The Bitfinex Bitcoin Heist With Dutch And Razzlekhan

Join us to hear the story of Ilya “Dutch” Lichtenstein, a Bitfinex hacker, and his bedazzled, rapping, and money laundering wife Heather “Razzlekhan” Morgan. Together they stole over $5 billion worth of bitcoin from Bitfinex. This is eCrimeBytes.com Season 2, Episode 10, Act 3: The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 3: The Search Warrant.

Spoiler Alert: Razzlekhan’s music is so bad it makes BigRigBaby look like Dr. Dre.

For the background, please see the prior acts:

The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 1: The Hack

The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 2: The Launder

Sources:

Transcript:

00:00:10:00 – 00:00:51:10
Keith
Hey, welcome back to eCrimeBytes. This is season two, episode ten, Act three of Dutch and Razzlekhan. Dutch is a Bitfinex hacker. Razzlekhan is a rapper turned money launderer. They’re married and they stole at the time it was $71 million that appreciated to 2022 of about $5 billion. So they’re sitting on a ton of money and we last left you with them, trying to launder it in any way possible, either using, you know, compro like fake accounts that they buy online to Razzlekhan’s legitimate businesses.

00:00:51:10 – 00:01:03:01
Keith
They were stuffing cryptocurrency everywhere to try to make it look legit so that they can buy the stuff that you’re going to see in this act which is a lot of fun. So

00:01:03:01 – 00:01:23:05
Keith
November 2021, Dutch and Razzlekhan inadvertently find out they’re being investigated. And I say inadvertently because typically in the investigation process, what happens is law enforcement will issue or they’ll do their court process, subpoenas and so forth behind the scenes.

00:01:23:07 – 00:01:44:02
Keith
And the defendant won’t know that they’re being investigated and they will go to places like Google and say, I want this person’s email. They’ll go to your cell phone place and they’ll say, I want all his cell phone transactions and it’s text messages and all that stuff. And they go to all these different spots where you’ll have data and they do it in a manner that you won’t know.

00:01:44:02 – 00:02:08:20
Keith
So you won’t be you won’t you’re suspicion won’t be alerted and you won’t go out there and delete a bunch of evidence. Okay. So obviously, the company that they’re getting data from know and in this case, that company that law enforcement was getting data from inadvertently notified Dutch and Razzlekhan before they were supposed to know. So they knew that they were under investigation.

00:02:08:20 – 00:02:14:28
Keith
So immediately, you know, Dutch went out there and started deleting logs and

00:02:14:28 – 00:02:34:17
Keith
they tried deleting data from devices around the house. And there was even an instance where Dutch and Razzlekhan threw a computing device down a garbage chute when they said it had evidence on it. Now, I wish I knew what of these pictures that was from or where they found this information, but that was it.

00:02:34:24 – 00:02:56:15
Keith
That was just one mention of the garbage chute computer. And now I was like, These people mean business. But hey, all that they they’ve got more, we’ve got more. So there’s a search warrant at 75 Wall Street, New York, New York. Okay, Seth is from that area, I’m going to explain it for people not from this area. Wall Street is an expensive fucking place to live.

00:02:56:18 – 00:03:03:27
Keith
And you see a low number like 75 on Wall Street immediately got to see what the inside of this apartment looks like.

00:03:03:27 – 00:03:23:09
Seth
So first on Wall Street, you know, historically has been a place of, you know, high finance is only really in the late eighties, early nineties, where they started converting some of these buildings into mixed use for apartments. But it is clearly geared towards people who work on Wall Street and thus, you know, you work in 15, 18 hours a day.

00:03:23:09 – 00:03:42:13
Seth
They figure why would you want to commute live here? So these are by and large, like any other New York City apartment, but these are especially high end, expensive apartments that you can see are right near the water. Like literally they’re a block off the water there, if you can see the picture. And as Keith said, the lower the number, the further down you are towards the battery.

00:03:42:13 – 00:03:47:03
Seth
So it’s. Yeah. And we’ll show some pictures. Super fancy.

00:03:47:05 – 00:04:04:20
Keith
Yeah. So I do I do have a maps on the screen I’m sorry audio listeners this is just you can imagine it’s right down there at the tip by the water. I mean, it’s the most probably the most prime real estate you could you see you could want especially you work in finance. So immediately I was like, I see the inside of this apartment

00:04:04:20 – 00:04:16:23
Keith
Seth and I started going to the realtor websites out there, and I found their 75 Wall Street number 35M listing. It looked like it was last purchased about three years ago.

00:04:16:23 – 00:04:26:20
Keith
I have a picture on your screen. This is kind of the the entrance picture when you go to the apartment and this website called StreetEasy.

