EP 23: Crypto Scam Kingpins: The $245M Scam That Shocked America!

June 24, 2025 00:59:54
EP 23: Crypto Scam Kingpins: The $245M Scam That Shocked America!
Behind the Scams
EP 23: Crypto Scam Kingpins: The $245M Scam That Shocked America!

Jun 24 2025 | 00:59:54

/

Show Notes

Crypto Scam: Episode Overview In one of our most jaw-dropping episodes to date, Behind the Scams pulls back the curtain on a newly unsealed federal indictment that reveals a sprawling, highly organized cryptocurrency fraud operation. This is not your average crypto scam — it’s a full-blown cybercrime syndicate that used high-level social engineering, psychological manipulation, and tech-savvy laundering strategies to steal more than $245 million in digital currency from unsuspecting victims across the United States. Nick and Sue walk you through this complex case, breaking down how a cast of characters with nicknames like “King Greavys,” “Papa,” “GothFerrari,” and “The...

Chapters

View Full Transcript

Episode Transcript

[00:00:00] Speaker A: Hey there, scam sleuths. I'm Miles, your ever curious, occasionally caffeinated announcer. Here to kick off another jaw dropping dive into the dark digital underworld. Welcome to behind the Scams. Today's episode isn't just hot, it's blazing with fraud, fake identities and luxury handbags flying off nightclub tables. We're cracking open a recently unsealed federal indictment so big and bold, it reads like a Hollywood script written by hackers and laundered through a Monero wallet. This isn't just one con, it's an empire. So buckle up because Nick and Sue are about to take you deep inside a sophisticated globe spanning crypto fraud operation run by a crew with more aliases than a Mission Impossible cast list. This is crypto crime lords inside the $263 million social engineering empire. Now over to Nick and Sue. And remember, if someone asks for your seed phrase, run. [00:01:08] Speaker B: Thanks, Miles. Welcome back to behind the Scams, the podcast where we dissect the most audacious cons, swindles and schemes that have captivated and sometimes horrified the world. [00:01:21] Speaker C: Hey everyone, I'm Nick, ready to dive deep into the underbelly of deception once again. [00:01:26] Speaker B: And I'm sue, your resident true crime enthusiast. Always fascinated by the psychology behind these elaborate ruses. Today we have a particularly juicy case for you. A recently unsealed federal indictment detailing a massive cryptocurrency fraud and money laundering operation. [00:01:48] Speaker C: Buckle up listeners, because this one has it all. RICO conspiracies, wire fraud, mountains of laundered crypto, and even a dash of obstruction of justice. [00:01:58] Speaker B: This isn't your run of the mill scam. We're talking about a sophisticated network that allegedly defrauded victims out of millions of dollars. A social engineering enterprise that was able to deceive and manipulate people out of their money. All while living a life of luxury that most can only imag. [00:02:20] Speaker C: Exactly. We're going to walk you through the entire indictment, breaking down the complex web of deceit, the key players involved, and the mind boggling sums of money that changed hands. We'll be covering everything from stolen databases to luxury cars. [00:02:39] Speaker B: Get ready to have your eyes opened as we unravel behind the scams. [00:02:43] Speaker C: Let's get started. [00:02:45] Speaker B: So Nick, who are the individuals facing these serious charges? Give us the rundown on the defendants. [00:02:51] Speaker C: Ok Soo, there are quite a few individuals involved and the indictment names them. The head honcho seems to be Malone Lamb, also known by aliases like King Greevies, Dollars, seven kg, and even Anne Hathaway. [00:03:08] Speaker B: Quite the collection of nicknames what's next? [00:03:10] Speaker C: Then we have Marlon Farrow known as Marlow and Goth Ferrari. Hamza Duced, going by Celia and C. Connor Flansburg known as OO Greenroom and Iduzobi. [00:03:22] Speaker B: It's like a cast of characters straight out of a movie. [00:03:25] Speaker C: Exactly. And there's more. Kunal Mehta, AKA Papa, the Accountant Shrek and Neil Ethan Yareli known as Rand and 15%. Cody Demertus going by Ko and Cody. Aesh Anand, known as Light and Dark. And Evan Tangamon known as E. Tate and Evan Exchanger. [00:03:49] Speaker B: So many names, so many aliases. How many more? [00:03:52] Speaker C: We're almost there, Sue. We also have Joel Cortez, known simply as J. And then a couple of individuals only identified as FNU LNU1 and FNU, LNU2, but who are also known as Ta Squiggly and Chen and Danny and Meech respectively. And finally, Tucker Desmond. For clarification, when you see FNU or LNU in an indictment, it stands for First Name Unknown and Last Name Unknown. These abbreviations are used frequently by law enforcement, especially in indictments and search warrants. [00:04:31] Speaker B: There goes that law enforcement experience of yours in action that. Thanks for that clarification Anyways, Nick. That's quite a list of characters. I guess it takes a village to run a large scale operation like this. So what are all of these individuals being charged with? [00:04:47] Speaker C: The indictment lays out several charges, sue, with the most significant one being RICO conspiracy. RICO stands for the Racketeer Influenced and Corrupt Organizations Act. It's a federal law designed to combat organized crime. [00:05:04] Speaker B: So they're essentially alleging this whole operation was run like a criminal enterprise. [00:05:09] Speaker C: Precisely. They're also charged with conspiracy to commit wire fraud. Wire fraud is essentially using electronic communications like phone calls or the Internet to execute a fraudulent scheme. [00:05:23] Speaker B: And I assume the wire fraud relates to how they communicated with their victims? [00:05:28] Speaker C: Exactly. Then there's conspiracy to launder monetary instruments. Which means they're accused of trying to hide the origins of the illegally obtained funds by disguising them through various transactions. [00:05:42] Speaker B: Ah, classic money laundering. And what about obstruction of justice? What does that entail in this case? [00:05:48] Speaker C: That charge suggests that at least one of the defendants took actions to impede or interfere with the investigation, potentially by destroying evidence or intimidating witnesses. We'll get into more specific examples later on. [00:06:07] Speaker B: This sounds like a complex web of charges, Nick. It seems like the authorities are throwing the book at these guys. Alright, Nick, so we've got a rundown of the defendants and their charges. Now let's dive into the heart of this indictment, the social engineering enterprise, what exactly is this enterprise, as the feds describe it? [00:06:26] Speaker C: SU in this context, the social engineering enterprise, or SE enterprise, is essentially the umbrella term for this entire criminal organization. The indictment alleges that these defendants formed a group to systematically defraud people, primarily through online means, focusing heavily on cryptocurrency. [00:06:50] Speaker B: So it's not just a bunch of random hackers acting independently? [00:06:54] Speaker C: No, definitely not. The indictment paints a picture of a structured organization with defined roles and a common to steal virtual currency through deception. It's