The TikTokers Who Stole $12 Billion in Bitcoin

On the 3rd of August, 2016, thousands of users from a cryptocurrency exchange called Bitfinex logged on to their accounts to find that their money all of it – had been stolen. breaking overnight Nearly a hundred thousand bitcoins have been stolen from Exchange platform Bitfinex Bitfinex had been the victim of a highly sophisticated cyber heist. In a matter of hours, nearly 120,000 bitcoins had vanished from the exchange. That much was worth around $72 million then. Today, it would be over $12 billion. When high-profile attacks like this happen, law enforcement usually assumes they’re the work of drug cartels, North Korean hackers, or terrorist groups. Cryptocurrency is the perfect way for criminals like this to move money in the shadows. But in the case of the Bitfinex hack, that couldn’t be further from the truth. Behind this attack, was the most unlikely pair of people: Ilya Lichtenstein a Russian-American startup founder and Heather Morgan an economist turned internet rapper. Today, they’re known as the Bitcoin Bonnie and Clyde, and this is the story of how their bizarre romance turned into a national security threat, the world’s cringiest rap career, and the largest crypto heist in history. Two individuals in Manhattan this morning, and the seizure of a massive $3.6 billion worth of cryptocurrency. This is the largest seizure of cryptocurrency ever by US law enforcement. I hacked Bitfinex. the perfect heist is only possible with the perfect target, and as a hacker in the early days of crypto, you couldn’t have asked for a better one than Bitfinex And honestly, looking at how sophisticated these hacks are getting… it’s easy to appreciate tools that help you stay ten steps ahead, not just in crypto but in everything digital. That’s where ChatLLM Teams from Abacus AI comes in a powerhouse of the world’s smartest AI models like GPT 4.1, DeepSeek, Gemini 2.5 Pro, Grok, Claude Sonnet 3.7, and more, all in one place. with RouteLLM, you don’t even have to think about which model to use. You just type your prompt, and it figures out the best one for you. Automatically. Smooth. But this isn’t just about chat. You can generate images and videos IIt supports top tools like ChatGPT Image Gen Mode, DALL-E, Ideogram, Runway, Kling 2.0, and many more - so your visual content is just a simple prompt away. They’ve recently introduced DeepAgent - The God Tier AI Agent that literally does everything. Want to build a site, app, presentations, research reports or even games?. It’s called Vibe coding basically, you describe what you want, and it does for you… Do you work a lot with files? Upload a PDF and instantly summarize, analyze, or ask questions about specific sections. No more scrolling through hundreds of pages. And one of my favorite bits? Humanize feature. You know how AI responses can sound... dead inside? This fixes that. Makes everything sound like a real person wrote it. All of this — ten bucks a month. That’s it. Way affordable than pricing it together tool by tool. Click the link in the description and sign up at chatllm.abacus.ai. Now back to Bitfinex. When it launched in 2012, Bitfinex offered a convenient way for people to buy, sell, and store cryptocurrency. In that sense, it was like any other exchange, but unlike many of its competitors, it was built from the ground up for crypto’s most active traders. Bitfinex had advanced features like peer-to-peer margin trading and lending, so before long it had attracted a substantial number of so-called ‘’whales’’, whose transactions could sometimes total millions of dollars. However, Bitfinex wasn’t exactly the safest platform, and in May of 2015, it was hacked. 1,500 bitcoins – worth around $350,000 at the time – were stolen. Now, this wasn’t enough to bring the company down, but it was a wake up call. To level up their security, Bitfinex partnered with BitGo a company that specializes in storing cryptocurrency safely, and together, they designed a new system. In the previous hack, the attackers had gained access to some of Bitfinex’s private keys, which are ike the passwords to a crypto wallet. Once you have them, you can transfer all its funds. But now, instead of a single private key, every wallet on Bitfinex would have 3: one from Bitfinex, one from BitGo, and another one as a backup, and in order to withdraw any funds, you would need at least 2 of them. The idea was simple: even if someone managed to breach either Bitfinex or Bitgo, they’d still need the other key to move any funds. This is called a multi-signature wallet system, and on paper it had no single point of failure, so Bitfinex was convinced their customers would be safer than ever. But unfortunately, they were wrong. This system had a gaping security hole, and it didn’t take long for someone to find it. On August 3rd, 2016, the top 2000 wallets on Bitfinex suddenly started transferring their funds to an outside wallet. None of the users had approved thetransactions, but in just 