The Blog

The Node Ahead #12: On-Chain Analysis, The Story Behind the DOJ’s Recovery of $3.2bn Worth of Stolen Bitcoin, and More

decorative banner


Welcome back to The Node Ahead, a cryptoasset resource for financial advisers. Every other week, we discuss the latest crypto news and the potential impacts it may have on you and your clients.

In this edition, we will review:

  • Onchain Analysis
  • DOJ’s Recovery of $3.2 Billion Worth of Stolen Crypto
  • In Onramp News
  • In Other News

A lot has happened in the last few weeks, including both Russia and Ukraine making bitcoin a legal currency in their respective countries while Spain’s central bank approved the first crypto services provider in the country. Blockfi settled with the SEC, clearing a path for American citizens to earn up to 9% APY in a regulatory compliant manner. Both Georgia and Illinois lawmakers want to attract bitcoin miners to their states with tax incentives. US Congressman Warren Davidson introduced the Keep Your Coins Act, protecting the ability to act as a self-custodian and conduct peer-to-peer transactions, while Senator Cynthia Lummis said the Federal Reserve should start buying bitcoin. While any one of these stories is worth writing about, this week’s newsletter dives deep into a story so wild that Netflix just announced they are creating a new series about it. Before we jump into that, let’s take a look at what is happening on-chain.

Onchain Analysis

Over the past several newsletters, we have covered a number of sophisticated metrics analyzing the state of bitcoin and the broader crypto ecosystem. This week, we thought we would go back to fundamentals by looking at some of the more basic metrics that are often overlooked in determining the health and viability of a blockchain.

Let’s start with the number of wallet addresses that contain bitcoin or ether. While this metric is not a perfect signal for the total number of users, as one user could have multiple wallets or one wallet could hold coins for many users, it does give us a general idea of the growth of the network. What is interesting to note is that, for both bitcoin and ether, the number of wallets that hold either of these coins has seen a steady upward climb regardless of the price.

While buying and holding assets is a viable use case, it’s also good to understand how many of these addresses are active. By looking at this metric, we can get a sense of whether the number of wallets using the network is growing. Like the previous metric, the number of active wallets for both bitcoin and ether has generally trended upward over time. However, this metric has historically had more spikes during periods of market exuberance, as should be expected.

Lastly, let’s look at the growth of computing power on the bitcoin network. Hashrate is a measure of the computational power per second used when mining bitcoin. When aggregated across all miners, it is a measure of the computing power of the Bitcoin network. Because Bitcoin works on a consensus mechanism, one of the few vulnerabilities it has is what is known as a 51% attack. If any one entity controls most of the network, that entity would be able to dictate which transactions get verified and which don’t. The larger the hashrate, the more difficult and more expensive it is to carry out a 51% attack. Thus, hashrate is a good measure of the security on a blockchain. Bitcoin has the highest hash rate in the world, and therefore the most secure blockchain. Today, bitcoin’s hashrate is so large that it would be practically impossible to acquire enough computing power to execute a 51% attack.

It’s worth noting that following China’s ban of bitcoin mining in March of 2021, nearly 50% of the hash rate left the network as Chinese miners relocated to new jurisdictions. Five months later, the network had fully recovered without any interruption, security threats, or fraudulent transactions. Today, the hash rate is at all-time highs. More and more mining companies are building infrastructure because it’s become such a profitable business.

These are very basic metrics but nonetheless good trends to follow for the long-term health of the asset class. While price can be a poor indicator over the short term, demand signals such as those mentioned above tend to be a much better predictor of long-term viability.

As always, the on-chain data is provided by Glassnode. If you would like to have access to the data yourself, you can sign up here: Glassnode Sign Up Link

Politicians Are Rapidly Embracing Crypto

In what might be one of the wildest stories thus far in 2022, the Department of Justice recovered $3.2 billion worth of bitcoin that was stolen in a hack in 2016, making it the largest financial seizure in the history of the DOJ. On February 8th, Ilya “Dutch” Lichtenstein and his wife Heather Morgan were arrested and charged with laundering and conspiracy to defraud the United States, though they were not charged with carrying out the hack itself.

In August 2016, hackers stole 119,756 bitcoin from a crypto exchange known as Bitfinex. At the time, the stolen bitcoin was worth roughly $72 million but given bitcoin’s price appreciation over the past six years, those coins are now worth $4.5 billion. For the first few years after the hack, those coins sat dormant. However, over the past couple of years, some of the stolen bitcoin slowly began to move out of the wallet now known to be controlled by Ilya Lichtenstein. To be more accurate, the wallet was last controlled by Lichtenstein, though it’s unclear whether Ilya controlled the wallet at the time of the hack. While those bitcoin were moved using mixers and a series of complicated transactions, the DOJ was still able to trace the movement of those coins to an account controlled by the couple who then used the money to buy gold, NFTs, and a $500 Walmart gift card. Not what we would have spent millions of dollars on but hey, who are we to judge?

