Our early observation that crypto = prosecution futures is playing out, including along some lines we had not anticipated. The New York Times and Wall Street Journal each have major stories that ran over the weekend on coordinated criminal action against large crypto holders. So far, these are perpetrated by members of the crypto community, but the increased role of violence indicates organized crime are watching these comparative amateurs and looking for ways in.
Keep in mind that being a crypto-asset-holder makes you more likely to be pilfered in a big way. From the New York Times:
Although just 10 percent of all financial fraud complaints [to the FBI’s Internet Crime Complaint Center] were crypto-related, the losses associated with those complaints accounted for nearly 50 percent of the total.
The real picture is sure to be worse. A crypto-heist victim who was engaged in illicit activity, or mere garden-variety bad conduct like not reporting income on crypto sales to the IRS is pretty certain not to talk to the FBI and potentially open up other cans of worms.
These stories are appearing shortly after a major Coinbase “hack,” which appears to be anything but. Even though Coinbase maintains no wallets were compromised, the company offered to reimburse any impacted customers, which says the reverse.1 Regardless of the state of compromised 97,000 customers’ wallets, the information grabbed was considerable (including potentially biometric ID), offering ample opportunity for mischief like targeting other financial accounts for pilferage and identity fraud.
But let’s start with the big weekend stories first. Both feature violence in the perpetration of these crimes; the Wall Street Journal makes that the focus of its account. Both illustrate how readily some very young men have slid from small bore crimes that started with another crimogenic community. The monetization of video game assets like desirable names moved into the crypto-sphere as a result of thefts and other abuses when trying to complete transactions using more traditional payment mechanisms like PayPal.
Both the New York Times and Wall Street Journal stories are hum-dingers. I urge you to read them in full.
First to the Gray Lady, They Stole a Quarter-Billion in Crypto and Got Caught Within a Month.
The story lovingly chronicles the wild spending spree that followed the heist, including an over $569,000 tab in one evening at a nightclub. It starts with a kidnapping in tony and normally staid Danbury Connecticut, of Sushil and Radhika Chetal, driving a $240,00 Lamborghini Urus. Witnesses called police, who were flummoxed that the perps has abandoned the vehicle. They managed to catch one of them, enabling them to unravel the case.
It turns out the Chetals are the parents of one 19 year old Veer Chetal, who was one of the actors in the heist of $243 million of Bitcoin. The crime ring, astonishingly, had conned the Bitcoin holder into taking a call from someone who pretended to be from Google’s security team.2
The information extraction on this conversation facilitated a second call, this time supposedly from Gemini, where the victim had a small (well, small for him at $4.5 million) account:
Like the supposed Google employee, he had the man’s personal information; he explained that his Gemini account, which held about $4.5 million worth of coins, had been hacked and that the man needed to reset his two-factor authentication and transfer the Bitcoin in his account to another wallet to keep it safe.
The person on the phone then suggested that the account holder download a program that would provide additional security. The man agreed, not knowing that he was downloading a remote-desktop app, which would give the caller access to his computer — and access to a second crypto account.
So the crooks got to the big stash entirely by accident.
The New York Times waxes heavy on the role of crypto sleuth ZachXBT, but does seem deserving of accolades; for instance, his monitoring tools enabled him to see the draining of the $243 million Bitcoin wallet, one where there would be no obvious reason for that activity. The showy spending called attention to the monster theft. In internet bragging, Veer Chetal mistakenly included a shot of his own computer screen, which enabled him to be identified. Other crooks decided to kidnap his parents to get Veer to turn over his ill-gotten lucre.
But the part I found interesting was not the crime drama of the tracking of the baddies or the salaciousness of their spending spree, but (to put it in stereotyped terms), how these kids came to embrace a life of crime:
Classmates remember Chetal as shy and a fan of cars…one day in the middle of his senior year, when he showed up at school driving a Corvette….Soon Chetal rolled up in a BMW, and then a Lamborghini Urus.