3 hours, their balances were reduced to 0, and a collective total of 119,754 bitcoins had disappeared. Somehow, someone had hacked the system. The only question… was who. growing up, I did not have a lot of friends, and it was really hard because no one really believed in me, understood me, supported me. Heather Morgan wasn’t like the kids she grew up with, but she was exceptionally smart. Because of her father’s job, Heather traveled all around the world, and she became fluent in Japanese, Korean, Cantonese, Arabic, Russian, and Turkish. Eventually, she graduated in international relations and economics from the University of California, Davis, and found an entry-level job at the World Bank in Cairo. And even though she wasn’t technically working as an economist there, Heather signed off her emails as Heather Morgan, economist, entrepreneur, and hustler. You see, Heather was desperately ambitious. She was determined to become rich, famous, and powerful, make your dreams a reality. so in 2013, she moved to Silicon Valley, where anyone could become an overnight millionaire. I learned from some really smart people in Silicon Valley when I lived there, and all of them were entrepreneurs in the tech space, and even though she didn’t know anyone there, it didn’t take long before she started making waves. One of Heather's unique talents was social engineering – which is just a nicer way to say manipulation. Basically, she was really good at meeting important people, catching their attention, and using them to get something she wanted. When Heather got to the Valley, she met the founder of a gaming company from the Middle East who gave her a job. But instead of a salary, Heather worked out a deal where she got paid in introductions to important people in the tech industry. Unconventional… but it paid off. Eventually, Heather charmed her way into a startup accelerator called 500 Startups. Every year, they would pick 500 new companies, mentor the founders, and hope someday, one of them became worth billions. This… is where Heather met her partner in crime. Ilya Lichtenstein wasn’t like the kids he grew up with either. He was a Jewish immigrant from Russia, and small, so an easy target for bullies. He didn’t even bother trying to fit in, and instead, he became obsessed with computers. Ilya’s school was part of an experimental education program that let students access state-of-the-art technology. While other kids were playing outside, he was learning everything he could about programming. During college, Ilya started a few small businesses like a dating site and an e-commerce store selling brain supplements. He was making more money than any of his classmates. But his real breakthrough was Mixrank a company that scraped the internet for ads, tracked which ones had the best performance, and sold those insights to marketers. Investors loved it even Mark Cuban put money in. Mixrank was an instant hit, and its success got Ilya invited to be one of the mentors at 500 Startups. And so in the summer of 2013, Ilya was giving a talk about marketing, and it just so happened that Heather was in the audience. When Heather approached him looking to network, Ilya pursued her relentlessly. At first, Heather wasn’t interested. He was not the kind of high-status, flashy guy she usually went for, but Ilya was persistent, and eventually, she let him in. Their relationship, to say the least, was unusual.. Nobody was sure if they were roommates or romantic partners, because they seemed like polar opposites. Heather had an almost manic energy, and Ilya, on the other hand, was reserved. underneath the surface, they had a lot in common. They had both spent their lives feeling like outsiders, and they were both smart, strategic, and deeply… obsessively ambitious. At first they channeled that energy into their businesses. In 2014, Heather launched Salesfolk, a marketing startup that sold cold email campaigns. Hi, I'm Heather Morgan. The CEO and founder of Sales folk. And in the last 10 years, I've written more than 10,000 cold emails. Not the most groundbreaking business, but Heather knew how to make herself sound like an expert. She claimed to have discovered a secret formula that could drastically increase email response rates, and that was enough. Meanwhile, Ilya’s company, Mixrank, was growing like never before. The product worked, customers were signing up, and the company was getting ready for a massive expansion. But suddenly — everything stopped. At the end of 2016, Ilya just stopped showing up at Mixrank. One day, out of nowhere, Heather fired all her employees at Salesfolk too. Something had changed. In public, Heather and Ilya were seen as these hardworking entrepreneurs. Strange as they were, everyone thought they were just another Silicon Valley power couple – Nobody would have thought that they had just pulled off one of the biggest digital heists in history. They were now 119,754 bitcoins richer… but how? In 2015, Bitfinex upgraded their security systems