the coordinated nature of their activities that elevates it to an enterprise in the legal sense. [00:07:15] Speaker B: Right, because. Because it operated as an ongoing organization whose members functioned as a continuing unit for a common purpose of achieving the objectives. So what do they mean by social engineering? I feel like I have some idea, but can you lay it out for our listeners? [00:07:34] Speaker C: Absolutely, Sue. Social engineering in the context of cybersecurity is a fancy term for tricking people into. Into giving up confidential information or taking actions they wouldn't normally take. It's all about manipulating human psychology rather than exploiting technical vulnerabilities in computer systems. [00:07:56] Speaker B: So it's about preying on people's trust or fears. [00:07:59] Speaker C: Precisely. Think about it like this. Instead of breaking into a bank vault, you convince the bank teller to hand over the money. In. In this case, the tellers are everyday people, and the money is their access to cryptocurrency and other personal accounts. [00:08:18] Speaker B: So this indictment alleges that the defendants were con artists, essentially. [00:08:23] Speaker C: Exactly. And the indictment suggests that these individuals weren't just making it up as they went along. They were using established techniques and even sharing databases of potential victims, which made it more efficient. [00:08:37] Speaker B: This is where it starts to get really disturbing. It wasn't just a matter of making a few lucky guesses. This was organized, methodical and targeted. What are the basic tactics that social engineers use? [00:08:53] Speaker C: Typically, they start by gathering information about their target, often through social media, public records, or even purchase databases. Then they'll use that information to craft a believable story or pretext to gain the victim's trust. [00:09:10] Speaker B: So they might pretend to be someone they're not? [00:09:13] Speaker C: Absolutely. They might impersonate a bank employee, a tech support representative, or even a government official. The key is to create a sense of urgency or fear that compels the victim to act without thinking critically. [00:09:29] Speaker B: And in this case, it sounds like cryptocurrency was the main target. [00:09:32] Speaker C: Exactly. And the really insidious part is that once they've gained access to someone's Cryptocurrency accounts, it can be extremely difficult to recover the stolen funds. The decentralized nature of cryptocurrency makes it hard to track and retrieve. [00:09:51] Speaker B: It is so awful to see people be taken advantage of like this. I find it so frustrating to understand how anyone could fall for these scams, but these folks are so convincing. [00:10:02] Speaker C: That's exactly right. The key is to remember that this is illegal, these are attacks, and these are victims. [00:10:09] Speaker B: Alright, Nick, let's tackle some of the jargon that keeps popping up in this indictment. We're talking about cryptocurrency, virtual assets, wallets. It can be a bit overwhelming for our listeners. So Nick, can you give us some definitions for some of these terms? [00:10:26] Speaker C: Absolutely, Sue. It's essential to have a clear understanding of these concepts to really grasp the scope of this case. Let's start with Bitcoin or btc, since that's a cryptocurrency most of our listeners have probably heard of. Bitcoin is a type of virtual currency. Unlike traditional currencies like the US Dollar, it isn't managed or controlled by a central bank. That means you can trade Bitcoin without needing a bank or other intermediary. [00:10:59] Speaker B: Okay, that makes sense. So what are virtual currencies? [00:11:03] Speaker C: Good question, Sue. In this case, the indictment treats virtual currency as being a digital representation of value that can be digitally traded or transferred and can be used for payment or investment purposes. A good example is that Bitcoin and ether are types of virtual currencies. [00:11:25] Speaker B: So that's Bitcoin, which is a specific type of cryptocurrency, and cryptocurrency, which is a type of virtual currency. Got it. What about these wallets they keep mentioning? I always think of my regular leather wallet, but I know that can't really be what they mean. Tell me, are they like designer wallets like Louis Vuitton or Gucci, or am I way off? [00:11:48] Speaker C: Well, sue, you're a little off, but I like your analogy. Anyways, a virtual currency wallet is where you store the digital keys that allow you to access and manage your cryptocurrency. Think of it like a bank account, but instead of storing dollars, you're storing the ability to control your Bitcoin or other virtual currencies. The cool part is, is that there are different types of wallets. [00:12:13] Speaker B: Like what, Nick? [00:12:14] Speaker C: The indictment specifically mentions hardware wallets and hosted wallets. A hardware wallet is a physical device like a USB drive that stores your private keys offline. This is generally considered more secure because your keys aren't Exposed to the Internet, making them less vulnerable to hacking. [00:12:36] Speaker B: So it's like keeping your money under your mattress rather than in a bank. [00:12:39] Speaker C: Exactly. Only instead of paper money, it's your access to cryptocurrency. And what's really cool is that you can protect it with a pin. [00:12:49] Speaker B: So what's a hosted wallet? [00:12:50] Speaker C: Good question. A hosted wallet, also called a custodial wallet, is where you store your private keys with a third party. Think of it like keeping your money in a bank. The bank holds your money for you, but you can access it by logging into your account. The problem is that a third party, like a virtual currency exchange, holds your private keys for you. This is convenient, but it also means you're trusting them to keep your assets safe. [00:13:22] Speaker B: Okay, I can see how that would be a risk. If the exchange gets hacked or goes out of business, you could lose your funds, right? [00:13:30] Speaker C: Precisely. And that's why these hackers targeted hosted wallets, because they were in one location. [00:13:36] Speaker B: I see. And this all makes a lot of sense in terms of the attacks that are described later. Alright, so we have coins, virtual currencies, and wallets. And the wallets can be in your possession or in someone else's. What's a seed phrase? [00:13:52] Speaker C: A seed phrase, which the indictment also calls a recovery phrase, is a list of 12 to 24 randomly generated words. It acts as a master key for your cryptocurrency wallet, allowing you to regain access to your funds if you lose your device or forget your password. [00:14:12] Speaker B: Okay, so it's like a backup code. [00:14:14] Speaker C: Exactly. But here's the crucial point. Anyone who has your seed phrase has complete control over your cryptocurrency. It's like giving someone the keys to your house and telling them where you hid the spare set. [00:14:29] Speaker B: Oh, my goodness, that's terrifying. So if these social engineers tricked people into giving them their seed phrase, they could just waltz in and steal everything? [00:14:40] Speaker C: Absolutely. And that's exactly what the indictment alleges happened in many of these cases. Once they had the seed phrase, they could reconstitute the victim's wallet