Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

The cybercriminal behind the 2016 Bitfinex hack has been released from prison early thanks to Trump’s 2018 First Step Act

Ilya Lichtenstein, who was sentenced to prison for his role in the Bitfinex hack that occurred in 2016, has been released from prison early. Ilya Lichtenstein (38), convicted for the hack of the cryptocurrency stock exchange Bitfinex in 2016, has been released from prison early. A Trump administration official told CNBC that Lichtenstein served significant prison time […]

Bitfinex hack

Ilya Lichtenstein, who was sentenced to prison for his role in the Bitfinex hack that occurred in 2016, has been released from prison early.

Ilya Lichtenstein (38), convicted for the hack of the cryptocurrency stock exchange Bitfinex in 2016, has been released from prison early.

A Trump administration official told CNBC that Lichtenstein served significant prison time and is now on home confinement. Morgan celebrated his return after four years apart.

The cyber criminal credited his early release to Trump’s 2018 First Step Act, and he is scheduled for release from prison on January 25, 2026, according to the Federal Bureau of Prisons.

The First Step Act is a U.S. federal law passed in 2018 under President Trump that aims to reform the criminal justice system. It seeks to reduce the federal prison population, improve rehabilitation through education and training programs, revise sentencing laws for certain offenses, and uses a risk and needs assessment system to determine eligibility for early release and other programs. The law allows inmates to earn credits for good behavior and rehabilitation, potentially shortening their prison terms and supporting reintegration into society.

In November 2024, Ilya Lichtenstein was sentenced to five years in prison for his involvement in a money laundering conspiracy arising from the hack and theft of approximately 120,000 bitcoin from Bitfinex.

Over 96% of the stolen funds have been recovered, with most remaining unspent, according to defense attorney Samson Enzer and with assistance from Lichtenstein.

In February 2022, Ilya Lichtenstein (35) and his wife, Heather Morgan (32), were arrested for alleged conspiracy to launder $4.5 Billion in stolen cryptocurrency stolen during the 2016 hack of Bitfinex. Law enforcement also seized over $3.6 billion in cryptocurrency (roughly 95,000 of the stolen crypto assets) linked to that hack.

In August 2023 the married couple from New York pleaded guilty to money laundering charges in connection with the hack of the cryptocurrency stock exchange Bitfinex in 2016.

The hackers stole 120,000 Bitcoin, and the Bitcoin value significantly dropped after the discovery of the security breach.

Since the arrest of the couple, the government has seized another approximately $475 million tied to the cyber heist.

Lichtenstein used a number of advanced hacking tools and techniques to breach Bitfinex’s network and once gained access to its infrastructure fraudulently authorized more than 2,000 transactions in which 119,754 bitcoin was transferred from Bitfinex to a cryptocurrency wallet in his control.

Lichtenstein also managed to cover his tracks by deleting access credentials and other log files. Lichtenstein’s wife, Morgan, helped the man in laundering the stolen funds.

The duo used fake identities to set up online accounts and software to automate transactions, exchanged part of stolen funds into gold coins and other crypto assets, and used mixing services like ChipMixer.

Morgan was sentenced to 18 months in prison, but she was released about a month earlier.

My question is, are we sure that all the stolen funds have been fully recovered? Did the two really compensate for all the damage caused by their actions? Let’s remember the collapse in Bitcoin’s value following the hack. How many investors were irreparably harmed at the time? In any case, justice has been quite lenient with them considering the damage caused.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, Bitfinex hack)