Ilya Lichtenstein, who was sentenced to prison last year for money laundering charges in connection with his role in the massive hack of cryptocurrency exchange Bitfinex in 2016, said he has been released early.
In a post shared on X last week, the 38-year-old announced his release, crediting U.S. President Donald Trump’s First Step Act. According to the Federal Bureau of Prisons’ inmate locator, Lichtenstein is scheduled for release on February 9, 2026.
“I remain committed to making a positive impact in cybersecurity as soon as I can,” Lichtenstein added. “To the supporters, thank you for everything. To the haters, I look forward to proving you wrong.”
The First Step Act, passed by the Trump administration in 2018, is a bipartisan legislation that aims to improve criminal justice outcomes and reduce the federal prison population through a series of reforms, including by establishing a “risk and needs assessment system” to determine the recidivism risk and chart a way forward for an early release in some cases.
Lichtenstein and his wife, Heather Rhiannon “Razzlekhan” Morgan, pleaded guilty to the Bitfinex hack in 2023, following their arrest in February 2022. The 2016 security breach enabled Lichtenstein to fraudulently authorize more than 2,000 transactions, transferring 119,754 bitcoin (then worth approximately $71 million) from Bitfinex to a cryptocurrency wallet in his control.
Law enforcement authorities also recovered approximately 94,000 bitcoin (valued at around $3.6 billion in 2022), making it one of the largest seizures in the history of the U.S. In January 2025, U.S. prosecutors filed a motion for the recovered assets to be returned to Bitfinex.
Blockchain intelligence firm TRM Labs said Lichtenstein exploited a vulnerability in Bitfinex’s multi-signature withdrawal setup to initiate and authorize withdrawals from Bitfinex without requiring approvals from BitGo, a third-party digital asset trust company.
While the illicit proceeds were subsequently converted to other cryptocurrencies and funneled through mixing services like Bitcoin Fog, the couple’s role came to light following the purchase of Walmart gift cards using the stolen bitcoin at an unnamed virtual currency exchange. The gift cards were redeemed using Walmart’s iPhone app under an account in Morgan’s name.
Lichtenstein was sentenced to five years in prison in November 2024. Morgan, who was sentenced to 18 months of incarceration shortly after, posted on X in late October 2025, stating she was released “like a month ago” and that “prison was chill enough.”
In a statement shared with CNBC, a Trump administration official said Lichtenstein “served significant time on his sentence and is currently on home confinement consistent with statute and Bureau of Prisons policies.” Morgan also acknowledged the news with a message on X, saying, “The best New Years present I could get was finally having my husband home after 4 years of being apart.”