and transfer the funds to their own accounts. [00:14:54] Speaker B: This is just so messed up. So that's bitcoin, hosted and hardware, wallets and seed phrases. What other cryptocurrencies does the indictment mention? [00:15:04] Speaker C: Glad you asked, Sue. We also need to talk about Monero or xmr. This virtual currency uses a blockchain with privacy enhancing technology to obfuscate transactions to achieve anonymity and and fungibility. Essentially, this currency is used to hide your transaction history. [00:15:23] Speaker B: So it's like using unmarked bills, right? [00:15:26] Speaker C: Now, the indictment also mentions usdt. This stands for tether, and it's a stablecoin cryptocurrency designed to maintain a stable value pegged to the US Dollar. [00:15:39] Speaker B: Now I'm starting to understand how it's easy for people to get mixed up. So, in this case, the SE enterprise uses different wallets to hold their Bitcoin and other currencies. Why would they be concerned about a hardware wallet versus a hosted wallet? [00:15:59] Speaker C: Well, sue, as we mentioned, hardware wallets are generally considered more secure because they store your private keys offline, protecting them from hackers. Hosted wallets, on the other hand, are. Are more vulnerable because they are stored online. However, hardware wallets can be a problem too, because you need to have physical access to them. [00:16:21] Speaker B: And that's where we have those IRL break ins, right? [00:16:24] Speaker C: Exactly. If your funds are in a hardware wallet that requires physical access, the criminals might come to your home to steal it. And that's when things can get especially dangerous. [00:16:35] Speaker B: This is getting clearer, Nick. So we know how they did it and the tools they used, but who are these people? What roles did they play in this social engineering enterprise? [00:16:46] Speaker C: That's a great question, Sue. The indictment lays out several distinct roles within the organization, each with its own set of responsibilities that contributed to the overall scheme. It's almost like a twisted corporate structure. But instead of selling products or services, they were stealing cryptocurrency. [00:17:04] Speaker B: Okay, so who were the key players in this criminal enterprise? [00:17:08] Speaker C: Well, first off, you've got the database hackers. These were the tech savvy individuals responsible for breaking into websites and servers to steal cryptocurrency related databases. They were the ones gathering the raw materials for the operation. The names, emails and other personal information of potential victims. [00:17:32] Speaker B: So they were essentially the intelligence gathering arm of the organization. Right. Finding the targets for the rest of the team. [00:17:39] Speaker C: Exactly. Without those databases, the enterprise wouldn't have known who to target or where to find them. It's like a military operation. You need to know the terrain and the enemy before you can launch an attack. [00:17:53] Speaker B: Okay, so who was in charge of deciding who to go after? [00:17:56] Speaker C: That would be the organizers and target identifiers. These individuals were responsible for sifting through the stolen databases and collating the information to identify the most valuable targets. They were looking for people who held large amounts of cryptocurrency across different virtual currency exchanges. [00:18:19] Speaker B: So they were the ones deciding who was worth the effort of targeting. Right. The one sitting saying, okay, this person has a lot of crypto. Let's focus on them. [00:18:28] Speaker C: Absolutely. They were the strategic planners, figuring out which victims offered the biggest potential payday. [00:18:35] Speaker B: And then what? Once they had their target, who actually made contact with the victims? [00:18:40] Speaker C: That falls to the callers. These individuals were responsible for cold calling the victims and convincing them that their accounts were under attack. They would impersonate security technicians or customer service representatives from major virtual currency exchanges or email providers, trying to gain the victim's trust and trick them into divulging sensitive information. [00:19:08] Speaker B: So they were the ones on the front lines, using their social engineering skills to manipulate the victims into giving up their passwords, seed phrases, and other valuable data. [00:19:19] Speaker C: Exactly. They were the con artists using deception and persuasion to exploit the victim's trust and fear. It's a really despicable tactic. [00:19:30] Speaker B: It really is. And I imagine that once they had the stolen cryptocurrency, they needed a way to convert it into cash. Right? [00:19:39] Speaker C: That's where the money launderers came in. These individuals were responsible for receiving the stolen virtual currency and. And converting it into fiat currency, like US Dollars. They would use a variety of techniques, including offshore virtual currency exchanges and crypto to wire services, to conceal the origin of the funds and make them appear legitimate. [00:20:07] Speaker B: So they were essentially washing the dirty money, making it clean enough to spend without raising suspicion. [00:20:13] Speaker C: Precisely. They were the financial engineers of the operation, finding ways to move the stolen funds through the financial system without getting caught. [00:20:22] Speaker B: And I guess this also explains those mentions of straw signers. [00:20:25] Speaker C: That's right. The indictment mentions that the money launderers and others in the SE enterprise place their homes and automobiles in the names of straw owners, signers, or shell companies to disguise and conceal their ownership and conceal their identity from law enforcement. [00:20:44] Speaker B: Okay, so we've got our hackers, our organizers, our callers, and our launderers. But there was another role that you mentioned at the top of the segment. What are residential burglars and how do they play into this whole scheme? [00:21:00] Speaker C: I almost wish I hadn't, Sue. And this role is exactly what it sounds like. The indictment alleges that some members of the enterprise were responsible for breaking into the homes of victims and to steal physical hardware wallets. This was typically done when the victims had substantial virtual currency holdings on cold storage devices. [00:21:24] Speaker B: So they were willing to escalate to physical violence and home invasion to get their hands on the cryptocurrency. [00:21:30] Speaker C: That's right, Sue. And that's what makes this case so disturbing. It wasn't just about online fraud. It was about real world violence and intimidation. [00:21:39] Speaker B: And so when all of those roles work together. This is when the SE Enterprise can work, right? [00:21:45] Speaker C: Precisely. By working together and by fulfilling their own roles, the SE Enterprise was able to steal virtual currency from victims throughout the United States. [00:21:56] Speaker B: This really paints a picture of how organized and sophisticated this criminal enterprise was. It wasn't just a few guys so sitting around in a basement. It was a well structured organization with. [00:22:11] Speaker C: So sue, we know who these criminals are and how they were organized. What I really want to know, though, is how they managed to pull all of this off. What