00:04:26:22 – 00:04:34:22
Keith
So I sort of click it through the pictures. Right. Oh, before I let me stop I’m sorry, audio listeners, I got to describe some things to you. There’s

00:04:34:22 – 00:04:48:22
Keith
one very important thing on the screen, the price, which is $1.625 million for this condo, which is a one possibly two bedroom, depending on if you want to convert it or not.

00:04:48:24 – 00:04:58:17
Keith
But it’s by anybody’s standards outside of New York City, it’s a small apartment. You’re spending 1.6 million that and

00:04:58:17 – 00:05:01:18
Keith
let’s see, the square foot is probably on here.

00:05:01:20 – 00:05:07:18
Seth
I mean, we’ll look it up. It’s probably small. But keep in mind, you’re dealing with a high end building, right? The building charges alone,

00:05:07:18 – 00:05:19:13
Seth
common charges are like 1200 dollars plus monthly taxes. So you’re paying two grand just to be in the building for getting what, you know, your rent or your mortgages. So it’s a lot.

00:05:19:16 – 00:05:23:18
Keith
The square footage is 1040 for the whole. That’s fairly.

00:05:23:18 – 00:05:25:02
Seth
Large.

00:05:25:04 – 00:05:26:11
Keith
For for New York City.

00:05:26:14 – 00:05:29:25
Seth
Frankly, I’m surprised it’s not over 2 million, to be honest with you.

00:05:29:27 – 00:05:51:11
Keith
As it says, three rooms, one bed and two baths. So I will pop up a layout on your screen now. So this is the two different versions you can get of it. I don’t know which one they had, but the only difference I could see is up on the upper left hand corners of a dining room. There they’d convert a dining room into a bedroom, so you have an extra bedroom.

00:05:51:13 – 00:06:08:28
Keith
So then I start clicking through the pictures and this the like living area, which is absolutely fucking fantastic view that, I mean, I would never leave my house if it looked like that. You could just see across New York City. I mean, it’s a nice high view you could see.

00:06:09:01 – 00:06:15:00
Seth
Yeah they’re on the 35th floor and have a total view of they probably could see the Statue of Liberty from the certain window.

00:06:15:03 – 00:06:19:04
Keith
It’s just all windows. Yeah, it’s all windows. And then

00:06:19:04 – 00:06:23:00
Keith
in the bathroom, that’s all the windows too. So you got

00:06:23:00 – 00:06:28:07
Keith
a tub on one side that’s like actual window there and you know,

00:06:28:07 – 00:06:29:15
Keith
walk in shower and stuff and

00:06:29:15 – 00:06:39:29
Keith
really nice you know, marble ish looking counters and stuff on the right hand side. And I was like, Damn, I couldn’t imagine taking a bath and actually staring over New York City like that.

00:06:40:01 – 00:06:56:20
Keith
This is their bedroom. You know, it’s pretty much it’s almost views everywhere except for a wall kind of in front of them. But again, you can see across New York City and I will tell you that I didn’t put a picture in there, but there’s an actual deck outside to that,

00:06:56:20 – 00:06:59:04
Keith
I don’t know if it’s a veranda or what they call the condos.

00:06:59:04 – 00:07:00:03
Keith
But it’s

00:07:00:03 – 00:07:16:01
Keith
an outdoor space where you can go out and put chairs and stuff and it’s kind of nice out there as well. So there was a search warrant that happened on January 5th of 2022 at this really swanky apartment. I bet you the neighbors were probably like, Holy shit, what’s going on here? Because they’re all,

00:07:16:01 – 00:07:17:24
Keith
you know, very, very expensive apartments.

00:07:17:24 – 00:07:21:18
Keith
You don’t see search warrants probably every day there. So

00:07:21:18 – 00:07:27:28
Keith
when they got there, Dutch and Razzlekhan said, we don’t want to be here while you’re doing this. And

00:07:27:28 – 00:07:37:22
Keith
the agents, I imagine trying to be nice were like, okay, you know, you guys can leave. And they said, We got to get our cat. You know, we don’t want the cat to escape while you’re doing the searches, right?

00:07:37:22 – 00:07:53:14
Keith
So let me take the cat with us. And they just said, All right, go get your cat. Well, apparently Razzlekhan came into her bedroom, crouching down next to her bed, calling the cat. But then grabbed one of her cell phones and then was repeatedly

00:07:53:14 – 00:08:02:09
Keith
trying to hit the lock, but basically make it so that an agent couldn’t go out there and open up her phone and at least in her mind, see the evidence.

00:08:02:09 – 00:08:12:05
Keith
I know from a computer standpoint they can lock it and you can still easily pull stuff off of it. But she thought she was locking it at the time to probably hide evidence.

