Photo credit: Antoni Shkraba/Pexels

As regulators continue to gradually crackdown on bad actors, two individuals have been arrested for stealing over $243 million from one single person.

Malone Lam and Jeandiel Serrano were arrested and appeared in US District Court for the Southern District of Florida and the Central District of California for conspiring to steal and launder over $230 million in cryptocurrency from a victim in Washington, DC.

Although Veer Chetal was also suspected of stealing the funds, only Lam and Serrano have been arrested, according to the announcement from the Securities and Exchange Commission (SEC).

An investigation by ZachXBT, an onchain slueth, revealed that Lam, Chetal and Serrano implemented a “highly sophisticated social engineering attack” to steal the funds from a signle Genesis creditor. 

On Aug. 19, the bad actors called the Genesis creditor by impersonating Google Support by spoofing the numbers to compromise personal accounts. They would then impersonate Gemini Support, claiming the account is hacked.

The victim — falling for these cybercriminals malicious actions — to reset the two-factor authentication (2FA) and send Gemini funds to compromised wallet. 

Furthermore, the cybercriminals tricked the victim to use AnyDesk — a software that allows users to control a desktop remotely — and allowed them to gain access to the private keys from Bitcoin core.  

After stealing the funds, Lam, Serrano and Chetal split the $243 million in multiple ways between each party before the funds transferred to 15+ exchanges to swap between Bitcoin, Litecoin, Ethereum and Monero. 

Although the victim faced a huge loss, ZachXBT claimed, with the assistance of CF investigators, ZeroShadow and the Binance Security team, more than $9 million has been frozen and $500,000 has been returned.