Sophisticated Money Laundering Tactics
Court documents painted a “complicated money laundering process” that began with the hacker behind the cyberattack sending stolen bitcoin to a digital wallet under Lichtenstein’s control, and ended with some of the stolen funds being deposited into financial accounts allegedly controlled by Lichtenstein and Morgan. The remainder of the stolen funds that weren’t deposited, amounting to more than 94,000 bitcoin (valued at $3.6 billion at the time of seizure), remained in the digital wallet. The DoJ said that special agents were able to obtain access to this digital wallet – giving them the ability to seize this amount – after a court-authorized search warrant of online accounts led them to a file containing private keys for the digital wallet.
The duo allegedly utilized several sophisticated laundering techniques, including using programs to automate transactions in a way that enabled them to make many transactions in a short period of time. Federal prosecutors said that they also deposited stolen funds into accounts at a variety of virtual currency exchanges and darknet markets, such as darknet market AlphaBay, before withdrawing them, which helped obfuscate the trail of the transaction history by breaking up the fund flow.
The pair also allegedly relied on a well-known practice known as chain-hopping, where they converted bitcoin to anonymity-enhanced currency (AEC), a type of virtual currency that use non-public or private blockchains, in order to obfuscate the origin of their funds. In order to make their banking activity appear legitimate, the two allegedly utilized U.S.-based business accounts and set up online accounts using fictitious identities.
Many of these money laundering tactics were illustrated by a FinCEN report in October that shed light on the various ways that attackers are leveraging cryptocurrency exchanges to transfer funds. The report noted an increase in the use of AECs like Monero in 2021, for instance. The use of AECs, which is one of the methods allegedly used by Lichtenstein and Morgan, gives cybercriminals an easy way to sidestep policies aimed at rooting out suspicious activities, such as the Anti-Money Laundering/ Combating the Financing of Terrorism (AML/CFT) compliance controls, a set of regulations that financial institutions follow to detect and prevent money laundering.