The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 1: The Hack

Join us to hear the story of Ilya “Dutch” Lichtenstein, a Bitfinex hacker, and his bedazzled, rapping, and money laundering wife Heather “Razzlekhan” Morgan. Together they stole over $5 billion worth of bitcoin from Bitfinex. This is eCrimeBytes.com Season 2, Episode 10, Act 1: The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 1: The Hack.

Spoiler Alert: Razzlekhan’s music is so bad it makes BigRigBaby look like Dr. Dre.

Sources:

• https://www.courtlistener.com/docket/67625443/united-states-v-lichtenstein/
• https://www.courtlistener.com/docket/62981851/united-states-v-lichtenstein/
• https://www.courtlistener.com/docket/67625365/united-states-v-lichtenstein/
• https://www.courtlistener.com/docket/62984040/united-states-v-lichtenstein/
• https://www.justice.gov/opa/pr/bitfinex-hacker-and-wife-plead-guilty-money-laundering-conspiracy-involving-billions
• https://www.justice.gov/usao-dc/pr/husband-and-wife-plead-guilty-money-laundering-conspiracy-involving-hack-and-theft
• https://www.databreaches.net/husband-and-wife-plead-guilty-to-money-laundering-conspiracy-involving-the-hack-and-theft-of-billions-in-cryptocurrency/
• https://nypost.com/2022/03/22/bitcoin-couple-ilya-lichtenstein-heather-morgan-talk-plea-deal/ (Photos)
• https://www.linkedin.com/in/unrealdutch/
• https://twitter.com/heatherreyhan
• https://en.wikipedia.org/wiki/Heather_R._Morgan
• https://www.youtube.com/channel/UCU6zQo1qSp2EeJ0uiaSPHYA
• https://www.youtube.com/watch?v=g0S5Z1eLMCY&ab_channel=Razzlekhan
• https://www.instagram.com/p/Cvg-Sq4uTU2/
• https://www.instagram.com/heatherreyhan/?hl=en

Transcript:

00:00:10:00 – 00:00:33:26
Keith
Hey, welcome to eCrimeBytes Season two. We’re up to episode ten now. Oh, my gosh. I’ve been sitting on this for a couple of weeks. I couldn’t wait to record it. And we’re finally here. We’re finally able to record this. This is called the Bitfinex Bitcoin Heist with Dutch and Razzlekhan. And we’ve got some pictures of Dutch and Razzlekhan.

00:00:33:27 – 00:00:49:22
Keith
And right now I’m just going to go ahead and put the thumbnail picture that I have on our YouTube videos and stuff back in the video right now, because this one is just gorgeous. This is what I found with them together and I basically cut them out and put them in front of a digital background. But

00:00:49:22 – 00:00:54:17
Keith
she’s a rapper, so that’s kind of the background of this image.

00:00:54:21 – 00:01:07:27
Keith
She has a lot of rapper looking pictures like this where she’s I don’t know if it’s gang signs or what it is, but she’s kind of throwing up some signs with both hands, has her tongue stuck out. And there’s this I’d say very

00:01:07:27 – 00:01:14:29
Keith
unremarkable young man standing behind her. Right. Just kind of behind her supporting her. He’s not the focus of the picture.

00:01:14:29 – 00:01:19:06
Keith
He’s obviously not the focus of the picture. She is the focus of the picture.

00:01:19:06 – 00:01:19:21
Keith
So

00:01:19:21 – 00:01:28:15
Keith
with that, let me get you into this case. So this case, from a digital technology standpoint, there’s only a couple of things you need to know.

00:01:28:15 – 00:01:57:29
Keith
One is these things called exploits. And if you go, What the hell is that? Don’t worry. When a computer system has a vulnerability out there, meaning you see these things all the time, like iPhones has to be patched because of X, Y, or Z vulnerability. What happens is attackers can make these things called exploits that will exploit that vulnerability and then take access of the phone or the computer that they’re trying to go after if it has that vulnerability.

00:01:58:01 – 00:02:24:11
Keith
So that is one technology piece here. The other is Bitcoin tumblers and mixers. And we talked a little bit about this, what we’ve talked a lot about this in season two, episode seven, which is Larry and Gary Harmon, not to be confused with his other brother Barry. I’m just joking. There’s just two brothers. The crime here was theft of funds and money laundering.