Chetal said that he had made his money trading crypto…
Independent investigators say Chetal was secretly a member of the Com, also referred to as the Comm or the Community, an online network of chat groups that has its roots in the hacking underground of the 1980s and functions as a kind of social network for cybercriminals or aspiring ones…According to the F.B.I. affidavit and experts who study the Com, the various subgroups’ activities include swatting, which entails making false reports to emergency services or institutions like schools to trigger a police response; SIM swapping, when hackers take over a target’s phone number, sometimes by tricking customer-service representatives; ransomware attacks, using a malware that denies users or organizers access to computer files; cryptocurrency theft; and corporate intrusions.
Allison Nixon, the chief research officer of…a collective of cybersecurity experts…says most Com members are young men from Western countries…The gateway for many is through video games like RuneScape, Roblox and Grand Theft Auto.
By the mid-2010s…Minecraft evolved into a highly competitive battle zone. With that came opportunities to monetize and scam. Servers soon began to introduce in-game purchases that gave players upgrades, like the ability to fly and to fight with more powerful weapons and armor. Other in-game purchases bought users stylish character outfits, which were wielded to show status online.
As players gravitated toward these competitive servers, a large black market for in-game items and valuable user names started to blossom on Discord. With Minecraft dominated by young players, the black market became ripe for fraud. Users agreed to trade in-game items for real money via PayPal, but once the money was received, scammers would block the user’s account…
One prized possession in this world is high-value user names…which could go for upward of $10,000.
As faction-based servers and the Minecraft black market thrived, so did cryptocurrencies, which eventually supplanted PayPal on these servers. It was this combination of a consequence-free training ground for competition, gambling and fraud, with a growing familiarity with crypto, that turned Minecraft servers into a cesspool for budding cybercriminals.
I hate to sound like an old fart, but I have always harbored doubts about the online gaming world. Even from a considerable distance, it seems to attract a cohort that has an addictive attachment. Compulsions are not only bad for the subject, but can be exploited.
The account continues:
A common tactic used by the Com today to steal cryptocurrency is what’s called social engineering, which entails manipulating users into divulging sensitive information….Sometimes, Com members will then return to the Minecraft black market to launder their stolen crypto by buying valuable game items and selling the items for real dollars using PayPal.
The article continues with the spending spree of the thieves, in particular one Malone Lam, who left a money trail so big it could be detected from space. Another track of the story is how the Feds found the members of a group out of Florida that kidnapped the Chantal parents:
The six Florida men reflect a growing faction of the Com, those less interested in online schemes and more concerned with using brute force..
In the F.B.I. affidavit, an agent said the Com regularly commits “brickings, shootings and firebomb attacks.” In 2022, according to reporting from Brian Krebs, an independent investigative journalist, a young man who went by the moniker Foreshadow was kidnapped and beaten by a rival SIM-swapping gang and held for a $200,000 ransom. In October 2023, a 22-year-old named Patrick McGovern-Allen of Egg Harbor Township, N.J., was sentenced to 13 years in prison for participating in violence-for-hire jobs after being contracted by a group of cybercriminals. Last November, it was reported that the chief executive of a Toronto-based crypto company was kidnapped and held for a $1 million ransom. A few weeks later, after a 13-year-old known as the Gen Z Quant Kid created a crypto coin and inflated its value, the crypto community responded by doxxing him and his family and, it is rumored, kidnapping his dog. In January this year, a founder of the French crypto company Ledger was kidnapped with his wife; the kidnappers mutilated his hand and demanded a multimillion-dollar ransom in cryptocurrency.
And Com is also breeding recidivists:
The twin episodes — the crypto heist and the kidnapping — suggest that the complete lawlessness of Com members’ online lives allowed them to imagine that they could get away with similar exploits in the real world. “I don’t think they really learn,” ZachXBT says. “I’ve seen a lot of them, after they either get either arrested, have assets seized, et cetera — I see a lot of them go back to what they were doing before.”
The Wall Street Journal focuses on violent crypto crimes, with the graphic headline Severed Fingers and ‘Wrench Attacks’ Rattle the Crypto Elite. Key bits:
Three men in black masks had jumped on a 34-year-old woman whose father runs Paymium, a French cryptocurrency exchange…the assailants bludgeoned the husband….
With other neighbors closing in, and a shopkeeper readying to throw a fire extinguisher, the would-be abductors jumped in the back of their van and sped off.
