{"id":17130,"date":"2024-09-20T11:47:24","date_gmt":"2024-09-20T08:47:24","guid":{"rendered":"https:\/\/forklog.com\/en\/us-authorities-arrest-suspects-in-4100-btc-theft-from-genesis-creditor\/"},"modified":"2024-09-20T11:47:24","modified_gmt":"2024-09-20T08:47:24","slug":"us-authorities-arrest-suspects-in-4100-btc-theft-from-genesis-creditor","status":"publish","type":"post","link":"https:\/\/forklog.com\/en\/us-authorities-arrest-suspects-in-4100-btc-theft-from-genesis-creditor\/","title":{"rendered":"US Authorities Arrest Suspects in 4100 BTC Theft from Genesis Creditor"},"content":{"rendered":"<p>The FBI <a href=\"https:\/\/www.justice.gov\/usao-dc\/pr\/indictment-charges-two-230-million-cryptocurrency-scam\">has arrested<\/a> two men accused of conspiring to steal and launder over 4100 BTC (worth more than $230 million at the time) from an unnamed victim in the US capital. The investigation involved on-chain detective ZachXBT.<\/p>\n<p>According to his findings, on August 19, Malone Lam and Jeandiel Serrano targeted a creditor of the bankrupt crypto lending platform Genesis.\u00a0<\/p>\n<p>Using a fake phone number, they posed as Google support to compromise the victim&#8217;s personal accounts. Then, masquerading as support managers from the Gemini exchange, they informed the victim of a breach in their account and convinced them to reset two-factor authentication before transferring funds to a supposedly secure wallet.<\/p>\n<p>At the hackers&#8217; request, the user initiated a screen-sharing session, allowing the hackers to obtain access keys to the bitcoin wallet.<\/p>\n<blockquote class=\"twitter-tweet\" data-conversation=\"none\">\n<p lang=\"en\" dir=\"ltr\">3\/ Here is a private video recording showing the live reaction by multiple of the threat actors to receiving $238M.<\/p>\n<p>Theft txn hash<br \/>4064 BTC \u2014 Aug 19 at 4:05 am UTC<br \/>4b277ba298830ea538086114803b9487558bb093b5083e383e94db687fbe9090 <a href=\"https:\/\/t.co\/djSxBTkOF8\">pic.twitter.com\/djSxBTkOF8<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1836753185718865979?ref_src=twsrc%5Etfw\">September 19, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>In addition to the two individuals mentioned in the indictment, ZachXBT identified a third suspect under the pseudonym Wiz.<\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">1\/ An investigation into how Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) stole $243M from a single person last month in a highly sophisticated social engineering attack and my efforts which have helped lead to multiple arrests and millions frozen. <a href=\"https:\/\/t.co\/dcY1e9xsPd\">pic.twitter.com\/dcY1e9xsPd<\/a><\/p>\n<p>\u2014 ZachXBT (@zachxbt) <a href=\"https:\/\/twitter.com\/zachxbt\/status\/1836752923830702392?ref_src=twsrc%5Etfw\">September 19, 2024<\/a><\/p><\/blockquote>\n<p> <script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script><\/p>\n<p>The stolen amount was divided among the three accomplices, who then distributed it across dozens of exchanges and converted it into Litecoin, Ethereum, and Monero.\u00a0\u00a0<\/p>\n<figure class=\"wp-block-image\"><img decoding=\"async\" src=\"https:\/\/lh7-qw.googleusercontent.com\/docsz\/AD_4nXdYirbp2ipvl8AUbo4qR4cWrjzkihvBiWnHJuaa3a-kukqjVfbZ703E7E3gkJ66uXjrYHnZ8BZhugAOui9nTOD1Og2O5OJ2-0Nai-7YI_wWt7GEMz8yafLeXXfI_XAQtnO-QfjjC6EXRmzW6jfVnrpzhU1D?key=EU7LeAn9hLoE-aZA-o7gKw\" alt=\"US Authorities Arrest Suspects in 4100 BTC Theft from Genesis Creditor\"\/><figcaption class=\"wp-element-caption\">The path of the stolen cryptocurrency. Data: TRM Labs.<\/figcaption><\/figure>\n<p>Subsequent investigations revealed that a group of Ethereum addresses linked to Serrano and Wiz received over $41 million from two exchanges in recent weeks.\u00a0<\/p>\n<p>The hackers spent the stolen funds on travel, nightclubs, cars, watches, jewelry, designer bags, and renting homes in Los Angeles and Miami.\u00a0<\/p>\n<p>With the assistance of security researchers and the Binance exchange, law enforcement managed to freeze <a href=\"https:\/\/x.com\/zachxbt\/status\/1836753455366467803\">over $9 million<\/a> in the perpetrators&#8217; wallets. An additional $500,000 was recovered during the investigation.<\/p>\n<p>Earlier, ForkLog reported that four former employees of the cryptocurrency exchange Huobi implanted trojans in client wallets and collectively stole <a href=\"https:\/\/forklog.com\/en\/news\/former-huobi-employees-stole-over-40000-private-keys-from-users\">over 40,000 seed phrases<\/a> and private keys.\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The FBI has arrested two men accused of conspiring to steal and launder over 4100 BTC (worth more than $230 million at the time) from an unnamed victim in the US capital. The investigation involved on-chain detective ZachXBT. According to his findings, on August 19, Malone Lam and Jeandiel Serrano targeted a creditor of the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":17129,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"select":"","news_style_id":"","cryptorium_level":"","_short_excerpt_text":"","creation_source":"","_metatest_mainpost_news_update":false,"footnotes":""},"categories":[3],"tags":[44,1380,26],"class_list":["post-17130","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-news-and-analysis","tag-cybercrime","tag-genesis-global-capital","tag-usa"],"aioseo_notices":[],"amp_enabled":true,"views":"51","promo_type":"","layout_type":"","short_excerpt":"","is_update":"","_links":{"self":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/17130","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/comments?post=17130"}],"version-history":[{"count":0,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/posts\/17130\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media\/17129"}],"wp:attachment":[{"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/media?parent=17130"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/categories?post=17130"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/forklog.com\/en\/wp-json\/wp\/v2\/tags?post=17130"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}