Ilya Lichtenstein, Bitfinex Hack Convict, Released Early Thanks to First Step Act

Published:

spot_img

Jan 05, 2026Ravie LakshmananCryptocurrency / Financial Crime

Early Release of Ilya Lichtenstein Following Bitfinex Hack

Ilya Lichtenstein, who faced sentencing last year for his involvement in a significant money laundering case linked to the infamous 2016 Bitfinex cryptocurrency exchange hack, has recently announced his early release. He shared his news on social media, attributing his early return to the provisions of the First Step Act, a U.S. law aimed at reforming the federal prison system.

Understanding the First Step Act

Enacted during the Trump administration in 2018, the First Step Act is designed to enhance the criminal justice system by implementing various reforms. Among its key features is the establishment of a “risk and needs assessment system,” which evaluates inmates’ likelihood of recidivism and sets a pathway for early release in certain cases. This legislation has opened doors for several inmates, including Lichtenstein, to re-enter society sooner than expected.

Details of the Bitfinex Hack and Subsequent Charges

In 2023, Lichtenstein and his partner, Heather Rhiannon Morgan, pleaded guilty to charges stemming from the Bitfinex breach. This major incident allowed Lichtenstein to illegitimately authorize over 2,000 transactions, resulting in the theft of 119,754 bitcoins, valued at approximately $71 million at that time. Following their arrests in February 2022, he was sentenced to five years in prison in November 2024.

Law Enforcement’s Recovery Efforts

Authorities managed to recover around 94,000 bitcoins during their investigation into the hack, which was valued at about $3.6 billion in 2022. This recovery stands as one of the largest in U.S. history. In January 2025, prosecutors initiated proceedings to return the seized assets to Bitfinex, aiming to rectify the significant financial loss the exchange suffered.

The Mechanics Behind the Hack

According to blockchain analytics firm TRM Labs, Lichtenstein identified and exploited a flaw in Bitfinex’s multi-signature withdrawal system. By doing so, he managed to initiate withdrawals without approval from BitGo, the third-party trust company entrusted with securing the transaction process. This critical vulnerability paved the way for the extensive theft.

The Aftermath of the Theft

Following the hack, the stolen bitcoin was laundered through various channels, including crypto mixing services like Bitcoin Fog. Lichtenstein and Morgan’s actions came to light when they were discovered using the stolen bitcoin to acquire Walmart gift cards via an unidentified virtual currency exchange. The gift cards were then redeemed using an account linked to Morgan, raising further red flags.

Updates from Lichtenstein and Morgan

In late 2025, Morgan, who received a shorter sentence of 18 months, revealed on social media that she had been released a month prior. She described her time in prison as “chill,” alluding to a relatively comfortable experience. Lichtenstein’s recent announcement—where he expressed a desire to make a positive impact in the field of cybersecurity—indicates their aspirations to reshape their futures post-incarceration.

Official Statements on Early Release

A spokesperson from the Trump administration highlighted that Lichtenstein had served “significant time” of his sentence and is now under home confinement in compliance with relevant statutes and Bureau of Prisons guidelines. Morgan echoed this sentiment, sharing on social media her joy over having Lichtenstein home after years apart, stating it was the best New Year’s gift she could have received.

spot_img

Related articles

Recent articles

AI Enhances Attack Speed and Efficiency, But Defenders Can Leverage Existing Knowledge to Mitigate Risks

The Unit 42 2026 Global Incident Response Report from Palo Alto Networks highlights how threat actors are leveraging AI to enhance the speed and...

Lapses in Identity Lead to 79% of Ransomware Attacks, Sophos Report Reveals

According to a recent report by Sophos, lapses in identity are responsible for 79% of ransomware attacks, highlighting a critical area of concern for...

NSU Launches Cybersecurity Center to Enhance Research and Workforce Development in Bangladesh

North South University (NSU) has inaugurated its Cybersecurity Center to advance research, develop skilled professionals, and strengthen Bangladesh's resilience against emerging cyber threats. This...

Siemens ROX II Switches Vulnerable: Update to Firmware V2.17.1 to Mitigate CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949 Exploits

Siemens has issued an advisory regarding three critical zero-day vulnerabilities (CVE-2025-40948, CVE-2025-40947, and CVE-2025-40949) affecting its ROX II operational technology (OT) switches. These vulnerabilities...