12 February 2022 |

8 things on the $4.5B Bitcoin heist

By Trung Phan

How did they launder the money? Is Razzlekhan the richest rapper ever? What was their getaway plan? Did she actually DM me? (Yes)

Hey, thanks for subscribing to SatPost.

Today, we’re breaking down the insane $4.5B Bitcoin heist.

PS. If you enjoy these emails, would def appreciate a share with friends and fam (good ‘ol word of mouth).

So, something crazy happened in the crypto world (again).

On Tuesday, the Department of Justice (DoJ) arrested a New York couple for their involvement in a Bitcoin laundering scheme worth $4.5B. Of that, the DoJ has recovered $3.6B.

It gets weirder from here: the husband (Ilya “Dutch” Lichtenstein, 34) is a tech entrepreneur and Y Combinator alumni while his wife (Heather Morgan, 31) runs a few software businesses, writes for Forbes…and, oh, is an amateur rapper that goes by the name of Razzlekhan!!

This is definitely one of those stories where you need pics to do it justice:

In what surely has to be record time, Netflix announced on Friday — 3 days after the news broke — that it will make a documentary of the heist (Netflix, call me).

I’ve been obsessed with this story over the past few days. The couple left a massive trail of internet crumbs (websites, social, YouTube vids, TikToks, writing) to pour over. Here’s what caught my eye:

  • Who are they?

  • WTF happened?

  • How did they launder the BTC?

  • Did they have a getaway plan?

  • Heather Morgan: expert in social engineering?

  • That time Heather DM’d me (true story)

  • Is Razzlekhan the richest rapper ever?

  • What were the funniest memes?

Who are they?

Here is some background:

Lichtenstein’s professional life is much more mainstream. He founded Mixrank out of the Y Combinator incubator and was also a mentor for 500 Startups. Meanwhile, Morgan’s various ventures — Demandpath, Endpass, SalesFolk — have less public traction (oh, don’t worry, we’ll get to the “Surrealist Rapper” career).

WTF happened?

Jack Niewold typed up a solid Twitter thread on the case:

This story starts with the infamous [HK exchange] Bitfinex hack. In August 2016, a (still unknown) hacker gained access to the exchange, allowing them to authorize around 2000 unapproved transactions. They stole 119,754 BTC, then worth about ~$72 million. It tanked the market by nearly 40%

Tracing exchange accounts to India-based emails, they linked the BTC to the business and personal accounts of two people: Ilya Lichtenstein and his wife Heather Morgan.

With the identities in hand, the DoJ got a warrant to “break into the cloud data provider account of Lichtenstein” and found the BTC “private keys in plain text”.

A lot of people have been dunking on Lichtenstein for putting his private keys in plain text in the cloud. I’m a bit sympathetic tbh. I have password managers, but also use sticky notes of passwords all over my work desk.

And — according to Vice — Lichtenstein’s cloud files were actually “secured with a strong encryption algorithm and a lengthy password.” But it got cracked and, bro, you have $5B in BTC. You need to do whatever the Winklevoss Twins did to secure their crypto bag:

The Winklevosses came up with a their own system to protect their keys. They printed off their keys and cut them up into pieces before storing them in envelopes in safe deposit boxes across the US. If anyone happens to steal one envelope, the person would not have access to the entire private key. 

Here’s a wild photo that investigators found of a spreadsheet Lichtenstein used to track all his BTC accounts:

Anyways, the DOJ used the private keys to access the original BTC wallet connected to the Bitfinex hack. It held 79% (94, 636) of the stolen coins. At the time of the DoJ complaint, this was worth $3.6B. It’s now worth $4B and is a 70x bagger on the original stolen amount. This is the value of buying and HODL-ing!

So, where is the other 21% (25, 118) of the BTC?

How did they launder the BTC?

Over the past 5, the couple only managed to get 21% of their BTC haul out of the original hacked wallet (it’s not clear how they got the BTC from the hack in the first place1). The outstanding amount is now worth $1B+, assuming none of it has been spent.

