Explained: The US Government - Bitfinex Hack (October 2024)

In October 2024, an estimated $20 million in crypto was likely stolen for the second time. Suspicious outflows from a blockchain wallet controlled by the U.S. government resulted in $20 million from the Bitfinex hack being transferred to other accounts before being returned to the original wallet.

Inside the Attack

In 2016 the Bitfinex crypto exchange was hacked for crypto worth approximately $72 million at the time. In the wake of the hack, U.S. law enforcement identified and arrested the two people behind the hack in 2022, a married couple named Ilya Lichtenstein and Heather Morgan. The government also seized approximately $20 million of the stolen crypto and has maintained possession of it since. This marks the largest single seizure of cryptocurrency by the U.S. government.

In October 2024, these funds were transferred out of the government-controlled wallet and moved into a five-day-old wallet. From there, the stolen funds were moved through various blockchain accounts, likely in an attempt to conceal their source. This included transfers to instant exchanges that derive their liquidity from Binance and are commonly used for money laundering.

While the incident hasn’t been officially reported as a hack, the on-chain movement of the $20 million likely indicates malicious activity. The lack of official acknowledgment also means that the root cause of the hack is currently unknown. The most likely explanation is that the private keys used to control the associated wallets were compromised and used to perform the transfers.

Within 24 hours of the incident, the vast majority of the funds — $19.3 million — were transferred back to the government-controlled wallet. The speed at which this was accomplished — despite the lack of official communications regarding the incident — reinforces the theory that the incident originated from compromised private keys. With visibility into who potentially had access to these keys, the U.S. government would have been able to identify the culprit and induce them to return most of the stolen crypto.

Lessons Learned from the Attack

While the root cause of this incident isn’t known, the most likely explanation is that the private keys used to control these wallets were compromised by an attacker. This incident demonstrates the importance of strong access control for private keys from both a positive and negative perspective. On the negative side, an attacker managed to steal $20 million in crypto. On the positive side, the vast majority of this crypto was rapidly reclaimed, likely because the U.S. government was able to identify and put pressure on the attacker.

Private key security is critical to blockchain security. For best practices on how to protect your private keys, check out our blog on private key security.