were the specific methods they used to steal all that cryptocurrency? [00:22:24] Speaker B: That's the million dollar question, Nick. Well, actually, more like a multi million dollar question. Consider considering how much they stole. The indictment goes into great detail about the various means and methods they employed, and it's really quite disturbing. [00:22:42] Speaker C: Well, let's start with the basics. I know we mentioned this a little in describing who the database hackers were, but it seems like obtaining stolen databases was the foundation of their entire operation, right? [00:22:55] Speaker B: Absolutely. According to the indictment, members and associates of the SE Enterprise obtained and collected stolen stolen databases, primarily relating to virtual currency assets in order to identify potential victims who held vast amounts of virtual currency across different vces. [00:23:16] Speaker C: So they were basically buying or stealing lists of people who were known to have cryptocurrency holdings? [00:23:22] Speaker B: Exactly. These databases would contain personal information, email addresses, phone numbers, and other details that the enterprise could use to target their victims. It was like having a cheat sheet for their entire operation. [00:23:37] Speaker C: That's so invasive, it just seems like a total violation of privacy. Really? How else did they get into people's accounts? [00:23:45] Speaker B: Well, Nick, it's important to remember that social engineering is all about manipulating people into giving up their information willingly. In addition to the information they could gather from those databases, the SE Enterprise would make fraudulent support calls to the victims. [00:24:05] Speaker C: Support calls? You mean like when you call customer service for help with a problem? [00:24:09] Speaker B: Exactly. But in this case, the callers would impersonate employees from major VCEs or email account providers, tricking victims into providing email account passwords, cloud storage account passwords, seed phrases and private keys. [00:24:28] Speaker C: That's so sneaky. So they would pretend to be helping the victims, but really they were just stealing their information? [00:24:35] Speaker B: Precisely. They would use various tactics to gain the victim's trust, like claiming that their account was under attack or that they needed to verify their identity. Once they had the victim's information, they could access their accounts and steal their cryptocurrency. [00:24:53] Speaker C: That's just awful. I imagine some of those callers are really Slick, too. Were there other ways that they would reach out to people? [00:25:01] Speaker B: Absolutely. Some members and associates of the SE Enterprise even caused unauthorized account access push notifications to be sent to potential victims in the lead up to a social engineering attack in order for the fraudulent social support call to seem more legitimate. [00:25:20] Speaker C: That's a crazy level of sophistication. So a victim might get a pop up on their phone saying that someone was trying to access their account, and then immediately get a call from someone claiming to be from customer support. It would seem really legitimate then. [00:25:39] Speaker B: Exactly. So these push notifications would really make them think that there really was a real problem that needed to be addressed. [00:25:48] Speaker C: It's like they were creating a false sense of urgency to panic the victims into acting without thinking. It's really manipulative. What did these fraudulent support calls and notifications look like exactly? [00:26:04] Speaker B: Well, the indictment also alleges that members and associates of the SE enterprise used victim passwords for email accounts, Google Drive accounts, icloud accounts, and virtual currency accounts to access victim files and private information and search for seed phrases and private keys. [00:26:25] Speaker C: So once they had the passwords, they could just log in and rummage through everything? [00:26:31] Speaker B: Exactly. They would look for anything that could give them access to the victim's cryptocurrency wallets like seed phrases, private keys, or even just screenshots of account balances. [00:26:44] Speaker C: And if they found a seed phrase, it was game over, right? [00:26:47] Speaker B: Pretty much. With the seed phrase, they could reconstitute the victim's virtual currency wallet and transfer the funds to their own accounts. [00:26:56] Speaker C: It's like finding the key to a treasure chest. [00:26:59] Speaker B: Exactly. But it gets even worse, Nick. According to the indictment, members and associates of the SE enterprises and even use stolen seed phrases and private keys to access victims virtual currency and transfer the virtual currency into their possession. [00:27:19] Speaker C: So these guys knew they were robbing people blind. You know, this is making me think about my own Internet safety, and I'm pretty good with this stuff. What do you think our listeners can take away from all of this? [00:27:33] Speaker B: I think the key takeaway is that you should never, ever give out your personal information to anyone over the phone or online, no matter how legitimate they may seem. Always verify their identity independently and never click on links or download attachments from unknown sources. [00:27:53] Speaker C: That's solid advice, Sue. And I think it's also important to be aware of the different types of scams that are out there so you can recognize them when you see them. [00:28:03] Speaker B: Absolutely. And if something seems too good to be true, it probably is. Always be skeptical and never Let anyone pressure you into acting quickly. [00:28:13] Speaker C: So, to recap, they stole databases full of personal information, impersonated customer support reps, sent fake account notifications, and rummaged through people's email and cloud storage accounts looking for seed phrases and private keys. It's a full court press of deception and manipulation. [00:28:35] Speaker B: It really is, Nick. And it's a reminder that we all need to be vigilant about protecting our personal information online. [00:28:41] Speaker C: Agreed. And it's also a reminder that there are some really bad people out there who are willing to do anything to steal your money. It makes me wonder, sue, how were they spending all that stolen cryptocurrency? [00:28:55] Speaker B: That's what I want to get into as well, Nick, because all of this sounds like it took a lot of effort. So what were they doing with all of the money that they were stealing from all of these people? [00:29:07] Speaker C: Well, sue, that's where the whole money laundering aspect comes into play. You can't just walk into a bank with millions of dollars in Bitcoin and expect to cash it out without raising some serious red flags. Trust me, having been involved in many, many money laundering investigations, I am very familiar with financial institutions and the laws they need to abide by in order to prevent money laundering. [00:29:33] Speaker B: Yep, this is right up your alley. So, Nick, just how did they turn this digital loot into something they could actually use? [00:29:40] Speaker C: According to the indictment, they used a few different methods. One was to launder the stolen cryptocurrency through offshore VC, EAs, or virtual currency exchanges. [00:29:50] Speaker B: Offshore, as