We seemingly have an answer to one of crypto's most enduring mysteries. Ilya Lichtenstein, husband of criminal rapper Razzlekhan (aka Heather Morgan), confessed yesterday to the 2016 hacking theft of 112,000 bitcoins from offshore crypto exchange Bitfinex. But the circumstances of that confession are frankly bizarre – and one of America's most notorious reformed hackers isn't buying it.
"Ilya is a f***ing idiot," argues Brett Johnson. "If you look at the way he was trying to launder money, he was doing absolutely everything wrong."
Johnson should know – he was the founder and leader of Shadow Crew, a notorious cybercrime cartel, in the early 2000s. After his arrest in 2005, Johnson served as a confidential informant for the Secret Service and, despite some backsliding, has since become a respected white hat cybersecurity expert.
Aside from questions about Lichtenstein's competence, the circumstances of the confession remain murky. The U.S. Department of Justice did not charge Morgan and Lichtenstein, who Morgan sometimes affectionately referred to as "Dutchie," with the hack itself, only with attempts to launder the stolen funds.
It is unclear from yesterday's reporting whether confession to the hack was a condition of Lichtenstein's plea deal on the money laundering charges, but that would be extremely unusual. The roughly 120,000 BTC hacked from Bitfinex was worth about $70 million in 2016, but ballooned to $4.3 billion by the time of the couple's arrest last year.
After Lichtenstein and Morgan's arrests, there were still many unanswered questions as to who actually committed the initial hack. One theory was that Lichtenstein and Morgan may have purchased keys to the stolen bitcoin from the original hacker at a discount, or were holding and laundering it on behalf of a third party. But these were never particularly convincing, and there was broad belief that the couple had committed the hack as well as the attempted laundering.
Brett Johnson is skeptical, though, based on Lichtenstein's apparent sloppiness on the laundering part of the heist.
"He was doing chain hopping … But the cashout was always coming out to his name. In Shadow Crew, we said, all cybercrime should start with identity theft," Johnson told me. "[Lichtenstein] even had some Coinbase accounts that were directly connected to him. It simply did not make sense at all that he was doing it like that."
Lichtenstein also moved some of the stolen funds through darknet market Alphabay. But, Johnson argues, "If he had any experience at all, he knew that market was going to get shut down by law enforcement, or do an exit scam. So it doesn't make sense to me."
"What it really reads like is, in theory the guy knows how to launder money, but in practice he had never done it at all," he added
Another major sign of the duo's questionable competence: Lichtenstein apparently kept the private keys to billions of dollars' worth of bitcoin on a cloud drive, which may have allowed law enforcement to seize it.
More broadly, Razzlekhan and Dutchie's behavior post-2016 was strange for high-profile hackers. Rather than disappearing to some remote non-extradition country, they moved to Wall Street. And while Lichtenstein kept a low profile, Heather Morgan's behavior was incongruous with someone who had millions of stolen bitcoin on hand. She touted herself as head of an email marketing company, contributed articles to Forbes, gave public presentations on hacking and – last but not least—pursued a possibly theft-subsidized career as a bizarre rapper under the alias "Razzlekhan."
That may simply indicate that the couple made extremely naïve decisions after committing a major crime. But Brett Johnson thinks there's a lot more to the story.
"It doesn't ring very true to me at all."
– David Z. Morris
@davidzmorris
david.morris@coindesk.com