To move the BTC funds around, the DOJ charges that the couple employed “sophisticated laundering techniques” like:

  • Using fake IDs to set up accounts

  • Setting up computer programs to automate transactions

  • Distributing BTC across different exchanges and darknets to hide the trail

In the annals of billion-dollar financial crimes, it is def more sophisticated than Madoff’s scheme:

Bloomberg’s Matt Levine goes deep (as usual) and finds that most of the couple’s efforts to move BTC were in smaller increments (often single-digit BTC). Here’s his take on where the rest of the funds are:

From the complaint, I suspect that some of [the outstanding BTC] is in accessible accounts that the Justice Department still plans to seize, and I suspect that a lot of it was spent back when Bitcoin was worth a lot less than it is today. There is no strong implication that they successfully laundered and squirreled away hundreds of millions of dollars, safe from Justice Department seizure. But it’s not completely ruled out either. “The couple is also believed to have access to $330 million in bitcoin that the federal government hasn’t located,” prosecutors said at a bail hearing.

One of their recent successful money laundering attempts took place between 2019 and 2020, when they cashed out 117 BTC (~$496k today) by purchasing $500 Walmart gift cards and also cards from Uber and Playstation.

Based on the gift card market, I think they guffed by going with Walmart. I did some research and the resale value on $100 gift cards for Costco ($87.39) or Apple ($86) or even frickin’ Safeway ($78.16) is better than Walmart ($78.12).

So, of the 119,754 BTC they started with — worth $5B+ today — they might have $300m hidden away somewhere. The rest has been recovered or spent, likely when BTC was worth a lot less. Friends of the couple say they don’t spend big but did plan to “buy a $2m apartment in NY” (unclear if the seller would have accepted Walmart cards; I wouldn’t, they have shit resale value).

Turns out the unchangeable (and trackable) record of the blockchain is a lot less-friendly to financial shenanigans than mainstream media hysteria will have you believe. 2

One last thought: did Ilya and Heather never watch Breaking Bad? Any money launderer worth their salt knows the best move is to buy a chain of car washes.

Did they have a getaway plan?

Here’s a great Vice piece with some absolutely wild details of the Fed’s raid on the couple’s apartment:

  • Preparing for a new life?: Apparently, the couple knew the DoJ was investigating them. Circa 2019, they travelled to Ukraine and secured fake passports and set up bank accounts in Russian and Ukraine (their lawyers say there’s no proof of this and that the couple — who recently froze embryos — were planning to start a family in the US)

  • Finding a stash: At the apartment, the Fed’s seized “dozens of burner phones, more than $40k in USD and foreign currency, hardware crypto wallets and books with hiding places cut into the pages for storing USB drives.” Look, having hollowed-out books and bricks of Benjamins isn’t a crime, but — damn — that sounds like some Jason Bourne shit.

This is a funny detail: during the raid, Morgan asked if she could pick up her cat underneath the bed. It turned out to be a ruse so that she could lock her smartphone, presumably so the Feds couldn’t search it. Like I said, Jason Bourne shit.

Based on the max 20-year prison sentence they face, a getaway plan was prudent.

Heather Morgan: expert in social engineering

As mentioned, Heather Morgan is a Forbes contributor. She wrote ~50 articles for the business publication between 2017-2021 (and 100s more for Inc.). The pieces are very business-oriented. The content focusses on lessons from her own career or tactics from other entrepreneurs.

Her Forbes bio is a work of art (bold mine):

Heather Morgan is an international economist, serial entrepreneur, and investor in B2B software companies. She is an expert in persuasion, social engineering, and game theory. Morgan is the co-founder and CEO of Endpass, which uses Artificial Intelligence (AI) to automate identity verification while proactively detecting fraud. When she’s not reverse-engineering black markets to think of better ways to combat fraud and cybercrime, she enjoys rapping and designing streetwear fashion.”