00:02:24:11 – 00:02:44:10
Keith
And we talked about this a little bit in our last episode. Sometimes money laundering kind of fits the crime legally for the lawyers to argue it. And I think this is another one of those cases that even though they stole the money, they had to launder it to kind of hide it and that laundering to hide it, that’s what they are charged with

00:02:44:10 – 00:02:45:16
Keith
Criminal here.

00:02:45:18 – 00:02:51:07
Keith
And it’s actually plural. Husband, wife duo. I tell you, when I pick out these cases, sometimes I don’t know what’s in them.

00:02:52:14 – 00:03:08:11
Keith
So the victims here there, it’s a company called Bitfinex. It’s a crypto currency company. Just there’s a bunch of companies out there like this that you can do virtual coin trading at. Bitfinex is one company and they’re a victim.

00:03:08:11 – 00:03:20:28
Keith
And I had to think about a second victim. And this one was not hard. Seth. It was my fucking ears after listening to Razzlekhan rap because as part of my research, I learned all about that person as much as I can.

00:03:20:28 – 00:03:33:06
Keith
If they have a persona online, I go through like Instagram images and kind of learn a little bit about them. While she is a rapper and she has a YouTube channel and I listened to some of them and they were so bad, they’re so bad.

00:03:33:08 – 00:03:50:26
Seth
So I have to jump in on here. I have to jump in here Jones. So when Jones told me about this case and he said, Dude, you need to listen to this rap, it’s so bad. I’m like, Yeah, whatever. And I didn’t do it at that moment. And I say this because more of a I do like a wide variety of music, classic rock, but I like a lot of rap also.

00:03:50:28 – 00:04:12:15
Seth
And my son has a very one of my kids has a very specific sense of like his favorite rap is some obscure rappers and it makes me listen to it. And most of the time I can barely get through the song, let alone the album. Right? But when I heard this and I’m not trying to make fun of Razzlekhan because I gave her total props for having one of the best rap names I’ve ever heard, it’s fantastic.

00:04:12:15 – 00:04:34:08
Seth
Dig the name. She should get some credit for having a fantastic rap name, but that is where the greatness ends. I got to tell you, Jones, and I am probably going to get some shit for this. That was the worst shit I’ve ever heard was So he’ll let It almost was like if you watch enough Saturday Night Live and you see like the bits where like it’s clearly intentionally funny.

00:04:34:11 – 00:04:44:25
Seth
It was like that, but it wasn’t intentionally funny. And that’s what’s so great about it, is that it was so bad, you would think that it was intentionally bad, but it wasn’t. That’s how bad it is.

00:04:44:28 – 00:05:01:00
Keith
Yeah, it’s okay. That’s the audio. If you watch it on YouTube, the video that goes along with it is equally bad. Equally bad. Like horrible editing. Just just equally bad. So if you get a chance, I’m not going to be playing her stuff here because I don’t want to.

00:05:01:00 – 00:05:08:24
Keith
We’re not musicians. We’re not critiquing, you know, fair use is kind of iffy, I think, for us to play this thing if you want to see it, I got the links in our notes.

00:05:08:24 – 00:05:17:12
Keith
Just go there and she’s got a bunch of videos and I’m going to show you some of the thumbnails of some of these videos coming up. And they’re just they’re very funny sounding.

00:05:17:15 – 00:05:35:08
Seth
Might I suggest, if you’re going to go to the video I’m sorry if you’re going to go to the video on YouTube or wherever, stay for the comments because it’ll make your day. But the comments on her stuff are worth watching the stuff because that’s how great the comments are.

00:05:35:10 – 00:05:39:04
Keith
Yeah, they’re they’re really, really good.

00:05:39:04 – 00:05:58:26
Keith
All right. So the acts this week, we’ve got four of them for you. That’s our average week is four acts. We’ve got act number one, which is today. Monday. That’s the hack. Act two, which is tomorrow. Tuesday. That’s the launder. Then we have Wednesday which is act three, the search warrant. And act four, the plea. And I will say

00:05:58:26 – 00:06:14:27
Keith
next to the, you know Trevor Jacob video that we played and so forth, this is going to be a very picture intensive of episode because I’ve got a lot of pictures of where they lived and the search warrant and all that kind of stuff that are actually pertinent to the case, but also just kind of

00:06:14:27 – 00:06:30:15
Keith
interesting to see how they live when they had money. And if you’re just listening to an audio, we’re going to try to explain it here. But this is one of those episodes I do recommend if you have time to watch on video, go for it, because we put all these things on the screen as we’re talking about them.

