committing the hack back in 2016 but rather only laundering the stolen assets. There is good reason to believe these two were not exactly criminal masterminds. In addition to the very basic poor key management previously described, according to the DOJ the couple seemed to get tripped up by know-your-customer (KYC) controls at some of the unidentified crypto exchanges and financial institutions with which they interacted.

Being stymied by something as basic as KYC might be understandable except for the fact that Morgan was a regular contributor to Forbes and Inc., writing columns about how entrepreneurs should protect their digital currency. Ironically, that article included comments from executives at BitGo which had provided Bitfinex with the multi-signature security tools at the time of the hack back in 2016. Morgan also portrayed herself as an influencer in the art and fashion industries and pitched herself as a corporate coach. And if that’s not weird enough, Morgan was also an aspiring rapper (albeit, not a very good one) that went by the name of Razzlekhan, which apparently is a reference to Genghis Khan but “with more pizzazz.” Folks, I couldn’t make this stuff up if I tried.

This, along with some ridiculous TikTok videos, has led many to believe that the couple could not possibly be responsible for the original hack of Bitfinex back in 2016. It’s unlikely that this couple was sophisticated enough to pull off one of the largest hacks in the history of crypto but not savvy enough to circumvent a basic KYC request. A much more plausible theory is that the original hackers understood how difficult it would be to move the stolen coins given they were under surveillance by much of the community and thus decided to sell the keys to the wallet containing the stolen assets to Ilya and Morgan. Either way, this once again highlights how hard it is to get away with illicit activity on an open, transparent ledger that records every transaction for all of eternity.

The fact that numerous entities monitored these coins after the 2016 hack leads us to another interesting wrinkle in this story. It turns out, on-chain analysts knew about the government’s recovery an entire week before it was made public. Not only could they see the coins moving, but they were also able to discern that it was most likely a government agency because the entity moving the stolen coins did not attempt to mask the transactions in any way and consolidated the stolen bitcoin into a single address. Turns out the government obtained the coins about a week before the arrest was made and the recovery was publicly announced meaning we could see a government seizure playing out in real time on-chain!

Following the recovery, the US government now holds the largest known pile of bitcoin of any government in the world. It’s worth noting that we know other governments have been mining bitcoin for some time now but have not disclosed how much they hold. It’s entirely possible that another government holds more bitcoin than the US and we just do not know about it.

But the story doesn’t end there. Back in 2016, following the original hack that started this whole saga, Bitfinex did its best to make its users whole. A few days after the hack, Bitfinex announced that the lost bitcoin would be “socialized” across all accounts. As a result, all users of Bitfinex saw their account values drop by roughly 36%. However, each user also received a token which promised repayment of the loss over time through cash redemption or conversion into equity in Bitfinex. By early 2017, all losses had been repaid to Bitfinex users. At the time, everyone figured that was the conclusion to the stolen bitcoin.

Fast forward to 2019: Bitfinex was using a payment processor called Crypto Capital to handle withdrawals on the exchange. At the time, $850m of Bitfinex’s funds were tied up in Crypto Capital. That was until Crypto Capital stopped processing withdrawals for Bitfinex because the capital had been apparently seized by authorities pursuing anti-money laundering criminal charges against Crypto Capital. This caused several problems for users of Bitfinex including massive delays in withdrawals.

To solve the problem, Bitfinex turned to its parent company iFinex. Turns out iFinex also owns the largest stablecoin on the market called Tether (USDT). iFinex decided to transfer $625m from Tether’s bank account to Bitfinex which was problematic because Tether is supposed to be backed 1:1 by US dollars. To help recoup the losses and backfill the void, iFinex decided to do a token sale to raise money. The LEO token was issued in May 2019 and is mainly designed to provide benefits such as discounts and lower fees for users of Bitfinex. The token sale was a success as it raised $1 billion, selling the freshly minted token to replace the $850 million it lost to Crypto Capital.

