Early Release of Ilya Lichtenstein Following Bitfinex Hack
Ilya Lichtenstein, who faced sentencing last year for his involvement in a significant money laundering case linked to the infamous 2016 Bitfinex cryptocurrency exchange hack, has recently announced his early release. He shared his news on social media, attributing his early return to the provisions of the First Step Act, a U.S. law aimed at reforming the federal prison system.
Understanding the First Step Act
Enacted during the Trump administration in 2018, the First Step Act is designed to enhance the criminal justice system by implementing various reforms. Among its key features is the establishment of a “risk and needs assessment system,” which evaluates inmates’ likelihood of recidivism and sets a pathway for early release in certain cases. This legislation has opened doors for several inmates, including Lichtenstein, to re-enter society sooner than expected.
Details of the Bitfinex Hack and Subsequent Charges
In 2023, Lichtenstein and his partner, Heather Rhiannon Morgan, pleaded guilty to charges stemming from the Bitfinex breach. This major incident allowed Lichtenstein to illegitimately authorize over 2,000 transactions, resulting in the theft of 119,754 bitcoins, valued at approximately $71 million at that time. Following their arrests in February 2022, he was sentenced to five years in prison in November 2024.
Law Enforcement’s Recovery Efforts
Authorities managed to recover around 94,000 bitcoins during their investigation into the hack, which was valued at about $3.6 billion in 2022. This recovery stands as one of the largest in U.S. history. In January 2025, prosecutors initiated proceedings to return the seized assets to Bitfinex, aiming to rectify the significant financial loss the exchange suffered.
The Mechanics Behind the Hack
According to blockchain analytics firm TRM Labs, Lichtenstein identified and exploited a flaw in Bitfinex’s multi-signature withdrawal system. By doing so, he managed to initiate withdrawals without approval from BitGo, the third-party trust company entrusted with securing the transaction process. This critical vulnerability paved the way for the extensive theft.
The Aftermath of the Theft
Following the hack, the stolen bitcoin was laundered through various channels, including crypto mixing services like Bitcoin Fog. Lichtenstein and Morgan’s actions came to light when they were discovered using the stolen bitcoin to acquire Walmart gift cards via an unidentified virtual currency exchange. The gift cards were then redeemed using an account linked to Morgan, raising further red flags.
Updates from Lichtenstein and Morgan
In late 2025, Morgan, who received a shorter sentence of 18 months, revealed on social media that she had been released a month prior. She described her time in prison as “chill,” alluding to a relatively comfortable experience. Lichtenstein’s recent announcement—where he expressed a desire to make a positive impact in the field of cybersecurity—indicates their aspirations to reshape their futures post-incarceration.
Official Statements on Early Release
A spokesperson from the Trump administration highlighted that Lichtenstein had served “significant time” of his sentence and is now under home confinement in compliance with relevant statutes and Bureau of Prisons guidelines. Morgan echoed this sentiment, sharing on social media her joy over having Lichtenstein home after years apart, stating it was the best New Year’s gift she could have received.