00:06:30:15 – 00:06:38:06
Keith
And that way you can actually see what it is. And in that you have to rely on our probably pretty horrible descriptions of some of these things.

00:06:38:06 – 00:06:52:01
Keith
With that, let’s get started with Act One, the hack here. We’re going to meet one of the stars of the show. I was maybe even the star of the show, Heather Morgan.

00:06:52:04 – 00:07:10:01
Keith
Her rapper name is Razzlekhan. Now, if you haven’t seen our title, it’s in our title of this episode. I’m gonna spell it for you in case you can’t see it. You know if you’re listening to it. R a z z l e k h a n. And this is important because we’re going to come back to that.

00:07:10:01 – 00:07:13:14
Keith
Now. Razzlekhan, like I said, is a rapper stage name.

00:07:13:16 – 00:07:31:23
Keith
So right there, immediately when I got into this, I was like, I went from seeing this go across the wire of a husband and wife who stole money from Bitfinex to the wife is a rapper. And I was like, Holy shit, this is going to be an episode. I could feel it already. I thought it was a joke.

00:07:31:25 – 00:07:54:27
Keith
Then I started researching her, sort of looking at her YouTube. She has YouTube videos rapping about bedazzling. If you’ve never seen bedazzling is kind of like putting these little glitter things on clothing, but she calls it Berrazled based upon her name, and that’s all like a part of her persona too. I thought it was a joke. I thought I would click on it and have her, like, make fun of it.

00:07:54:27 – 00:08:11:07
Keith
But no, it’s like it’s a very serious. And I was listening to one of her raps and I had to pull out at least one line for you just to kind of give you an idea of the flavor of her raps. And this is one of my favorite lines where she says, like Genghis Khan, except with more pizzazz. That’s how she describes herself.

00:08:11:13 – 00:08:19:20
Seth
But to be clear, I don’t want people getting the wrong idea that she is like a PG or a G rated rapper. It’s not.

00:08:19:20 – 00:08:35:16
Seth
Some stuff is definitely filthy, which makes it even more kind of awkward and cringe worthy when it’s just because it’s so bad in how it’s delivered. But that specific line about bedazzling is definitely on the PG side.

00:08:35:19 – 00:08:57:22
Keith
So now she also claims she has a called and I may mispronounce this audience members. Listen, I try to at least pronounce everything once, no matter how long the name is or anything, because the name Keith Jones is really easy to pronounce. And I know that. And I try my best. So I try to murder it once on any word. And this here we go.

00:08:57:25 – 00:09:06:09
Keith
Synesthesia. I think is how to pronounce sin is synesthesia. Kind of like anesthesia, but it starts with synth.

00:09:06:11 – 00:09:07:22
Seth
Sure. Let’s go with that. ethia.

00:09:07:22 – 00:09:23:25
Keith
And what this is, is it’s a rare type or she has a rare type of this thing, which basically, as she describes it, crosses her senses, giving her phantom tastes and smells and more. And then immediately I was like, Oh my God, that would be horrible. Because, I mean, imagine like the

00:09:23:25 – 00:09:27:13
Keith
literal taste in your mouth of somebody were giving you a bunch of bullshit, right

00:09:27:13 – 00:09:27:22
Seth
Seth?

00:09:27:22 – 00:09:29:05
Seth
well said.

00:09:29:07 – 00:09:30:28
Keith
So this is her

00:09:30:28 – 00:09:38:00
Keith
YouTube like profile page that I am putting on the screen for you right now. And it highlighted in this box up here,

00:09:38:00 – 00:09:51:07
Keith
her subscriber count and the number of videos, which is like 2.36 thousand subscribers based upon 45 videos that’s that’s a pretty good ratio And I’m like how the hell did she get all this?

