Bitfinex 2016 Hack Saga Worth $5.8 Billion Finally Reaches Resolution

The U.S. District Court for the District of Columbia has determined that cryptocurrency exchange Bitfinex may be the sole party eligible for restitution concerning the 119,754 BTC stolen during the notorious 2016 hack. This decision comes after Ilya Lichtenstein and Heather Rhiannon Morgan, who were charged in 2022 with conspiracy to launder money and conspiracy to defraud the United States, entered guilty pleas.

Lichtenstein and Morgan allegedly utilized sophisticated hacking tools to breach Bitfinex’s security, executing over 2,000 transactions to transfer the stolen funds to a personal wallet. They subsequently laundered the money through various methods, including converting portions into gold coins, which Morgan buried.

Since their arrest in February 2022, the U.S. government has recovered approximately 95,000 of the stolen BTC, currently valued at around $5.89 billion, along with an additional $475 million in related assets. These coins are presently stored in an address associated with the FBI.

Despite the scale of the theft, the U.S. government has announced that it does not recognize any other individuals apart from Bitfinex as victims under the Crime Victims’ Rights Act (CVRA) or eligible for restitution under the Mandatory Victims Restitution Act (MVRA).

This is likely due to prior actions taken by Bitfinex, which compensated affected customers by issuing “BFX” tokens, all of which were redeemed by April 2017. This prior compensation suggests that no further victims may qualify for restitution, leaving Bitfinex as the only entity entitled to recover the seized Bitcoin.