Key Points
- A 20-year-old Singaporean national, Malone Lam, and his co-conspirator allegedly stole over 4,100 Bitcoin (worth $274 million) through an elaborate social engineering scheme targeting a Washington-based crypto investor.
- The scammers impersonated Google and Gemini support staff, using sophisticated tactics to gain access to the victim’s accounts and ultimately steal their cryptocurrency holdings.
Sophisticated Social Engineering Attack
The scheme began on August 18 when Lam and his co-conspirator, 21-year-old Jeandiel Serrano, targeted a high-net-worth crypto investor. They manipulated the victim’s Google account notifications to create the appearance of overseas security breaches. Posing as Google support staff, they convinced the victim that their account had been compromised. The scammers later impersonated Gemini security team members, persuading the victim to transfer approximately $3 million in crypto to a “safe” wallet under their control.
Technical Exploitation and Fund Extraction
The perpetrators convinced the victim to install remote desktop software, giving them real-time access to the victim’s computer. This access allowed them to extract private keys to over 4,100 BTC. Following the theft, they attempted to cover their tracks by laundering the stolen funds through various cryptocurrency exchanges, converting the Bitcoin into other cryptocurrencies including Litecoin, Ethereum, and Monero.
Lavish Spending and Arrest
Following the successful heist, Lam embarked on an extravagant spending spree. He was observed at nightclubs in Los Angeles and Miami, spending between $400,000 and $500,000 per night, with one night’s expenses exceeding $569,000. Law enforcement seized nine luxury cars and high-end watches during raids, including a watch valued at $1.8 million. The breakthrough in the case came with assistance from blockchain investigator ZachXBT, who helped trace the stolen funds and identify the perpetrators.