to prevent ever getting hacked again, but they had overlooked a critical flaw. Inside the system, every user’s wallet had two main private keys, held by BitGo and Bitfinex respectively, as well as a backup, also held by Bitfinex. To start a transaction, you would need at least 2 of them, which in theory, meant the system had no single point of failure. But this was only true if the keys were held in different places, and the thing is… they weren’t. BitFinex was holding their main keys and their backups in the same server, so if anyone got in, they could steal… everything. It’s still unclear if Heather and Ilya knew this or if they just got lucky, but still, if they wanted to access those keys, they had to do 2 things. First, they had to hack into Bitfinex’s backend systems, and second, they had to get permission to access the keys. Now, how they hacked Bitfinex is mostly unknown. When Ilya – who did the hacking broke in, he used a number of sophisticated data destruction tools, leaving no trace of himself, or any clues as to how he got in. Bitfinex could only see what he did inside. To get the private keys, Ilya needed the server they were in to willingly give them to him. For that, he needed a special password which only certain people inside Bitfinex had. And somehow, Ilya knew the password that belonged to Giancarlo Devasini - Bitfinex’s Chief Financial Officer. Now this guy… is complicated. Devasini started his career as a plastic surgeon, and then graduated to selling counterfeit copies of Microsoft software, for which he was fined. He joined Bitfinex as CFO the year it was founded, and these days, he is also the CFO and major shareholder of Tether. It’s crypto’s largest stablecoin by market cap, and also potentially the largest ponzi scheme in history. But that is a story for another day. When it comes to the Bitfinex hack, Devasini has gotten a lot of criticism, and some people even believe he was involved, although there’s no credible evidence for this. Whether that’s true or not, Ilya had his password, and that let him force the server to give them the private keys, thinking he was Devasini. With that, on August 3rd, 2016, Ilya deployed a program that automatically targeted the most valuable wallets on Bitfinex, and used their keys to transfer all of the bitcoin they held to a wallet of his own. Over the course of 3 hours, more than 2000 wallets were emptied, and Ilya now held nearly 120,000 bitcoins, worth around $72 million that day. This was one of the largest crypto heists in history, and when the news broke, the effects were devastating. The price of Bitcoin dropped by over 20%, and Bitfinex froze all trading on the platform. They had just lost 36% of all the assets stored on their platform, and their top 2000 wealthiest users wanted it back. A few days later, they announced their plan: the losses would be “generalized” across all accounts, meaning instead of letting only the wealthiest users take the hit the ones who had been targeted they spread the damage to everyone. It didn’t matter if you held $10 or $10 million, every user’s balance was slashed by 36%. To compensate though, Bitfinex gave their users a new token called BFX for every dollar they had lost, and they promised to buy these tokens back at $1 each as soon as they could. But this was an extremely controversial plan. At the time, one Bitcoin was worth around $600. Bitfinex took around 8 months to fully reimburse everyone, but they were really able to do it because by then, Bitcoin’s price had nearly doubled. If users had been reimbursed in Bitcoin instead of BFX tokens, they would have been the ones to benefit from that, but instead, it was Bitfinex. Meanwhile though, Heather and Ilya were facing a dilemma: Stealing the Bitcoin had actually been the easy part. Now, they had an even bigger problem: How do you launder $72 million when everyone in the world knows exactly where it is? Bitcoin, for all its hype, is surprisingly useless outside the digital world. You can’t walk into a car dealership and buy a Lamborghini with your stolen Bitcoin. You can’t buy a house without raising red. You can’t even buy groceries. If Heather and Ilya wanted to turn their Bitcoin into cash they could spend in the real world, thye had to go through a centralized exchange like Binance, Coinbase, or Bitfinex. But that came with a major risk: Exchanges require identity verification passports, IDs, Social Security numbers and if their stolen Bitcoin was ever connected to them, the game was over. For now though, Heather and Ilya were safe. You see, Bitcoin is… paradoxical. When you send money between two wallets, there’s no name, ID, or location attached to either of them just a long string of numbers and letters. So in a way, Bitcoin is anonymous, but it's also the most transparent financial system in history. Every transaction is recorded on the blockchain, a public ledger that anyone can inspect. The authorities were already watching Ilya’s wallet Bitfinex had made it public right