00:09:51:10 – 00:10:10:15
Keith
That was a point where I started researching. I listen to a video and then I was even more going, Well, the hell did she get all this? Because it’s so bad. But I just want to read just some things that she said about herself here. More for the audio audience here. She says Razzlekhan is a surreal artist and shameless rapper.

00:10:10:15 – 00:10:38:16
Keith
Her genre is horror comedy with a splash, a weird allure. She has a rare type of synesthesia, so her senses are cross, giving her phantom taste and smells and more. Razz is all about authenticity. Misfits, self-love, and social commentary. Her experience living in the Middle East, Turkey, North Africa and Asia, Japan, Korea, Hong Kong influence her art. Now this is what she says gets posted, and I’d say it’s probably kind of accurate.

00:10:38:19 – 00:10:44:21
Keith
Razz’s weird art projects, inspirational content to help you become your best self

00:10:44:21 – 00:11:07:21
Keith
do DIY art tutorials. And I guess that’s the whole berazzling thing that I was talking about earlier. It’s basically taking old clothes to make new streetwear fashion, she says. Unusual fashion ideas, wild stories from around the world. And she names some countries like Vietnam, Egypt, Ukraine, Turkey, Kazakhstan, etc. And you go, Oh my gosh, this woman is well traveled.

00:11:07:23 – 00:11:20:00
Keith
Yes, remember that because she’s one of the main criminals here. And later on, when there’s the whole arguing of should we but should we detain them or not? Well, these people are very well traveled, as we can tell, by their own admission.

00:11:20:00 – 00:11:26:19
Keith
And then she talks about she has things like synesthesia inspired recipes of women’s health issues and female empowerment.

00:11:26:22 – 00:11:50:01
Seth
And then I think you got to go back and mention she has ideas on how to optimize your home life and career. I found that especially interesting given how she was essentially a hardened criminal also. And just so we’re clear, we’re not making fun of her because she’s clearly maybe off the beaten path because she’s a terrible rapper making fun of her because she’s a criminal.

00:11:50:01 – 00:11:52:01
Keith
Criminal and a terrible rapper and.

00:11:52:01 – 00:11:53:02
Seth
A terrible rapper. Right.

00:11:53:08 – 00:11:57:28
Keith
Deadly man. That’s that’s what I’m saying. Like you don’t want to do electronic crime because Seth and I are going to end up.

00:11:57:28 – 00:11:59:28
Seth
Roasting coming at you.

00:12:00:00 – 00:12:11:27
Keith
All right? So I’m going to put I just picked like the most popular six of her videos and I have them on a screen now for video. people. And I’m going to read some of these for the audio people.

00:12:11:27 – 00:12:20:28
Keith
There’s Razzlekhan, Versace Bedouin. It’s official music video. That’s her most viewed video out of all of her videos.

00:12:20:28 – 00:12:24:13
Seth
So it’s something it’s something special. I watched it.

00:12:24:15 – 00:12:40:06
Keith
And then there’s her other music video, which is number two on the list. And that’s a pho king bad I think it’s supposed to be bitch. It’s b h e c h bitch. How clever. I’m assuming bitch.

00:12:40:06 – 00:12:48:21
Keith
Hey, man. Listen. I’m like, and I’m an old man. Even the fact that I even know that’s bad bitch. Just give me a little bit of credit here, all right.

00:12:48:23 – 00:13:10:09
Keith
So the next one is Razzlekhan social distancing. It’s kind of just nondescript. And then she’s got one of my favorite videos. This is the one I started with Seth, which is Razzlekhans’s berazzling. Do it yourself designer fashion. And it goes on to talk about her fashion. That’s the one I started on. I was like, Oh my God, is this a joke?

00:13:10:09 – 00:13:34:20
Keith
And then I clicked on something else and saw like, worse rap. And I was, Oh my God, we’re doing an episode. So number five is Razzlekhan’s social distance. And she’s got to like it has hazmat old Soviet style, like full face mask, gas canister mask. And it’s pretty creepy. And then she has Razzlekhan vacuum cleaner and you’re like, What kind of views are we talking here

00:13:34:20 – 00:14:05:18
Keith
Keith? Well, her top video is 364,000 views, and her sixth most popular video is still 18,000 views. So a video that literally says vacuum cleaner. And I don’t even know what it is, 18,000 views, which just blows my mind. So I’m going to switch to another picture here, which is the picture that they probably aren’t that happy about, which is their mug shot in Alexandria, Virginia, which is just outside DC.