in outside of the US Exactly. [00:29:54] Speaker C: These exchanges often have less stringent regulations and KYC know your customer requirements, making it easier to move large sums of money without being traced. [00:30:05] Speaker B: So they'd move the Bitcoin or whatever cryptocurrency they stole to these exchanges. And then what? [00:30:11] Speaker C: Then they'd convert it into Monero or xmr. Monero is a cryptocurrency known for its privacy features. It's much harder to trace transactions made with Monero than with Bitcoin. [00:30:24] Speaker B: Ah, so it's like they were using Monero to cover their tracks. [00:30:28] Speaker C: Precisely. It's considered a privacy coin, which is a cryptocurrency that obscures transaction details. From there, they could then convert it back into other cryptocurrencies, or even fiat currency like US Dollars. [00:30:45] Speaker B: Okay, so offshore exchanges and Monero conversions. What else? [00:30:49] Speaker C: Well, they also used unlicensed money transmitters, which they called crypto to cash exchangers. These are people who would receive stolen virtual currency and provide customers with physical fiat US Currency So basically, black market money launderers. That's right. And because it's illegal, they charged exorbitant fees for their services. The indictment mentions fees that were way higher than what a legitimate exchange would charge. [00:31:22] Speaker B: So it sounds like this whole process was designed to obscure the origin of the funds, making it difficult for law enforcement to track where the money came from. [00:31:32] Speaker C: Exactly. They were trying to create as much distance as possible between the stolen cryptocurrency and. And their own bank accounts. [00:31:39] Speaker B: It just goes to show the levels that people will go to when trying to hide illegal acts. So now that they had all this laundered money, what did they do with it? Did they just stuff it in their mattresses? [00:31:54] Speaker C: Definitely not, Sue. These guys were living large. According to the indictment, they used the stolen virtual currency to purchase all sorts of extravagant things. [00:32:05] Speaker B: Like what? Give me some examples. [00:32:06] Speaker C: Well, for starters, they spent massive amounts of money at nightclubs. The indictment mentions nightclub services ranging up to 500,000 per evening. [00:32:17] Speaker B: Half a million dollars in one night. What were they doing buying out the entire club? [00:32:22] Speaker C: I can only imagine. They also bought luxury handbags valued in the tens of thousands of dollars, which they apparently gave away at nightclub parties. [00:32:32] Speaker B: Handbags as party favors? That's insane. [00:32:34] Speaker C: It is, and it doesn't stop there. They also purchased luxury watches valued between $100,000 and over $500,000. [00:32:44] Speaker B: Wow. They really had a thing for expensive accessories. [00:32:48] Speaker C: They did. And they also spent tens of thousands of dollars on luxury clothing. [00:32:52] Speaker B: It sounds like they were trying to project an image of wealth and success, even though it was all built on stolen money. [00:32:59] Speaker C: Exactly. And they weren't just buying clothes and accessories. They also rented luxury homes in Los Angeles, the Hamptons, and Miami. [00:33:09] Speaker B: I can only imagine the kind of properties we're talking about. [00:33:11] Speaker C: I know. And not to be outdone, they also had private jet rentals for travel. [00:33:17] Speaker B: So they were flying around the country in private jets, partying in nightclubs, and giving away expensive handbags like they were candy. It's like a movie. [00:33:25] Speaker C: It really is, Sue. And all of it was funded by stealing cryptocurrency from innocent people. [00:33:31] Speaker B: It's just sickening. And to think that all of this was happening while their victims were struggling to recover their stolen funds. But, Nick, they were actually trying to hide all of this money, right? [00:33:44] Speaker C: Absolutely. The indictment mentions that they placed their homes and automobiles in the names of straw owners, signers, or shell companies to disguise and conceal their ownership and conceal their identity from law enforcement. [00:34:02] Speaker B: Straw owners? As in people who would pretend to own the Property, but really had no control over it. [00:34:09] Speaker C: That's right. They were trying to create a layer of separation between themselves and their assets to make it harder for law enforcement to seize them. [00:34:17] Speaker B: And it sounds like they were also shipping fear fiat currency across the country to other members, sometimes hidden in clothing or stuffed animals. [00:34:26] Speaker C: Yeah, they were really going to great lengths to move their money around without raising suspicion. [00:34:31] Speaker B: It's just amazing the efforts people will go through just to engage in illegal and disturbing acts. So, Nick, all these various acts that they performed just made them targets for law enforcement? [00:34:46] Speaker C: Absolutely, Sue. Law enforcement started to piece together the puzzle of this criminal enterprise. And the indictment details a series of overt acts that really illustrate how this conspiracy unraveled. [00:35:00] Speaker B: Overt acts? What are those exactly? [00:35:02] Speaker C: In this context, overt acts are specific actions taken by the conspirators to further the goals of the conspiracy. They are key pieces of evidence that demonstrate the conspiracy was actually in motion. [00:35:16] Speaker B: Okay, so it's like a timeline of their criminal activity. Where does this timeline begin? And what are some of the earliest actions they took? [00:35:25] Speaker C: The indictment states that in or around October 2023, Malone, Lamb, Connor, Flansburg and another individual moved in together in Texas. And that's where they started discussing cyber fraud schemes like database thefts and social engineering. [00:35:44] Speaker B: So it all started with a conversation between a few bad actors in a single location. Where did it go from there? [00:35:50] Speaker C: Well, it wasn't long before they started putting those schemes into action. They began committing social engineering attacks, working in various combinations. And while they were in Texas From October to December 2023, they funded their lifestyles and paid their rent with with the profits they made from their cybercrime activities. [00:36:12] Speaker B: Okay, so they were already making money and living off of their scams. It's just so disturbing to hear. [00:36:18] Speaker C: I agree, and it didn't stop there. They needed a way to turn their stolen cryptocurrency into cash. So they used a money exchanger to receive it and exchange it for fiat currency in the form of cash app deposits. This money exchanger charged a 10% fee for for his services. [00:36:38] Speaker B: A 10% fee? That's a hefty cut. [00:36:41] Speaker C: It is. But they were willing to pay it to get their hands on cash and to get those rental homes in Los Angeles. They moved to Los Angeles and enlisted the help of Money Exchanger 1 and Tangemon to help them obtain short and long term rental homes, paying for them with stolen virtual currency and in fraudulent names. [00:37:04] Speaker B: So they were already expanding their operation and moving to a new location. Where did their Crimes go