A joint investigation by three US businesses—Internal Revenue Service (Criminal Investigation), Federal Bureau of Investigation (FBI), and Homeland Security Investigations (HSI)—revealed that eight e-mail ids hosted by an India-based service supplier had been allegedly used to launder $4.5 billion value of stolen cryptocurrency.
An American couple, Ilya “Dutch” Lichtenstein and his wife, Heather Morgan were arrested by the agencies for their alleged involvement in the laundering of the stolen bitcoins after the 2016 Bitfinex hack,
However, a senior Karnataka police official on condition of anonymity told News18 that no connection has yet been found between Srikrishna (Sriki) Ramesh, the infamous hacker, and the US couple. Sriki was arrested by the Bengaluru crime branch for allegedly procuring drugs using bitcoins in the darknet market.
“We are still investigating the claims made by Sriki that he had hacked the Bitfinex cryptocurrency exchange and what he used the bitcoins for,” the official stated, refusing to touch upon whether or not there have been any hyperlinks between the arrested American couple and Sriki.
In a voluntary statement, Sriki claimed to be the “first individual to have hacked Bitfinex” and having done so twice, once in 2016 and then again in 2017. He further said that he used the money from the hack to support his lavish lifestyle and drug addiction. He also admitted to hacking the Karnataka government’s e-procurement portal in 2019 and transferring a total of around Rs 36 crore to the account of one Hemanth Mudappa.
In a political twist to the bitcoin fraudthe opposition parties in Karnataka— the Congress and Janata Dal (Secular)— alleged that several of the bitcoins defrauded by Sriki, who is said to have close connections with several politicians and senior police personnel, were used as bribes to pay senior police and government officials in Karnataka.
The money laundering couple
In a complaint-arrest warrant filed before a New York magistrate on February 7 by special agent Christopher Janczewski, the agencies found that the hacker who breached Bitfinex’s security systems in 2016 initiated over 2,000 unauthorised BTC transactions of approximately 119,754 BTC to a foreign wallet.
The stolen bitcoins were then traced to an India-based email service provider where virtual crypto exchanges (VCEs) were created to transfer the stolen bitcoins after the hack. At the time, the value of the stolen bitcoins was estimated to be approximately $71 million.
According to a statement released by the US Justice Department, 94,636 stolen bitcoins, “the division’s largest monetary seizure ever”, were confiscated from the arrested couple.
They have been charged with conspiring to launder $4.5 billion in stolen cryptocurrency funds, of which the US government has been able to seize BTC worth $3.6 billion from them. They were able to trace “some of the stolen funds being deposited” into accounts managed by the arrested duo.
The US Justice Department doc exhibiting the arrest mentions that stolen BTCs had been discovered to be being moved throughout a number of platforms and accounts with a view to conceal their path. However, a number of transactions had been made to accounts belonging to the arrested couple.
During the course of the investigations, the US businesses discovered hundreds of transactions being made by means of dozens of accounts owned by Lichtenstein and Morgan. They additionally discovered that the preliminary motion of the funds to different wallets was made utilizing a “peel chain” technique. Peel chain refers to a technique where when large amounts of bitcoin are parked in one address, a series of transactions is initiated to transfer smaller amounts of BTC to multiple new addresses.
A small portion of the stolen bitcoins was sold on Alphabay, an online darknet market, and later sent to eight email accounts, all hosted by an India-based email service provider, the document stated.
Bitfinex sent out requests to the listed email id owners, asking them to provide “extra figuring out data to confirm their account possession”. However, they received no response.
According to the US Justice Department document, the accounts belonging to the Indian email service provider contained over $186,000 worth of virtual currency.