The DOJ also said it arrested 34-year-old Ilya Lichtenstein and his 31-year-old wife Heather Morgan for their role in attempting to launder 119,754 bitcoin that were stolen during the attack on the Hong Kong exchange. Deputy Attorney General Lisa Monaco called the seizure the "department's largest financial seizure ever."
But on Tuesday, the Justice Department said Lichtenstein and Morgan -- both of whom were very active on social media -- initiated more than 2,000 unauthorized transactions as they tried to launder the 119,754 bitcoin stolen from Bitfinex.
"Those unauthorized transactions sent the stolen bitcoin to a digital wallet under Lichtenstein's control. Over the last five years, approximately 25,000 of those stolen bitcoin were transferred out of Lichtenstein's wallet via a complicated money laundering process that ended with some of the stolen funds being deposited into financial accounts controlled by Lichtenstein and Morgan," the DOJ explained.
"The remainder of the stolen funds, comprising more than 94,000 bitcoin, remained in the wallet used to receive and store the illegal proceeds from the hack. After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin that had been stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion at the time of seizure."
Lawyers for the government went on to accuse Lichtenstein and Morgan of using fake identities to open online accounts and deploying devices to automate transactions -- in addition to a spate of other laundering techniques. The stolen funds were also deposited into several different virtual currency exchanges and darknet markets in an attempt to wash the currency, something the DOJ called "chain hopping."
The bitcoin was converted into other currency that shielded their identity, and US bank accounts were used to make their transactions look legitimate.
"In a methodical and calculated scheme, the defendants allegedly laundered and disguised their vast fortune," said Chief Jim Lee of IRS-Criminal Investigation (IRS-CI).
Authorities added that they found 2,000 crypto wallet addresses and private keys in Lichtenstein's cloud storage account, almost all of which were connected to the stolen funds.
The two were arrested in Manhattan on Tuesday, and they are appearing in court at 3 pm ET to face charges of conspiracy to commit money laundering and conspiracy to defraud the United States.
If convicted, the two are facing a maximum sentence of 20 years for the first charge and five years in prison for the second.
"Ilya Lichtenstein and his wife Heather Morgan attempted to subvert legitimate commerce for their own nefarious purposes, operating with perceived anonymity," said Homeland Security Investigations (HSI) acting executive associate director Steve Francis.
In a statement, Bitfinex said it has been working with the DOJ since the investigation started and will work with the law enforcement agency "to establish our rights to a return of the stolen bitcoin."
"If Bitfinex receives a recovery of the stolen bitcoin, as described in the UNUS SED LEO token white paper, Bitfinex will, within 18 months of the date it receives that recovery, use an amount equal to 80% of the recovered net funds to repurchase and burn outstanding UNUS SED LEO tokens," the company said.
"These token repurchases can be accomplished in open market transactions or by acquiring UNUS SED LEO in over-the-counter trades, including directly trading bitcoin for UNUS SED LEO."
Blockchain analysis company Elliptic told ZDNet that around 21% of the stolen bitcoin have been moved and laundered over the past five years.
Elliptic's analysts found that a variety of money laundering techniques were used, including sending the funds through darknet markets, like Alphabay and Hydra, as well as the Wasabi Wallet privacy wallet, which was used to hide the blockchain money trail.
"Some of the funds were also sent to regulated cryptocurrency exchanges that perform KYC checks on their customers, and it is likely that the suspects were identified by tracing the stolen funds to these services," Elliptic said.
"The remainder of the stolen funds, now worth $4.1 billion, were moved to a new wallet just last week, the first movement of these funds since the 2016 theft. This appears to represent the seizure of the bitcoins from Lichtenstein and Morgan, by law enforcement."
Bitfinix told customers in 2016 that they would all be sharing the loss, with each copping a generalized loss percentage of 36.067%. The loss applied across the board, even to those who did not own bitcoin.
Retired DEA special agent in charge Bill Callahan noted that the seized funds will go through a legal forfeiture process that could take place as part of a criminal or civil action, adding that this could tie up the funds for several years.
"Before the U.S. Government writes a check for $4.5 billion to Bitfinex, potential victims or claimants may file a legal action, and make a claim for all or a portion of the funds. They will have an opportunity to prove that their claim is justified and will likely rely on blockchain analytics and expert testimony to support their claims," said Callahan, who now works for the Blockchain Intelligence Group.
What stood out most to him was that the arrested couple sent the stolen bitcoin to a Virtual Currency Exchange that sells prepaid gift cards in exchange for BTC.
"A $500 Walmart gift card transaction was conducted through an IP address linked to a cloud service provider, and they used the gift card to purchase personal items that were delivered to their home address," Callahan explained.