A former cryptocurrency hacker convicted over the 2016 Bitfinex exchange breach has been released from prison earlier than expected, according to public statements and federal records.
Ilya Lichtenstein, sentenced to five years in November 2024 for money laundering tied to the attack, confirmed his release last week and said he is now under home confinement.
Lichtenstein, 38, credited the First Step Act for his early release. The bipartisan criminal justice reform law, signed in 2018 during Donald Trump’s first term as US president, allows eligible inmates to reduce their sentences through earned time credits and risk assessments.
“Thanks to President Donald Trump’s First Step Act, I have been released from prison early,” Lichtenstein said on X (formerly Twitter) on Friday.
“I remain committed to making a positive impact in cybersecurity as soon as I can.”
Thanks to President Trump’s First Step Act, I have been released from prison early.
I remain committed to making a positive impact in cybersecurity as soon as I can.To the supporters, thank you for everything.
To the haters, I look forward to proving you wrong.— Ilya Lichtenstein (@cipherstein) January 2, 2026
The Bitfinex hack took place in August 2016 and remains one of the largest thefts in cryptocurrency history. Investigators said Lichtenstein exploited a vulnerability in the exchange’s multi-signature withdrawal process, enabling him to approve transactions without required third-party authorization.
The breach resulted in the theft of 119,754 bitcoin, valued at about $71m at the time and more than $10bn at current prices. Law enforcement later recovered roughly 94,000 bitcoin, making it one of the largest asset seizures ever carried out by US authorities.
After the hack, the stolen cryptocurrency was moved through a complex laundering operation involving multiple wallets, mixing services and conversions into other assets.
The scheme was ultimately uncovered following purchases of Walmart gift cards using stolen Bitcoin, which were redeemed through an account registered to Lichtenstein’s wife, Heather Morgan.
Lichtenstein and Morgan were arrested in February 2022, and both pleaded guilty in 2023.
Morgan, also known by her stage name “Razzlekhan,” was sentenced to 18 months and released in late 2024 after serving about eight months.
Read more on cryptocurrency crime: Experts Trace $35m in Stolen Crypto to LastPass Breach
Lichtenstein served about 14 months of his sentence before being transferred to home confinement. A Trump administration official said he “served significant time on his sentence and is currently in home confinement consistent with statute and Bureau of Prisons policies.”