after the hack to effectively blacklist it. This meant that even though no one knew who controlled the stolen Bitcoin, they knew exactly where it was, and if it moved, they could just follow it. For Heather and Ilya, this posed an interesting challenge. They had stolen nearly 120,000 bitcoins, worth over $100 million now. But before they could spend any of it… somehow… they had to launder it on the blockchain, and leave no trace behind. Here’s how they did it. First, Heather Ilya began dividing the stolen bitcoin by sending it to other wallets. This would make tracking it slightly more time consuming. But to really cover their tracks, in 2017, Heather and Ilya turned to AlphaBay, a dark web marketplace known as “eBay for criminals.” AlphaBay was a hub for everything illegal drug trafficking, weapons sales, malware, stolen identities, and of course, money laundering services. At the time, the most sophisticated way to launder cryptocurrency was mixing a complicated process where the stolen Bitcoin was thrown into a pool with other users’ coins. For a small fee, the users’ money would be bounced across thousands of different wallets, traded into other cryptocurrencies, split up, and reassembled into new wallets and returned to the users. Only AlphaBay knew how the inner workings of the mixing algorithm worked, so by the time the stolen bitcoin entered the blockchain again, the authorities had lost track of it. The trail went cold at AlphaBay, and the money was successfully laundered. Now, Heather and Ilya were free to use a centralized exchange without raising any eyebrows. And meanwhile the value of their bitcoin had skyrocketed to almost $300 million. But unfortunately for them, the fun was over. By 2017, AlphaBay had become the largest dark web marketplace in the world, attracting attention from global law enforcement. That July, an international task force led by the FBI, DEA, Europol and Thai authorities launched Operation Bayonet, where they arrested AlphaBay’s founder in Thailand, and took down the service. Today the Department of Justice announces the take down of the dark web market, alpha Bay. This is the largest dark market web place take down in world history. This left Heather and Ilya without a way to launder their bitcoin, but there was a much, much bigger problem. When the authorities arrested Alphabay’s founder, they seized his laptops, his servers, his records – everything. And buried inside… was a digital trail leading right back to the Bitfinex hack. At first, it was just a complex web of numbers and cryptographic addresses. But the deeper they looked, the more patterns they found. Investigators already knew the wallets where the stolen bitcoin had come into AlphaBay, and now, they could reverse-engineer their mixing algorithm to see where it had come out. From there, it was easy to follow the money to accounts on a centralized exchange, and although they were using fake names and IDs, everything pointed directly to Ilya Lichtenstein and Heather Morgan. Law enforcement now knew exactly who they were, but when they looked for them on social media, they couldn’t believe what they saw. Heather started appearing across social media with an alter ego. That alter ego was named “Razzlekhan” and she was a rapper. It's almost like you're watching a movie unfold. Don't forget, kids. Your best self is always your real self stay authentic !! Razzle dazzle In the weeks after the Bitfinex hack, Heather and Ilya weren’t in hiding. They were on vacation. Okay.. So Dutch. Can you tell me a little bit what you thought? Having a pet? Having a pet is completely different. While the authorities scrambled to trace their stolen Bitcoin, they flew off to Panama, seemingly celebrating without a care in the world. But then, they flew to Ukraine, where things got a little more serious. During a stop at the post office, Heather and Ilya moved like trained operatives. They knew exactly where the security cameras were, turning their heads at just the right moments to avoid being caught on tape. They were there to pick up a parcel with fake passports, gold bars, and stacks of cash, essentials for a quick escape if things ever got too hot. Clearly, this wasn’t amateur work it was something out of a spy thriller. At this point, anyone would have assumed that Heather and Ilya were trying to disappear. Most high-profile cyber criminals just want to vanish off the face of the earth as soon as they get their money – but not them. Instead of disappearing, Heather and Ilya moved to New York and not just anywhere. They moved to a luxury high-rise in the Financial District, where they started living a very public, very strange life. By day, Heather was still running her email marketing business, Salesfolk. On paper, it was thriving, but in reality, she was generating fake invoices from fake clients, and creating fake LinkedIn accounts for her fake employees, whose fake salaries were paid in bitcoin. But if this was a money-laundering front, it was the weirdest