4 Unanswered Questions About the Bitfinex Hack

Yesterday we got stunning quality of the apprehension of a New York couple, Ilya “Dutch” Lichtenstein and Heather R. Morgan, for their alleged relation successful attempting to launder bitcoin present worthy a staggering $4.6 billion. That bitcoin was stolen from the planetary speech Bitfinex successful August 2016, and successful the half-decade since then, determination has been small further penetration into the attack.

That agelong soundlessness (along with what we’ll telephone immoderate more lyrical factors) drove aggravated fascination with yesterday’s news. But arsenic overmuch arsenic we learned, there’s inactive a large woody we don’t know, including dangling questions that could pb down a overmuch deeper rabbit hole. Some of the astir important unknowns impact the hack itself, the concern fallout of the hack and the alleged launderers’ ain puzzling behaviour during the play they’re accused of trying to lavation the stolen BTC.

This nonfiction is excerpted from The Node, CoinDesk's regular roundup of the astir pivotal stories successful blockchain and crypto news. You tin subscribe to get the afloat newsletter here.

As you mightiness expect, grappling with unanswered questions involves immoderate speculation. I’ve done my champion to item wherever that speculation appears, but we’re disconnected the representation present successful general, truthful instrumentality what follows mostly arsenic a bid of hypotheticals and thought experiments.

A important but easy overlooked constituent of yesterday’s charges is that they don't allege that Lichtenstein and Morgan were liable for the archetypal hack of Bitfinex. The charges don’t connection immoderate circumstantial mentation astir however they came into possession of the backstage keys controlling the coins. One anticipation is that the mates purchased the BTC from the archetypal hacker(s) astatine a discount. Another is that they were simply acting arsenic agents for the hacker(s), though that’s little apt fixed their nonstop power of the keys.

There is, however, immoderate circumstantial crushed to judge that the mates could person been progressive successful the hack itself and the Department of Justice conscionable didn’t person rather capable grounds to complaint them with much than wealth laundering.

The astir intriguing (though again wholly circumstantial) grounds is that Morgan appears to person been outright obsessed with “social engineering,” a benignant of hacking that focuses connected compromising radical alternatively of code. In 1 lengthy presumption fixed astatine the lawsuit bid NYC Salon, she described methods of deception and intimidation that she had utilized successful real-world exercises to power individuals and gain access to spaces and organizations.

That is peculiarly intriguing fixed the quality of the archetypal hack, which progressive compromising multisignature protections that went done information supplier BitGo. In CoinDesk’s reporting astatine the time, Michael McSweeney wrote that “in bid to retreat specified a ample magnitude of funds, BitGo would apt person had to motion disconnected connected those transactions,” due to the fact that of a multisignature information furniture implemented for Bitfinex users. That raises the anticipation that societal engineering was progressive successful the hack.

It has been noted that Morgan interviewed Matt Parrella, a erstwhile main compliance serviceman astatine BitGo, for a 2020 Forbes file titled, amazingly, “Experts stock tips connected however to support your concern from cybercriminals.” That’s a superior eyebrow-raiser, but it whitethorn not mean overmuch fixed that Parrella was lone concisely employed astatine BitGo successful 2019 and 2020.

One of the truly bizarre things revealed successful yesterday’s charging documents is that authorities assertion they were capable to prehend the stolen BTC aft accessing backstage keys that Lichtenstein/Morgan had stored successful a unreality service. Keeping backstage keys offline astatine each times is 1 of the astir cardinal information tenets of crypto management, and it’s implausible that idiosyncratic undertaking to launder crypto connected specified a immense standard wouldn’t beryllium good alert of that.

There are a fewer non-conspiratorial ways to recognize the keys being stored online. Most importantly, the keys were themselves encrypted, which you tin astatine slightest ideate idiosyncratic rationalizing arsenic secure.

Crypto researcher Eric Wall further suggested that contempt claims successful the charging documents, the keys whitethorn not person been decrypted by instrumentality enforcement. Instead, the keys whitethorn person been handed implicit by the culprits erstwhile confronted. That could besides explicate wherefore a ample information of the stolen coins was moved connected Feb. 1. Perhaps the accused launderers were demonstrating that the keys worked earlier handing their booty implicit to the feds.

It’s besides worthy remembering that the BTC successful question was worthy astir $70 cardinal astatine the clip of the hack. It ballooned to aggregate billions implicit the people of 5 years, perchance outpacing the culprits’ quality to upgrade their information practices.