Morgan actually wrote a few Forbes articles on social engineering, but one stands out in particular: “This Is Why Sacha Baron Cohen Is The Greatest Social Engineer Of Our Time

Sacha is — of course — the genius comedic mind behind Ali G and Borat. In the article, she writes “social engineering is the use of words, body language, or imagery to obtain the desired action from an individual or group.” One of the Sacha lessons is to “research your audience inside-out”:

Whether it’s a startup founder sending a cold email to an investor, an enterprise salesperson trying to strike up a sales conversation with a C-level executive, or just some good old fashioned trolling–requires extensive research of your “target.” Before you even reach out, you want to know as much as you can about the person you’re targeting so you can understand what motivates them.

What’s their favorite music? What does their morning routine look like? Are they vain or skeptical? Who do they care about and trust? What are they stressed about at work? Who do they dislike or mistrust?

In 2019, she gave a social engineering lecture at NYC Salon that included advice on useful items to bring if you want to crash an event: badges, press passes, things to share (gum, cigs), black shirts (to look like security), layered clothes (in case you need to change outfits).

Pretty damn practical, actually.

That time Heather DM’d me

Ok, so this is weird.

As I started digging into the story, I realized that Heather followed me on Twitter. Then I realized that we SWAPPED DMs IN NOVEMBER 2020!

Turns out my DM exchange isn’t unusual.

She is a noted networker and claims to have sent 10k+ cold emails over the past decade (that’s like 3x a day, which is aggressive).

Per Vice, she claims to have networked herself into the good graces of Zoom CEO Eric Yuan, former DocuSign CEO Keith Crock and controversial antivirus pioneer John McAfee.

In fact, her company SalesFolk is built around improving B2B cold email communications:

The editor from the earlier Vice article received a DM from her and author Nassim Taleb says she “managed to hack Twitter to get me to *follow* her so she could DM me.”

In my exchange with Morgan, it was clear she practiced the Sacha social engineering techniques:

  • She asked me about my comedy film script (it’s in my Twitter bio and — yes — I plan on writing about it for SatPost)

  • Sent me a Forbes article about a Vietnamese entrepreneur (I just double-checked and can confirm I’m Vietnamese)

That was basically the extent of the communication. I know what you’re thinking, “Trung, why would you answer a random DM?” Look people, it was November 2020 and I was a Twitter newb. I had less than 5k followers and here comes a blue checkmark that’s also “Forbes contributor”. YES, I’M GOING TO ANSWER! 3

In the course of researching her Forbes archive, I discovered 2 other articles on Vietnamese entrepreneurs (and her most high-profile interview is with Asian star Awkwafina).

Here’s where it gets a bit random: turns out she lived in Vietnam (or at least has spent quite a bit of time there). And she actually did the photoshoot for one of her Razzlekhan rap songs while in the country:

This is probably a huge coincidence but — in 2016 — there was a Vietnam film release called….BITCOIN HEIST! WTF!?!?

Morgan’s interest in emerging markets traces back to her academic years. While doing her Master’s in 2013, she published a paper titled “Lessons from the Arab Spring: Food Security and Stability in the Middle East and North Africa”.

Anyways, I just checked the DOJ complaint to make sure my name isn’t in there. All good.

Is Razzlekhan the richest rapper ever?

First, why rapping? Well, Morgan wrote about it in a — you guessed it — Forbes article, “Got Burnout? This Tech CEO Thinks You Should Try Rapping”.

TDLR: The corporate world (eg. SalesFolk, public speaking) was burning Morgan out and she wanted a way to authentically express herself. Enter her rap alias Razzlekhan.

The official Razzlekhan website has some instructive lines:

  • “The infamous Crocodile of Wall Street strikes again!”

