- $243 million stolen in a single month through an elaborate social engineering attack.
- Key players identified: Greavys, Wiz, Box, Light/Dark, and Danny Trauma.
- Funds were quickly split and moved through various exchanges and cryptocurrencies.
- Law enforcement has frozen over $9 million and returned $500,000 to the victim.
- Arrests made in Miami and Los Angeles; investigation continues
In what has become one of the most audacious thefts in recent history, three individuals — Greavys (Malone Iam), Wiz (Veer Chetal), and Box (Jeandiel Serrano) — executed a highly sophisticated social engineering attack that led to the theft of $243 million from a single victim on August 19, 2024.
This intricate scam involved impersonating support staff from Google and Gemini, ultimately tricking the victim into resetting two-factor authentication and sending funds to compromised wallets.
Step-by-Step Breakdown of the Attack
- Initial Contact: The scammers first posed as Google Support through a spoofed number to gain access to the victim’s personal accounts.
- Secondary Contact: They then called again, this time as Gemini support, claiming that the victim’s account had been hacked.
- 2FA Reset: Using social engineering tactics, they convinced the victim to reset their two-factor authentication.
- Funds Transfer: The victim was manipulated into transferring their Gemini funds to a compromised wallet.
- Screen Sharing: Finally, the attackers used AnyDesk to share the victim’s screen, leaking private keys from the victim’s Bitcoin core.
Tracing the Money
Initial tracing revealed that the stolen $243 million was swiftly divided among the conspirators and dispersed across more than 15 exchanges.
The funds were exchanged multiple times between Bitcoin, Litecoin, Ethereum, and Monero to obfuscate their origins. Notably:
- Wiz received a substantial share, with $34.5 million traced to the Ethereum address
0x3c7a5f2795e73d2b94a9120a643f608cfc45c935. - Light/Dark (Aakaash) aided in laundering these funds using eXch and Thorswap. Similar to Wiz, Aakaash also inadvertently revealed his identity during a screen share.
The Lifestyle of the Scammers
Greavys (Malone Iam) flaunted his ill-gotten wealth, purchasing over ten cars and spending between $250,000 to $500,000 a night at clubs in Los Angeles and Miami.
He was also known for gifting Birkin bags to women, often showcasing his lifestyle on social media.
Box (Jeandiel Serrano) played a key role by impersonating a Gemini exchange representative. Using a consistent profile picture across various platforms, he left a digital trail that was eventually traced to $18 million at the Ethereum address 0x98b0811e2cc7530380caf1a17440b18f71f51f4e.
Investigation and Arrests
The investigation, led by various cybersecurity and financial crime teams including @ZachXBT, @CFInvestigators, @zeroshadow_io, and the Binance Security Team, resulted in the freezing of over $9 million, with $500,000 already returned to the victim.
Both Greavys and Box were arrested in Miami and Los Angeles, respectively, on the evening of the arrests.
Legal Proceedings
An indictment unsealed recently charges Malone Lam, 20, and Jeandiel Serrano, 21, with conspiracy to steal and launder over $230 million in cryptocurrency.
The indictment alleges that the conspirators fraudulently gained access to victim cryptocurrency accounts, using sophisticated techniques to mask their identities and launder the proceeds.
Lam and Serrano’s lavish spending on international travel, luxury automobiles, and designer goods provided additional evidence of their crimes.
“The arrests and indictment were announced by U.S. Attorney Matthew M. Graves, FBI Acting Special Agent in Charge David Geist of the Washington Field Office’s Criminal and Cyber Division, and Executive Special Agent in Charge Kareem A. Carter of the Internal Revenue Service”
– Criminal Investigation (IRS-CI) Washington, D.C. Field Office.
Continued Efforts
The investigation is ongoing, with significant support from the FBI’s Los Angeles and Miami Field Offices. While most of the stolen funds were converted into Monero, further efforts are being made to trace and recover additional assets.
This case highlights the evolving complexity of cybercrime and the importance of robust security measures. The efforts of investigators and law enforcement were crucial in identifying the perpetrators and recovering a portion of the stolen funds.
As the legal proceedings continue, the crypto community watches closely, hoping for more stringent measures to prevent such incidents in the future.
Previous Articles:
- VIDEO: Donald Trump Makes Historic Bitcoin Transaction at NYC Bar
- The Evolution and Impact of Crypto Swapping in Today’s Financial Landscape
- What These 6 Financial Experts Expect After the Fed’s Rate Cut
- What Are the Benefits of Cloud Hosting for Website Development?
- Zilliqa and EMURGO Forge Strategic Partnership to Enhance Blockchain Interoperability