00:08:12:05 – 00:08:15:26
Keith
And it wasn’t just her trying to lock it and they get it back. They actually had to

00:08:15:26 – 00:08:21:03
Keith
wrestle it from her, get it out of her hands, which I imagine was seeing enough of

00:08:21:06 – 00:08:26:14
Keith
just this tiny little girl trying to hold on to her phone and a bunch of agents trying to get it away.

00:08:26:16 – 00:08:32:15
Seth
By the way, that’s totally like I would say, resisting arrest and also chargeable as a crime.

00:08:32:18 – 00:09:00:00
Keith
Yeah. So under the bed, agents locate a bin and there’s various bags in this bin holding multiple cell phones. And if you listen to any of our other episodes, I think I’ve ever said, like who has multiple cell phones these days? But she had multiple cell phones and in there she has multiple SIM cards and assorted electronics. So I imagine that’s like tablets and, you know, accessories and things.

00:09:00:02 – 00:09:25:12
Keith
Now they get this. If this isn’t the fucking smoking gun of this whole case, I don’t know what is. On one of the bags the words burner phone were written. So we knew exactly, exactly what that particular phone was used for. Seth and I have pictures of all this. This is the one I have on your screen is just the bag full of tons of phones that she has.

00:09:25:12 – 00:09:41:26
Keith
And if I just kind of eyeball this, I would say maybe it’s a dozen ish phones that we can see in the picture. And then if I advance to the next picture, you see the burner phone bag that literally says burner phone handwritten there on the bag and it has some computer stuff inside.

00:09:41:26 – 00:09:48:22
Seth
I love the I love the practicality of like physically writing on. By the way, this is the burner phone.

00:09:48:24 – 00:09:58:04
Keith
Yeah. Anybody else would probably think in their mind the yellow phone is the one I need for burner phone and the red phone, my non burner phone. But hey, she actually wrote it.

00:09:58:04 – 00:10:15:10
Keith
There were multiple hardware wallets and we’ve talked about this in a bunch of episodes. I can’t tell you all the ones off the top of my head because there’s at least four or five hardware wallets let you store cryptocurrency and them offline.

00:10:15:13 – 00:10:19:25
Keith
Trezor is one of those types of wallets. You’re going to see a picture here in a second of a Trezor wallet.

00:10:19:25 – 00:10:22:19
Keith
this one that’s on your screen is the access token.

00:10:22:19 – 00:10:29:27
Keith
The next picture that I’m popping up for you are the hardware wallets and stuff.

00:10:29:29 – 00:10:36:24
Keith
You can barely see it because they photographed black device on a black background, but kind of under the right

00:10:36:24 – 00:10:48:16
Keith
lower side of that purse looking thing. There’s a black device actually sitting on that table. That’s the Trezor wallet. Because it’s black, the screen is black, everything is black. And it just kind of blends in. And then you see

00:10:48:16 – 00:10:51:09
Keith
these USB dongles. One says like personal and business.

00:10:51:09 – 00:10:58:29
Keith
And I imagine she probably had some actual normal non crime stuff in there too. That was.

00:10:59:01 – 00:10:59:15
Seth
Maybe.

00:10:59:15 – 00:11:27:01
Keith
If the burner if the burner phone was not enough to make you say guilty. There was this book that Dutch decide to how out to hide something in it. Now there was nothing hidden in it. When they got there, they searched their place, but they did find the book and it was hollow on the inside. So if he would have put something in there, they would definitely have found it is what I think they’re probably showing you.

00:11:27:01 – 00:11:28:13
Keith
There now.

00:11:28:13 – 00:11:46:27
Keith
There is a shit ton of cash. There was at least $40,000 in cash. I’m showing you a picture here. Just it’s like a wallet and it looks like brand new bills in there. And it’s if it’s $40,000, that was it got to be high, high amount of bills there because there’s not a lot of cash for $40,000.

00:11:46:29 – 00:12:01:13
Keith
They had identification documents. So, you know, here’s some passport type of looking things. And then they blacked a big chunk of this image out. And I couldn’t tell you what’s under there. They didn’t even allude to it in the court paperwork.

00:12:01:13 – 00:12:28:08
Seth
Following up on the search warrant, the authorities found other stuff and this other stuff relates more to clearly Dutch and Razzlekhan were, I guess, rainy day thinking, well, if anything about really, really heavy duty, we have to get the fuck out of Dodge. So what did the authorities found? Find they found in their stored cloud accounts several types of incriminating documents.

00:12:28:08 – 00:12:55:04
Seth
One was a text file that said passport ideas. And on that text file there were links to different Darknet vendor accounts that apparently offered passports or identification cards for sale. They also found that a file that said vetted vendors that contained a list of Darknet vendors offering for sale identification documents, passports and debit and bank cards. And there’s pictures of that corresponding.

00:12:55:07 – 00:13:06:12
Seth
They also received meaning the defendants, a package containing ID information for Russian personas from a Darknet vendor. None of this is not sketchy.

