US probe finds $ 3.6 bn stash from 2016 Bitfinex bitcoin hack, India email IDs used to launder stolen funds

And the Bitfinex heist has been at the centre of a controversy in Karnataka since Srikrishna Ramesh alias Sriki—a hacker arrested by the crime branch in Bengaluru for allegedly using bitcoins to procure drugs on the darknet—talked about about his purported involvement in the 2016 hack. The Opposition Congress has alleged that bribes were paid in bitcoins by the 26-year-old hacker to police and influential persons in the government after his arrest in November 2020. The party has alluded to the movement in April 2021 (when Srikrishna was set to be released) of 12,000 stolen bitcoins (worth $750 million) from the Bitfinex hack as being suspicious.

The investigation by US authorities and a 20-page complaint filed before a New York magistrate on February 7 to announce the arrest of the Manhattan couple do not reveal any Indian connections except for the use of email IDs generated through an India-based email services provider to create accounts in virtual crypto exchanges (VCE) where the stolen bitcoins were transferred soon after the hack. The complaint filed in the US court by an IRS officer, Christopher Janczewski, also does not refer to the identities of the hackers who carried out the massive Bitfinex heist.

The complaint, however, says that one of the leads in the IRS probe came from the fact that eight accounts at a cryptocurrency exchange where the stolen bitcoins were transferred initially—after an attempted concealment process—belonged to the same individual. They “were tied to similarly styled email addresses hosted by the same India-based provider”.

During investigations the US authorities found a spreadsheet in a cloud account of Lichtenstein that reportedly referred to the virtual crypto exchange accounts created using the email IDs obtained through the India-based email service provider.

“The connection among the VCE 1 accounts was further confirmed upon reviewing a spreadsheet saved to Lichtenstein’s cloud storage account. The spreadsheet included the log-in information for accounts at various virtual currency exchanges and a notation regarding the status of the accounts,” the IRS has stated.

“After the execution of court-authorized search warrants of online accounts controlled by Lichtenstein and Morgan, special agents obtained access to files within an online account controlled by Lichtenstein. Those files contained the private keys required to access the digital wallet that directly received the funds stolen from Bitfinex, and allowed special agents to lawfully seize and recover more than 94,000 bitcoin stolen from Bitfinex. The recovered bitcoin was valued at over $3.6 billion,” the justice department said.

Sources in Karnataka said that the arrest of the couple and the recovery of the stolen Bitfinex bitcoins in the US could be important to setting at rest speculation of the stolen bitcoin being used to pay bribes to state officials.

Srikrishna, the international hacker, alluded to hacking the Bitfinex exchange and illegally accessing bitcoins, as per a statement given to the police, which is attached to a chargesheet filed in February 2021. “Bitfinex was my first big bitcoin exchange hack. The exchange was hacked twice and I was the first person to do so. The second instance was a simple spear-phishing attack which led to two Israeli hackers working for the army getting access to the computers of one of the employees, which gave them access to the AWS cloud account,” Srikrishna told the police. The Israeli hackers—two brothers—were arrested by authorities in Israel in 2019.

According to the statement, Srikrishna made an “approx profit: 2,000 BTC” (bitcoins) from the Bitfinex hack and blew the entire amount on a “luxurious lifestyle”. “The price of bitcoin was around $100 to $200, which was split with my friend Andy from the UK,” the hacker stated as per the recordings made by the Bengaluru police.

The hacker has also said that he managed on a few occasions to sell bitcoins stolen from the Bitfinex hack by using concealment techniques to avoid detection.

“In 2018 November I downloaded the acknowledgement for the BTC (bitcoin) transaction which came in from Helix mixer amounting to around 510 BTC, which basically was from a hack of a Bitfinex exchange from the hacking group I was a part of, and later those funds were transferred to the Netherlands to my friend’s account,” reads Srikrishna’s statement to the police.

In a case where he is accused of hacking a poker gaming site, which is attached to the chargesheet in the drugs-related case, Srikrishna claimed that he voluntarily agreed to give away bitcoins that were in his possession to the police after his arrest in November 2020. “I understood the case scenario that even if I do not give them the bitcoins they can use forensic methods to find the bitcoins, after a talk with the investigating officer. So post consultations, I voluntarily accepted [sic] to give away the bitcoins which I had kept in various wallets in different cryptocurrencies,” reads the statement.

Blockchain analysts reported on social media on April 14, 2021, that nearly 12,000 bitcoins out of the 1,19,754 stolen during the Bitfinex heist had moved for the first time in over four years. Analysts reported it as the biggest movement of the stolen bitcoins.

The Opposition Congress last year suggested links between the release of Srikrishna from prison and the movement of bitcoins stolen from the Bitfinex exchange in August 2016. “In chargesheet filed by CCB police, it is recorded that the accused looted 5,000 bitcoins through unethical hacking. Who holds these bitcoins now? Have they got it transferred to accounts of investigating agencies? Or are they clueless?” Congress leader Siddaramaiah said on social media last year while insinuating at the involvement of important people in the state.

The Bengaluru police have rejected allegations linking Srikrishna to the 1,19,754-bitcoin heist at the Bitfinex exchange in 2016. “The claim made on Whale Alert (a social media account tracking bitcoin movements) that 14,682 stolen Bitfinex bitcoins were transferred is completely unsubstantiated. There is nothing to suggest that it originated from Bangalore,” the police said in a statement on November 12, 2021.

Despite the arrest of Srikrishna getting wide publicity, “no foreign law enforcement agencies or any foreign companies have approached the Bangalore police about any hacking, as claimed by the accused,” the police stated.