00:14:05:20 – 00:14:16:06
Keith
You got Razzlekhan on the left and you’ve got Dutch her husband on the right. And Seth, why don’t you tell us about Dutch?

00:14:16:09 – 00:14:45:10
Seth
So let’s talk about Ilya Dutch, which is a nickname, Liechtenstein. He is Razzlekhan’s or Heather Morgan’s husband. He’s a dual citizen of both Russia and the U.S., apparently from Chicago and to 2016. Mr. Lichtenstein, We’ll call him Dutch. It’s easy to remember. Exploited and we talked about that earlier, remote servers at Bitfinex. And we talk about what Bitfinex is, right?

00:14:45:10 – 00:14:56:00
Seth
So Dutch utilized a number of advanced hacking tools and techniques commonly known as exploits, and it did that to gain unauthorized access to certain computers servers.

00:14:56:03 – 00:15:18:01
Seth
He also use pen testing software frequently used by cybercriminals as well as cybersecurity practitioners, because this software provides data about security vulnerabilities and assists in simulating cyber attacks and also helps figure out how the system would respond. So this is a guy that’s an expert in these kinds of exploitations and hacking techniques.

00:15:18:03 – 00:15:41:25
Keith
Now, Seth said pen testing software. And if you’re not a computer person, if you’re not a cybersecurity person, you probably don’t know what that means and that means penetration testing. And then if you’re a child like me, the inside of your mind just start laughing and you’re like, I can’t believe they said penetration testing on the air. Yeah. That’s actual real process in cybersecurity where they test the security of systems and networks and so forth.

00:15:41:25 – 00:15:45:20
Keith
So this type of software is an offensive type of software.

00:15:45:20 – 00:16:06:01
Keith
It’s not like a protection device, like your firewall or anything like that. It’s something that a security consultant usually uses in order to tell a corporation where they need to patch their vulnerabilities. But this guy Dutch used it for hacking purposes,

00:16:06:01 – 00:16:06:11
Keith
Right.

00:16:06:11 – 00:16:42:09
Seth
So we know Dutch hacked Bitfinex. So he concealed his activities through a variety of means, including by routing his Internet traffic through the Tor network. We’ll talk about that maybe when we’re done, Keith. Through compromised computers that he purchased via a dedicated remote desktop protocol marketplace. We’ll talk about that. And through intermediate proxy servers, which are services that act really as a gateway between users and the Internet, including one that’s called SOCKS, which is really for residential proxies rented via online marketplaces, also called Socket Secure.

00:16:42:12 – 00:17:13:11
Seth
It’s an Internet protocol that exchanges network packets between a client and a server by using a proxy server. This is fairly technical. We know that Dutch was pretty clever here. He worked late at night to give the appearance that he was operating from another country. And though the servers that Dutch initially compromised did not provide access to virtual currency wallets, he was able to use his access to compromise additional servers and subsequently defeat numerous security measures on a specific victim.

00:17:13:11 – 00:17:15:20
Seth
We’ll get to this victim’s network.

00:17:15:23 – 00:17:33:09
Keith
And all that stuff that Seth said we’ll get to later, I’m going to get to it now. So the Tor network is the special browser that you use to get on the darknet, and you can basically use it to hide your IP address so it makes it look like you’re coming from somewhere else. Under the same thought.

00:17:33:09 – 00:17:56:29
Keith
There is the ability to buy remote desktop protocol computers. What does that mean? It means you can log in as a remote desktop to, say, a cloud service and use it like a computer. It looks like just as if you were at your laptop, if you had a Windows machine in your laptop, you would have this Windows machine in the cloud and you could do things through there.

00:17:56:29 – 00:18:04:28
Keith
And because you’re doing it through that instance in the cloud, that IP address will show up in the victim log.

00:18:04:28 – 00:18:21:13
Keith
Now, the piece I didn’t slide in there and on ya is the compromised computer. So typically this isn’t attackers don’t do this with just normal cloud resources. What they do is they compromise somebody else’s cloud resources and then use them.