Once the DOJ was able to identify who owned the account the bitcoin was sent to, investigators were able to obtain a search warrant that allowed them to view files held on a public cloud. The aforementioned files contained the private keys to the wallet that was holding the stolen bitcoin. The next day, the DOJ used those private keys to seize 94,636 bitcoin which was worth roughly $3.6 billion at the time. A week later, Ilya and Heather were arrested. Heather was later released on bail, while her husband remains in jail.

This entire saga is yet another example of why using bitcoin for illicit activity is a terrible idea. Every transaction is immutably recorded on the blockchain and publicly available for anyone to view. Using on-chain forensics, it is possible for authorities to track the funding of illegal activity on a blockchain and use that information to capture and prosecute criminals. This traceability and transparency are exactly why bitcoin is used for illegal activity far less than cash on both a total value and percent basis.

It turns out that sitting on a hoard of stolen bitcoin isn’t as fun as it might seem. After the hack in 2016, the stolen coins had been blacklisted by every major exchange and tagged by every blockchain forensics company watching to see when and where these coins would be moved to. This means that Lichtenstein and Morgan could not simply transfer this bitcoin to Coinbase or Binance without alerting authorities. As a result, the couple was sitting on billions of dollars for several years and was only able to liquidate a few million before getting caught. This couple had a fortune, but no good way to access it.

As part of this story, it is important that we dispel the myth that the government somehow hacked or broke bitcoin to obtain the coins. The DOJ used traditional investigative techniques to trace the transactions on the blockchain and then obtained a search warrant to examine a public cloud database that belonged to Lichtenstein and Morgan. The public cloud just so happened to contain exactly what the DOJ needed to recover the stolen bitcoin: private keys. The Bitcoin blockchain worked exactly as intended. This was not a case of bitcoin being hacked by the government, but rather poor key management by the launderers. Evidence of illegal activity and the keys to the stolen assets were accessible via Google drive. Bitcoin remains self-sovereign, provided that you store your keys properly.

Now, let’s discuss the couple responsible. It is worth reiterating that they have not been charged with committing the hack back in 2016 but rather for laundering the stolen assets. There is good reason to believe that these two were not exactly criminal masterminds; in addition to the poor key management previously described, according to the DOJ the couple seemed to get tripped up by know-your-customer (KYC) controls at some of the unidentified crypto exchanges and financial institutions with which they interacted.

Being stymied by something as basic as KYC might be understandable except for the fact that Morgan was a regular contributor to Forbes and Inc., writing columns about how entrepreneurs should protect their digital currency. Ironically, that article included comments from executives at BitGo which had provided Bitfinex with the multi-signature security tools at the time of the hack back in 2016. Morgan also portrayed herself as an influencer in the art and fashion industries and pitched herself as a corporate coach. If that’s not weird enough, Morgan was also an aspiring rapper (albeit, not a very good one) that went by the name of Razzlekhan, which apparently is a reference to Genghis Khan but “with more pizzazz.” Folks, we truly could not make this story up if we tried.

This, along with some ridiculous TikTok videos, has led many to believe that the couple could not possibly be responsible for the original hack of Bitfinex back in 2016. It’s unlikely that this couple was sophisticated enough to pull off one of the largest hacks in the history of crypto but not savvy enough to circumvent a basic KYC request. A much more plausible theory is that the original hackers understood how difficult it would be to move the stolen coins given they were under surveillance by much of the community and thus decided to sell the keys to the wallet containing the stolen assets to Lichtenstein and Morgan. Either way, this once again highlights how hard it is to get away with illicit activity on an open, transparent ledger that records every transaction for all of eternity.

The fact that numerous entities monitored these coins after the 2016 hack leads us to another interesting wrinkle in this story. On-chain analysts knew about the government’s recovery an entire week before it was made public. Not only could they see the coins moving, but they were also able to discern that it was most likely a government agency because the entity moving the stolen coins did not attempt to mask the transactions in any way and consolidated the stolen bitcoin into a single address. The government obtained the coins about a week before the arrest was made and the recovery was publicly announced, meaning that we could see a government seizure play out in real-time on-chain!

Following the recovery, the US government now holds the largest known pile of bitcoin of any government in the world. It’s worth noting that we know other governments have been mining bitcoin for some time now without disclosing how much they hold. It is entirely possible that another government holds more bitcoin than the US and we just do not know about it.

The story doesn’t end there. Back in 2016, following the original hack that started this entire saga, Bitfinex did its best to make its users whole. A few days after the hack, Bitfinex announced that the lost bitcoin would be “socialized” across all accounts. As a result, all users of Bitfinex saw their account values drop by roughly 36%. However, each user also received a token which promised repayment of the loss over time through cash redemption or conversion into equity in Bitfinex. By early 2017, all losses had been repaid to Bitfinex users. At the time, everyone figured that was the conclusion to the stolen bitcoin story.

Fast forward to 2019: Bitfinex was using a payment processor called Crypto Capital to handle withdrawals on the exchange. At the time, $850m of Bitfinex’s funds were tied up in Crypto Capital. That was until Crypto Capital stopped processing withdrawals for Bitfinex because the capital had been apparently seized by authorities pursuing anti-money laundering criminal charges against Crypto Capital. This caused several problems for users of Bitfinex including massive delays in withdrawals.

