Twelve more suspects were charged in a RICO conspiracy for their alleged involvement in the theft of over $230 million in cryptocurrency and laundering the funds using crypto exchanges and mixing services.
Two other suspects linked to this conspiracy, 20-year-old Malone Lam (aka “Greavys,” “Anne Hathaway,” and “$$$”) and 21-year-old Jeandiel Serrano (aka “Box,” “VersaceGod,” and “@SkidStar”), were arrested and charged in September 2024.
According to court documents, Lam, Serrano, and others involved in the scheme allegedly gained unauthorized access to victims’ cryptocurrency accounts and transferred funds into crypto wallets they controlled. In an August 18th attack, they stole over 4,100 Bitcoin from a Washington, D.C., victim (worth more than $230 million at the time).
Crypto fraud investigator ZachXBT, who assisted the FBI investigators, revealed that the group targeted a creditor of the Genesis crypto exchange, using spoofed phone numbers and impersonating customer support at Google and Gemini.
While posing as a Gemini support representative, they deceived the victim into resetting two-factor authentication (2FA) and sharing their screen via AnyDesk (a remote desktop application) after claiming the account had been compromised, which gave them access to private keys from Bitcoin Core and allowed them to steal the target’s cryptocurrency funds.
“An initial tracing showed $243M split multiple ways between each party before funds quickly peeled off to 15+ exchanges immediately swapping back and forth between Bitcoin, Litecoin, Ethereum, and Monero,” ZachXBT said.
Besides cyber-enabled racketeering conspiracy and money laundering, the following defendants, who were indicted this week, also face charges of obstruction of justice and conspiracy to commit wire fraud:
- Marlon Ferro, 19 (Santa Ana, California)
- Hamza Doost, 21 (Hayward, California)
- Conor Flansburg, 21 (Newport Beach, California)
- Kunal Mehta, 45 (Irvine, California)
- Ethan Yarally, 18 (Richmond Hill, New York)
- Cody Demirtas, 19 (Stuart, Florida)
- Aakash Anand, 22 (New Zealand)
- Evan Tangeman, 21 (Newport Beach, California)
- Joel Cortes, 21 (Laguna Niguel, California)
- First Name Unknown-1, Last Name Unknown-1 aka “Chen” and “Squiggly” (location unknown)
- First Name Unknown-2, Last Name Unknown-2 aka “Danny” and “Meech” (location unknown)
- John Tucker Desmond, 19 (Huntington Beach, California)
While most of the stolen cryptocurrency assets were converted to Monero for added anonymity, the attackers reportedly made some critical errors, linking the laundered funds to the original stolen amounts.
They reportedly laundered the stolen cryptocurrency using crypto mixers and exchanges, pass-through wallets, “peel chains,” and virtual private networks (VPNs) to hide their identities and locations.
The stolen cryptocurrency was subsequently used to finance lavish lifestyles, with the defendants allegedly spending the stolen funds on luxury cars, high-end watches, designer handbags, nightclub outings, and international travel.
“Members and associates of the enterprise used the stolen virtual currency to purchase, among other things, nightclub services ranging up to $500,000 per evening, luxury handbags valued in the tens of thousands of dollars that were given away at nightclub parties, luxury watches valued between $100,000 and $500,000,” U.S. Department of Justice prosecutors said, as well as “luxury clothing valued in the tens of thousands of dollars, rental homes in Los Angeles, the Hamptons, and Miami, private jet rentals, a team of private security guards, and a fleet of at least 28 exotic cars ranging in value from $100,000 to $3.8 million.”
“Members of the enterprise held different responsibilities. The various roles included database hackers, organizers, target identifiers, callers, money launderers, and residential burglars targeting hardware virtual currency wallets.”