from there. [00:37:11] Speaker C: A key figure named Tangamon played a significant role. He placed rental homes in false names, listed fictitious tenants, and paid large cash deposits. The indictment emphasizes this was done to disguise and conceal the ownership of of those rental homes. [00:37:33] Speaker B: So even at the beginning, there was a strong focus on ways that they can cover their tracks. It sounds like these individuals were very calculated in their approaches. [00:37:44] Speaker C: Exactly, Sue. Moving forward, some of the individuals set up computer terminals at one of their rental homes in Encino, California, for the purpose of executing cybercrime schemes like social engineering attacks, all in the name of. [00:38:01] Speaker B: Making it easier to scam people. It makes me wonder, what kinds of scams were they doing? [00:38:06] Speaker C: Well, From January to September 2024, Malone, Lam and others began targeting victim Gmail accounts for social engineering attacks. [00:38:17] Speaker B: So they were specifically going after people's email accounts. [00:38:20] Speaker C: Precisely. And during that time, Hamza Dust joined the SE Enterprise and offered additional crypto to cash money laundering services for a fee. Soon after, he and Money Exchanger 1 began working together to service the SE Enterprise's need for currency exchanges. [00:38:42] Speaker B: Okay, so they were expanding their network of criminals and creating a more efficient money laundering operation. So who else did they bring in? [00:38:52] Speaker C: Kunal Mehta. They were introduced to the SE Enterprise and offered additional crypto to cash money laundering services for a fee, as well as crypto to wire. Money laundering services. [00:39:05] Speaker B: Crypto to wire. Meaning they could transfer the money directly into bank accounts. [00:39:10] Speaker C: Exactly. And over a period of time, Meta laundered millions of dollars worth of virtual currency through a sophisticated virtual currency money laundering ring and received clean currency through wire transfers and cash deliveries. [00:39:27] Speaker B: Millions of dollars. This is getting bigger and bigger. But aside from laundering, how else were they furthering the goals of the conspiracy? [00:39:36] Speaker C: Well, Mata also assisted Flansburg, Faro and others in obtaining firearms for their protection against rival cybercrime groups. [00:39:46] Speaker B: Wow. They were arming themselves. [00:39:48] Speaker C: They were. And Joel Cortez began assisting various money launderers with retrieving and delivering bags of fiat cash to members of the SE Enterprise. He even assisted members of the SE Enterprise in changing stolen virtual currency into fiat currency and shipping it across the United States hidden in squishmallow stuffed animals. [00:40:14] Speaker B: Stuffed animals? That's just unbelievable. [00:40:16] Speaker C: I know. It's like something out of a movie. [00:40:19] Speaker B: It goes to show you people are hiding money in many more places than you'd expect. I wonder if anyone realized they probably. [00:40:27] Speaker C: Not, but they definitely noticed something was up. And going back to the lavish lifestyle we talked about earlier, Mayta also began assisting the SE Enterprise in laundering Stolen virtual currency so that it could be used to purchase exotic cars. [00:40:44] Speaker B: So they were using the laundered money to buy luxury cars. [00:40:48] Speaker C: That's right. And Maida even agreed to find straw signers for the automobiles or hold the automobiles in his name in order to disguise and conceal the true ownership of the automobiles. [00:41:00] Speaker B: So more straw owners. And what about their schemes against individual victims? [00:41:05] Speaker C: Well, the indictment details several of those. For example, in or around May 2024, Dooc informed Lam that he could obtain various private jet rentals for Lam and his associates and could arrange air travel for them where they would not need to provide any identification documents. [00:41:28] Speaker B: Private jets with no ID required. That sounds suspicious in itself. [00:41:33] Speaker C: It definitely does. And on or about May 15, 2024, another group executed a social engineering fraud scheme against another victim and stole approximately 2.9 million in virtual currency. [00:41:50] Speaker B: 2.9 million from one person. How could someone fall for these scams? [00:41:55] Speaker C: It's hard to say exactly without knowing the specifics of each case, sue, but social engineering is all about manipulating people into giving up information or taking actions they wouldn't normally take. It could involve impersonating a trusted authority figure, creating a sense of urgency, or simply exploiting someone's trust. [00:42:17] Speaker B: It's just so sad to think about. But what about their activity in Miami? The indictment mentions Miami. [00:42:22] Speaker C: Right. Well, in or around July 2024, several people traveled to Miami as a group. While there, they assisted the group in exchanging hundreds of thousands of dollars in stolen virtual currency for Fiat cash through Doost's network in Miami. [00:42:42] Speaker B: So Miami was a hub for their money laundering operations. [00:42:45] Speaker C: It seems that way. And in or around that time, there was another example where Lam, along with Danny and another person, executed a social engineering fraud scheme against another victim. And from there, they stole that person's Apple icloud account to monitor them. [00:43:07] Speaker B: And what did they do with all of the money that they stole? [00:43:10] Speaker C: One example shows that they used Tangeman to help direct Lam to send almost 200,000 in stolen currency to someone so that Tangeman could retrieve fiat cash and and use it to pay a security deposit at one of Lam's rental homes. [00:43:25] Speaker B: In an effort to try and launder more money. [00:43:27] Speaker C: Exactly. And on another date, that same group executed a social engineering fraud scheme against yet another victim and stole millions of dollars worth of virtual currency. That virtual currency was then sent to Meta, who personally delivered a duffel bag with around 500,000 to that person. [00:43:49] Speaker B: What kind of actions did Ferro take at this time? We haven't heard about him in a while. [00:43:53] Speaker C: After Some time, Pharaoh flew to New Mexico to break into a victim's home for the purpose of stealing their virtual currency, hardware, wallet. While there, Ferro even set up a video camera to livestream what happened and alert other members if something went wrong. [00:44:12] Speaker B: That's a scary level of dedication. So what's the final example of the overt acts that they performed? [00:44:18] Speaker C: Well, there was an example where Lam asked Cortez to get him 100,000 in fiat cash. And Cortez responded, bet, bet. I'm getting the cash right now. [00:44:29] Speaker B: What happened next? [00:44:30] Speaker C: Well, on or about August 19, 2024, the group used social engineering to steal approximately $245 million from victim seven. [00:44:41] Speaker B: That's an absolutely insane amount to steal from someone. [00:44:44] Speaker C: It is. And it's an example of the upper limits of the kind of theft this team could commit. [00:44:49] Speaker B: Absolutely. But what happened with this theft? What kind of consequences did they