To solve the problem, Bitfinex turned to its parent company iFinex. iFinex also owns  Tether (USDT), one of the largest stablecoins on the market. iFinex decided to transfer $625m from Tether’s bank account to Bitfinex which was problematic because Tether is supposed to be backed 1:1 by US dollars. To help recoup the losses and backfill the void, iFinex decided to do a token sale to raise money. The LEO token was issued in May 2019 and was primarily designed to provide benefits such as discounts and lower fees for Bitfinex users.

The LEO token sale was a success as it raised $1 billion, selling the freshly minted token to replace the $850 million it lost to Crypto Capital. However, the LEO token had one unique property. LEO’s whitepaper stated that “An amount equal to at least 80% of recovered net funds from the BitFinex hack will be used to repurchase and burn outstanding LEO tokens within 18 months from the date of recovery.” In other words, the LEO token stands to benefit from any recovered bitcoin from the Bitfinex hack in 2016.  This provision, which essentially acts similar to a stock buyback, was buried in the paper that very few (if anyone) thought would ever be worth anything. As soon as news broke that the DOJ recovered the stolen bitcoin, the LEO token spiked 56% in less than 24 hours.

In a statement soon after the DOJ announcement, Bitfinex confirmed its commitment to the provision in the LEO token saying that it would work with the DOJ to recover the seized bitcoin. As of now, the bitcoin remains in the DOJ’s custody, meaning that no LEO tokens will be burned if the DOJ decides not to release the bitcoin back to Bitfinex.

This brings up a very interesting legal question – who has the rights to own the recovered bitcoin?

Should the coins be returned to their original holders? Even though they were all fully reimbursed for the dollar value of their bitcoin at the time, bitcoin is far more valuable today than it was then. Are they owed that difference in price appreciation? Financial and cryptocurrency-related lawyers are already receiving calls from individuals who claim to have lost bitcoin in the 2016 heist and want their bitcoin back.

Does Bitfinex as the exchange have a claim to those coins?  Bitfinex has made it clear that it believes it has made investors whole and will “follow appropriate legal processes to establish our rights to a return of the stolen bitcoin.”

Does the government have the right to decide that they can do whatever they want with the recovered bitcoin? If so, will the US government simply hold this bitcoin as a reserve asset or auction it off similar to what it has done in the past?

While we do not know what the legal precedent is for something like this, we are confident there will be several legal battles between Bitfinex, the original customers, and the US government in the coming months and years. As crazy as this story is, it’s not over yet.

Why this matters for RIAs and their advisors – The DOJ recovery is likely to be one of the biggest stories of 2022.  When clients read or hear about it in the news, it’s important to not only know what happened, but to be able to explain that this is another example of why bitcoin continues to be used less and less for illegal activity.  It’s also important in case a client worries this somehow changes if a government agency can confiscate your coins (it doesn’t).

In Onramp News

In Other News

ConocoPhillips is using bitcoin mining to reduce methane emissions and has a “zero routine flaring ambition” by 2025. It’s almost as if bitcoin mining is spurring clean energy innovation…

Wells Fargo claims crypto is nearing a phase of “hyper adoption” akin to the internet in the ’90s.

BlackRock is reportedly planning to offer crypto trading.

Vanguard and State Street partner with blockchain provider Symbiont to bring smart contracts to Wall Street.

Cities are turning to crypto for grassroots fundraising.

Hester Pierce’s statement on the Blockfi settlement with the SEC.

U.S. Representative Josh Gottheimer (D-N.J.) has introduced a bill that would establish government-backed insurance for stablecoins. The bill would designate certain stablecoins as “qualified,” making them redeemable on a one-to-one basis for U.S. dollars.

A bipartisan duo in the senate introduced the Accountability for Cryptocurrency in El Salvador (ACES) Act, legislation requiring a State Department report on El Salvador’s adoption of Bitcoin. President Bukele quickly responded on Twitter.

The Treasury reassured six concerned senators that it does not plan to treat crypto miners, stakers, and wallet providers as brokers for tax purposes.

The FBI now has a dedicated division to probe blockchain-based crimes.

Trading app Robinhood wants cryptocurrencies to be a central part of its business strategy.

Salesforce is planning an NFT Cloud.

Crypto apps shot up App Store download charts in the US on Monday morning, after a Super Bowl studded with digital assets advertising.  Coinbase’s commercial caused the app to surge from 186th place to second on the App Store and crash its website.

How NFTs are raising money for charity.

Disclaimer: This is not investment advice. The content is for informational purposes only, you should not construe any such information or other material as legal, tax, investment, financial, or other advice. Nothing contained constitutes a solicitation, recommendation, endorsement, or offer to buy or sell any securities or other financial instruments in this or in any other jurisdiction in which such solicitation or offer would be unlawful under the securities laws of such jurisdiction. All Content is information of a general nature and does not address the circumstances of any particular individual or entity. Opinions expressed are solely my own and do not express the views or opinions of Blockforce Capital or Onramp Invest.

With gratitude,

Your Onramp Family