The brazen attack was the latest in a wave of violent abductions around the world, including several in the U.S., targeting crypto executives and their families. Victims have been pistol whipped, abducted, and—in two cases—had fingers severed.
The criminals’ goal: millions of dollars in ransom in cryptocurrency.
The assaults are often called “wrench attacks” because they rely on simple tools for inflicting pain to coerce victims, rather than sophisticated tools for hacking them.
…to thwart hackers, savvy cryptocurrency investors have increasingly taken their digital wallets offline in favor of physical devices, making remote theft more difficult. Real-world crypto crime bypasses those safeguards.
After more examples, plus the statement that there have been “dozens” more instances around the world, the article ominously notes:
Some of the assaults have been clumsy, with the criminals quickly caught. But there are signs that organized-crime rings see major profit potential.
But fortunately, at least for now, the victims have been high profile.
But will the recent Coinbase misnamed “hack”3 of 97,000, which exposed information that would greatly assist actual hackers, lead to much smaller and/or secretive fry being targeted? The Journal notes that in addition to the Coinbase information breach, officials are also concerned about a hack of 272,000 at Ledger, a company that makes devices for storing cryptokeys off the Internet, and Knoll, which exposed information about creditors in the Gemini bankruptcy (notice the role that seems to have played in the big Bitcoin heist profiled in the New York Times).
More on Coinbase:
Coinbase hackers weren’t after funds, they were after identities.
How are we okay with still trusting these 3rd party companies with our info – info that becomes more and more sensitive as more of our lives move online (and on chain) ?
— Anna Rose (@AnnaRRose) May 15, 2025
And they appear to have gotten quite the information haul: From the Coinbase 8-K:
While the Company is still investigating the affected data, it included:
•Name, address, phone, and email;
•Masked Social Security (last 4 digits only);
•Masked bank-account numbers and some bank account identifiers;
•Government‑ID images (e.g., driver’s license, passport);
•Account data (balance snapshots and transaction history); and
•Limited corporate data (including documents, training material, and communications available to support agents).
Name, address, phone, e-mail, and government ID images???? That alone is an identity theft party even before getting to the other details. In addition, US passport photos are now required to be at biometric ID standards. If the images at Coinbase were high enough fidelity, that creates additional exposure. Keep in mind quite a few Social Security numbers are already for sale on the dark web. And the 8-K wording indicates there could be more.
It should come as no surprise that crypto, whose main use case has been the illicit movement of funds to facilitate crime, including tax evasion, would become a criminogenic environment. But that makes it even more startling to see governments still promoting crypto as some sort of “innovation” in the face of that. And there are many many true believers:
JUST IN: Coinbase is joining the S&P 500. pic.twitter.com/Ufi5ONr6sc
— Brew Markets (@brewmarkets) May 12, 2025
____
1 Not the only seemingly legit complaint on Twitter:
🚨 My Coinbase account was hacked — and right after I tried to buy Toshi Coin! In this video, I break down the nightmare experience, what went wrong, how much I lost, and what you need to know to protect yourself. 💥 What You’ll Learn: How the hack happened (step-by-step) What pic.twitter.com/XyDJPXH1bq
— Jay talks Crypto (@jaytalkscrypto) May 18, 2025
2 Being a Bitcoin whale may create an undue sense of self-importance. Since when does Google have live people call individual users? I’ve been called only for harassment as a company owner, and then only automated ones based on an obvious lack of comprehension (Local ads? Seriously?)
3 More detail:
It’s clear Coinbase was not “hacked” reading the 8-K Material Facts statement they made to the SEC: @Coinbase employees sold customer data. People/media need to stop referring to it as a hack, as it minimizes blame
Take this as another data point for 3rd party custodian risks pic.twitter.com/RSMbbQ9BS5
— MAGS 🔑⛏️🚒 (@Crypto_Mags) May 16, 2025
Coinbase outsourced jobs to overseas contractors. Some of them took bribes from hackers and sold sensitive customer data. This is what happens when companies offshore just to save a buck. https://t.co/RQ1RFh2ZSx
— U.S. Tech Workers (@USTechWorkers) May 15, 2025
