A Singaporean national, Malone Lam, has made headlines after being charged with stealing over 4,100 BTC, valued at approximately $274 million, from a private investor in the United States. Along with his co-conspirator, Jeandiel Serrano, Lam executed a sophisticated social engineering scheme that ranks as one of the largest crypto thefts from an individual in US history.
The duo targeted a high-net-worth crypto investor by gaining unauthorized access to the victim’s Google account notifications, creating the illusion of security breaches originating from overseas. They then posed as Google support staff and convinced the victim that his account had been compromised. Through this ruse, they obtained security codes to access his personal accounts, including sensitive crypto information and records from the Gemini exchange.
Lam and Serrano further deceived the victim by impersonating members of the Gemini security team and persuading him to transfer approximately $3 million in crypto to a wallet under their control for safekeeping. They went as far as instructing the victim to download a remote desktop application, granting them real-time access to his computer and enabling them to extract private keys to over 4,100 BTC, ultimately transferring the substantial holdings into their possession.
To launder the stolen funds, the perpetrators quickly converted them across various crypto exchanges, including Litecoin, Ethereum, and Monero. Serrano was found to have created an account on the TradeOgre exchange without using a VPN, depositing roughly $29 million worth of crypto. Records traced this account to an IP address registered at Serrano’s residence in Encino, California, a property for which he paid $47,500 in monthly rent.
Following the theft, Lam indulged in an extravagant spending spree, frequenting nightclubs in Los Angeles and Miami and spending exorbitant amounts, often attempting to pay in crypto. Receipts revealed single-night expenditures exceeding $569,000, with Lam accumulating a collection of luxury automobiles, some valued at up to $3 million. During raids, authorities seized nine cars and high-end watches, one worth $1.8 million, from properties rented by Lam in Miami.
The arrest of Lam and Serrano was facilitated by blockchain investigator ZachXBT, who helped trace the stolen funds and identify the perpetrators. The case highlights the vulnerabilities within the crypto space that can be exploited through advanced social engineering tactics. Lam and Serrano communicated using various online monikers to coordinate their activities.
This incident mirrors a security breach experienced by billionaire Mark Cuban, who fell victim to a similar social engineering attack in June. While Cuban managed to recover his account without significant financial loss, the incident underscores the growing threat of such attacks targeting high-profile individuals in the crypto industry.
Lam has confessed to additional crypto thefts and fraud schemes, and both he and Serrano face charges of conspiracy to commit wire fraud and money laundering. Each charge carries a potential sentence of up to 20 years in prison and fines up to twice the amount gained from the illicit activities.