00:13:06:14 – 00:13:27:15
Keith
And I think that was the last picture that I showed you, which is, you know, the passports and stuff. I think that’s what they’re referring to. So that’s why I put those two together. I don’t know for sure, but I do a lot of research and it seemed like it went together, isn’t it? So this is this is the file and I hate I’m going to show it to you.

00:13:27:15 – 00:13:46:04
Keith
This is a file that they found you only could see about half of it. There’s so much redaction in here. And you can tell there’s a Tor address because there’s the onion in there, but it can’t tell you. You know, you don’t know what it is. Everything else is redacted. And then there’s this line that says, RU internal passport photo replacement.

00:13:46:04 – 00:14:15:26
Keith
And that’s another Tor network, The Onion address, which is the darknet. And then there’s another line, Is this real Russian passport from Lugansk. Lugansk. Thanks must pick up in person forum thread and then there’s a URL that’s blacked out. And then there’s another one says DM passport scans live drops and there’s another URL that’s blacked out. And then the last line says EU doc fakes and again, another URL that is blacked out.

00:14:15:26 – 00:14:39:02
Seth
So what else did we find here? The cloud storage account also had several folders containing Russian and Ukrainian persona information in the form of passports, ID information, and biographical information for numerous individuals, both male and female. Johns. I do wonder why do they have so many different like repetitive versions of the same stuff? It’s like they were really, you know, backing up their processes here.

00:14:39:05 – 00:14:58:03
Keith
It was the money laundering that they were doing remotely where they hired people and did that whole big scheme where they had mules over there opening things up. I think they probably had all that documentation to support that whole storyline and to try to money launder through there. That that was that was my take when I read it.

00:14:58:03 – 00:15:23:25
Seth
There was a spreadsheet that detailed the log in information and the status of many of the accounts. That’s the currency exchange accounts used to launder the stolen funds traced back to the hack that included notations confirming their status as frozen or emptied. The government also corroborated that spreadsheet accurately reflects the account status for accounts for which the relevant crypto currencies did freeze those accounts.

00:15:23:25 – 00:15:44:25
Seth
So the exchange is rather due to a suspicious activity. So it was definitely their stuff related to their hack. And then there were references in the defendants files. This is both of them as having some dirty and some clean wallets holding cryptocurrency, including wallets that had files with names that included variations of the word dirty.

00:15:44:27 – 00:16:08:10
Keith
So also I showed you the actual spreadsheet for our video watchers. Again, a lot of it’s redacted. They actually redacted a couple different full columns out of here, but this is actually what showed up in the court paperwork about this is the file that they found. And you can see in there, it’s kind of like a ledger. I can’t remember what episode it was on

00:16:08:10 – 00:16:31:24
Keith
but Seth and I, I remember Seth, you said, how does this guy keep something, keep his crimes straight? It’s spreadsheets like this. I imagine there’s criminals behind the scenes, either on paper or on a computer making spreadsheets of accounts like this. Because when you have any more than a couple accounts, you have to keep, you know, usernames, passwords and all the personal information and all that stuff to keep your crime going.

00:16:31:24 – 00:16:32:03
Keith
Yeah.

00:16:32:03 – 00:16:42:08
Keith
So as we talked about earlier, some of the cryptocurrency was converted to gold coins. There were 70 one ounce gold coins

00:16:42:08 – 00:17:06:02
Keith
purchased using this money. Now they basically they traced it using the receipts and things like that that they found in the apartment. They did not find the 70 one ounce gold coins at this point. They looked at Dutch and Razzlekhan’s residence and they also looked at their storage unit.

00:17:06:05 – 00:17:33:25
Keith
Both of them didn’t have it so that they’re probably will need a little cooperation to find out where that’s at and that’s going to come and act four, tomorrow, the plea. So I have to stop here. This is the end of Act three. We’ve just taken through basically they’re caught and all the evidence is on the table. And the last thing we’re going to leave you through is what they say happened in their plea and hope you come back and watch that.

00:17:34:03 – 00:17:54:21
Keith
If you like anything in this act, please like subscribe whatever application you’re on. If you’re on Apple podcast, a five star review, and just writing in the description box there, whatever episode was your favorite. That helps us out a lot if you haven’t been to our web site or if you haven’t been there in a while, please do go back to our website.

00:17:54:24 – 00:18:11:01
Keith
It’s ecrimebytes dot com and bytes is spelled the computer way b y as in yellow milk t e s. And with that I hope you’re on the edge of your chair to see what they say happens in the plea tomorrow with Dutch and Razzlekhan. Thanks.

DrKeithJones.com

The Bitfinex Bitcoin Heist With Dutch And Razzlekhan – Act 3: The Search Warrant

Sources:

Transcript:

Leave a Reply Cancel reply