Wife of couple accused of $4.5 billion Bitcoin swindle gave advice on cybersecurity, social engineering

Quick Take

  • Ilya Lichtenstein and Heather Morgan have been accused of laundering $4.5 billion in Bitcoin that had been stolen from Bitfinex in 2016.
  • Morgan had previously shared advice on how to protect exchanges from cybersecurity attacks and had done a presentation on social engineering attacks.
  • The US Department of Justice said Tuesday that it seized $3.6 billion in bitcoin earlier this month. 
  • Both Lichtenstein and Morgan were arrested this morning and charged with conspiracy to commit money laundering and conspiracy to defraud the United States.

Tuesday's announcement from the Department of Justice — that it had seized some $3.6 billion previously stolen from crypto exchange Bitfinex back in 2016 — created an inevitable wellspring of interest around the two individuals accused of laundering those funds in the wake of the theft.

Ilya Lichtenstein and Heather Morgan were arrested in Manhattan earlier today, and face up to 25 years in prison if convicted on the twin charges of conspiracy to commit money laundering and conspiracy to defraud the United States.

As might be expected, reporters and commentators dug into the social media footprints of the two accused, with some highlighting the intersections between their public activities and the crypto sector. 

What emerges is a portrait of two technology entrepreneurs — and, in the case of Morgan, an erstwhile rap career — that almost belies the DOJ's allegations of a years-long effort to launder tens of thousands of bitcoins stolen from Bitfinex.

Morgan's LinkedIn account identifies her as a columnist for both Inc. and Forbes, the latter of which has published an array of articles, with the most recent coming out in September. Of particular note, as highlighted by commentators on social media, is a piece entitled "Experts Share Tips To Protect Your Business From Cybercriminals." Included in the piece were comments from executives of crypto firms BitFlyer and BitGo, the latter of which provided Bitfinex with multi-signature security tools at the time of the hack. 

Much of the content appears geared toward advice and tips for millennial entrepreneurs. Earlier Tuesday, Gauntlet founder Tarun Chitra shared on Twitter that Morgan gave a talk in 2019 on "How to Social Engineer Your Way Into Anything." 

Morgan's LinkedIn account identifies her as CEO of a professional email copywriting service called SalesFolk since 2009 and an investor at a firm called Demandpath since June 2018. She received degrees from the University of California, Davis and the American University of Cairo.

Lichtenstein's own LinkedIn account names him as a partner at Demandpath since June 2018 and advisor to SalesFolk since February 2014. Demandpath is described as "a boutique micro-fund investing in the next generation of promising technologies" on its website. Per LinkedIn, he received a degree in psychology from the University of Wisconsin-Madison. 

According to a Facebook post penned by Lichtenstein, the two were engaged in June 2019. The two later held a wedding this past fall which Morgan described on Instagram as "surrealist."

What the DOJ observed

Per the DOJ's allegations in a court-filed statement of facts, occurring in the background of these activities was a years-long effort to cash out some of the stolen funds, efforts that appear to have been stymied at times by know-your-customer controls at some of the unidentified crypto exchanges and financial institutions with which they interacted.

Still, per the DOJ, "[r]ecords obtained from other VCEs and traditional financial institutions revealed that MORGAN and LICHTENSTEIN made similar deceptive statements to other financial institutions over the course of their conspiracy."

The DOJ alleged that the couple did manage to cash out some of the funds, with expenditures on gold and non-fungible tokens (NFTs). According to the court documents, funds were also spent on a Wal-Mart gift card as well as payments to Uber and Hotels.com. 

As noted by crypto analytics firm Elliptic, it was the post-hack decision to later route those funds through the now-defunct dark market AlphaBay — later seized by federal investigators — that provided the link between the funds and an account in Lichtenstein's name. 

For more breaking stories like this, make sure to follow The Block on Twitter.

© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.