Federal agents apprehended two individuals involved in a high-profile crypto heist involving one of the creditors of the crypto lending firm Genesis, which filed for bankruptcy in 2023 and was recently ordered to return billions of dollars in cash to its customers.
Malone Lam, a 20-year-old Singaporean living in Miami, and Jeandiel Serrano, a 21-year-old from Los Angeles were charged by the US Attorney’s Office for the District of Columbia for operating a sophisticated social engineering scam.
The two arrested individuals along with another perpetrator named Veer Chetal who is still a fugitive had several online identities that they used to deceive their victims.
Washington Victim Losses Over $200M After Sophisticate Social Engineering Attack
1/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen. pic.twitter.com/dcY1e9xsPd
— ZachXBT (@zachxbt) September 19, 2024
One of the incidents involved a victim from Washington, D.C. who was targeted by Lam and Serrano. The person was a Genesis creditor with a valid claim over millions of dollars with the bankrupted entity.
The result of the elaborate scheme was worth their while as they got to deceive the target and siphoned over $230 million from the person’s crypto wallet in the form of 4,064 BTC tokens.
The perpetrators posed as representatives from Google Support. They contacted the victim via a spoofed phone number and managed to gain access to the victim’s email account. Afterward, they deceived their target by depicting themselves as representatives of the crypto exchange Gemini to bypass the account’s two-factor authentication (2FA).
The victim was convinced to share his screen and the perpetrators used the opportunity to get the private keys to access the wallet. Data from ZachXBT revealed that the entire sum was transferred in a single transaction to one of the wallets controlled by Lam and his crew.
The attack highlights the vulnerabilities that even sophisticated users are still exposed to when they are targeted by clever social engineering campaigns. The incident’s similarities with a previous high-profile hack involving Mark Cuban, the billionaire owner of the Dallas Mavericks, is striking.
Back in June 2024, Cuban was targeted by criminals who managed to compromise his Google account. He was deceived to provide 2FA information as well after the scammers impersonating Google representatives convinced him that his account was infiltrated by hackers.
While Cuban’s account was recovered within 24 hours with the assistance of Google’s security team, the incident highlighted the persistent threat that individuals in the cryptocurrency space face as criminals are constantly targeting their wallets and private keys.
Luxurious Lifestyle and Lavish Spending Helped Authorities Capture the Perpetrators
The conspirators made a good effort to launder the proceeds by distributing the money to several wallets to then move it to more than 15 crypto exchanges that they used to convert the BTC tokens into Litecoin, Ethereum, Monero, and other similar digital assets.
In total, they managed to extract over $240 million from various victims. The sophisticated methods they used to siphon and launder the funds, which include the use of crypto mixers, “peel chains” – transactions that involve “peeling off” small amounts from a larger sum – and pass-through wallets, highlighted the sophistication of the group’s members.
They also used virtual private networks (VPNs) to conceal their digital footprint. These efforts were probably successful in obscuring the money trail and hiding from authorities. However, it was the two individual’s lavish spending that ultimately led to their downfall.
According to authorities, they made high-ticket purchases including luxury vehicles, high-end watches, high-end rental homes in California and Florida, and nightclub outings that raised eyebrows and provided leads about who the perpetrators of the hack were.
One of the mishaps that led to the arrests occurred when Veer Chetal accidentally revealed his true identity during a screen-sharing session. The portion of the audio recording and chat messages where he was referred to as Veer helped authorities uncover those who were responsible for the theft.
Moreover, wallet addresses linked to Serrano and Chetal received over $40 million from exchanges. These transactions were caught with the assistance of blockchain analytics experts.
Authorities Have Recovered Just a Tiny Fraction of the Stolen Funds
The arrest of Lam and Serrano was the result of coordinated efforts between the Federal Bureau of Investigation (FBI), the US Attorney’s Office for the District of Columbia, and the IRS Criminal Investigation Department.
Authorities also counted on the cooperation of the Binance Security team and a web3 security company known as zeroShadow.
Thus far, only a fraction of the amount stolen has been recovered. Authorities claim that accounts containing approximately $9 million were frozen while around $500,000 have already been returned to the victim.
These early successes offer a glimmer of hope to both the affected parties and others who have been involved in similar hacks as it is possible for authorities – although not necessarily easy – to track and seize a portion of these funds.
Enhanced Security Measures Are Needed to Prevent This Kind of High-Profile Theft
The incident involving Lam, Serrano, and Chetal highlights the many risks that crypto investors still face as they are constantly being targeted by bad actors through sophisticated hacking campaigns that seek to extract vital information that helps them access their crypto wallets.
The amount stolen from the Washington victim is mind-blowing and underscores the need for enhanced security measures. In the traditional financial industry, it would be quite difficult to transfer over $200 million in a single transaction without receiving a call from the security team to check if the transaction is legit.
Moreover, their successful efforts to impersonate personnel from large tech corporations like Google also bring to the table a concerning issue – how can one determine if these interactions are legitimate?
Legal proceedings against the two arrested individuals are ongoing. The two will be facing trial in District Courts located in California and Florida based on where they reside. They face charges of conspiracy to steal cryptocurrencies.
Meanwhile, authorities are still working to arrest Chetal to recover more of the stolen funds and possibly uncover additional co-conspirators or identify other criminal activities.