SINGAPORE: A Singaporean man who is accused of stealing and laundering US$230 million in cryptocurrency had pretended to be a Google employee to hoodwink his victim, court filings showed.
Malone Lam, 20, has been charged in the United States with conspiracy to commit wire fraud and money laundering.
Together with his co-conspirator, Jeandiel Serrano, they allegedly stole over 4,100 bitcoin – worth about US$230 million at the time – from a victim in Washington.
The scam was described as “one of the largest cryptocurrency thefts from a private individual … in the history of the United States”, prosecutors said.
On Wednesday (Oct 23) morning Singapore time, Serrano appeared in court for a status hearing. The court heard that both the prosecution and defence were “seeking a resolution of this matter short of a trial”, court records showed.
They requested about 60 days to continue plea negotiations and will inform the court if a deal is reached before the deadline.
Court filings unsealed earlier this month detailed how Lam and Serrano allegedly carried out the scam and how they spent the money.
THE THEFT
Lam and his co-conspirator Serrano, 21, from Los Angeles, targeted the victim because they identified him as a “high-net-worth investor” from the early days of cryptocurrency.
According to court documents, substantial planning went into the scam, with a co-conspirator causing “unauthorised Google account access” notifications to be sent to the victim in the week leading up to the theft.
This person also used proxy and virtual private network (VPN) services to make it appear as if the access attempts were coming from overseas – this laid down the groundwork for the theft through “sophisticated social engineering”.
The court heard that on Aug 18, Lam and his accomplice called the victim, pretending to be Google support team members. They said there had been a hack attempt on his account and that they needed to shut it down.
The pair ultimately convinced the victim to provide the security codes to his account, before Lam allegedly accessed the victim’s OneDrive and Gmail accounts to locate the cryptocurrency assets.
He also “further scoured” the victim’s private accounts looking for additional information, court documents showed.