On Tuesday, Ilya Lichtenstein and Heather Morgan have been arrested in New York and accused of laundering a document $4.5 billion value of stolen cryptocurrency. Within the 24 hours instantly afterward, the cybersecurity world ruthlessly mocked their operational safety screwups: Lichtenstein allegedly saved lots of the non-public keys controlling these funds in a cloud-storage pockets that made them simple to seize, and Morgan flaunted her “self-made” wealth in a collection of cringe-inducing rap movies on YouTube and Forbes columns.

However these gaffes have obscured the outstanding variety of multi-layered technical measures that prosecutors say the couple did use to attempt to dead-end the path for anybody following their cash. Much more outstanding, maybe, is that federal brokers, led by IRS Prison Investigations, managed to defeat these alleged makes an attempt at monetary anonymity on the way in which to recouping $3.6 billion of stolen cryptocurrency. In doing so, they demonstrated simply how superior cryptocurrency tracing has change into—doubtlessly even for cash as soon as believed to be virtually untraceable.

“What was wonderful about this case is the laundry record of obfuscation methods [Lichtenstein and Morgan allegedly] used,” says Ari Redbord, the pinnacle of authorized and authorities affairs for TRM Labs, a cryptocurrency tracing and forensics agency. Redbord factors to the couple’s alleged use of “chain-hopping”—transferring funds from one cryptocurrency to one other to make them harder to observe—together with exchanging bitcoins for “privateness cash” like monero and sprint, each designed to foil blockchain evaluation. Courtroom paperwork say the couple additionally allegedly moved their cash by means of the Alphabay darkish net market—the most important of its sort on the time—in an try to stymie detectives.

But investigators appear to have discovered paths by means of all of these obstacles. “It simply shows that regulation enforcement is not going to hand over on these instances, and so they’ll examine funds for 4 or 5 years till they’ll observe them to a vacation spot they’ll get info on,” Redbord says.

In a 20-page “assertion of details” printed alongside the Justice Division’s legal grievance towards Lichtenstein and Morgan on Tuesday, IRS-CI detailed the winding and tangled routes the couple allegedly took to launder a portion of the almost 120,000 bitcoins stolen from the cryptocurrency trade Bitfinex in 2016. Most of these cash have been moved from Bitfinex’s addresses on the Bitcoin blockchain to a pockets the IRS labeled 1CGa4s, allegedly managed by Lichtenstein. Federal investigators finally discovered keys for that pockets in certainly one of Lichtenstein’s cloud storage accounts, together with logins for quite a few cryptocurrency exchanges he had used.

However to get to the purpose of figuring out Lichstenstein—alongside along with his spouse, Morgan—and finding that cloud account, IRS-CI adopted two branching paths taken by 25,000 bitcoins that moved from the 1CGa4s pockets throughout Bitcoin’s blockchain. A kind of branches went into a set of wallets hosted on AlphaBay’s darkish net market, designed to be impenetrable to regulation enforcement investigators. The opposite seems to have been transformed into monero, a cryptocurrency designed to obfuscate the paths of funds inside its blockchain by mixing up the funds of a number of monero customers—each actual transactions and artificially generated ones—and concealing their worth. But someway, the IRS says it recognized Lichtenstein and Morgan by tracing each these branches of funds to a set of cryptocurrency trade accounts of their names, in addition to within the names of three firms they owned, generally known as Demandpath, Endpass, and Salesfolk.

The IRS hasn’t fully spelled out how its investigators defeated these two distinct obfuscation methods. However clues within the court docket doc—and evaluation of the case by different blockchain evaluation specialists—counsel some doubtless theories.

Lichtenstein and Morgan seem to have meant to use Alphabay as a “mixer” or “tumbler,” a cryptocurrency service that takes in a consumer’s cash and returns totally different ones to forestall blockchain tracing. AlphaBay marketed in April 2016 that it supplied that characteristic to its customers by default. “AlphaBay can now safely be used as a coin tumbler!” learn a put up from certainly one of its directors. “Making a deposit after which withdrawing after is now a approach to tumble your cash and break the hyperlink to the supply of your funds.”