have? [00:44:53] Speaker C: Well, that event triggers a series of events that lead to the arrest and potential downfall of some of the individuals. So we'll discuss that next. [00:45:04] Speaker B: All of these overt acts culminate in the arrest of Malone Lamb. Nick, walk us through through what happened after he was apprehended. What did the other members of the Enterprise do? [00:45:16] Speaker C: Well, as you might expect, sue lamb's arrest on September 18, 2024, didn't exactly bring the whole operation to a halt. It did trigger some significant reactions, though. According to the indictment, after Lam's arrest, Tangaman and others sprang into action to recover digital devices belonging to Lamb and Pharaoh in Los Angeles. [00:45:40] Speaker B: Why would they do that? What was their plan? [00:45:42] Speaker C: They weren't trying to return them, Sue. They destroyed the devices. All in an attempt to obstruct the law enforcement investigation. [00:45:50] Speaker B: Desperate measures to cover their tracks, even after an arrest had already been made. [00:45:55] Speaker C: Exactly. But that's not all. Even with Lamb behind bars, the communication lines within the SE Enterprise remained surprisingly open. [00:46:05] Speaker B: How I thought communication would have stopped. [00:46:07] Speaker C: Well, Eurali managed to stay in regular contact with Lam from inside a Miami jail. He relayed messages from various SE Enterprise members to Lam and vice versa. [00:46:19] Speaker B: So the jail wasn't exactly a barrier to their communication. They were still coordinating somehow. It's like they thought they could just continue business as usual from behind bars. [00:46:31] Speaker C: It's pretty brazen, Sue. And the indictment details a specific instance where Yareli executed a three way phone call for Lamb to another conspirator. [00:46:40] Speaker B: What was the purpose of that call? What did they discuss? [00:46:43] Speaker C: Lam made it clear that he was taking the fall for the other person. And he Mentioned that the other conspirator, y' all have the money. He then added, you're the only people. Y' all have the money. You know how it works. The lawyers care about the money. I'm talking about pay the lawyers. [00:47:04] Speaker B: So they were discussing how to fund their legal defense and possibly even hinting at the expectation that the others would take care of Lam's legal fees. [00:47:13] Speaker C: Precisely. And it's interesting to see how they framed it as. You know, I'm taking this for you, right? As if it was a business expense or something. [00:47:22] Speaker B: It's a business expense for a criminal enterprise. What else did they discuss at this time? [00:47:27] Speaker C: Later, Yarali informed Lamb that Flansburg was planning to sell a car to pay for lawyers. Lam's response was pretty telling. He said, why is he selling their cars? Tell Connor not to give back those other cars. It's 200,000. I wiped that shit with my ass. I don't want that. I want my people to have their shit. If he wants me out, tell him to get his money to the lawyers, not by selling cars. [00:47:57] Speaker B: That's incredibly revealing. He's basically saying that the cars are more important than his own freedom. And he's clearly calling the shots even from jail. [00:48:08] Speaker C: Exactly. And there's one more instance where Eurali informed Lam that law enforcement did not recover all of Lam's cars and that he didn't want to identify their location over the recorded line. [00:48:21] Speaker B: They were still trying to hide assets even after everything had started to fall apart. It's like they just couldn't let go of the money and the lifestyle it afforded them. What about the long term consequences for those involved? [00:48:35] Speaker C: It appears that Ferro held onto a portion of Lamb's funds while incarcerated and used it to arrange for the purchase of multiple Birkin purses for Lamb's girlfriend. With the assistance of Tangamon. And Pharaoh, used the remainder of Lamb's stolen virtual currency and other stolen funds sent to him by members of the SE Enterprise, including Eurali, to fund Lamb's defense team. [00:49:00] Speaker B: So they were using the stolen money to support Lam's lifestyle even while he was in jail. It just reinforces how deeply entrenched they were in this criminal, criminal enterprise and how committed they were to supporting each other. [00:49:14] Speaker C: Agreed. In one last example, we see how Yareli sent Pharaoh around 55,000 in fraud proceeds to support Lamb. [00:49:22] Speaker B: All to support a lifestyle of crime. What a sad state of affairs. What happened to all the members of the SE Enterprise? [00:49:31] Speaker C: Well, in or around January 2025, Yarali and Demirtas regularly shared their computer screen views with Co Conspirator 1 so that they could watch them performing social engineering attacks. [00:49:46] Speaker B: So even at that point, there were new social engineering attacks being committed? [00:49:51] Speaker C: There were. And from January 2025, Doost, Yarali and Demertus spoke about those attacks in code regarding social engineering schemes, referring to them with tournaments and winning games. [00:50:05] Speaker B: And that concludes the timeline of events for the SE enterprise after the arrest of Lam. It is amazing how all of these actions add up. [00:50:15] Speaker C: So, sue, we've laid out the whole operation, from the initial scams to the lavish spending and the eventual arrest. Let's talk about what all of this means from a legal perspective. What are the specific charges these defendants are facing? [00:50:31] Speaker B: Well, Nick, the indictment lists several serious charges. First, there's RICO conspiracy, which falls under Title 18 USC Section 1962. This charge is used to target organized crime, and it alleges that the defendants conspired to conduct the affairs of an enterprise through a pattern of racketeering activity. [00:50:55] Speaker C: So it's not just about individual crimes, but about the coordinated effort of a criminal organization. What's next? [00:51:03] Speaker B: Then we have conspiracy to commit wire fraud under Title 18 USC Section 1349. This means the defendants allegedly conspired to devise a scheme to defraud victims and obtain money and cryptocurrency through false pretenses, using wire communications to carry out their plan. [00:51:27] Speaker C: That's the core of the scam. Using electronic communications to trick people and steal their assets. And then, of course, there's the money laundering aspect. [00:51:37] Speaker B: Exactly. They're charged with conspiracy to launder monetary instruments under Title 18 U.S.C. section 1956h. This charge alleges that they conspired to conceal the nature of location, source, ownership and control of the illegally obtained cryptocurrency. [00:52:00] Speaker C: It's all about hiding the money trail, making it difficult for law enforcement to trace the funds back to the original crimes. Are there any other charges? [00:52:09] Speaker B: Yes, there is one more charge. Tucker Desmond is charged with obstruction of justice. This relates to his alleged actions in destroying computers and cell phones belonging to Lamb and Pharaoh with the intent to impair their integrity and availability for use in the official investigation. [00:52:30] Speaker C: So that's a direct attempt to interfere with the investigation and cover up evidence. These