A cryptocurrency wallet likely managed by the United States government was hacked on Oct. 24, leading to a $20 million loss. The wallet, which held funds seized in relation to the 2016 Bitfinex hack, was drained by a hacker who quickly moved the stolen assets to an address beginning with “0x348,” according to onchain analytics firm Arkham Intelligence.

Assets Laundered through Stablecoins and Ethereum

The attacker wasted no time converting a portion of the stolen funds into stablecoins, including USD Coin (USDC), Tether (USDT), and aUSDC, along with Ether (ETH). From there, they began to launder the funds through addresses associated with known money-laundering services. At present, the wallet address connected to the hacker reportedly holds around $13 million in crypto assets.

The seized funds originally stemmed from the infamous 2016 Bitfinex hack, where hacker Ilya Lichtenstein allegedly stole 120,000 Bitcoin (BTC), now valued at approximately $8.2 billion. After a 2022 arrest, Lichtenstein and his wife, Heather Morgan, admitted to laundering the stolen funds. While Lichtenstein took primary responsibility, Morgan’s role was deemed minor. This led to a plea agreement recommending reduced sentencing, with prosecutors suggesting 18 months for Morgan and five years for Lichtenstein, given his cooperation with law enforcement.

Sentencing Awaited as Prosecutors Consider the Hack’s Fallout

Following an Oct. 15 court filing that highlighted Lichtenstein’s cooperation and lack of prior offenses, the court is expected to deliver sentencing in November. This recent hack brings renewed attention to the security risks surrounding government-controlled crypto assets and the complexities of securing assets seized from cybercriminals.