00:18:21:13 – 00:18:34:27
Keith
And then the last one is socks. And just like Tor and just like RDP, where the attacker tries to make it look like it’s not them showing up in their victim log, socks it’s just another way to separate the IP address from the victim.

00:18:34:27 – 00:18:48:25
Keith
So it shows up from this thing called a sock server. That one’s a little more difficult to explain, but it’s basically a man in the middle between you and anywhere else you’re going to go. And places like the Web.

00:18:48:25 – 00:18:49:17
Keith
All right.

00:18:49:19 – 00:18:57:01
Seth
So through his access and through his processes, Dutch actually gets keys to the proverbial kingdom here.

00:18:57:01 – 00:19:17:19
Seth
His initial access into Bitfinex was okay, but it got a lot better when Dutch found the Bitfinex keys to authorize transactions for Bitfinex and their customers. So this is a very heavy duty. So he ultimately gained access to the keys or credentials used to authorize transactions involving virtual currencies held by victim VCE.

00:19:18:11 – 00:19:54:17
Seth
So Dutch ultimately gained access to the keys or credentials used to authorize transactions involving virtual currencies held by the victim here. It included funds belonging to the customers around August 2016, Dutch used his access to the victim’s keys to fraudulently authorize more than 2000 transactions, in which around 120,000 Bitcoin. That’s like hundreds and hundreds of millions of dollars were transferred from the victim’s wallets to an outside wallet.

00:19:54:19 – 00:20:10:08
Seth
Under Dutch’s custody and control. At the time of the hack, the stolen virtual currency was valued at around 71 million, but that was five or six years ago, about seven or eight years ago. So now the value is exponentially larger. It’s actually kind of crazy.

00:20:10:10 – 00:20:13:24
Keith
Yeah. We’re going to hear in a second the wallet.

00:20:13:24 – 00:20:24:12
Keith
I want you to remember, though, as a listener, is this wallet we’re just going to call out 4s it’s just the last two digits on that wallet. Wallets are really large random looking strings.

00:20:24:15 – 00:20:37:16
Keith
This one ends in four s, and if you have trouble remembering it, just think iPhone four S, Right. I mean, something simple for us. We’re going to talk about this a few times later on when there’s money being transferred out of it. So

00:20:37:16 – 00:20:44:19
Keith
almost 120,000 Bitcoin, it was just a few shy in February of 2022, which is later.

00:20:44:26 – 00:21:06:15
Keith
This is recent. I mean, this is just last year, over $5 billion. So $71 million went to $5 billion in that time. So talk about appreciation as a hacker, right? I mean, I can imagine sitting on that as a hacker and going, holy shit, just watching your proceeds just go up and up and up and you hit that 1 billion mark.

00:21:06:15 – 00:21:10:18
Keith
Maybe hit the 2 billion mark, and it just probably losing your mind. And

00:21:10:18 – 00:21:30:00
Keith
when it was seized later on in February 2022, this is when it is 5 billion and this is what I’m going to use from now on, because this is just this is what it was when it was seized. It was $5 billion. If we compare this to somebody, one of my favorite guys, Jimmy Zhong from season two, episode one, he had $3.4 billion.

00:21:30:00 – 00:21:52:22
Keith
So we’re talking collectively to people added together for over $5 billion. And with that, that’s the end of Act one. We just walked you through the hacking portion of this. And if there’s anything you like in here, please do like subscribe whatever application you’re on specifically. If you’re on Apple Podcasts, please leave us a five star review there and tell us what your favorite episode was.

00:21:52:22 – 00:22:00:22
Keith
If it’s this one, just put the title in there, lets us know what people listen to and like the most, and I can try to aim other episodes towards that

00:22:00:22 – 00:22:07:21
Keith
and visit our website. Please do. If you’re watching this, you’re going to see our website on our video. I’m not even going to just ignore me for a second.

00:22:07:21 – 00:22:32:19
Keith
For audio listeners, it’s ecrime bytes, e, c, r i m e b y as in yellow milk t e s dot com. Go there and you can get to all our social media and everything across the top or that button up at the top. And with that, Seth and I hope to see you back on act two the luander because this is really where the crime that they get them for starts to happen.

00:22:32:21 – 00:22:34:26
Keith
Thanks.