Crypto crooks: Kidnapping, huge bar bills and exotic cars are linked to one of the biggest bitcoin thefts in US history
- Two young men accused of swindling a Washington, D.C., resident out of $230 million in bitcoin went on a spending spree, buying exotic cars and a $2 million watch and renting mansions, prosecutors said.
- Police said the botched kidnapping of a Connecticut couple may have been part of a plot to demand ransom from their son — who is being investigated for possible involvement in the crypto heist.
- One defendant was racking up bar bills as high as $500,000 in Los Angeles, and rented two mansions in Miami, according to court filings.
Two young men accused of committing one of the largest person-to-person crypto thefts in U.S. history went on a brazen spending spree that included buying exotic cars and a $2 million wristwatch, renting mansions and running up nightclub tabs of hundreds of thousands of dollars apiece, new court records reveal.
WATCH ANYTIME FOR FREE
 |
Stream NBC10 Boston news for free, 24/7, wherever you are. |
The Aug. 18 cyber heist swindled a Washington, D.C., resident out of $230 million in cryptocurrency. To date, at least $100 million in bitcoin stolen from the victim remains unaccounted for, prosecutors said in a recent court filing in District of Columbia federal court.
Police now say that another crime, the mysterious Aug. 25 kidnapping of a Connecticut couple in broad daylight while they were house hunting, may be connected to the Washington crypto theft.
Get updates on what's happening in Boston to your inbox. Sign up for our News Headlines newsletter.
Authorities are investigating whether the kidnapping was part of a plot to demand ransom from the couple's son — who is being investigated for possible involvement in the crypto heist.
"I've never seen anything like this in 20 years," Detective Sgt. Steven Castrovinci of the Danbury Police Department in Connecticut told CNBC.
That heist of more than 4,100 bitcoins occurred just a week before the couple was carjacked in Danbury, while driving a Lamborghini automobile that their son had rented.
Money Report
Six Florida men now face state and federal charges in Connecticut in connection with the kidnapping.
They have not been charged in connection with the cryptocurrency theft. Nor has the unidentified son of the couple who was abducted.
"It's amazing to see how this thing has grown legs," Castrovinci said.
On Sept. 19, just a month after the crypto heist, the U.S. Attorney's Office for the District of Columbia announced that the FBI had arrested two men — Malone Lam, 20, and Jeandiel Serrano, 21 — on conspiracy charges related to the alleged theft and subsequent laundering of the stolen bitcoin.
Serrano, who uses the online monikers "VersaceGod" and "@SkidStar," was wearing a $500,000 watch at the time of his arrest in Los Angeles, where he lives, according to prosecutors.
Both men, who are being held without bail, admitted their role in the heist, prosecutors have said in court filings.
Serrano's lawyer, Paulette Pagan, had no immediate comment on his case. CNBC has requested comment from a lawyer for Lam, a Singapore resident who had been living in L.A. and Miami after overstaying by months a visa waiver that allowed him to visit the U.S. as a tourist for just 90 days.
The scheme at the center of the bizarre case is "one of the largest cryptocurrency thefts from a private individual ... in the history of the United States," according to a federal court filing.
A cyber heist in Washington
A month before they were arrested, Serrano, Lam and other, unnamed, co-conspirators targeted a man in Washington "because they believed he held a considerable amount of virtual currency" after they "identified him as a high net-worth investor from the early days of cryptocurrency," court filings say.
In early August, one co-conspirator caused an "unauthorized Google account access" notification to be sent to the victim, making it appear that the purported access attempts had occurred overseas, a court filing said.
"In reality, this was just the conspirators laying the groundwork for their imminent theft through sophisticated social engineering," prosecutors wrote in a filing.
On Aug. 18, members of the conspiracy called the man, claiming they were from Google's security team, and asking him about the recent unauthorized access attempts.
"Through a series of prompts and misrepresentations," the co-conspirators managed to manipulate the man into giving them enough information to access his Google drive, "where they quickly located personal financial information, including the location of his virtual currency holdings with Gemini," a crypto exchange, a filing said.
Serrano and other scheme participants then called the man back and Serrano posed as a member of Gemini's support team, prosecutors said.
While he talked to the victim, Serrano and his co-conspirators were communicating with each other on the Discord and Telegram messaging apps, strategizing on ways to "manipulate the victim into providing private keys to his virtual currency holdings and enough computer access for the conspirators to steal his entire savings," the filing said.
The schemers then duped the man into downloading a program onto his computer to protect his Gemini holdings.
But the program actually gave the co-conspirators real-time access to the victim's desktop, according to prosecutors.
"Serrano was eventually able to manipulate the victim into opening files with private keys
to over 4,100 Bitcoin," the court filing said.
"While Serrano continued to manipulate the victim, his co-conspirator used this access to quickly steal the entirety of the victim's virtual currency holdings."
Prosecutors said the co-conspirators split the theft's proceeds five ways.
The schemers then used "sophisticated money laundering techniques to hide the proceeds and mask their identities," a court filing alleges.
Serrano created an account on TradeOgre.com and deposited $29 million worth of cryptocurrency, "believing it to be clean and successfully laundered," the filing said.
A spending spree in Los Angeles
While he used a virtual private network, or VPN, to mask his location when he accessed his account, Serrano had failed to use a VPN when he created the account.
"Records from TradeOgre show that the account was created from an IP address registered to Serrano's $47,500 per month rental home in Encino, California," the filing said.