one in history. Heather’s one real employee at SalesFolk was a marketing guy, but really, she hired him for her next big project: Razzlekhan. Razzlekhan was Heather but dialed up to 11 – loud, flashy, and completely fearless. As the self-proclaimed “Crocodile of Wall Street,” Heather started flooding Tiktok and YouTube with bizarre music videos with terrible rhymes, and painfully awkward performances. Sometimes, she also included Ilya in the videos, and even though he was much less… extreme… he didn't seem too worried about the whole thing. Razzlekhan’s videos got almost no traction. And when they did, the comment sections weren’t particularly nice. But more than anything, people were just asking, who was this eccentric, wealthy woman calling herself the “Crocodile of Wall Street” and making painfully embarrassing rap music? No one knew she was sitting on hundreds of millions in stolen Bitcoin. Well, that’s not exactly true. By this point, AlphaBay had already been taken down and U.S law enforcement had started investigating the hack. But when one of their two suspects turned out to be Razzlekhan of all people, they were understandably confused. High-profile cyberattacks like the Bitfinex hack are usually the work of drug cartels, foreign hackers, or terrorist groups. But Heather and Ilya didn’t seem like hardened criminals. They were posting videos of their cat, reviewing pancake shops, and releasing cringey rap songs. The idea that they had pulled off one of the biggest heists in history was simply ridiculous. But the more investigators looked into them, the more the pieces of the puzzle started falling in place. First… was their finances. Heather and Ilya lived in a luxury apartment, took first-class flights, and threw extravagant parties. They appeared to be running successful businesses, But those were also red flags. Salesfolk’s “employees” couldn’t be found anywhere outside of LinkedIn, and their “customers” had no presence on the internet, even though they were paying Heather millions for marketing services. Meanwhile, Ilya had started Endpass, a privacy-focused crypto wallet. Meet Endpass. We protect your funds with multiple layers of security. So, the guy being investigated for pulling off one of the biggest bitcoin heists in history… was building software to move crypto anonymously? Sure. And then, there were Heather’s exploits on the internet. Throughout this whole time, she had been writing weirdly specific articles about operational cybersecurity for Forbes and Inc. Magazine And aside from that, on YouTube, she interviewed guests about the best cryptocurrencies for laundering money. She gave seminars about social engineering how to manipulate people into giving up sensitive information. And in RazzleKhan's rap lyrics, she was practically spelling out their crimes. The authorities were being handed a confession wrapped in terrible beats. But of course, none of this was admissible as evidence in court. There was always the tiny possibility that someone had stolen their identities, or that there was someone else behind everything. So before making an arrest, the FBIneeded undeniable proof that Heather and Ilya were the hackers. And luckily, they were about to make a fatal mistake. Five years after the hack, Heather and Ilya’s stolen Bitcoin had exploded in value. During its peak in 2021, it was worth around $8 billion, and they still weren’t running. Instead, they were getting married and in the most Razzlekhan way possible. For the proposal, Ilya wanted to to promote Heather’s rap persona, so he bought out all the adspace in Times Square for a few moments. The wedding itself was a bizarre spectacle. Heather was carried in like an Egyptian queen, while Ilya dressed like Dr. Evil from Austin Powers. $1 million. During their afterparty, they gave away iPhones, PlayStations, and all sorts of things they had paid for with gift cards a common way to launder money in small amounts. But that… was the beginning of the end for them, because one of those gift cards just a $500 purchase was redeemed under Heather’s real name. Finally, there was a complete digital trail tying Heather and Ilya all the way to the stolen bitcoin. By early 2022, The FBI had gotten a search warrant to raid their apartment, but they didn’t arrest them yet. To confirm beyond any doubt that Heather and Ilya were the Bitfinex hackers, the FBI had to catch them with the Bitcoin, meaning they needed the private keys to their crypto wallets. Getting them was really only a matter of time, but despite knowing this, Heather and Ilya didn’t flee. Russia – where Ilya was a citizen would have been a safe haven where extradition to the U.S. was nearly impossible. They could also go to Ukraine, where he had family and fake passports. But by the time the FBI raided their apartment, both of those options were gone. In February of 2022, Ukraine became a warzone, and nearly the entire world severed their relations with Russia. Heather and Ilya had no choice but to stay in New