A New York man has been sentenced to five years in prison after pleading guilty to a $4.5bn bitcoin theft dubbed the cryptocurrency “heist of the century”, US officials said on Thursday.

Court documents said Ilya Lichtenstein, 35, hacked into the Bitfinex crypto exchange in 2016, and made more than 2,000 transactions to transfer 119,754 bitcoins into his accounts. 

Justice officials said Lichtenstein used “sophisticated [money] laundering techniques”.

Lichtenstein and his wife, Heather Morgan, were arrested in February 2022. While the bitcoins were worth about $70mn at the time of the theft, they were valued at more than $4.5bn when the couple were arrested.

Morgan, who pleaded guilty in 2023, is due to be sentenced on Monday.

A Texas grand jury has indicted a construction manager and his employer in connection with a trench collapse three years ago that killed a 24-year-old Bastrop worker and seriously injured another one.

Carlos Alejandro Guerrero, a project superintendent with Austin-based D Guerra Construction LLC, was charged with criminally negligent homicide in connection with the death of Juan José Galvan Batalla, according to the Travis County prosecutor’s office. The company was also charged. Galvan Batalla was working in a trench to install a residential sewer line near Austin in October 2021 when he was completely buried by falling soil and debris, officials said. He died of his injuries a week later.

In a news conference Thursday announcing the indictments, Travis County District Attorney José P. Garza cited an NPR investigation earlier this year (LINK: https://www.npr.org/2024/07/20/g-s1-9028/osha-construction-safety-trench-collapse), which found that 250 people died over the last decade when trenches they were working in collapsed. NPR compiled a database of trench collapse deaths that happened between 2013 and 2023 and found that only 11 employers were criminally charged in instances where workers died. Most offenders got off with a fine, probation or little time in jail.

“All workers here in Travis County deserve to be safe at work so they can return to their families at the end of the day,” Garza said. “When employers engage in criminal conduct and expose their employees to hazardous working conditions, this office will hold them accountable.”

Trench collapses often occur when employers cut corners, such as failing to install shoring equipment like hydraulic cylinders that hold back the dirt walls of a trench or boxes and timbers that prevent a potential collapse from harming workers.
An OSHA investigation found that two workers had escaped the unsafe trench just hours earlier, but were sent back into the 13-foot-deep hole to complete the job.

“Despite a partial trench collapse earlier in the day, D Guerra Construction LLC recklessly sent employees back into the excavation without protective measures to prevent another cave-in,” OSHA Area Director Casey Perkins said in a statement. “The loss of this worker’s life was preventable and the employer must be held responsible for ignoring excavation safety rules.”

Scot Courtney, an attorney representing Guerrero, called the incident “a tragedy” and an “accident.”

“Nobody did anything intentionally,” Courtney said. “A jury will ultimately have to decide whether my client is a criminal for doing his job.”

In November 2023, two years after the cave-in killed Galvan Batalla, OSHA inspectors cited the company again for having an unprotected trench. Agency inspectors said the company’s workers were installing a sewer pipe inside a ten-foot-deep excavation in Pflugerville, Texas, that was not protected from cave-in hazards.

In a statement to NPR, the company said that Galvan Batalla was a valued employee and that several of his family members continue to still work there. The company declined to comment on the indictment.

Stay informed with free updates

Simply sign up to the US & Canadian companies myFT Digest — delivered directly to your inbox.

A quarter of a century ago, Scott McNealy, then chief executive of Sun Microsystems, famously dismissed consumer privacy in the internet age as an anachronistic distraction. “You have zero privacy anyway,” he said. “Get over it.” Judging by the way in which consumers have since posted details of their private lives all over social media and breezily ticked the intrusive terms and conditions boxes of many online companies, McNealy may have had a point.

But how we act and what we think can be two different things. Internet users do not appear to have “got over it” when it comes to privacy. Indeed, consumers are now telling pollsters that they increasingly worry about the misuse of their personal data and want stricter controls. A Pew Research poll in the US last year found that 81 per cent of respondents were concerned about how companies collected their data; 71 per cent expressed similar concerns about the government (compared with 64 per cent in 2019).

Such anxieties are all the more acute when it comes to highly sensitive personal information, such as genetic data, which not only affects one individual but all their relatives, too. When you spit into a tube and send it off for DNA testing, you are handing over unique data that cannot be anonymised. You are also sharing information about all your biological family, most likely without their consent. That makes it all the more critical that such data is secure. 

In some cases, there are glaring concerns about who can access — or sell — that data. Several users of the London-based DNA testing company Atlas Biomed have recently expressed alarm about the security of their personal information. The business appears to be inactive — it is late filing its annual accounts and has not been active online. It reportedly did not respond to recent enquiries from the BBC and there has been speculation about its links with Russian business interests.

The Information Commissioner’s Office, which enforces Britain’s data privacy laws, also confirmed that it received a complaint about the company.

In the US, customers of the 23andMe DNA-testing service are also anxiously following the fate of the company, which this week admitted there was “substantial doubt” over its survival without the injection of fresh funds. Some 15mn people have used the service and around 80 per cent of them have agreed to share their data for scientific research. 

Anne Wojcicki, 23andMe’s co-founder and chief executive, has said she intends to take the company private and will not consider a third-party takeover. “We are committed to protecting customer data and are consistently focused on maintaining the privacy of our customers. That will not change,” the company said in a statement to the FT.

But users are unlikely to be reassured. 23andMe’s genetic data is not covered by the US federal Health Insurance Portability and Accountability Act (HIPAA), which applies to most medical data. It also suffered a serious data breach last year in which 6.9mn user accounts were compromised. Wojcicki has fallen out with the rest of the board, who have resigned en masse. And it is not clear what would happen to 23andMe’s data if the company went bust.

“23andMe highlights very valid anxieties and fears people feel when they have given highly sensitive information to a company for a specific purpose,” says Sara Geoghegan, senior counsel at the Electronic Privacy Information Center in Washington DC. “Users deserve more than a pinky promise that their privacy wishes will be respected.” For more than 20 years, Epic has been campaigning for a federal privacy law that would protect users’ rights.

Such legislation seems unlikely given the anti-regulation stance of the incoming Trump administration — even if many Republicans are themselves concerned about data privacy. The only real alternative is for consumers to assert their power by wresting more control. They must press tech companies to minimise the data they collect, become more transparent about its use and ensure that user consent is voluntary and informed. “Even with the best possible laws, it will not be possible to stop criminals or foreign governments hacking into your data,” says Carissa Véliz, author of Privacy is Power. “Tech solutions are very important.”

Some digital services already offer privacy by design but there is currently little market incentive for their expansion. Users should contest McNealy’s fatalism and stimulate that consumer demand.

john.thornhill@ft.com