Two individuals have been arrested in Miami, accused of orchestrating a complex cryptocurrency theft and laundering scheme that siphoned over $230 million in Bitcoin from a Washington, D.C., victim using phishing techniques. The suspects, 20-year-old Malone Lam and 21-year-old Jeandiel Serrano, were charged with conspiracy to steal and launder cryptocurrency using a web of crypto exchanges and mixing services to mask their tracks.
The heist took place on August 18 when Lam, Serrano, and unnamed accomplices allegedly compromised the cryptocurrency accounts of their victim, ultimately transferring over 4,100 Bitcoin into wallets under their control.
Court documents detail how the stolen cryptocurrency was then laundered through intricate methods involving crypto mixers, peel chains, and pass-through wallets, aided by using VPNs to hide their identities.
“They laundered the proceeds, including by moving the funds through various mixers and exchanges using “peel chains,” pass-through wallets, and virtual private networks (VPNs) to mask their true identities,” said the U.S. Attorney Office of District of Columbia.
Lam and Serrano are accused of using the stolen funds to finance lavish lifestyles, indulging in luxury cars, high-end watches, designer handbags, international trade, and nightclub parties in Los Angeles and Miami.
Despite their scheme’s sophistication, their extravagant spending habits eventually led law enforcement to their doorstep, reports BleepingComputer.
The FBI arrested the pair after tracking their high-profile spending and cross-referencing social media posts that revealed their whereabouts. Both suspects made their initial court appearances following their Wednesday night arrests.
The group’s downfall was not solely tied to their spending. Crypto fraud investigator ZachXBT, who played a key role in the investigation, uncovered critical operational security (OPSEC) blunders that contributed to their exposure.
The group had allegedly targeted a creditor of cryptocurrency exchange Genesis, executing their attack by impersonating support personnel from Gemini and Google.
They contacted the victim using spoofed numbers, claiming their account had been compromised. Through social engineering, they convinced the victim to reset two-factor authentication and use the AnyDesk remote desktop application, allowing the attackers to access private keys stored on Bitcoin Core.
Once in control of the victim’s assets, the group reportedly launder the funds through over 15 exchanges, converting Bitcoin into Litecoin, Ethereum, and the privacy-focused coin Monero to obscure their tracks.
As per ZachXBT, an initial trace revealed that the stolen cryptocurrency was split among the conspirators, with significant portions being quickly moved across different platforms.
A third alleged conspirator, known by alias ‘Wiz,’ also played a critical role in the heist but made a fatal mistake during the operation. Despite utilising Monero for additional anonymity, Wiz exposed his real name during a screen-sharing session, a blunder that ZachXBT captured and shared with authorities.
As the investigation progressed, it was found that a cluster of Ethereum addresses linked to Serrano and Wiz had received over $41 million from two exchanges in recent weeks. Despite their attempts to hide the funds, investigators traced the transactions back to purchases of luxury goods, further solidifying the case against them.
In the News: Mac’s Sequoia update disrupts major security tools such as CrowdStrike