are some heavy charges that could carry significant prison sentences and financial penalties if they are convicted. [00:52:45] Speaker B: Absolutely. But it's not just about prison time and fines, Nick. The government is also seeking to seize the assets that were obtained through these illegal activities. This is where the forfeiture comes into play. [00:52:59] Speaker C: What kind of assets are we talking about? I imagine they have a lot to forfeit considering the amounts they stole from so many people. [00:53:07] Speaker B: The indictment lists a whole range of assets that the government is seeking seeking to forfeit, including over 20 luxury vehicles like Rolls Royces, Lamborghinis, Ferraris and Porsches. It also mentions significant amounts of cash. Over $169,000 in one Louis Vuitton bag and over $44,000 in a Samsonite bag. [00:53:32] Speaker C: I saw there were also a bunch of more personal items being taken as well. [00:53:37] Speaker B: Yes, there is also a bunch of miscellaneous items. A lot of designer clothing and jewelry, lots of different colors of Louis Vuitton shoes and purses, and lots of fancy watches. [00:53:47] Speaker C: So basically everything they acquired with the stolen funds is on the table. This is all to try to pay back the victims they stole from? [00:53:57] Speaker B: Well, that is the goal. Forfeiture is a powerful tool that allows the government to strip criminals to of their ill gotten gains and hopefully provide some restitution to the victims of their crimes. [00:54:13] Speaker C: It sends a message that crime doesn't pay and that the government will go after not just the criminals themselves, but also the assets they acquired through illegal activities. It will be interesting to see what happens with all of these assets and what can be recovered for the victims. And in this case. One quick point, Sue. I seized numerous assets during my federal law enforcement career and many times the crooks were more upset about the loss of their assets than facing 20 years in prison. Crazy, right? [00:54:47] Speaker B: That is crazy. It says a lot about their greed. So Nick, after diving deep into this indictment, what are your final thoughts? It's really mind blowing how elaborate and worth widespread this cryptocurrency fraud was. [00:55:03] Speaker C: It's definitely a wake up call, Sue. This case illustrates the growing sophistication of cybercrime and money laundering schemes. The use of cryptocurrency to facilitate these crimes adds another layer of complexity, making it harder for law enforcement to track and recover the stolen funds. It also shows how easily people can be exploited through. Through social engineering. [00:55:26] Speaker B: Exactly. And it's not just about the financial losses. These scams can have a devastating impact on the victims lives, causing emotional distress, anxiety and loss of trust. And it's not just old people being targeted. As we have seen, it's everyone. What can people do to protect themselves from falling victim to these types of scams? [00:55:49] Speaker C: There are several steps listeners can take to protect themselves. First, always be skeptical of unsolicited communications. Whether they come through email, phone calls or social media. Never share personal or financial information with anyone you don't know and trust. It also means taking steps to protect your passwords and information. [00:56:16] Speaker B: Agreed. Never give out your passwords, seed phrases or private keys to anyone, no matter how legitimate they may seem. Always use strong, unique passwords for each of your online accounts and enable two factor authentication whenever possible. Always be sure you are dealing with people and entities you know and trust. [00:56:39] Speaker C: It's a good idea to invest in a hardware wallet to secure your cryptocurrency holdings offline. These wallets provide an extra layer of protection against hacking and theft, and always keep your software and devices updated with the latest security patches. [00:56:55] Speaker B: Yes to further protect yourself, monitor your accounts regularly for any suspicious activity and report any unauthorized transactions to your bank or cryptocurrency exchange immediately. Always be careful and think before clicking on links or downloading attachments from unknown sources, as these can be vectors for phishing attacks and malware. [00:57:21] Speaker C: And finally, educate yourself about the latest scams and fraud schemes. The more you know about how these scams work, the better equipped you'll be to recognize and avoid them. Remember, if something sounds too good to be true, and it probably is, absolutely. [00:57:43] Speaker B: And never feel pressured to make a decision on the spot. Scammers often try to rush their victims into acting quickly, so take your time, do your research and consult with a trusted friend or family member before making any financial decisions. [00:58:00] Speaker C: Thanks for walking us through all of this, Sue. This has been a fascinating but disturbing look at into the world of cryptocurrency fraud. [00:58:11] Speaker B: Thanks Nick, and thank you to all our listeners for tuning in to behind the Scams. Stay vigilant, stay informed and stay safe out there. Be sure to look at your State's Attorney General website for additional information on. [00:58:25] Speaker C: Local scams and if you enjoyed this episode, please subscribe, rate and review our podcast and it helps us reach more people and spread awareness about these important issues. Also, be sure and visit our [email protected] for more scam related news and scam prevention guidance. [00:58:49] Speaker B: Until next time, stay one step ahead of the scammers. Bye for now. Miles. Please close out another fantastic episode of behind the Scams. [00:58:57] Speaker A: And that's a wrap. Another great podcast episode from Nick and Sue. I'm Miles, your friendly scam announcer, reminding you if it sounds like a too good to be true crypto opportunity, it probably is just another keyboard warrior in a Ferrari. These digital desperados tried to cover their tracks with Birkin bags and burner phones. However, it appears that it just didn't work out as they had envisioned. Please make sure you're subscribed, following and not storing your wallet passphrase on a post it. And if you want more scam busting insight, visit stampoutscams.org for more episodes prevention tips and to report a scam, stay alert, stay skeptical, and stay far, far away from Crypto Bros. In Miami.
Previous Episode
Next Episode

Other Episodes

Episode 0

April 09, 2025 00:30:11
Episode Cover

EP15: Escobar Inc. Scam: Pablo Escobar’s Name, A Flamethrower, & Multi-Million Dollar Fraud

A Deep Dive Into the Mind-Bending Scam That Used a Drug Lord’s Legacy to Fuel an International Fraud Operation Behind the Brand: The Wild...

Listen

Episode 0

February 24, 2025 00:43:03
Episode Cover

EP 10: Pig Butchering Scams EXPOSED: How Scammers Manipulate & Steal Millions!

In the digital age, scams have evolved into sophisticated operations that can deceive even the most vigilant individuals. One of the most alarming trends...

Listen

Episode 0

February 07, 2025 00:22:01
Episode Cover

EP 6: Two Men Face Federal Charges in Grandparent Scams: Hear the News!

In a shocking turn of events, two men are now facing federal charges linked to a series of grandparent scams that have left countless...

Listen