  • “Razzlekhan is like Genghis Khan, but with more pizzazz”

  • “No one knows for sure where this rapper’s from — could be the North African desert, the jungles of Vietnam, or another universe. All that matters is she’s here to stick up for misfits and underdogs everywhere.”

On Spotify, her music is classified as “horror-comedy”. And, honestly, you’ll both laugh and cry when you listen to it.

The Verge’s Mitchell Clark did God’s work and listened to all of her songs (10+) and dozens of TikTok raps. Here are some findings:

  • “Pho King Badd Bhech” has this iconic bar: “I’m a MF-ing bad bitch / go on, make me a samich / you annoying like vag itch”

  • “Moon n Stars” is a song about Ilya, who she calls “a weirder version of Larry David”

  • Any crypto raps? The song “SAASholes” makes fun of people collecting Cryptokitties. The song “Cutthroat Country” talks about phishing scams and has the line “all your funds transferred”.

  • In this now-viral TikTok vid, she’s talking about Bitcoin and Ethereum as well as meme stocks like GameStop and AMC. (“Yolo” and “HODL” are awkwardly rapped together)

The rapping is so bad that the whole thing has a performance-art feel. Remember, she’s a big Sacha Baren Cohen fan. For the sake of this article, though, let’s grant Razzlekhan the title of “rapper”. Does that make her the richest rapper in the world?

The answer is “yes” and she’s almost as rich as the next four (Kayne, Jay-Z, Dre, Diddy) combined.

This leads me to believe the the real end game with Razzlekhan was to absolutely blow up as an artist and become the perfect vehicle to launder the Bitcoin money.

My prediction: she does a few years in prison and — based on the notoriety — ends up with a rap career anyways. Don’t forget that the “cash me outside / howbow dah” girl turned a viral Dr. Phil clip into a career as Bhad Bhabie. And the title of her 2018 single that hit the Billboard charts sounds like Razzlekhan wrote it: “Hi Bich”.

It could happen. And how fast would Netflix be on that one?

What were the best memes?

So many:


An Indian hacker claims to be the first person to hack Bitfinex. He isn’t officially linked to the 2016 hack and nothing suggests that Ilya and Heather know him but my best guess is that — through their international travels and networking — the couple met hackers from emerging market countries and offered their “Western know-how” to launder funds. The internet is also telling me it’s all a set-up and that they are taking the fall. Clearly, I’m going to write a follow up when more details come out.

This separate connection was also brought to my attention:


What’s happening to the recovered Bitcoin? There’s quite a bit of controversy but the TLDR is that:

  • At the time of the hack, Bitfinex reduced all account holdings by 30% to absorb the hack

  • It credited the accounts with a Bitfinex token, which were all redeemed

  • Now, some customers are saying — because of the rise in BTC since 2016 — they should get their BTC back

  • Others customers (and Bitfinex) are saying “well, actually, we made everyone whole years with our exchange token schemes (there was more than one) and you should kick rocks if you want more)


I now understand that the Forbes “contributor” blog network is basically the equivalent of Harvard Extension School. Pure selling of the name. Here’s a great breakdown from Byrne Hobart’s The Diff:

“For a company that covers business news, and a brand that’s over a century old, Forbes has a surprisingly large digital audience: 42 million social media followers, and 100 million monthly visitors according to SimilarWeb. One reason for this is that Forbes has engaged in yet another arbitrage: while their longstanding brand name and their remaining print business gives them some cachet, a lot of the editorial input comes from outside contributors. They have 176 people in their editorial staff, and 2,650 outside contributors. These contributors used to be unpaid, and now make $250 per month if they publish five times a month, with some revenue sharing.

Part of the appeal of freelancing for Forbes, rather than writing for someone else who pays more, is the ability to say you’ve been published in Forbes. It’s a bit like the reputational arbitrage of the Harvard Extension School, whose graduates can, technically, put “Harvard” on their résumés. For Forbes, it’s a way for them to continuously crank out content that’s hosted on a very trusted domain: it’s an SEO play.”