Unfortunately, we person to speech astir Razzlekhan, Morgan’s unusual and cringey rap persona. Morgan flooded TikTok and YouTube with weird influence-bait, including a batch of rapping, portion besides penning concern and tech contented for Forbes’ perennially sketchy contributor network. Lichtenstein published astatine slightest 1 Medium station astir crypto and posted astir crypto connected Twitter. This contented – immoderate of which was acceptable to backstage aft the arrests – is conscionable 1 thread of an extended web beingness by Morgan and, to a overmuch lesser extent, Lichtenstein.

The question is simply – why? Most of that enactment took spot aft the brace were successful power of a bitcoin fortune. Why would you beryllium clout-chasing online if you had that overmuch money? (Morgan was apt making little than $100 for each Forbes contribution.)

In the end, we tin lone speculate. But the reply apt involves precise idiosyncratic impulses, peculiarly the tendency for designation and respect. It seems wide Morgan and Lichtenstein wanted to beryllium seen arsenic superior (if originative and weird) businesspeople.

For instance, the 2 represented themselves arsenic partners astatine Demandpath, a putative concern money focused connected “distributed systems, unreality platforms and data-driven AI (artificial intelligence).” I haven’t yet unearthed accusation astir their investments, and truthful the full happening whitethorn person been a spot of a LARP – arsenic “angel investing” often is successful crypto. Morgan besides represented herself arsenic CEO of an email selling institution called Salesfolk.

What’s astir unthinkable is that Morgan didn’t halt posting adjacent erstwhile the walls were closing in. In tribunal connected Tuesday, the defence counsel reportedly said the defendants had known they were nether probe since November. But connected Feb. 2, conscionable 1 week earlier her arrest, Morgan posted astir a business-to-business income article she was moving on for the mag Inc. Perhaps cognition of the probe nudged Morgan to treble down connected a concern that could really marque money, due to the fact that monitoring rendered their BTC exceedingly unsafe to move.

It is worthy noting that Morgan’s online beingness appears to beryllium distorting perceptions of the case. Her rapping and involvement successful societal engineering marque her an intriguing suspect. But successful a pretrial proceeding yesterday, a New York justice acceptable bail for Ilya Lichtenstein astatine $5 million, but bail for Morgan astatine lone $3 million, which whitethorn suggest the tribunal believes Lichtenstein bears much work and faces tougher consequences than Morgan does.

The archetypal Bitfinex hack occurred successful aboriginal August 2016. Here’s CoinDesk’s contemporaneous study connected the events. The hack, and particularly Bitfinex’s efforts to retrieve from it, person spawned a raft of conspiracy theories and speculation often involving suspicions of possible malfeasance by Bitfinex and its associates.

After the hack, Bitfinex made a extremist move, imposing the losses connected its users successful the signifier of a astir 36% “haircut” connected balances. Those who got the haircut were successful instrumentality fixed “Recovery Rights Tokens” with the ticker BFX. These tokens were afloat repaid and redeemed by April 4, 2017. The authoritative communicative was that Bitfinex accrued trading measurement astatine the clip and rapidly earned backmost the wealth it had mislaid successful the hack.

But the BFX token was denominated and paid backmost successful USD, not BTC. Bitcoin astir doubled successful terms betwixt the hack and the repayment, and truthful each things being equal, Bitfinex users mislaid wealth adjacent aft their BFX tokens were redeemed.

But that’s not all: As commentators pointed retired astatine the time, the BFX token helped reduce Bitfinex’s liabilities adjacent further. Some holders, lacking assurance successful Bitfinex’s quality to repay, dumped the token connected the marketplace for arsenic small arsenic 49 cents connected the dollar – and the speech acknowledged buying backmost tokens astatine marketplace value, meaning it got an adjacent further discount against the liability of the stolen BTC.

That, combined with the information that the hack progressive compromising multisignature security, has spawned sizeable speculation that the hack whitethorn person been an “inside job.” Watchdogs similar Bitfinex’d person speculated that the hack was connected to the aboriginal find of shortfalls astatine Bitfinex sister cognition Tether, and that the haircut and BFX token whitethorn person helped insubstantial implicit different problems astatine the exchange. I person yet to spot immoderate airtight grounds of this, but Morgan and Lichtenstein’s proceedings mightiness connection caller revelations astir those unusual maneuvers.