A man from Indiana pleaded guilty to stealing over $37M in cryptocurrency from 571 victims during a 2022 cyberattack.
Evan Frederick Light, 21, of Lebanon, Indiana, pleaded guilty to conspiracy to commit wire fraud and conspiracy to launder monetary instruments.
In February 2022, Light participated in a cyber attack on an investment firm in Sioux Falls, South Dakota, stealing over $37,000,000 worth of cryptocurrency from 571 victims. Using a real client’s identity, Light accessed the company’s servers, exfiltrated the personal identifiable information (PII) of other clients, and then stole virtual currencies from those clients’ accounts. He acted with one or more unidentified accomplices.
“Light stole customer personal identifiable information (“PII”) and then stole cryptocurrency worth over $37 million from nearly 600 victims. He acted with one or more unidentified perpetrators.” reads the press release published by DoJ. “After successfully accessing the computer servers, he then exfiltrated from the servers the PII of hundreds of other clients, using this access to steal virtual currencies from the clients who held such assets with the investment holdings company.”
Light has funneled the stolen funds to various locations throughout the world, including multiple mixing services and gambling websites to launder them.
Each count carries a maximum penalty of 20 years in prison, a fine, three years of supervised release, a $200 special assessment, and potential restitution.
In September, the U.S. DoJ arrested two people, Malone Lam (20) (aka “Greavys,” “Anne Hathaway,” and “$$$”) and Jeandiel Serrano (21) (aka “Box,” “VersaceGod,” and “@SkidStar”) in Miami and charged them with stealing more than $230 million worth of cryptocurrency.
The duo attempted to launder the stolen cryptocurrency through crypto exchanges and mixing services.
Follow me on Twitter: @securityaffairs and Facebook and Mastodon
(SecurityAffairs – hacking, DOJ)