However, the LEO token had one other unique property to it. LEO’s whitepaper also stated that “An amount equal to at least 80% of recovered net funds from the BitFinex hack will be used to repurchase and burn outstanding LEO tokens within 18 months from the date of recovery.” In other words, the LEO token stands to benefit from any recovered bitcoin from the Bitfinex hack in 2016. This provision, which essentially acts similar to a stock buyback, was buried in the paper that very few (if anyone) thought would ever be worth anything. As soon as news broke that the DOJ recovered the stolen bitcoin, the LEO token spiked 56% in less than 24 hours.

Source: Messari

In a statement soon after the DOJ announcement, Bitfinex confirmed its commitment to the provision in the LEO token saying that it would work with the DOJ to recover the seized bitcoin. However, as of now, the bitcoin remains in the DOJ’s custody meaning no LEO tokens will be burned if the DOJ decides not to release the bitcoin back to Bitfinex.

Which brings up a very interesting legal question — who has the rights to own the recovered bitcoin?

Should the original holders of those coins have them returned to them? Even though they were all fully reimbursed for the dollar value of their bitcoin at the time, bitcoin is far more valuable today than it was then. Are they owed that difference in value appreciation? Financial and cryptocurrency-related lawyers are already receiving calls from individuals who claim to have lost bitcoin in the 2016 heist and they want their bitcoin back.

Does Bitfinex as the exchange have a claim to those coins? Bitfinex has made it clear that it considers that it has made investors whole and it will “follow appropriate legal processes to establish our rights to a return of the stolen bitcoin.”

Or does the government have the right to decide that they can do whatever they want with the recovered bitcoin? If so, does the US government simply hold these bitcoin as a reserve asset or auction it off similar to what it has done in the past?

While I do not know what the legal precedence is for something like this, I’m confident there will be several legal battles between Bitfinex, the original customers, and the US government in the coming months and years. As crazy of a story this is, it’s not over yet.

In Other News

ConocoPhillips is using bitcoin mining to reduce methane emissions and has a “zero routine flaring ambition” by 2025. It’s almost as if bitcoin mining is spurring clean energy innovation…

Wells Fargo claims crypto is nearing a phase of “hyper adoption” akin to the internet in the ‘90s.

BlackRock is reportedly planning to offer crypto trading.

Vanguard and State Street partner with blockchain provider Symbiont to bring smart contracts to Wall Street.

Cities are turning to crypto for grassroots fundraising.

Hester Pierce’s statement on the Blockfi settlement with the SEC.

U.S. Representative Josh Gottheimer (D-N.J.) has introduced a bill that would establish government-backed insurance for stablecoins. The bill would designate certain stablecoins as “qualified,” making them redeemable on a one-to-one basis for U.S. dollars.

A bi-partisan duo in the senate introduced the Accountability for Cryptocurrency in El Salvador (ACES) Act, legislation requiring a State Department report on El Salvador’s adoption of Bitcoin. President Bukele quickly responded on Twitter.

The Treasury reassured six concerned senators that it does not plan to treat crypto miners, stakers and wallet providers as brokers for tax purposes.

The FBI now has a dedicated division to probe blockchain-based crimes.

Trading app Robinhood wants cryptocurrencies to be a central part of its business strategy.

Salesforce is planning an NFT Cloud.

Crypto apps shot up App Store download charts in the US on Monday morning, after a Super Bowl studded with digital assets advertising. Coinbase’s commercial caused the app surged from 186th place to second on the App Store and crash its website.

How NFTs are raising money for charity.

Disclaimer: This is not investment advice. The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained constitutes a solicitation, recommendation, endorsement, or offer to buy or sell any securities or other financial instruments in this or in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction. All Content is information of a general nature and does not address the circumstances of any particular individual or entity. Opinions expressed are solely my own and do not express the views or opinions of Blockforce Capital or Onramp Invest.

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Blockforce Capital

Blockforce Capital

Financial innovation at the intersection of capital markets, technology, and digital assets.