York, and they lived like nothing was wrong. Heather just kept making TikToks as RazzleKhan. It was as if she had become addicted to the persona. After a few months, the FBI cracked one of the encrypted files they’d seized during the raid, and found the private keys to thousands of crypto wallets, one of which had the majority of the Bitcoin Heather and Ilya hadn’t yet spent. At the time, that was worth around $3.6 billion, making this case the largest cryptocurrency seizure in the history of the Justice Department. Heather Morgan and Ilya Lichtenstein had been living a double life one part geeky tech entrepreneurs, one part international criminals. Heather Morgan, she's just leaving the courtroom. She's decided not to talk to press. As you can see, she's walking away with her attorney. She's just pled guilty. But six years after the Bitfinex hack, the U.S. government had caught them red-handed. The gig was up. breaking overnight. Nearly a hundred thousand bitcoins have been stolen from Exchange platform Bitfinex Married couple from  Manhattan are accused of being behind the conspiracy to launder billions of dollars worth of stolen Bitcoin. Two individuals in Manhattan this morning, and the seizure of a massive $3.6 billion worth of cryptocurrency. Department of Justice has seized over $3.6 billion worth of that stolen cryptocurrency. This is the largest seizure of cryptocurrency ever by US law enforcement. The FBI arrested them soon after, and when the news broke, the internet simply… couldn’t believe their eyes. The famed criminal masterminds behind the world’s biggest crypto heist were none other than RazzleKhan the Crocodile of Wall Street and her socially awkward husband. In the end, Bitfinex got their stolen Bitcoin back, and they walked away from the whole ordeal with a fortune. But their users? Not so much. Remember, the customers who were affected by the hack had been refunded at the time of the hack not in Bitcoin, but at its dollar value at the time of the hack, so some of them lost out on millions of dollars. Meanwhile, Heather and Ilya were facing serious consequences. Heather was released on a bail of $3 million, which she paid for by putting up her parents’ home and all of their assets as collateral. Ilya, on the other hand, had a Russian passport and potential access to other Bitcoin wallets, so, the judge ruled that he was a flight risk, and he was kept in custody. The authorities wanted two things from them: First, there was still $1 billion in Bitcoin that hadn’t been recovered yet, so they wanted that. And second, they wanted the whole story. Now, when Ilya pleaded guilty, he claimed that he acted alone in the actual hack. And most of what you've heard about me It is true. I hacked Bitfinex. I stole and laundered thousands of Bitcoin. Heather only got involved once she learned where the Bitcoin came from, but she became a crucial part of the money laundering operation, which she eventually confessed to as well. At their first hearing, Heather and Ilya weren’t allowed to speak to each other, but Ilya did blow her a kiss. And that’s when things got… weird. Suddenly, the case was postponed. Then, it was labeled a matter of national security. The evidence was deemed too sensitive to be exposed in a public courtroom, and Ilya was reportedly even offered a spot in the witness protection program. For a Bitcoin hack? That’s extremely unusual. And it raised an important question: Maybe someone else was involved. You see, something about this case doesn’t add up. These days, whan veterans in the hacking community examine the case, many of them think that Ilya never had the technical expertise to actually breach Bitfinex in the first place. But you know who might? Ilya’s father. Back when Ilya was just a kid when he still lived in Russia his dad had managed to hack into the First National Bank of Indiana. He got caught, but instead of going to prison, he became an informant for the U.S. Secret Service. This is why they moved to the United States. When Ilya was asked about this, he claimed that these days his father doesn't even know how to open Instagram. But actually, when you compare how his father hacked the Bank of Indiana and how Ilya hacked Bitfinex, there are a lot of similarities. Could this mean his father was somehow involved maybe even Russian intelligence, or some unknown third party? Only Ilya would know… In 2022, the filmmakers behind “Biggest Heist Ever”, a netflix documentary about this case, reached out to Ilya in jail to ask him about this, and he actually wrote back. His message was short, but cryptic: “Thank you for your kind note. As you mentioned, I am unable to discuss the case at this time. I look forward to sharing my perspective when the time is right. As your instincts probably tell you, there is more to this story than meets the eye. Best of luck, Ilya” So, maybe we don’t know the full story. Maybe we never will. Maybe the real mastermind behind the world’s biggest Bitcoin heist… is still out there.