Two individuals have been apprehended and charged by United States federal agents for stealing a staggering $230 million worth of Bitcoin from a resident of Washington, D.C. who is believed to be a creditor of Genesis. The US Attorney’s Office for the District of Columbia reported the arrests on September 19. The accused, Malone Lam and Jeandiel Serrano, allegedly conspired to steal and launder over 4,100 Bitcoin from the victim using various online aliases and sophisticated methods since at least August. Lam and Serrano reportedly spent the stolen funds on a luxurious lifestyle, indulging in international travel, nightclubs, luxury vehicles, watches, jewelry, designer handbags, and rental homes in Los Angeles and Miami.
The theft of $230 million worth of BTC from a single individual was described by blockchain investigator “ZachXBT” as a “highly sophisticated social engineering attack” in a post on X. ZachXBT, who assisted law enforcement in the case, also identified a third suspect known as “Wiz.”
According to ZachXBT, the scammers targeted a single creditor of Genesis on August 19. Genesis had filed for bankruptcy in January 2023 after being exposed to FTX and had obtained court approval to return $3 billion in cash and crypto to its creditors in May.
The accused individuals posed as Google Support using a fake phone number to gain access to the victim’s personal accounts. They then called the victim, pretending to be Gemini exchange support, and claimed that the victim’s account had been hacked. They convinced the victim to reset two-factor authentication (2FA) before instructing them to send the Gemini funds to a compromised wallet. Furthermore, they persuaded the victim to install screen-sharing software, through which they obtained the victim’s private Bitcoin keys.
Initial investigations revealed that the stolen crypto, valued at up to $243 million, was divided among the perpetrators and quickly moved through more than 15 exchanges, with frequent swaps between Bitcoin, Litecoin, Ethereum, and Monero.
A subsequent investigation found that a group of Ethereum addresses associated with Serrano and “Wiz” had received over $41 million from two exchanges in recent weeks.
With the help of crypto forensic investigators, Web3 security firm zeroShadow, and the Binance Security Team, ZachXBT stated that over $9 million has been frozen, and $500,000 has already been returned to the victim following a close collaboration to investigate the incident.
The investigation is ongoing, with assistance from the Federal Bureau of Investigation’s Washington Field Office and the Internal Revenue Service Criminal Investigation Washington Field Office, according to the Attorney’s Office for the District of Columbia.