By the time Serrano was identified by federal authorities, "he was already out of the country, vacationing in the Maldives," the filing said.
"Meanwhile, his co-conspirator Malone Lam was spending hundreds of thousands of dollars per night at Los Angeles night clubs and amassing an impressive collection of custom Lamborghinis, Ferraris, and Porsches," prosecutors wrote.
Lam, a Singapore native who was arrested in Miami after traveling there from Los Angeles on a private jet, was renting multiple homes in Miami, according to the filing.
One mansion he rented there cost $68,000 per month, the filing said.
Lam, who used the online handles "Anne Hathaway" and "$$$," had also purchased a watch for $2 million, and a Lamborghini Revuelto for more than $1 million, prosecutors said.
But "many of Lam's vehicles have not been located as of yet, such as his Pagani Huayra that he purchased for $3,800,000," prosecutors wrote.
In all, Lam "admitted to purchasing 31 luxury automobiles, 22 of which have yet to be recovered by law enforcement," prosecutors wrote.
Lam "also admitted to doing additional hacks and making millions from those separate cryptocurrency fraud schemes, which he states have supported his entire lifestyle since arriving in the United States in October 2023," prosecutors wrote.
"The three vehicles Serrano admitted to purchasing have also not yet been located."
Federal government surveillance captured Lam on "a spending spree of the victim's assets," which included sightings of him "at Los Angeles nightclubs ... and gifting handbags valued at tens of thousands of dollars," a court filing says.
Management at L.A. nightclubs told investigators that Lam tried to pay his tabs in cryptocurrency "and was spending approximately $400,000-$500,000 per night," the filing said. One receipt from an L.A. club showed Lam spent "$569,528.39 in one night," the filing said.
After Serrano was arrested at Los Angeles International Airport on Sept. 18, when he returned from the Maldives with his girlfriend, an FBI agent interviewed that woman, who denied knowledge of Serrano's involvement in crimes, according to a court filing.
"The interviewing FBI Agent told her that the only way to make the situation worse would be for her to call Serrano's associates and tip them off to the arrest," the filing noted.
"Immediately after leaving the interview, Serrano's girlfriend promptly called his criminal associates, tipped them off to his arrest, and these associated in turn deleted their Telegram accounts and all incriminating evidence included in saved chats," the filing said.
"To date, approximately $70,000,000 has been recovered or frozen on various exchanges," prosecutors wrote in a court filing.
"Even considering the millions of dollars that Serrano and his co-conspirators spent on automobiles and jewelry, well over $100,000,000 remains unaccounted for."
Serrano had about $20 million of the victim's stolen bitcoin on his phone, and agreed to transfer those funds back to the FBI, according to a court filing.
A kidnapping in Connecticut
On Aug. 25, three weeks before Serrano and Lam were arrested, police in Danbury received multiple 911 calls reporting the abduction of a couple.
Court records and Castrovinci said the victims were driving a 2024 Lamborghini Urus, which they said had been rented by their son, when they were rear-ended by a white Honda Civic.
A work van then cut in front of the Lamborghini, and a half-dozen or so men wearing black masks surrounded the car.
The perpetrators pulled the two victims out of the car. The husband resisted, and the kidnappers punched him in the face and hit him with a baseball bat, authorities said.
"The suspects repeatedly told [the couple] that they would 'kill them,'" FBI Agent Matthew Loucks wrote in an affidavit supporting a criminal complaint against the alleged kidnappers filed in U.S. District Court in Connecticut.
"The victims were pushed into the back of the work van and held down. The suspects then bound both victims' arms and feet with silver duct tape, which they also used to cover [the husband's] face. The suspects forced [his wife] to lie face down and ordered her not to look at them," according to Loucks' affidavit.
"The couple heard police sirens shortly after the van began moving, and heard one of the suspects yell, 'Call Rick ... we are in deep s---,'" according to the FBI agent. Shortly afterward, the van crashed and the suspects fled on foot, leaving the victims behind.
Police arrested four suspects later that day, and two more the following day. All six suspects are from the Miami area.
The couple, who were briefly hospitalized after the incident, had no idea why they had been targeted in the kidnapping, Castrovinci told CNBC.
"They kept asking us, 'Why?'" Castrovinci said.
A family connection
Danbury police were already familiar with the couple who were abducted, Castrovinci said, because their home had been targeted by "swatting" calls.
Swatting is the practice of calling police and falsely reporting that a crime is occurring at someone else's residence or business, often causing police to descend upon that location.
Castrovinci said they had suspected the swatting calls were being made by people who knew the couple's son from his online gaming.
The Danbury News-Times first reported Oct. 11 that Danbury police had planned to interview the couple's son but held off at the request of the FBI.
"We were contacted by the FBI and told there's an ongoing investigation into the son in regards to a cryptocurrency theft that occurred," Castrovinci told the newspaper.
"That's how we knew — and even at that time, we didn't really know to what extent he was involved in it. We just knew that there was an investigation into him regarding a crypto heist," he said.
"I don't know how (the six Florida men) knew this kid had that type of money, but everything leads to them going after the parents because of what this kid was involved in," he told the newspaper.
Castrovinci told CNBC that it is "certainly a good possibility" that the kidnappers planned to hold the couple for ransom, believing their son could pay.
A spokesman for the U.S. Attorney's Office in Connecticut declined to comment when asked about the possible connection between the carjacking and kidnapping of the couple, and their son's potential role in the August crypto heist.
The U.S. Attorney's Office in the District of Columbia did not immediately respond to requests for comment.
