Singaporean national Malone Lam has appeared in court in the United States after being charged for allegedly stealing over 4,100 BTC, currently valued at approximately $274 million, from a private investor in Washington, according to local media.
Lam, 20, and his co-conspirator, Jeandiel Serrano, 21, are accused of executing a sophisticated social engineering scheme that marks one of the largest crypto thefts from an individual in US history.
According to the unsealed indictment from the United States District Court for the District of Columbia, Lam and Serrano identified the victim as a high-net-worth crypto investor. They orchestrated unauthorized access to the victim’s Google account notifications, making it appear that security breaches originated from overseas. On Aug. 18, they contacted the victim, impersonating Google support staff, and convinced him that his account had been compromised.
Gaining the victim’s trust, they obtained security codes to access his personal accounts. Lam allegedly accessed the victim’s OneDrive and Gmail accounts, locating sensitive crypto and records from the Gemini exchange. The conspirators then posed as Gemini security team members, persuading the victim to transfer approximately $3 million in crypto to a wallet under their control for supposed safekeeping.
Taking the scheme further, they instructed the victim to download a remote desktop application, granting them real-time access to his computer. This allowed them to extract private keys to over 4,100 BTC, effectively transferring the substantial holdings into their possession. Lam continued to search the victim’s accounts for additional information to facilitate the theft.
Court documents reveal that Lam and Serrano laundered the stolen funds through various crypto exchanges, rapidly converting them across digital assets like Litecoin, Ethereum, and Monero to obfuscate the transactions. Serrano created an account on the TradeOgre exchange without a VPN, depositing approximately $29 million worth of crypto. Records traced this account to an IP address registered at Serrano’s residence in Encino, California, a property rented for $47,500 monthly.
Following the theft, Lam reportedly went on an extravagant spending spree. Authorities observed him at nightclubs in Los Angeles and Miami, spending between $400,000 and $500,000 per night and attempting to pay in crypto. Receipts indicate a single night’s expenditure exceeding $569,000. He also amassed a collection of luxury automobiles, some valued at up to $3 million. During raids, officers seized nine cars and high-end watches, one worth $1.8 million, from properties rented by Lam in Miami.
Blockchain investigator ZachXBT facilitated the arrest of Lam and Serrano, contributing to tracing the stolen funds and identifying the perpetrators. The investigative work highlighted the vulnerabilities exploited through advanced social engineering tactics within the crypto space. As noted in the indictment, Lam and Serrano communicated using online monikers such as “Anne Hathaway,” “$$$,” “VersaceGod,” and “@SkidStar” to coordinate their activities.
The case draws parallels to an incident involving billionaire Mark Cuban, who experienced a similar security breach in June. Cuban reported that his Google account was compromised after receiving a call from someone impersonating Google support, leading to unauthorized access attempts. While Cuban recovered his account within 24 hours without significant financial loss, the incident emphasizes the growing threat of social engineering attacks targeting high-profile individuals in the crypto industry.
According to court documents, Lam has admitted to additional crypto thefts and fraud schemes. He and Serrano face charges of conspiracy to commit wire fraud and money laundering, each carrying potential sentences of up to 20 years in prison and fines up to twice the amount gained from the illicit activities.
Read the full article here